Huge increase in restore performance with Spectrum Protect V8 and AWS cloud storagepools

Icelandair Group is one of Iceland’s largest airline corporations. The company includes Icelandair (a global airline), logistics, and several related business units. Traditionally, Icelandair Group acquired IT infrastructure capacity upfront and consumed it over time. Running out of IT capacity has serious business impacts, so a cushion was built into capacity planning analysis.

Icelandair Group recently made the strategic decision to migrate key IT workloads  such as applications & backups to Amazon Web Services (AWS), after determining that doing so would move essential services closer to their customers around the world, enhance business resiliency, and enable rapid scalability.

Migrating backups to AWS S3 with the help of IBM spectrum protect V8 has given a huge performance improvements over deployment, backups and restore timings. 

IBM spectrum protect performance report
The technical team found that AWS makes it easy to store data in multiple AWS Regions, and copy data between Regions for Disaster Recovery testing. They designed a series of progressively complex tests for AWS and IBM Spectrum Protect. The results of their tests are 
  • IBM TSM V8 server deployment time reduced from 72 hours to 10 minutes.
  • By using TSM for VE for their VM backups, they found that VMware and server administrators can manage cloud backups and restores confidently, without reliance on backup software experts. Backup and restore operations are built into VMware vSphere Web Client. VMware administrators use a familiar interface without necessarily needing to learn new software. Restores can be initiated faster, and problems can be noticed sooner.
  • Reliability and performance requirements were met or exceeded.  Backup throughput easily scaled up, until the network connection was saturated, indicating that both AWS and IBM Spectrum Protect are performance optimized. 
  • The time required to restore 7 terabytes of VMware data was reduced from 72 hours to 3 hours.  Performance improvements were due to multiple changes in IBM Spectrum Protect, including multithreaded restores, compression, and deduplication.  

How to improve performance when taking backup to cloud storage pools (hybrid cloud backup) - Video tutorial

Since IBM now supports various cloud storage services to take the backups, you can use cloud container storagepools to store both the deduplicated data and non-deduplicated data and restore the data as required.  Starting from IBM Spectrum Protect  (TSM) V 7.1.7, you can configure cloud-container storage pools on 4 of the popular and widely used cloud based object storage systems to backup the data. However, the backup performance of a cloud-container storage pool largely depends on the network connections between the server and the cloud. Sending data to cloud storage requires good network bandwidth along with the advanced security features. But most of the small and medium sized organisations cannot afford to buy the high network bandwidths if they want to use cloud as the storagepool destinations. 

To address this situation, IBM has introduced a new hybrid and optimised data transfer techniques. You can now define local storagepool directory by using the new DEFine STGPOOLDIRectory command where the data is stored temporarily before it is transferred to the cloud. This technique is generally referred as hybrid cloud backup. This hybrid cloud backup feature will help you to set up local storage for data that is later moved to the cloud. By assigning one or more local storage directories to a cloud-container storage pool, you can enhance the performance of backup operations to the cloud. When you back up the data to local storage, the data is buffered efficiently into disk containers and moved to the cloud as larger objects. With larger objects, you can achieve better performance results. Use this command to define one or more directories in a directory-container or cloud-container storage pool.
How to improve backup performance when taking backup to cloud storage pools

For Example: define stgpooldirectory pool1 /storage/dir1,/storage/dir2

When you define a local storage directory, data is temporarily stored in the directory during data ingestion, and is then moved to the cloud. you can set up local storage for data that is later moved to the cloud. By assigning a local storage directory to a cloud-container storage pool, you can enhance the backup performance of small objects, for example, client-transaction data.

After you define a cloud-container storage pool, create one or more directories that are used for local storage. You can temporarily store data in local storage during the data ingestion, before the data is moved to the cloud. In this way, you can improve system performance. 

Watch the below video on how to configure cloud services to configure hybrid cloud backups in 3 simple steps by using IBM Spectrum Protect and Amazon S3.

How to configure storage pool on a Cloud Storage services - Video tutorial

Starting from IBM Spectrum Protect  (TSM) V 7.1.7, you can configure cloud-container storage pools on 4 of the popular and widely used cloud based object storage systems to backup the data. IBM supports the following cloud based object storage systems to configure storagepools and to take backup of the clients and to improve server performance, simplify storage management, and secure data by using encryption.
  • Amazon S3
  • Cleversafe
  • IBM SoftLayer
  • OpenStack Swift
You can use cloud container storagepools to store both the deduplicated data and non-deduplicated data and restore the data as required. However, before configuring the cloud container storage pool, you need to get the required account information details of the cloud environment which you want to use as the destination.

Also Read: What is Cloud Container Storagepool ?

