dell emc data protection central · as part of an effort to improve product lines, periodic...

Dell EMC Data Protection CentralVersion 19.1

Getting Started Guide302-005-567

REV 01

Copyright © 2017-2019 Dell Inc. or its subsidiaries. All rights reserved.

Published March 2019

Dell believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS-IS.“ DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND

WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF

MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE, COPYING, AND DISTRIBUTION OF ANY DELL SOFTWARE DESCRIBED

IN THIS PUBLICATION REQUIRES AN APPLICABLE SOFTWARE LICENSE.

Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the property of their respective owners.

Published in the USA.

Dell EMCHopkinton, Massachusetts 01748-91031-508-435-1000 In North America 1-866-464-7381www.DellEMC.com

2 Data Protection Central 19.1 Getting Started Guide

5

Overview 9Data Protection Central overview............................................................... 10Environment and system requirements ....................................................... 11Monitoring systems ....................................................................................12Managing Avamar systems .........................................................................13Search and recover capabilities...................................................................13Report capabilities...................................................................................... 14

Deployment and Configuration 15Check the network setup with each system................................................16Deploy Data Protection Central as an OVA................................................. 16Deploy Data Protection Central using a .jar file .......................................... 19Verify the deployment................................................................................ 20Configuring LDAP .......................................................................................21

Configure LDAP or AD user access................................................ 21Add LDAP or AD while deploying Data Protection Central..............21Add LDAP or AD after deploying Data Protection Central..............23Add a secure LDAP (LDAPS) certificate........................................28Verify the LDAP or AD connection status...................................... 28Login format with LDAP users....................................................... 30

Configuring Network Time Protocol............................................................31Configuring Network Time Protocol during Data Protection CentralOVA deployment............................................................................ 31Configuring Network Time Protocol after Data Protection Centraldeployment.................................................................................... 31

Access control............................................................................................ 31Pre-loaded accounts...................................................................... 31

Certificate management............................................................................. 32Generate a self-signed certificate.............................................................. 32Generate a Certificate Signing Request......................................................33

Getting Started with Administration 35Log in to Data Protection Central............................................................... 36User interface.............................................................................................36

Header...........................................................................................36User menu..................................................................................... 36Left menu...................................................................................... 37Pages.............................................................................................37Master and Detail panes................................................................ 37Changing dashboards.................................................................... 38Filtering......................................................................................... 38Sort information that is displayed in tables.................................... 39Dialog boxes.................................................................................. 40Notification bar..............................................................................40

Preface

Chapter 1

Chapter 2

Chapter 3

CONTENTS

Data Protection Central 19.1 Getting Started Guide 3

Overflow button............................................................................ 40Dashboards overview................................................................................. 40Health overview.......................................................................................... 41Alerts overview........................................................................................... 41Capacity overview.......................................................................................41Activities overview...................................................................................... 41Audit overview............................................................................................ 41System management overview....................................................................41Search and recover overview..................................................................... 42Reports overview....................................................................................... 42

Adding Systems to Data Protection Central 43Add an Avamar system............................................................................... 44Add a NetWorker system............................................................................45

Edit NetWorker Virtual Edition firewall settings to enable DataProtection Central to read jobs......................................................46

Add a Data Domain System.........................................................................47Add a Data Protection Advisor system....................................................... 48Add a Search system..................................................................................49

Chapter 4

CONTENTS


Preface

As part of an effort to improve product lines, periodic revisions of software andhardware are released. Therefore, all versions of the software or hardware currently inuse might not support some functions that are described in this document. Theproduct release notes provide the most up-to-date information on product features.

If a product does not function correctly or does not function as described in thisdocument, contact a technical support professional.

PurposeThis document includes information about how to deploy Data Protection Central, andthen get started with Data Protection Central administration.

AudienceThis document is intended for administrators of Data Protection Central.

Revision historyThe following table presents the revision history of this document.

Table 1 Revision history

Revision Date Description

01 May 2019 Beta release of the Data Protection Central 19.1 GettingStarted Guide.

Related DocumentationFor information about Data Protection Central compatibility, refer to the DataProtection Central Release Notes.

The Data Protection Central documentation set includes the following publications:

l Data Protection Central Getting Started Guide

l Data Protection Central Security Configuration Guide

l Data Protection Central Release Notes

l Data Protection Central Administration Guide

The documentation for the following products includes more information:

l Avamar

l Data Domain

l Search

l Data Protection Advisor

l NetWorker

Special notice conventions that are used in this documentThe following conventions are used for special notices:

NOTICE

Identifies content that warns of potential business or data loss.


Note

Contains information that is incidental, but not essential, to the topic.

Typographical conventionsThe following type style conventions are used in this document:

Table 2 Style conventions

Bold Used for interface elements that a user specifically selects or clicks,for example, names of buttons, fields, tab names, and menu paths.Also used for the name of a dialog box, page, pane, screen area withtitle, table label, and window.

Italic Used for full titles of publications that are referenced in text.

Monospace Used for:

l System code

l System output, such as an error message or script

l Pathnames, file names, file name extensions, prompts, andsyntax

l Commands and options

Monospace italic Used for variables.

Monospace bold Used for user input.

[ ] Square brackets enclose optional values.

| Vertical line indicates alternate selections. The vertical line means orfor the alternate selections.

{ } Braces enclose content that the user must specify, such as x, y, or z.

... Ellipses indicate non-essential information that is omitted from theexample.

You can use the following resources to find more information about this product,obtain support, and provide feedback.

Where to find product documentation

l https://www.dell.com/support

l https://community.emc.com

Where to get supportThe Support website https://www.dell.com/support provides access to productlicensing, documentation, advisories, downloads, and how-to and troubleshootinginformation. The information can enable you to resolve a product issue before youcontact Support.

To access a product-specific page:

1. Go to https://www.dell.com/support.

2. In the search box, type a product name, and then from the list that appears, selectthe product.

KnowledgebaseThe Knowledgebase contains applicable solutions that you can search for either bysolution number (for example, KB000xxxxxx) or by keyword.

Preface


https://www.dell.com/support

https://community.emc.com



To search the Knowledgebase:


2. On the Support tab, click Knowledge Base.

3. In the search box, type either the solution number or keywords. Optionally, youcan limit the search to specific products by typing a product name in the searchbox, and then selecting the product from the list that appears.

Live chatTo participate in a live interactive chat with a support agent:


2. On the Support tab, click Contact Support.

3. On the Contact Information page, click the relevant support, and then proceed.

Service requestsTo obtain in-depth help from Licensing, submit a service request. To submit a servicerequest:


2. On the Support tab, click Service Requests.

Note

To create a service request, you must have a valid support agreement. For detailsabout either an account or obtaining a valid support agreement, contact a salesrepresentative. To get the details of a service request, in the Service RequestNumber field, type the service request number, and then click the right arrow.

To review an open service request:


2. On the Support tab, click Service Requests.

3. On the Service Requests page, under Manage Your Service Requests, clickView All Dell Service Requests.

Online communitiesFor peer contacts, conversations, and content on product support and solutions, go tothe Community Network https://community.emc.com. Interactively engage withcustomers, partners, and certified professionals online.

How to provide feedbackFeedback helps to improve the accuracy, organization, and overall quality ofpublications. You can send feedback to [email protected].

Preface






https://community.emc.com

mailto:[email protected]

Preface


CHAPTER 1

Overview

Learn about Data Protection Central.

This chapter contains the following sections:

l Data Protection Central overview.......................................................................10l Environment and system requirements ...............................................................11l Monitoring systems ........................................................................................... 12l Managing Avamar systems ................................................................................ 13l Search and recover capabilities.......................................................................... 13l Report capabilities.............................................................................................. 14

Overview 9

Data Protection Central overviewData Protection Central provides a solution for data protection administrators whomanage multiple independent data protection applications and storage devices.

