- Notes, cautions, and warnings
- Preface
- Getting Started
- System Maintenance
- Deploying and maintaining the health of PowerProtect Data Manager
- Deploying and updating PowerProtect Data Manager
- Licensing PowerProtect Data Manager
- Specifying the PowerProtect Data Manager host
- Memory optimization
- Restricted mode
- System support
- Configuring SupportAssist for PowerProtect Data Manager
- Telemetry Collector
- CloudIQ reporting
- Set up the email server
- Add AutoSupport
- Enabling automatic update package checks and downloads
- Add a log bundle
- Audit logging and monitoring system activity
- Monitor system services and system health
- Access the open source software package information
- Security certificates
- Restarting PowerProtect Data Manager
- System maintenance troubleshooting
- Managing Storage
- Protection storage
- Storage units
- Differences in storage system and storage unit space reporting
- Monitoring storage capacity thresholds
- Using the PowerProtect Search Engine
- Managing Assets
- Managing Protection Policies
- Protection policies
- Before you create a protection policy
- Adding or editing a protection policy
- Overview of PowerProtect Data Manager Cloud Tier
- Manual backups of protected assets
- Manual replication of protected assets
- Manual Cloud Tiering of protected assets
- Viewing a summary of protection policies
- Extended retention (for protection policies created in PowerProtect Data Manager 19.11 and earlier)
- Delete backup copies
- Removing expired backup copies
- Removing assets from PowerProtect Data Manager
- Run an asset-protection report
- Disable a protection policy
- Delete a protection policy
- Add a service-level agreement
- Run a compliance report
- Protecting client assets after a client hostname change
- ifGroup configuration and PowerProtect Data Manager policies
- Restoring Data and Assets
- Preparing for and Recovering From a Disaster
- About server disaster recovery
- System recovery for server DR
- Server DR protection storage types
- Automatic server DR
- Prepare the DD system recovery target (NFS)
- Manually configure server DR backups
- Record settings for server DR
- Manage PowerProtect Data Manager server DR backups
- Restore PowerProtect Data Manager from server DR backups
- Change the IP address or hostname of a DD system
- Troubleshooting NFS backup configuration issues
- Troubleshoot recovery of PowerProtect Data Manager
- Recover a failed PowerProtect Data Manager restore
- Disable server DR backups
- Quick recovery for server DR
- Overview of PowerProtect Data Manager Cloud Disaster Recovery
- Managing Alerts, Jobs, and Tasks
- Configure Alert Notifications
- View and manage alerts
- View and manage Audit Logs
- Monitoring jobs and tasks
- Restart a job or task manually
- Restart a job or task automatically
- Resume misfire jobs after a PowerProtect Data Manager update
- Cancel a job or task
- Exporting logs
- Limitations for alerts, jobs, and tasks
- Modifying the System Settings
- System settings
- Modifying the PowerProtect Data Manager virtual machine disk settings
- Configure the DD system
- Virtual networks (VLANs)
- Syslog server disaster recovery
- Troubleshooting the syslog connection
- Managing Reports
- PowerProtect Data Manager reporting
- Port requirements
- Server requirements
- Known issues with the reporting engine and Report Browser
- Configure and deploy the reporting engine
- Updating the reporting engine from version 19.10
- Report Browser
- Deleting the reporting engine
- Managing disaster recovery of the reporting engine
- Configuring and Managing the PowerProtect Agent Service
- – Glossary of Acronyms –
- AAG: Always On availability group
- ACL: access control list
- AD: Active Directory
- AKS: Azure Kubernetes Service
- ARM: Azure Resource Manager
- API: application programming interface
- AVS: Azure VMware Solution
- AWS: Amazon Web Services
- AZ: availability zone
- BBB: block-based backup
- CA: certificate authority
- CBT: Changed Block Tracking
- CDC: change data capture
- CIFS: Common Internet File System
- CLI: command-line interface
- CLR: Common Language Runtime
- CN: common name
- CPU: central processing unit
- CR: custom resource
- CRD: custom resource definition
- CSI: container storage interface
- CSV: Cluster Shared Volume
- DAG: database availability group
- DA: database administrator
- DBID: database identifier
- DDMC: DD Management Center
- DDOS: DD Operating System
- DDVE: DD Virtual Edition
- DFC: DD Boost over Fibre Channel
- DNS: Domain Name System
- DPC: Data Protection Central
- DRS: Distributed Resource Scheduler
- DR: disaster recovery
- DSA: Dell security advisory
- EBS: Elastic Block Store
- EC2: Elastic Compute Cloud
- eCDM: Enterprise Copy Data Management
- ECS: Elastic Cloud Storage
- EKS: Elastic Kubernetes Service
- ENI: Elastic Network Interface
- EFI: Extensible Firmware Interface
- EULA: end-user license agreement
- FC: Fibre Channel
- FCD: first class disk
- FCI: failover cluster instance
- FETB: front-end protected capacity by terabyte
- FLR: file-level restore
- FQDN: fully qualified domain name
- FTP: File Transfer Protocol
- GB: gigabyte
- Gb/s: gigabits per second
- GCP: Google Cloud Platform
- GCVE: Google Cloud Virtual Edition
- GID: group identifier
- GLR: granular-level restore
- GUI: graphical user interface
- GUID: globally unique identifier
- HA: High Availability
- HANA: high-performance analytic appliance
- HTML: Hypertext Markup Language