If you want to configure cloud-container storage pools on Cleversafe, you must first set up a Cleversafe vault template and a Cleversafe user account, and then obtain the below configuration information.
  • IDENTITY: access_key_ID
  • PASSWORD: secret_access_key
  • CLOUDURL: http://cleversafe_accesser_IP_address
Cleversafe vaults are used in the same manner as containers in a cloud-container storage pool. Set up a Cleversafe vault template to quickly create vaults with your preferred settings. After you create a vault template, use the credentials from your Cleversafe user account to configure the storage pools in the Operations Center or with the DEFINE STGPOOL command. Tivoli Storage Manager uses the Simple Storage Service (S3) protocol to communicate with Cleversafe.

Amazon S3
If you want to use Amazon Simple Storage Service for cloud container storage pool, you must obtain information from Amazon that is required for the configuration process. Amazon S3 uses buckets to store data. Amazon S3 buckets are used in the same manner as containers in a cloud-container storage pool. Tivoli Storage Manager automatically creates a bucket in Amazon for an instance of Tivoli Storage Manager, and that bucket is shared by all pools for that instance.
  • IDENTITY: access_key_id
  • PASSWORD: secret_access_key
  • CLOUDURL: Specify the region endpoint URL that best fits your location, based on the Amazon AWS Regions and Endpoints page.
OpenStack Swift
Similarly if you want to use OpenStack Swift, you must obtain configuration information from the OpenStack Swift computer. Use the credentials from your OpenStack Swift account when you configure the storage pools by using the Operations Center or the DEFINE STGPOOL command.
IBM SoftLayer
Similarly, if you use IBM SoftLayer, you must obtain configuration information from the SoftLayer Object Storage page. Use the credentials from your SoftLayer account when you configure the storage pool.
  • IDENTITY: username
  • CLOUDURL: public_authentication_endpoint

How to configure cloud container storage pool

Once you have the above required information, you can configure the cloud container storage pool by using both Operations Center and the command-line interface. However, the preferred way to define and configure a cloud-container storage pool is to use the Operations Center as it will be easier to configure and manage. Please watch the below video to understand how to do this. 

Also Read: How to restore damaged files in a primary storagepools from replication server automatically

If you want to do it in a command line, use DEFINE STGPOOL command to configure cloud container storagepool in a cloud services platform.
How to configure cloud container storage pool

CLOUDType parameter specifies the type of cloud environment where you are configuring the storage pool. You can specify any one of the following values explained above. If you define a storage pool as using S3 with this parameter, you cannot later change the storage pool type by using the UPDATE STGPOOL command. If you do not specify the parameter, the default value SWIFT will be used.
CLOUDUrl specifies the URL of the cloud environment where you are configuring the storage pool. 
IDentity specifies the user ID for the cloud that is specified in the STGTYPE=CLOUD parameter. Based on your cloud provider, you can use an Access Key ID, a user name, a tenant name and user name, or a similar value for this parameter. 
PAssword specifies the password for the cloud that is specified in the STGType=CLoud parameter. Based on your cloud provider, you can use a Secret Access Key, an API Key, a password, or a similar value for this parameter.
CLOUDLocation specifies the physical location of the cloud that is specified in the CLoud parameter. You can specify OFFPREMISE or ONPREMISE if you have your own cloud setup. The default value is OFFPREMISE.
BUCKETName pecifies the name for an S3 bucket or a Cleversafe vault to use with this storage pool, instead of using the default bucket name or vault name. This parameter is optional, and is valid only if you specify CLOUDTYPE=S3

For example
define stgpool cloud_stg stgtype=cloud cloudtype=softlayer cloudurl=http://123.456.789:5000/ identity=admin:admin password=password 

Please watch the below video to configure cloud container storagepool on Amazon S3 platform by using operations center. You can use the same steps for other cloud platforms as well.

TSM Tape Library related Interview Questions and Answers

This is the continuation for the previous post IBM Spectrum Protect Basic Interview QuestionsIf you need to learn IBM Spectrum Protect freely visit the page Tivoli Storage Manager Tutorials
TSM Interview Questions

16) Common reasons for Tape Library issues ?
Check if 
  • Has the o/s changed.
  • Has the host bus adaptor Or scsi adapter connecting to the device updated or replaced.
  • Has the adapter  firmware changed
  • Has the cabling between the computer and device changed
  • Are any of the cable connections loose
  • Has the device driver changed

17) What to do if drive goes offline ?

Try to make it online using update drive command

Update drive libraryname  drivename  online=yes.

If it is not coming to online then do power cycling means power on/off.

18) How to check the actlog for hardware errors ?

      Run the follwoing command to find the hardware and tape drive errors

      q actlog se=hardware begind=-1

19)  What to u do when the drive paths are offline?