When you work with multiple data protection applications, operational monitoring andmanagement can be a complex, time consuming effort.

Data Protection Central enables administrators to efficiently and effectively monitorand manage the software products within the Data Protection Suite family from asingle user interface, simplifying the entire data protection experience.

Data Protection Central includes the following features:

Comprehensive dashboardsData Protection Central has a comprehensive and customizable dashboard for at-a-glance monitoring of systems and activities. Data Protection Central supports up to 20dashboards per user.

Avamar system monitoring and managementData Protection Central supports a maximum combination of 200 NetWorker andAvamar systems.

When you add an Avamar system to Data Protection Central, you can perform thefollowing tasks:

l Launch AUI or Avamar Administrator, using Single-Sign On (SSO) for supportedversions.

l Monitor system health status and any alerts from the system.

l Monitor storage capacity usage.

l Monitor backup and replication activities at the Avamar job level.

l Monitor backup and replication activities at the Avamar asset level. Assets arevirtual machines or clients that you add to the Avamar system.

l Rerun failed backup and replication activities at the job or asset level.

l Manage and run Avamar protection policies.

l View assets that are added to Avamar.

NetWorker system monitoringData Protection Central supports a maximum combination of 200 NetWorker andAvamar systems.

When you add a NetWorker system to Data Protection Central, you can perform thefollowing tasks:

l Launch NetWorker Management Console or the NetWorker Management Web UI,using Single-Sign On (SSO) for supported versions.


l Monitor backup and replication activities at the NetWorker action level.

l Monitor backup activities at the NetWorker asset level.

l View assets that are added to NetWorker.

Data Domain system monitoringData Protection Central supports adding up to 80 Data Domain systems.

When you add a Data Domain system to Data Protection Central, you can perform thefollowing tasks:

Overview


l Launch Data Domain System Manager, using Single-Sign On (SSO) for supportedversions.


l Monitor storage capacity usage.

Search integrationData Protection Central supports adding a single Search system.

When you integrate Search with Data Protection Central, you can launch Search WebUser Interface, using Single-Sign On (SSO) for supported versions.

Data Protection Advisor integrationData Protection Central supports adding a single Data Protection Advisor system.

When you integrate Data Protection Advisor with Data Protection Central, you canperform the following tasks:

l Launch DPA Web Console, using Single-Sign On (SSO) for supported versions.

l Run 11 of the most used Data Protection Advisor reports on Avamar, NetWorker,and Data Domain systems.

Environment and system requirementsThe following list includes information about environment and system requirements:

l To deploy the Data Protection Central OVA, you must use VMware vCenter withVMware ESX 5.5 or later. The Data Protection Central OVA does not deploydirectly to the ESXi server.

l The Data Protection Central host must have a minimum of 4 CPUs, 8 GB of RAM,and 550 GB of disk space available.

l The FQDN, IP, Netmask, NTP, Gateway, DNS, and time zone must be configured.The FQDN must resolve to the IP address.

l The environment must use static network settings.

l Data Protection Central requires a minimum browser window size of 1366x768.

l Ensure that the DNS is set up correctly. The correct DNS setup ensures thatsystems can resolve the Data Protection Central hostname and FQDN name.

l Data Protection Central is compatible with VMware vSphere Fault Tolerance (FT),VMware vSphere High Availability (HA), and VMware vSphere vMotion.

l It is highly recommended that the ESXi server for the VMware environment whereData Protection Central is deployed is protected from unexpected power outageswith an uninterrupted power supply device.

Note

If you must power off the Data Protection Central virtual machine, do not use thePower off the virtual machine feature in vCenter. Instead, shut down themachine gracefully with the Shut Down Guest OS menu option. Alternatively, login to Data Protection Central using shell or SSH and type: shutdown -h now.

l Do not use the underscore symbol in a hostname. This is a standard requirementfor hostname configurations. For example, mars_jupiter.planets is not a validhostname. When you deploy Data Protection Central to a server with a hostnamethat contains the underscore symbol (_), the deployment will succeed but DataProtection Central will be unusable due to communication issues.

Overview

Environment and system requirements 11

l If you are using only IPv4 in your environment, do not disable the IPv6configuration. Some Data Protection Central components use the IPv6 loopbackaddress. If you disable IPv6, those components do not start.

The following table includes information about the minimum versions of products thatare supported with Data Protection Central:

Table 3 Compatibility

Product Supported versions

NetWorker 9.2.1.4

18.1

18.2

19.1

Avamar 7.5.1-101_HF298709_27 hotfix

18.1

18.2

19.1

Data Domain 6.0

6.1

6.1.1

6.1.2

6.2

Data Protection Advisor 18.1

18.2

19.1

Search 18.1

18.2

19.1

Mozilla Firefox Latest version

Google Chrome Latest version

Monitoring systemsData Protection Central includes system monitoring features.

The systems monitoring features include:

l Job Activities: Monitor backup and replication activities at the job-level for Avamarand NetWorker systems.

l Asset Activities: Monitor backup and replication activities at the asset-level withinjobs for Avamar and NetWorker systems.

l Health: Monitor the health status for Avamar, NetWorker, and Data Domainsystems.

Overview


l Alerts: Monitor alerts originating from Avamar, NetWorker, and Data Domainsystems.

l Capacity: Monitor capacity usage for Avamar and Data Domain systems.

Note

If a Data Domain system is configured in a monitored Avamar system, the Data Domainsystem is automatically added as a monitored system. However, you must add theData Domain system credentials to Data Protection Central to enable the full systemmonitoring features.

Managing Avamar systemsFor Avamar systems, Data Protection Central includes policy management and clientmanagement capabilities.

Data Protection Central includes the following Policy Management capabilities:

l View, add, edit, and delete policies, retentions, schedules, and datasets.

l Add clients and proxies to policies.

l Perform a backup of a policy.

l Rerun a backup or replication activity.

Data Protection Central includes the capability for you to view existing clients that areassociated with an Avamar system.

Search and recover capabilitiesData Protection Central integrates with Search to provide you with the ability toperform complex search and recover operations.

Data Protection Central launches Search in a new browser tab.

After launching Search, you can perform the following tasks:

l Perform a targeted full content index (FCI) search.

l Search for files by name, location, size, owner, file type, and date.

l Perform advanced search queries including symbols, wildcards, filters, andoperators.

l From the Search Results page:

n View a preview of the content.

n Download content.

n Recover content.

n Review the size of files or directories.

For comprehensive information about Search, refer to the Search documentation set.

Note

To take full advantage of Data Protection Central capabilities, it is recommended thatall systems that are configured in Search also be configured in Data ProtectionCentral.

Overview

Managing Avamar systems 13

Report capabilitiesData Protection Central provides the capability for you to run 11 of the most used DataProtection Advisor reports for Avamar, NetWorker, and Data Domain systems.

Data Protection Central reporting features require you to have Data ProtectionAdvisor in the environment. For more information about Data Protection Advisor, referto the Data Protection Advisor documentation set.

You can run, and then view these reports directly in the Data Protection Central userinterface. You can also specify the reporting period for these reports within the DataProtection Central interface.

Note

To take full advantage of Data Protection Central capabilities, it is recommended thatall systems that are configured in Data Protection Advisor also be configured in DataProtection Central.

Overview


CHAPTER 2

Deployment and Configuration

Learn about how to deploy and configure Data Protection Central.