- HTTP: Hypertext Transfer Protocol
- HTTPS: Hypertext Transfer Protocol Secure
- IAM: identity and access management
- IDE: Integrated Device Electronics
- IP: Internet Protocol
- IPv4: Internet Protocol version 4
- IPv6: Internet Protocol version 6
- KB: kilobyte
- LAC: License Authorization Code
- LAN: local area network
- MB: megabyte
- ms: millisecond
- MTU: maximum transmission unit
- NAS: network-attached storage
- NBD: network block device
- NBDSSL: network block device over SSL
- NDMP: Network Data Management Protocol
- NFC: Network File Copy
- NFS: Network File System
- NIC: network interface card
- NTFS: New Technology File System
- NTP: Network Time Protocol
- OS: operating system
- OSS: open-source software
- OVA: Open Virtualization Appliance
- PCS: Protection Copy Set
- PDF: Portable Document Format
- PEM: Privacy-enhanced Electronic Mail
- PIN: personal identification number
- PIT: point in time
- PKCS: Public Key Cryptography Standards
- PSC: Platform Service Controller
- PVC (cloud computing): private virtual cloud
- PVC (Kubernetes): Persistent Volume Claim
- RAC: Real Application Clusters
- RAM: random-access memory
- RBAC: role-based access control
- ReFS: Resilient File System
- REST API: representational-state transfer API
- RHEL: RedHat Enterprise Linux
- RMAN: Recovery Manager
- RPO: recovery-point objective
- RSA: Rivest-Shamir-Adleman
- S3: Simple Storage Services
- SaaS: software as a service
- SAP: System Analysis Program Development
- SCSI: Small Computer System Interface
- SDDC: software-defined data center
- SELinux: Security-Enhanced Linux
- SFTP: Secure File Transfer Protocol
- SLA: service-level agreement
- SLES: SuSE Linux Enterprise Server
- SLO: service-level objective
- SPBM: Storage Policy Based Management
- SQL: Structured Query Language
- SRS: Secure Remote Services
- SSD: solid-state drive
- SSH: Secure Shell
- SSL: Secure Sockets Layer
- SSMS: SQL Server Management Studio
- SSVs: System Stable Values
- TB: terabyte
- TCP: Transmission Control Protocol
- TDE: Transparent Data Encryption
- TLS: Transport Layer Security
- TPM: Trusted Platform Module
- TSDM: Transparent Snapshot Data Mover
- T-SQL: Transact-SQL
- UAC: user account control
- UDP: User Datagram Protocol
- UI: user interface
- UID: user identifier
- UTC: Coordinated Universal Time
- VADP: VMware vStorage APIs for Storage Awareness
- VBS: virtualization-based security
- VCF: VMware Cloud Foundation
- vCLS: vSphere Cluster Service
- VCSA: vCenter Server Appliance
- vCSA: vCenter Server Appliance
- VDI: Virtual Device Interface
- vDisk: virtual disk
- vDS: virtual distributed switch
- vFRC: Virtual Flash Read Cache
- VGT: Virtual Guest Tagging
- VIB: vSphere Installation Bundle
- VLAN: virtual LAN
- VM: virtual machine
- VMC: VMware Cloud
- VMDK: virtual machine disk
- VNet: virtual network
- VPC: virtual private cloud
- vRSLCM: vRealize Suite Lifecycle Manager
- VST: Virtual Switch Tagging
- vTPM: Virtual Trusted Platform Module
- VVD: VMware Validated Design
- vVol: virtual volume
- WAN: wide area network
PowerProtect Data Manager 19.12 Administration and User Guide
Retention locking
Retention locking prevents the deletion or alteration of data on a protection storage system for a specified period. PowerProtect Data Manager supports both governance mode and compliance mode retention locking for backups and replicas.
The PowerProtect DD documentation provides more information about each retention lock mode, including the differences between modes. Retention locking requires enablement and licensing on the protection storage system before use with PowerProtect Data Manager.
Retention locking is a two-stage process:
- Create a storage unit on which you configure the appropriate retention lock mode. Configuration enables but does not activate retention locking.
- Configure protection policies that both target this storage unit and activate retention locking. Toggling the retention lock setting for a protection policy activates retention locking in accordance with the configuration of the selected storage unit.
Once set, you cannot change the retention lock mode on a storage unit. To use a different retention lock mode with a protection policy, target a different storage unit. The original retention lock mode persists for existing backups or replicas that were created before the change.
The choice of retention lock mode may impact which protection policies can share a storage unit. Consider the retention lock settings when you design your storage unit architecture.
Compliance mode
Observe the following details before you configure or activate compliance mode retention locking:
- Compliance mode requires DDOS 7.10 or later. Earlier versions support only governance mode.
- Compliance mode requires the security officer credentials for the associated protection storage system. PowerProtect Data Manager does not store the security officer credentials.
- The Storage Direct agent for Storage Data Management does not support compliance mode.
- The option to create a storage unit through the selection drop-down list during protection policy configuration does not support compliance mode, only governance mode. To use compliance mode, create and configure a storage unit before you configure an associated protection policy.
- Deleting a storage unit with compliance mode enabled requires the security officer credentials for the associated protection storage system.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\