Update the drive path by using

Update path sourcename destinationname sourcetype=server destinationtype=drive library=libraryname  online=yes

20) How to define a library ?

define libray libraryname  libtype=scsi shared=yes/no  
define drive libraryname drivename

21) How to define a path for library ?

define path sourcename  destinationname sourcetype=server  destinationtype=library device=devicename

22) How to define drive ?

define drive libraryname drivename  online=yes/no

23) How to define drive path ?

define path sourcename destinationname sourcetype=server  destinationtype=drive library=libraryname device=device name

24) How to checkin tapes into library?

checkin libvol libraryname volumename  search=no/yes/bulk  status=private/scratch checklabel=yes

Yes: server searches inside the library for volumes that are to be checked in.
Bulk: server searches for the library I/o ports  that are to be checked in automatically.

25) How to checkout tapes from library ?

checkout libvol libraryname volumename  remove=yes/no/bulk.

26) How to Label a volume ?

label libvol libraryname volumename checkin=scratch labelsource=barcode  checklabel=yes/barcoede  search=yes/no/bulk

27) How to define a device class ?

define deviceclass deviceclassname  devicetype=file directory=/filedev/  maxcapacity=sizeinmb (if it is a file device class)

define deviceclass deviceclassname  devicetype=lto  libr=libraryname (if it is a Tape device class)

28) How to audit library ?

audit library libraryname checklabel=barcode/yes

If checklabel=barcode, then it will audit by using only checking barcode labels, if you specify YES, it will read the inside the label of each tape volume in order to audit the library.

29) How to Audit volume ?

audit volume volumename fix=yes/no

If you use fix=yes, then TSM will delete the data which is corrupted and if you use fix=no, TSM will only report the damaged data information but will not delete it.

30) what will u do when the library is full ?
  • First check  if all the DR volumes are checked out from the library and sent to offsite by using command

                            q drmedia  *  where state=mountable
  • Otherwise use move data command to move the data manually.
  • Start reclamation and see if it generates any scratch tapes.
  • Check out all the primary storage tapes with status=FULL to make room for  scratch tapes. 

How to install and configure Data Protection for VMware V8.1 - Video Tutorial

Data Protection for VMware includes several components which you can install to protect your virtual environment. Before installing Tivoli Storage Manager for VE to protect your VMware infrastructure, you need to plan and decide how many Data Protection for VMware vSphere GUI's are required based upon your size of your environment. Depending on the operating system environment, the following Data Protection for VMware features are available for installation.

1) IBM Spectrum Protect recovery agent
This component provides virtual mount and instant restore capabilities.

2) Recovery agent command-line interface
The command-line interface used for mount operations.

3) Data Protection for VMware enablement file
This component enables IBM Spectrum Protect to run the following backup types:
  • Incremental-forever incremental backup
  • Incremental-forever full backup
This component is required for application protection. If you offload backup workloads, this file must be installed on the vStorage Backup Server.

See Screenshots: How to install TSM for Virtual Environment ?

4) Data Protection for VMware vSphere GUI
This component is a graphical user interface (GUI) that accesses VM data on the VMware vCenter Server. 

5) File restore GUI
This component is a web-based GUI that enables you to restore files from a VMware virtual machine backup without administrator assistance. The GUI is installed automatically when the Data Protection for VMware GUI is installed. It is enabled through the configuration wizard.

6) Data mover
The IBM Spectrum Protect data mover moves data for Data Protection for VMware. This functionality is referred to as the data mover. The data mover moves data from the virtual environment to the IBM Spectrum Protect server. When you install the data mover on a server, the server can be used as a vStorage backup server. You can install the data mover
on the same system as Data Protection for VMware or on another server.

Also Read: Different types of VM backups through BA Client command line

Watch the below 3 videos to understand the components of Data Protection for VMware V8.1 and the steps to be followed for installing and configuring the Data Protection for VMware V8.1 software.

New features in IBM Spectrum Protect for Virtual environment V8.1.0 for easy administration by VMware users.

The IBM Spectrum Protect for Virtual environment V8.1.0 comes with an advanced features which optimize the backup, restore administrative tasks performance. Data Protection for VMware works with the Tivoli Storage Manager backup-archive client which is installed on the vStorage Backup server  to complete full and incremental backups of VMs. The new version of IBM Spectrum Protect for Virtual environment comes with an extension in the VMware vSphere Web Client API which offers new and enhanced features which are explained below.