Topics include:

l Check the network setup with each system....................................................... 16l Deploy Data Protection Central as an OVA......................................................... 16l Deploy Data Protection Central using a .jar file ..................................................19l Verify the deployment........................................................................................20l Configuring LDAP .............................................................................................. 21l Configuring Network Time Protocol................................................................... 31l Access control.................................................................................................... 31l Certificate management.....................................................................................32l Generate a self-signed certificate...................................................................... 32l Generate a Certificate Signing Request............................................................. 33

Deployment and Configuration 15

Check the network setup with each systemBefore deploying the Data Protection Central OVA, ensure that the network setupwith each Avamar,NetWorker, Data Domain, and Data Protection Advisor system iscorrect.

Procedure

1. Ensure that the time on the system is set correctly.

For successful activation of certificates, the time that appears on the systemmust be in synchronization with Data Protection Central.

It is recommended that Data Protection Central and all the systems that DataProtection Central monitors be configured with a Network Time Protocol (NTP)server. This configuration helps keep the system times in sync. ConfiguringNetwork Time Protocol on page 31 provides more information aboutconfiguring an NTP server.

2. Find out the Data Protection Central DNS hostname and domain name.

3. Check if the system is on the same domain as Data Protection Central.

If the system is on the same domain, ensure that the DNS entry and searchdomain values are set.

If the system is on a different domain, add the Data Protection Central DNSentry through the yast2 command, or by editing the /etc/resolv.conf fileon the system.

4. To check whether the system can resolve the Data Protection Centralhostname and IP address, use the nslookup command.

Type the following command:

nslookup -query=any <dpc_hostname>

5. Check whether the hostname resolves correctly.

If the hostname resolves correctly, the network setup is correctly configured.Otherwise, check all previously entered values.

6. If DNS cannot resolve the Data Protection Central host name, add the shortname entry in the /etc/hosts file. For example:

10.x.x.x dpc.domain.local dpc

Deploy Data Protection Central as an OVADeploy the Data Protection Central Open Virtualization Appliance (OVA) using aVMware vSphere client. Refer to the VMware documentation for specific informationregarding how to deploy an OVF template.

Before you begin

Ensure that the following system requirements are met:



l The DNS is set up correctly. The correct DNS set up ensures that systemsmonitored by Data Protection Central can resolve the Data Protection Centralhostname and Fully Qualified Domain Name (FQDN).

l VMware vCenter with VMware ESX 5.5 or later is deployed. To deploy the DataProtection Central OVA, you must use vCenter. The Data Protection Central OVAdoes not deploy directly to the ESXi server.

l A minimum of 4 CPUs and 8 GB of RAM.

l 550 GB of disk space available.

l The FQDN, IP, Netmask, Gateway, DNS, NTP, and time zone are configured.The FQDN must resolve to the IP address.

l The environment is using static network settings.

l It is highly recommended that the ESXi server for the VMware environment whereData Protection Central is deployed is protected from unexpected power outageswith an uninterrupted power supply device.

Note

If you must power off the Data Protection Central virtual machine, do not use thePower off the virtual machine feature in vCenter. Instead, shut down themachine gracefully with the Shut Down Guest OS button or the shutdown -hnow bash shell command.

Procedure

1. Log in to vCenter using the vSphere client.

2. Specify an ESXi server on which to deploy the OVF.

3. Begin deploying an OVF template.

4. Type the file or URL location.

5. Verify the OVF template details match the version of Data Protection Centralthat is to be deployed.

6. Accept the end user license agreement.

7. Specify the name and location of the Data Protection Central virtual machine.

8. Select the virtual disk format.

When selecting the virtual disk format, the Thick Provision Lazy Zeroed optionis recommended.

9. Specify network properties:

a. For the Network IPv4 address, specify the IPv4 address for the virtualappliance. This field is required if an IPv6 address is not provided.

b. For the IPv4 Default Gateway, specify the default gateway IPv4 addressthat you want the virtual appliance to use. This field is required if an IPv4address is provided.

c. For the IPv4 Network Netmask, specify the netmask of the virtualappliance. This field is required if an IPv4 address is provided.

d. For the Network IPv6 address, specify the IPv6 address for the virtualappliance. This field is required if an IPv4 address is not provided.

e. For the IPv6 Default Gateway, specify the default gateway IPv4 addressthat you want the virtual appliance to use. This field is required if IPv6 isprovided.


Deploy Data Protection Central as an OVA 17

f. For the IPv6 Network Prefix, specify the prefix length. This field is requiredif IPv6 is provided.

10. Specify DNS Settings:

a. For the DNS, specify up to three domain name servers for this virtualappliance.

IPv4 and IPv6 addresses may be included. Separate entries with commas.

b. For the FQDN [e.g. hostname.domain], specify the FQDN for the virtualappliance.

Note

Ensure that you correctly configure hostname resolution for the name of theappliance. Forward and reverse lookups must succeed.

11. In the NTP Server field, specify up to three Network Time Protocol (NTP)servers.

Separate server names with commas.

12. Specify Operation System User Passwords:

a. Under Configure OS root password, specify the password for the Linux OSroot account.

The operating system root account is for OVA deployment only.

b. Under Configure OS admin password, specify the password for the LinuxOS admin.

The operating system admin account is the default user for Data ProtectionCentral operating system administration.

The OS root and OS admin password length must be between 8 and 256characters.

13. In Lockbox Settings, under Configure lockbox password, specify a Masterpassword for the Data Protection Central lockbox.

The lockbox password length must be between 8 and 256 characters.

Data Protection Central uses a lockbox to encrypt and store the credentials ofthe systems it monitors. This password is used along with certain System StableValues (SSVs) to create an encryption key.

14. Under Location Settings, select the timezone of the Data Protection Centralvirtual machine.

15. (Optional) Configure LDAP.

Add LDAP or AD while deploying Data Protection Central on page 21 providesthe steps to configure LDAP while deploying the OVA.

16. Validate the information that you specified, and then complete the deploymentof the Data Protection Central OVF.



Deploy Data Protection Central using a .jar fileData Protection Central can be installed on a standalone server or virtual machineusing a self-extracting .jar file.

Before you begin

Ensure that the following minimum system requirements are met:

l Standalone server deployments require 1.5GHz processor.

l Virtual machine deployments require 4 CPUs with 1 core each.

l 8GB of RAM.

l 550 GB of disk space available.

l The environment is running SuSE Linux Enterprise Server 12 SP2.It is recommended that you disable AppArmor. If you must enable AppArmor,ensure that the AppArmor profiles do not block the applications used by DataProtection Central.

l Java Platform Standard Edition Development Kit (JDK) version 8u181 or greater isinstalled, including the following packages:

n javapackages-tools-2.0.1-8.1.x86_64

n java-1_8_0-openjdk-headless-1.8.0.181-27.26.2.x86_64

n java-1_8_0-openjdk-1.8.0.181-27.26.2.x86_64

Note

Java may require additional packages to be installed. If there is a firewall, ensurethat the ports that Data Protection Central requires have inbound and outboundaccess. See the Data Protection Central Security Configuration Guide for a list ofrequired ports.

l The Linux socat package is installed.

l The DNS is set up correctly. The correct DNS set up ensures that systemsmonitored by Data Protection Central can resolve the Data Protection Centralhostname and Fully Qualified Domain Name (FQDN).

l The FQDN, IP, Netmask, Gateway, DNS, NTP, and time zone are configured.

l The environment is using static network settings.

Note

If you are installing Data Protection Central on a Hyper-V virtual machine, you mustuse a Generation-1 Hyper-V virtual machine.

Prior to installing Data Protection Central, ensure that an administrative user exists onthe host named 'admin' and is added to a group named 'admin' .

Procedure

1. Download and save the Data Protection Central .jar file.

Make note of the file name and directory where it is saved.

