- Notes, cautions, and warnings
- Preface
- PowerProtect Data Manager for Network Attached Storage Overview
- Managing Assets and Protection
- About NAS protection
- Enable the NAS asset source
- Add a NAS appliance
- Add a NAS share
- Edit or delete a NAS asset source
- Deploy a protection engine for NAS asset protection
- Add a centralized protection policy for NAS assets
- Restore a NAS asset to the original location
- Restore a NAS asset to an alternate location
- NAS file level restore using File Search
- Protection engine parameters
- Determine protection engine usage for a protection job
- Change the protection engine Docker network range
- Network Attached Storage Best Practices and Troubleshooting
PowerProtect Data Manager 19.10 Network Attached Storage User Guide
Prerequisites
Before you configure PowerProtect Data Manager for NAS protection, observe the following points and perform the following actions:
- Ensure that there are sufficient vCenter resources available to deploy a NAS protection engine. Resource requirements for a NAS protection engine provides more information.
- Open the required ports between all components, including the NAS. The
PowerProtect Data Manager Security Configuration Guide provides more information and instructions.
For example, Windows file servers require an outbound rule to allow traffic on ports 139 and 445. Modify the firewall to open these ports.
- NAS protection engines require time synchronization with PowerProtect Data Manager for deployment and operation. Configure an NTP server. In the time configuration options for each ESXi server, enable the NTP client and ensure that the NTP service is running.
- Configure PowerProtect Data Manager. Configure PowerProtect Data Manager for NAS protection provides more information.
Appliance protection
The following prerequisites apply for Isilon/PowerScale appliances:
The Isilon OneFS Web Administration Guide and Isilon OneFS CLI Administration Guide provide more information and instructions, where not otherwise indicated here.
- Enable basic authentication. Enable Isilon/PowerScale basic authentication provides instructions.
-
Create a NAS protection user in the System access zone with both of the following roles:
BackupAdmin and
SystemAdmin.
The NAS protection user needs read/write Windows ACL NTFS and share permissions.
Supply the NAS protection user credentials as the management credentials when you add the NAS appliance, when you add CIFS shares to a protection policy, and when you set asset level credentials.
-
Some required paths are not shared by default.
- To protect CIFS shares, create a CIFS share for
/ifs with the name
ifs.
Provide full access for the NAS protection user. For added security, you can limit access to only the NAS protection user.
- To protect NFS shares, export
/ifs/.snapshot, and select the options to enable mount access to subdirectories and not map root users. Ensure that read-only permission is set to No.
Add the NAS protection engine and PowerProtect Data Manager by hostname, FQDN, or IP address as clients, root clients, and read/write clients to the NFS export.
- To protect CIFS shares, create a CIFS share for
/ifs with the name
ifs.
- For NFS shares, add clients to the exports for other shares, as required. Files with restricted permissions provides more information.
- For NFS shares, change the global settings to enable NFS export services. Enable NFSv3 or NFSv4, as required.
-
For SMB shares, configure the following settings in the PowerScale UI SMB server settings area:
Table 1. Isilon/PowerScale SMB settingsIsilon/PowerScale SMB settings Setting Value Visible at Root Yes Accessible at Root Yes Visible in Subdirectory No Accessible in Subdirectory Yes
Notes
- A trial license is provided with the PowerProtect Data Manager software. Data Protection Suite Applications, Backup, and Enterprise customers can contact Licensing Support for assistance with a permanent PowerProtect Data Manager license.
- If you specify a hostname or fully qualified domain name (FQDN) with an underscore (_), then communication happens by IP address, as provided during registration.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\