1) It provides new options for restoring VMs
The Restore a Virtual Machine wizard provides many expanded features that enable you to
  • Select the backup that you want to use for the restore operation using a calendar interface.
  • Choose the restore type: restore, instant restore, or instant restore with instant access.
  • Restore all virtual disks in a VM or just selected disks.
  • Select the datastore for the restored VM.
  • Select the data mover or mount proxy that you want to use for the restore operation.
Also Read: Taking Virtual Machines backup through CMD & GUI

2) Setting at-risk policies for VMs
VMs can be at risk of being unprotected because of failed or missed backup operations. You can set a policy for a VM that specifies if or when the VM is shown as at-risk if a backup operation does not occur in a specified time interval.

3) Easy viewing of backup information for VMs at the object level
You can view the most recent backup information for all VMs that are in the following vSphere objects. For each VM, you can view information such as the risk status, completion date, duration, and size of the backup.
  • Datacenter
  • Folder (host, cluster, and VM)
  • Host
  • Host Cluster
  • Resource Pool

4)  Data protection tags for tagging support
New data protection tags are added to help you manage virtual machine backup operations with the IBM Spectrum Protect extension in the VMware vSphere Web Client. In addition to using tags to exclude virtual machines from scheduled backup operations and assign retention or management classes, introduced in V7.1.6, you can assign the new tags to vSphere inventory objects to do the following tasks:
  • Include virtual machines in scheduled backup operations
  • Assign a data mover to a virtual machine
  • Specify a list of virtual disks to back up
  • Assign a backup schedule to virtual machines in a container
  • Specify the data consistency to achieve for snapshot attempts during virtual machine backup operations
  • Provide application protection to virtual machines that run Microsoft SQL Server or Microsoft Exchange Server software
5) Set a default data mover for tagging
You can set a default data mover for protecting virtual machines in vSphere inventory objects that are tagged with data protection tags. New virtual machines that are added to the tagged container and are protected by a schedule but do not have a data mover tag are backed up by the default data mover.

6) VMs can be added to a backup schedule by using the IBM Spectrum Protect extension
You can select a backup schedule for VMs from the IBM Spectrum Protect extension in the VMware vSphere Web Client. The backup schedule specifies how often and when to automatically back up the VMs in a vSphere inventory object.

7) Enhancements for backup and restore performance for VMs
The following enhancements were made for backup and restore operations:
  • Optimized backup operations for multiple virtual disks by using parallel sessions, one session for each virtual disk.
  • Optimized backup operations for a single virtual disk by using parallel sessions, multiple sessions for each virtual disk.
  • Optimized recovery operations for single virtual disk by using multiple sessions, multiple sessions for each virtual disk.
  • Updated the common data format to reduce the number of objects that are stored on the IBM Spectrum Protect server for larger virtual disk sizes.
The following options were added:

The vmmaxbackupsessions option specifies the maximum number IBM Spectrum Protect server sessions that move VM data to the server that can be included in an optimized (parallel) backup operation.

The Vmmaxrestoresessions option specifies the maximum number IBM Spectrum Protect server sessions that can be included in a restore operation for a virtual disk.

The following video will introduce you the new features in V8.1.0 which will ease the backup and restore tasks for VMware administrators.

Follow these 10 tips to secure your IT backup infrastructure (Spectrum Protect)

Today, most of the IT data centres are affected by the modern and intelligent malware and viruses in some or the other form. This can be due to the negligence of the employees or inappropriate security systems that are implemented. Currently we have a new type of data theft strategies such as  RasomWare implemented by cyber attackers to steal the business critical information. This RasomWare cyber attack, have plagued many of the todays organizations inspite of the stringent security policies.

These attacks have prompted 90% of the organizations to review the way that their data protection infrastructure is managed, and to look at how they can secure their backup environments even further. And also as a backup specialist, we should also take extra care to make sure the data which is backed-up to tape or to the cloud is secure enough from the modern day cyber attacks. 

Also Read: Use these 3 methods to fix the slow and long running incremental or full backups 

To address these kind of cyber attacks, IBM recommends the below 10 security tips to implement in your backup infrastructure to prevent data theft in any form. The below video from IBM Spectrum Protect storage specialist describes the current exposure many organizations backup solutions have, and discusses methods to reduce their security exposure. It proposes solutions to further protect the data protection core components so they, themselves, are not destroyed along with the primary data.

The below video will cover how to:
  • Harden the Spectrum Protect server hosts

  • Protect Spectrum Protect servers against RansomWare and other Malware
  • Secure the communication pathways
  • Secure Spectrum Protect administration 
  • Secure Spectrum Protect client nodes
  • Use all support and alerting tools available to you and apply Flashes
  • Follow strong testing and currency policies
  • Validate Data Protection and DR Services
  • Make the Protect Server infrastructure easier to manage reliably
  • Make the Protect Clients easier to manage reliably
The below video also covers how the security settings are configured in many TSM servers today and the different types of Security models offered by IBM Spectrum Protect which can be implemented in your backup setup.

Also Read: IBM Spectrum Protect V8 new features