2. Launch a terminal window.

3. Log in as the root user.


Deploy Data Protection Central using a .jar file 19

4. Change the directory to the location where the .jar file is saved

5. Start the installation by typing the following command:

java -jar <dpc*>.jar

Verify the deploymentWhen the deployment is complete, to verify that Data Protection Central wasdeployed successfully, perform the following steps.

Before you begin

Ensure that the virtual machine where the OVA file was deployed is powered on.

In a software-only installation (deploying Data Protection Central by using a .jar file),you must reset the default Master password for the lockbox (the default Masterpassword is changeme) by removing and re-creating the lockbox. See the DataProtection Central Administration Guide for these procedures.

Note

Data Protection Central is supported with Mozilla Firefox and Google Chrome.

Procedure

1. Open a browser, and then type the following in the Address field:

https://<FQDN>

The Data Protection Central Login page appears.

2. In the Username field, type:

[email protected]

3. In the Password field, type:

secret

4. Click LOG IN.

The first time you log in you are required to change the password. Thepassword requirements are as follows:

l A minimum of 9 characters.

l A maximum of 15 characters.

l At least 1 lowercase character.

l At least 1 uppercase character.

l At least 1 number.

l At least 1 of the following special characters:! @ # $ % ^ & * ( ) - _

l The password cannot include any white space.

The Data Protection Central Security Configuration Guide provides the steps toreset the [email protected] password.



Configuring LDAPLearn about LDAP requirements and configuration procedures.

Data Protection Central supports OpenLDAP and Active Directory (AD)authentication.

You can configure LDAP during or after deploying Data Protection Central.

The Troubleshooting chapter in the Data Protection Central Administration Guideprovides detailed troubleshooting information on diagnosing and resolving commonLDAP configuration issues.

Note

LDAP without TLS protocol communicates in clear text without encryption. SecureLDAP (LDAPS) does not support communication in clear text. When you configureLDAP without TLS, to improve security, it is recommended that you use a segmentednetwork containing only the LDAP server and the Data Protection Central server.

Configure LDAP or AD user accessBefore you configure Lightweight Directory Access Protocol (LDAP) or WindowsActive Directory (AD), configure the users who will access Data Protection Central.

Perform this procedure on the server that hosts Lightweight Directory AccessProtocol (LDAP) or Windows Active Directory (AD).

Procedure

1. Create an administrative user group that will contain the users who can accessData Protection Central.

The following list describes the default containers, according to theconfiguration type:

l For Lightweight Directory Access Protocol (LDAP), the default user group isthe OU=People folder.

l For Windows Active Directory (AD), the default user group is the OU=Usersfolder.

2. For AD accounts only, set the user group scope setting to Global.

Note

Users who are part of this group are granted administrative privileges to DataProtection Central and the system management applications for any systemsadded to Data Protection Central, including Single-Sign On access.

3. Add any users that require access to Data Protection Central to the user group.

Add LDAP or AD while deploying Data Protection CentralYou can configure Lightweight Directory Access Protocol (LDAP) or Windows ActiveDirectory (AD) when you deploy Data Protection Central.

Procedure

1. While deploying the Data Protection Central OVA, under Configure LDAP(Optional), specify the following settings:


Configuring LDAP 21

l LDAP server name / IP address: Type the LDAP server name or IP addressof the server where LDAP is hosted.Type the name in one of the following formats:

n Type the LDAP server name in the following format:

{ldap | ldaps}.<domain>

For example:

ldap.corp

n Type the IP address of the LDAP server.For example:

sample.dpc.local

l Configure for secure LDAP (ldaps): Select either LDAP or LDAPS,depending on the LDAP security type.

l Port number of the LDAP: Type the LDAP server port number.

l Admin user Distinguished Name (DN): Type the administrative usernamein the distinguished name format.For example, consider the following entry for LDAP:

uid=admin,ou=people,dc=dpc,dc=local

For example, consider the following entry for Active Directory:

cn=Administrator,dc=abc,dc=xyz,dc=com

l Admin Password: Type the password for the administrative user.

l Search Admin group name: Type the name of the user group name thatcontains the users who require access to Data Protection Central.For example, if the group distinguished name is cn=dp_admin,ou=groups, dc=dpc, dc=local, specify dp_admin in the SearchAdmin group name field

The default user group name is dp_admin.

l Base Distinguished Name (DN): Type the domain base distinguished name.For example:

dc=dpc,dc=xyz,dc=com

l LDAP Type: Select the type of LDAP:

n Windows Active Directory (AD)

n Lightweight Directory Access Protocol (LDAP) server

2. Click Next and proceed with deploying the OVA.

Results

The administrator password is stored in the Data Protection Central lockbox andremoved from the LDAP properties file.



Add LDAP or AD after deploying Data Protection CentralYou can optionally configure LDAP or AD after deploying Data Protection Central.

The following roadmap describes the workflow to add LDAP or AD to Data ProtectionCentral.

Procedure

1. Access the Data Protection Central system through ssh and prepare to addLDAP.

Prepare to add LDAP or AD to the Data Protection Central system on page 23provides information.

2. Create the LDAP properties file.

Create an LDAP properties file on page 23 and Examples of the LDAPproperties file on page 26 provide information.

3. Finish adding LDAP and log in to the Data Protection Central user interface.

Finish adding LDAP or AD and log in to the Data Protection Central userinterface on page 27 provides information.

Prepare to add LDAP or AD to the Data Protection Central systemBefore you add LDAP or AD, you must access the Data Protection Central system andstop the services.

Procedure

1. Login to the Data Protection Central system using SSH.

2. To switch to the root user, type the following command:

su -

3. To stop the Data Protection Central services, type the following command:

/usr/local/dpc/bin/dpc stop

After you finish

Create or edit the ldap.properties file in the /var/lib/dpc/elg/ folder tospecify the values that are specific to the environment.

Create an LDAP properties fileLearn how to create an LDAP properties file.

The LDAP properties file must match the exact file name of ldap.properties andbe located in the /var/lib/dpc/elg/ directory.


Add LDAP or AD after deploying Data Protection Central 23

Note

To quickly create an LDAP properties file, it is recommended that you copy the LDAPproperties template file located at /usr/local/dpc/lib/elg/conf/ldap.properties.example into /var/lib/dpc/elg/ldap.properties.

The following table describes the attributes that you can specify in the LDAPproperties file.

Table 4 LDAP properties file attributes

Attribute Description Examples

elg.ldap.type Required.Specifies the type of LDAP environment.Specify either LDAP or AD.

elg.ldap.type=LDAP

elg.ldap.type=AD

elg.ldap.server.urls Required.Specifies the URL of the server where LDAP ishosted. Type the URL in the following format:

{ldap | ldaps}://<hostname>:<port>

elg.ldap.server.urls=ldap://ldap.dpc.local:389/

elg.ldap.server.urls=ldaps://ldap.dpc.local:636/

elg.ldap.base.dn Required.Specifies the domain base distinguished nameof the LDAP server.

elg.ldap.base.dn=dc=dpc,dc=local

elg.ldap.admin.dn Required.Specifies the administrative username in thebase distinguished name format.

For example:LDAP:

elg.ldap.admin.dn=uid=admin,ou=people,dc=dpc,dc=local

Active Directory:

elg.ldap.admin.dn=cn=administrator,dc=abc,dc=xyz,dc=com

or, alternatively:

[email protected]

elg.ldap.admin.password Required.Specifies the password for the administrativeuser.

After you save the file and restart the DataProtection Central services, the password is

elg.ldap.admin.password=changeme1

or, if the password contains Java specialcharacters, escape the special character witha backslash \:



Table 4 LDAP properties file attributes (continued)

Attribute Description Examples

stored in the lockbox and removed from theldap.properties file.

For example, if the password is change\me1,enter it like this:

elg.ldap.admin.password=change\\me1

elg.ldap.group.search.name Required.Specifies the user group name that containsthe users who require access to DataProtection Central.

If you do not specify this attribute, the defaultvalue of dp_admin is used.

For example, if the distinguished name of thegroup is cn=backupadmins, ou=groups,dc=dpc, dc=local, specify the group name

with the following entry:

elg.ldap.group.search.name=backupadmins

elg.ldap.group.search.base Optional.Specifies the distinguished name of theadministrator user group on the LDAP server.

NOTICE

Do not specify this attribute unless there areduplicate entries of the group name on theLDAP or AD server. If you specify this attributewhen there is a single instance of a group, userauthentication may fail.

If the group name specified withelg.ldap.group.search.name is

duplicated on the LDAP or AD server, then youmust specify this attribute for Data ProtectionCentral to identify the correct instance of thegroup name.

When there is only one instance of the groupname, Data Protection Central automaticallylocates the group on the LDAP or AD server.

For example, consider the following scenario.

The LDAP server has two BackupAdminsgroups in different locations. The groups havethe following distinguished names:

l cn=backupadmins,ou=groups,dc=dpc,dc=local

l cn=backupadmins,ou=groupcontainer,dc=dpc,dc=local

You want to use the group located in thegroupcontainer folder. Data Protection

Central.

In this scenario, specify:

elg.ldap.group.search.base=ou=groupcontainer

Special characters in admin username and password

If the Admin username or password in the ldap.properties file incorporates Javaspecial characters, they must be escaped by a \ (backslash).

Example 1 Admin username example

If the Admin username in the ldap.properties file uses the domain\usernameformat, the following example would be incorrect because it omits the escapecharacter (a backslash):

elg.ldap.admin.dn=dpc.local\administrator



Example 1 Admin username example (continued)

The correct syntax includes the \ escape character:

elg.ldap.admin.dn=dpc.local\\administrator

Example 2 Admin password example

If the Admin password incorporates a Java special character, the following examplewould be incorrect:

elg.ldap.admin.password=password1\

The correct syntax would be:

elg.ldap.admin.password=password1\\

Supported Java special charactersTable 5 on page 26 provides examples of Java special characters that you mustescape by using a backslash.

Table 5 Examples of Java special characters

Special characters escaped by \ Display

\' Single quotation mark

\" Double quotation mark

\\ Backslash

\t Tab

\b Backspace

\r Carriage return

\f Formfeed

\n Newline

Examples of the LDAP properties file

Consider the following examples of the LDAP property file.

Example 3 Example LDAP properties file

elg.ldap.type=LDAPelg.ldap.server.urls=ldaps://dpc.local.domain.com:636/elg.ldap.base.dn=dc=local,dc=domain,dc=com



Example 3 Example LDAP properties file (continued)

elg.ldap.admin.dn=uid=Admin,ou=People,dc=local,dc=domain,dc=comelg.ldap.admin.password=PgK17y5*elg.ldap.group.search.name=dp_admin

Example 4 Example LDAP properties file for active directory

elg.ldap.type=ADelg.ldap.server.urls=ldap://dpc.corp.domain.com:389/elg.ldap.base.dn=dc=corp,dc=domain,dc=comelg.ldap.admin.dn=cn=Administrator,cn=Users,dc=sddc,dc=localelg.ldap.admin.password=4tHgI8fLelg.ldap.group.search.name=dp_admin

Finish adding LDAP or AD and log in to the Data Protection Central user interfaceAfter you add the ldap.properties file, perform the following steps to complete theLDAP configuration.

Procedure

1. To assign administrator ownership on the ldap.properties file, type the followingcommand:

chown admin:admin /var/lib/dpc/elg/ldap.properties

2. To set the protection of the ldap.properties file, type the following command:

chmod 644 /var/lib/dpc/elg/ldap.properties

3. To restart Data Protection Central and activate the change, type the followingcommand:

/usr/local/dpc/bin/dpc start

4. Once Data Protection Central is started, type the following command toconfirm that all of the services are active:

/usr/local/dpc/bin/dpc status

5. Launch a web browser and navigate to the Data Protection Central addressusing the fully qualified domain name.

For example:

https://dpc.local.com



6. Log in to the Data Protection Central user interface with the credentials for theLDAP user account.

Add a secure LDAP (LDAPS) certificateLearn how to add a secure LDAP (LDAPS) certificate.

Secure LDAP (LDAPs) uses TLS, and therefore requires certificate-basedauthentication.

If the LDAP server that authenticates Data Protection Central credentials uses a non-standard certificate authority, you must add the root certificate of the authority thatsigned the LDAP server certificate to the Data Protection Central keystore.

Data Protection Central automatically uses the certificate authorities available withinthe standard Java keystore.

Procedure

1. To retrieve the certificate details from the LDAP server, type the followingcommand:

/usr/local/dpc/bin/dpc trust-ldaps <LDAPS server FQDN or IP>

The certificate details are listed. The operation prompts you to continue withadding the certificate to the keystore.

2. To add the LDAP server's certificate to the Data Protection Central Javakeystore, type y in response to the prompt.

3. After the certificate is added to the keystore, restart the Data ProtectionCentral services using the following commands:

/usr/local/dpc/bin/dpc stop/usr/local/dpc/bin/dpc start

Verify the LDAP or AD connection statusYou can verify the LDAP or AD connection status by looking for messages in the logfile or on the Audit page.

Check the LDAP status in the log fileCheck the /var/log/dpc/elg/elg.log log file for messages about the LDAPconnection status.

Messages that appear during LDAP connection failureIf the following message appears, the LDAP client did not make a successfulconnection to the LDAP server:

2018-04-03 11:00:26,929 INFO localhost-startStop-1 c.e.c.c.SecurityConfig LDAP or AD Directory Service providers are not available

There are multiple issues that can prevent the LDAP client from connecting to theLDAP server. Look for error messages in the log file that provide more information.

The following table describes various error messages that appear during LDAPconnection failures and their causes.



Table 6 LDAP communication messages

Message Cause

INFO localhost-startStop-1 c.e.c.c.SecurityConfig LDAP or AD Directory Service providers are not available

No LDAP or AD settings are provided or theyare provided with incorrect information.

.ADLdapAuthenticationProvider Ignoring AD authentication. Verification of ldap settings failed. Failed to connect

Invalid AD configuration information.

.LdapAuthenticationProvider Ignoring LDAP authentication. Verification of ldap settings failed. Failed to connect

Invalid LDAP configuration information.

PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path

Validation of the LDAP server certificatecould not be completed.One possible solution for this issue is to addthe LDAP server certificate to the DataProtection Central Java keystore.

Messages that appear during LDAP connection successMessages similar to the following appear when the LDAP client successfully connectsto the LDAP server:

c.e.c.s.a.l.LDAPSecureStorage LDAP admin credentials are securedc.e.c.s.a.l.ExternalAuthenticationProvider Type: LDAPc.e.c.s.a.l.ExternalAuthenticationProvider Base DN: dc=mydomain,dc=comc.e.c.s.a.l.ExternalAuthenticationProvider Admin user DN: cn=Administrator,dc=my-domain,dc=comc.e.c.s.a.l.ExternalAuthenticationProvider User Base: ou=peoplec.e.c.s.a.l.ExternalAuthenticationProvider User Search DN: (|(uid={0})(cn={0}))c.e.c.s.a.l.ExternalAuthenticationProvider User Pattern DN: []c.e.c.s.a.l.ExternalAuthenticationProvider Group Name: dp_adminc.e.c.s.a.l.ExternalAuthenticationProvider Group Search Base: ou=groupc.e.c.s.a.l.ExternalAuthenticationProvider Group Search Filter:(&(member={0})(cn=dp_admin))o.s.s.l.DefaultSpringSecurityContextSource URL 'ldap://12.3.104.150:546/dc=my-domain,dc=com', root DN is 'dc=mydomain,dc=com'12.3.104.150:546/dc=my-domain,dc=com', root DN is 'dc=mydomain,dc=com'

Check the LDAP status on the Audit pageYou can verify the success of the LDAP configuration on the Data Protection CentralAudit page.

If LDAP configuration is successful, you can log into the Data Protection Central webuser interface with an LDAP account. If configuration fails, login to Data ProtectionCentral using the [email protected] account and browse to the Audit fordetails.

The Audit page shows the overall status of the operation and the status of eachindividual sub-task. You can use this information to locate the point in the operationthat caused the LDAP configuration to fail.


Verify the LDAP or AD connection status 29

The following figure shows an example of an LDAP configuration activity on the Auditpage.

Figure 1 LDAP configuration activities on the Audit page

Login format with LDAP usersLearn about login formats that Data Protection Central supports for LDAP users.

Active Directory username login formatData Protection Central supports User Principal Name (UPN) login format in release18.2 and earlier. Beginning with Data Protection Central 19.1, the sAMAccountNameuser login format is also supported.

The following examples demonstrate the username formats that Data ProtectionCentral supports.

Example 5 UPN format

UpnUsername@domain

UpnUsername@upnSuffixDomain

Example 6 sAMAccountName format

username

domain\username

username@domain



Configuring Network Time ProtocolData Protection Central utilizes a Network Time Protocol (NTP) server to updatesystem time.

To ensure that Data Protection Central can use single sign-on (SSO) to launch systemmanagement applications, you must configure Data Protection Central and allmonitored systems with the same NTP server and disable VMware time sync.

Configuring Network Time Protocol during Data Protection Central OVAdeployment

To configure Network Time Protocol during Data Protection Central OVA deployment,use the NTP Server field to specify up to three Network Time Protocol (NTP)servers. Separate server names with commas.

If an NTP server is configured during deployment, VMware time sync is disabled bydefault.

Configuring Network Time Protocol after Data Protection Centraldeployment

If an NTP server was not configured during Data Protection Central deployment, youmust configure an NTP server after deployment

Procedure

1. Add the NTP server to the /etc/ntp.conf file.

2. Disable VMware time sync using the following command:

/usr/bin/vmware-toolbox-cmd timesync disable

3. Validate VMware time sync is disabled using the following command:

/usr/bin/vmware-toolbox-cmd timesync status

Access controlAccess control settings provide protection of resources against unauthorized access.

Pre-loaded accountsThe following table describes the pre-loaded Data Protection Central accounts.

Table 7 Pre-loaded accounts

User account Description

Data Protection Centraladministrator

The default user for Data Protection Central web applicationadministration.


Configuring Network Time Protocol 31

Table 7 Pre-loaded accounts (continued)

User account Description

Linux operating system admin The default user for Data Protection Central operating systemlevel administration.This account is for OVA deployments only.

Note

Only the Linux OS admin can log in using a secure shell (ssh).

Linux operating system root The root operation system account.This account is for OVA deployments only.

Certificate managementData Protection Central uses certificates for secure http access (https).

By default, Data Protection Central generates a default SSL self-signed certificate inthe following location:

/var/lib/dpc/webcertsThe self-signed certificate is sufficient to establish an encrypted channel betweenweb browsers and the server. The self-signed certificate cannot be used forauthentication.

You can use the following types of certificates for Data Protection Centralauthentication:

l A self-signed certificate.

l A certificate that is signed by a trusted certificate authority (CA) vendor.

Note

Consider company policies when creating certificates.

Generate a self-signed certificateTo enable a secure browser connection, create a private key and a self-signedcertificate.

Procedure

1. To connect to the Data Protection Central server as an admin user, run thefollowing command:

ssh admin@SERVER

2. To change to the root user, run the following command:

su -



3. To change the directory to /var/lib/dpc/webcerts, run the followingcommand:

cd /var/lib/dpc/webcerts

4. To generate a new certificate, run the following command:

openssl req -newkey rsa:2048 -sha256 -x509 -keyout private-key.pem -out cert.pem -nodes -days 3650

5. Set the owner and group of the new certificate files to the following:

chown admin *.pem

6. Restart NGINX.

systemctl restart nginx

7. To verify the new self-signed certificate, browse Data Protection Central.

Generate a Certificate Signing RequestTo enable a secure browser connection, generate a Certificate Signing Request(CSR).

Procedure

1. To connect to the Data Protection Central server as an admin user, type thefollowing command:

ssh admin@SERVER

2. To change to the root user, type the following command:

su -

3. To change the directory to /var/lib/dpc/webcerts, type the followingcommand:

cd /var/lib/dpc/webcerts

4. To generate a new certificate using the private key at the self-sign step, typethe following command:

openssl req -newkey rsa:2048 -sha256 -key private-key.pem -out cert.csr


Generate a Certificate Signing Request 33

5. Send the cert.csr to a certificate authority (CA) vendor.

6. Replace the current cert.pem file to the certificate received from the CAvendor.

7. Restart NGINX.

systemctl restart nginx

8. To verify the new certificate, browse Data Protection Central.



CHAPTER 3

Getting Started with Administration

Learn about how to get started with administering Data Protection Central.

Note

For comprehensive information about Data Protection Central administration, refer tothe Data Protection Central Administration Guide.

Topics include:

l Log in to Data Protection Central.......................................................................36l User interface.................................................................................................... 36l Dashboards overview......................................................................................... 40l Health overview..................................................................................................41l Alerts overview................................................................................................... 41l Capacity overview.............................................................................................. 41l Activities overview..............................................................................................41l Audit overview....................................................................................................41l System management overview........................................................................... 41l Search and recover overview............................................................................. 42l Reports overview............................................................................................... 42

Getting Started with Administration 35

Log in to Data Protection CentralTo use the Data Protection Central monitoring and management features, log in to theuser interface.

Procedure

1. In a browser address bar, type https://, and then the FQDN or IP address ofthe Data Protection Central server.

2. In the Username field, type a valid username. The default web browser accountis:

[email protected]

3. In the Password field, type the password for the user. The web browseraccount password is:

secret

4. Click LOG IN.

If this is the first time you are logging in to Data Protection Central, you areprompted to change the password.

User interfaceThe Data Protection Central user interface includes the following components.

HeaderThe header includes the following components:

l Active Filter button: This button enables you to filter the information that appearson a page by one or more systems, groups, or tags.The Active Filter button appears only on pages where you can filter information.

l User menu: This menu enables you to change the password or log out of DataProtection Central.

l About button: This button enables you to view Data Protection Central versioninformation.

Figure 2 Header

User menuThe User menu provides the capability for you to perform user tasks.

To perform the following user tasks, use the User menu:

l Change the password of the local Data Protection Central administrator user([email protected]).



Note

If an external LDAP or AD user is logged in to the Data Protection Centralenvironment, change password is not supported.

l Log out of the user interface.

Figure 3 User menu

Left menuThe left menu provides the capability for you to browse the user interface.

From the left menu, you can access the following Data Protection Central features:

l Dashboard

l Health

l Alerts

l Capacity

l Asset Activities

l Job Activities

l System Management

l Asset Inventory

l Reports

l Audit

l Search and Recovery

PagesData Protection Central presents information in dashboards and detail pages.

Dashboard pages provide at a glance insight into operational behavior.

Detail pages display focused information and provide the capability for you to performData Protection Central tasks.

Master and Detail panesMost Data Protection Central pages are composed of a Master and Detail pane.

The Master pane appears on the left side of a page and displays information in a tableformat. The Detail pane appears on the right side of a page and displays additionalinformation for a selected row in a table. The Detail pane may also include buttonsthat you can use to perform tasks that are specific to the selected row in the table.


Left menu 37

Changing dashboardsClick the Dashboard drop-down list to select a different dashboard.

FilteringData Protection Central includes filtering capabilities. Filtering allows you to customizethe information that appears.

The following filter types are available for you to use:

l Column filters: Appear in table headers.

l Domain Filter: Appears in the Policies, Retentions, Schedules, and Datasetspages for Avamar only.

l Active Filter: Appears in the user interface header.

l Asset Filter: Appears as a search bar on the Asset Inventory page.

l Widget Filter: Appears in widgets on the dashboard.

Column filters

Column filters can be used to filter the information that appears in tablecolumns. Depending on the table column, You can specify one of the followingoptions:

l All Available

l Last Hour

l Last 24 hours

l Last 7 days

l Custom (specific date-and-time range)

Domain Filter

The Domain Filter can be used to select the domains that you want to view in thePolicies, Retentions, Schedules, and Datasets pages for Avamar only. Whenadding a policy, retention, schedule or dataset, the domain filter also determineswhich domain the policy, retention, schedule or dataset is added in.

Asset Filter

The Asset Filter can be used to filter assets listed on the Asset Inventory page.The Asset Filter search bar enables you to filter assets using a search phrasesuch as an asset tag, operating system, plugin, or asset name.

Active Filter

The Active Filter can be used to filter by system or system group (one or more).On the Asset Inventory and Asset Activities pages, you can use the ActiveFilter to filter by asset tags.

The Active Filter appears in on the following pages:

l Health

l Alerts

l Capacity

l Job Activities

l Asset Activities



l Asset Inventory

To filter certain items with the Active Filter, move one or more systems orsystem groups to the Filtered By pane.

When the Active Filter is enabled, a white filter icon appears enclosed in a circlein the header

Widget Filter

The Widget Filter can be used to refine the information that appears in a widget.

All types of widgets include a Widget Filter that enables you to filter theinformation reported in that widget by time range, system, system groups, or, forasset specific widgets, by asset tags.

Several widgets allow you to filter by time range. You can specify one of thefollowing options:

l All Available

l Last Hour

l Last 24 hours

l Last 7 days

The Activities Trend widget enables you to view a historical 7-day trend ofactivities by using the Days Ago filter. For example, if you want to see the 7-dayactivity trend from 30 days ago, select Days Ago, and use the slider to select 30.To drill down to a data grid with more details, select a point in the graph.

The Activities Count and Activities Trend widgets allow you to choose to viewactivities information at the job or asset level. Also, these widgets allow you topick whether to display backup activities, replication activities, or both.

When you use a dashboard widget to access a page, the information that is displayedis automatically filtered based on the widget filter settings.

Any active filters that are applied to a page, are listed in the filtered by section thatappears at the top of the table.

Monitoring data is stored for 90 days. The All Available option is limited to data storedwithin the last 90 days.

Sort information that is displayed in tablesInformation that is displayed in tables can be sorted in ascending or descending order.

To sort information, click a column heading.

After you click the column heading, an arrow appears. An up-arrow indicates that thecolumn data is sorted in ascending order. A down-arrow indicates that the columndata is sorted in descending order.


Sort information that is displayed in tables 39

Dialog boxesDialog boxes can appear with information about a specific task. Dialog boxes can alsoappear for questions that require a decision.

Notification barTo inform you of completed events or to alert you of issues that may require attention,notifications may appear in a bar across the top of the Data Protection Centralinterface.

Figure 4 Example notification

Overflow buttonOverflow buttons can appear within the user interface. When you click an Overflowbutton, a menu of available operations appears.

Figure 5 Overflow button

Dashboards overviewData Protection Central dashboards provide at-a-glance insight into systems andactivities.

Dashboard widgets include key performance indicators that display the following typesof system information:

l Backup Activities

l Replication Activities

l Trends

l Assets

l Capacity

l Health

l Alerts

From dashboard widgets, you can drill down into specific areas of interest.

All dashboard widgets have customizable settings. The customizable settings varybased on each widget. Certain widgets allow you to change the view, activity type,and time range. All widgets include a widget filter that you can use to filter by systemsand groups. The widget filter also can filter by asset tags when available for a widget .

You can customize the dashboard layout to your preference by changing the widgettype. Individualized dashboard settings are stored for each user. You can add, edit,and delete custom dashboards. Each user can create and store up to 20 dashboards.



Health overviewData Protection Central tracks various criteria to determine system health status,including communication, alerts, SSO, and capacity for systems that are configured inData Protection Central.

This information is used to determine the overall health state of the system. Thehealth status is reported on the Health page.

Alerts overviewTo view and manage alerts for Data Protection Central and all systems, visit the Alertspage.

Data Protection Central maps alerts from systems to three alert levels: Error,Warning, or Informational.

Capacity overviewCapacity monitoring can keep you aware of unexpected data growth that may causedownstream failures.

To view the capacity state of all Avamar and Data Domain systems that are configuredin Data Protection Central, visit the Capacity page.

Activities overviewData Protection Central Activities include system activities at the job and asset level.

System activity includes information about backup and replication activities forAvamar and NetWorker systems connected to Data Protection Central.

Note

NetWorker replication activities are not reported on the Asset Activities pagebecause NetWorker does not perform replication at the level of individual assets.

Audit overviewAudit information includes actions and tasks that Data Protection Central users haveperformed. The audit information can also be used to track the status of long runningtasks.

View audit information on the Audit page.

System management overviewThe System Management page provides the capability for you to add, edit, remove,and manage systems and groups in Data Protection Central.

The following list includes the system management capabilities that are available inData Protection Central:


Health overview 41

l Add, edit, and delete Avamar, NetWorker, Data Domain, Data Protection Advisor,and Search systems.

l Organize systems into groups, including the ability to add, edit, and delete groups.

l View system information.

l Launch the native management application for the system.

l For Avamar systems:

n View, add, edit, and delete policies, retentions, schedules, and datasets.

n Add clients and proxies to policies.

n Perform a backup of a policy.

l When an Avamar system is not reporting, you can reactivate messaging.

Search and recover overviewData Protection Central integrates with Search to provide you with the ability toperform complex search and recover operations.

Data Protection Central launches Search in a new browser window.

For information about how to use Search, refer to the Search documentation set.

Note

To take full advantage of Data Protection Central capabilities, it is recommended thatall systems that are configured in Search also be configured in Data ProtectionCentral.

Reports overviewData Protection Central provides the capability for you to run 11 of the most used DataProtection Advisor reports for Avamar, NetWorker, and Data Domain systems.

Data Protection Central reporting features require you to have Data ProtectionAdvisor system configured with Data Protection Central.

For more information about Data Protection Advisor, refer to the Data ProtectionAdvisor documentation set.

You can run, and then view these reports directly in the Data Protection Central userinterface. You can also specify the reporting period for these reports within the DataProtection Central interface.

Note

To take full advantage of Data Protection Central capabilities, it is recommended thatall systems that are configured in Data Protection Advisor also be configured in DataProtection Central.



CHAPTER 4

Adding Systems to Data Protection Central

Learn about how to add data protection systems to Data Protection Central.

Note

For information about editing systems and troubleshooting, refer to the DataProtection Central Administration Guide.

Topics include:

l Add an Avamar system.......................................................................................44l Add a NetWorker system................................................................................... 45l Add a Data Domain System................................................................................ 47l Add a Data Protection Advisor system............................................................... 48l Add a Search system......................................................................................... 49

Adding Systems to Data Protection Central 43

Add an Avamar systemTo use Data Protection Central to monitor and manage Avamar systems, add one ormore Avamar systems.

Procedure

1. In the Left menu, select System Management.

2.

Click .

The Add System window appears.

3. On the Select System Type page, select Avamar, and then click Next.

4. On the Connection Information page, specify the following information:

l Name: Specify a name that helps identify the system.

l Hostname: Specify the fully qualified domain name (FQDN) of the Avamarsystem.

l Avamar Username: Specify the username of the Avamar system. ForAvamar Administrator, the username is MCUser.

l Avamar Password: Specify the password for the Avamar system userinterface.

l OS Root password: Specify the OS root password.

5. (Optional) To specify optional fields, click Show optional fields, and thenspecify the following information, as required:

l Port: Specify the Avamar MCS port. The default value is 9443. To specifythe default value, leave this field blank.

Note

When you add a system to Data Protection Central that uses a non-standardport, you must modify the Data Protection Central firewall to allowcommunication with that port. The Data Protection Central SecurityConfiguration Guide provides instructions.

l Override MCGUI URL: Specify an alternate URL destination for theAVAMAR ADMINISTRATOR button.To override the AVAMAR ADMINISTRATOR link to direct to the AUI, typehttps://<avamar_fqdn>/aui.

6. Click Next.

7. On the Certificate Verification page, to ensure that you are adding the correctsystem, verify that the certificate information being displayed matches theexact certificate on the Avamar system.

8. Once you have confirmed that the certificate information is correct, selectAccept Certificate, and then click SAVE.

Data Protection Central does not validate the certificate and uses thecertificate that you verify to connect with the system. If the remote system'scertificate changes, Data Protection Central will refuse to connect with thesystem.



In this scenario, edit the system on the Data Protection Central SystemManagement page to verify the new certificate details.

Add a NetWorker systemTo use Data Protection Central to monitor and manage NetWorker systems, add oneor more NetWorker systems.

Procedure


2.

Click


3. On the Select System Type page, select NetWorker, and then click Next.



l Hostname: Specify the IP address or fully qualified domain name (FQDN) ofthe NetWorker server.

l Username: Specify the local NetWorker Authentication Serviceadministrator username.

l Password: Specify the local NetWorker Authentication Serviceadministrator password.


l Port: Specify the REST API port number. The default value is 9090.

Note

When you add a system to Data Protection Central that uses a non-standardport, you must modify the Data Protection Central firewall to allowcommunication with that port. The Data Protection Central SecurityConfiguration Guide provides instructions.

l NMC URL: Specify the NMC URL when NMC is installed on a server that isdifferent from the NetWorker server. Type the URL in the following format:<http_or_https>://<nmc_server_host>:<port>/gconsole.jnlp

where:

n <http_or_https> is either HTTP or HTTPS, depending on the connectiontype set up to access NMC.

n <nmc_server_host_or_ip> is the NMC server hostname or IP address.

n <port> is the port number for the HTTP or HTTPS service. The defaultport number is 9000 for HTTP and 9090 for HTTPS.

l NWUI URL: Specify the URL when the NetWorker Management Web UIsoftware is installed in a location that is different from the default location.Type the URL in the following format:https://<nwui_server_host>:<port>/nwui

where:


Add a NetWorker system 45

n <nui_server_host_or_ip> is the NetWorker Management Web UI serverhostname or IP address.

n <port> is the port number for the HTTPS service. The default portnumber is 9090.

6. Click Next.

7. On the Certificate Verification page, to ensure that you are adding the correctsystem, verify that the certificate information being displayed matches thecertificate on the NetWorker system.




After you finish

If the NetWorker system is a NetWorker Virtual Edition system, perform theprocedure described in Edit NetWorker Virtual Edition firewall settings to enable DataProtection Central to read jobs on page 46.

Edit NetWorker Virtual Edition firewall settings to enable Data ProtectionCentral to read jobs

The NetWorker Virtual Edition default firewall setting blocks Data Protection Centralfrom reading job information. As a result, no information about NetWorker jobs isreported unless you change the firewall settings.

Perform the following procedure on the NetWorker Virtual Edition system to enableData Protection Central to read jobs information.

NOTICE

This procedure modifies the firewall to use port 5671 and requires NetWorker 9.2.1.4,18.1.0.2-41, or 18.2.0-28, and later versions. If you are using earlier NetWorkerversions, you must modify the firewall to use port 5672 instead of 5671. For example,if using NetWorker 18.1.0.1-37, modify the firewall to use port 5672, but if usingNetWorker 18.1.0.2-41, then modify firewall to use port 5671.

Procedure

1. Log into the NetWorker Virtual Edition system's root account (or log in toanother account and 'su' to root).

2. Open the /etc/entfirewall.base file for editing.

3. Modify the following lines to allow a connection to port 5671. The added text isin bold:

# Netty and Rabbit MQexec_rule -A INPUT -p tcp -m multiport --dport 5445,5446,5671,61619 -j ACCEPTexec_rule -A OUTPUT -p tcp -m multiport --dport 5445,5446,5671,61619 -j ACCEPT



4. To apply the changes, restart the firewall service using the followingcommands:

a. service entfirewall stopb. service entfirewall start

5. To confirm that job information is reported in Data Protection Central, run aNetWorker backup, and then verify that the backup is reported on the DataProtection Central Job Activities page.

Note

If you upgrade NetWorker, the firewall settings revert back to block DataProtection Central from reading job information and you must perform thisworkaround procedure again.

Add a Data Domain SystemProcedure


2.

Click .


3. On the Select System Type page, select Data Domain, and then click Next.



l Hostname: Specify the Fully Qualified Domain Name (FQDN) of the DataDomain system.

l Username: Specify the Data Domain administrator username.

l Password: Specify the Data Domain administrator password.

5. Click Next.

6. On the Certificate Verification page, to ensure that you are adding the correctsystem, verify that the certificate information being displayed matches thecertificate on the Data Domain system.





Add a Data Domain System 47

Add a Data Protection Advisor systemTo use the Data Protection Central reporting features, you must add a DataProtection Advisor system.

Procedure


2.

Click .

The Add System dialog box appears.

3. On the Select System Type page, select Data Protection Advisor, and thenclick Next.



l Hostname: Specify the fully qualified domain name (FQDN) of the DataProtection Advisor system.

l Username: Specify the Data Protection Advisor Administrator username.

l Password: Specify the Data Protection Advisor Administrator password.

5. (Optional) To specify a non-default Data Protection Advisor port number, clickShow optional fields, and then type the port number in the Port field.

Note

When you add a system to Data Protection Central that uses a non-standardport, you must modify the Data Protection Central firewall to allowcommunication with that port. The Data Protection Central Security ConfigurationGuide provides instructions.

6. Click Next.

7. On the Certificate Verification page, to ensure that you are adding the correctsystem, verify that the certificate information being displayed matches thecertificate on the Data Protection Advisor system.






Add a Search systemTo perform advanced search and recover operations, you must add a Search system.

Procedure


2.

Click .


3. On the Select System Type page, select Data Protection Search, and thenclick Next.


l Name: Specify a name that helps identify the Search system.

l Hostname: Specify the fully qualified domain name (FQDN) of the Searchsystem.

l Username: Specify the Search Administrator username.

l Password: Specify the Search Administrator password.


l Admin Rest API Port: Specify the Search REST API port. The default valueis 448.

l Search UI Port: Specify the Search UI port. The default value is 443.

Note

When you add a system to Data Protection Central that uses a non-standardport, you must modify the Data Protection Central firewall to allowcommunication with that port. The Data Protection Central Security ConfigurationGuide provides instructions.

6. Click Next.

7. On the Certificate Verification page, to ensure that you are adding the correctsystem, verify that the certificate information being displayed matches thecertificate on the Search system.





Add a Search system 49

dell emc data protection central · as part of an effort to improve product lines, periodic...

Documents