PowerProtect Data Manager Appliance 5.16.0.0 Network-Attached Storage User Guide

Best practices for adding VLANs

When you assign a network or VLAN at an asset, data communication always occurs between the protection engine and the DD system. However there is no mechanism to specify the network or the VLAN for protection engine to array communication.

The Proxy to NAS Array communication is expected to happen over one of the network interfaces that are discovered as part of the NAS server (Unity or PowerStore) or access zone (in PowerScale). If there is a failure in mounting the share, then the mounting is retried over other network interfaces.

For more information about VLANs, see the PowerProtect Data Manager Appliance Administrator Guide.

• Do not add the network or VLAN on which the PowerProtect Data Manager Appliance is already deployed.
• While adding a network or VLAN, select the network purpose as per the requirement and ensure that only available IPs are added to Static IP Pool. To add a network or VLAN, perform the following:
  1. From the PowerProtect Data Manager Appliance UI, select Infrastructure > Networks. The Networks window appears.
  2. On the Networks window, enter the required information in the Configuration, Static IP Pool, and Routes sections.
  3. Verify the network configuration information in the Summary section, and then click Finish.
• If you want to assign a network or VLAN at an asset level, configure the Data Domain (DD) with those VLANs as per the network purpose whether it is Data/Management/Data for Management Components. To configure DD with the updated network or VLAN, perform the following:
  1. From the PowerProtect Data Manager Appliance UI, select Infrastructure > Storage. The Storage window appears.
  2. On the Storage window, select the Data Domain (DD) that must be updated.
  3. Click More Actions and select Change Network Settings. The Change Network Settings window appears.
  4. Select the network from the Network Name list and click Save.
• You should create protection engines with the newly added VLANs. The existing protection engines cannot be configured with new VLANs.
• You must configure the search nodes for the VLANs. There are three types of networks, Data, Management, and Data for Management components. Whenever a network or VLAN is added with the Data for Management Components option, the search engine has to be added with the new VLAN. To add the new network or VLAN to the search engine, perform the following:
  1. From the PowerProtect Data Manager Appliance UI, select Infrastructure > Search Engine. The Search Engine window appears.
  2. On the Search Engine window, select the search engine for which the VLAN must be added.
  3. Click More Actions and select Edit Networks. The Edit Search Engine Node window appears.
  4. In the Networks Configuration section, select the network from the Preferred Network PortGroup list and click Next.
  5. Verify the network configuration information in the Summary section and click Finish.
• If you have assets that have to be backed up on multiple VLANs, the respective assets should be assigned with the appropriate network or VLAN. To assign a network or VLAN for an asset, perform the following:
  1. In PowerProtect Data Manager Appliance UI, select Infrastructure > Assets > NAS.
  2. Select the asset, click More Actions and select Assign Network. The Assign Network page appears.
  3. Select a network from the Network Label list and click Save.

Limitations

• Adding the existing VLAN allocates two IPs from the same VLAN to PowerProtect Data Manager Appliance and it causes RPF. In detail, when incoming and outgoing packages have different interface, Linux identifies this difference as a potential security issue and blocks communication between the IPs and VLANs. This behavior is known as Reverse Path Forwarding or Filtering (RPF). For example, consider the scenario when PowerProtect Data Manager Appliance has IPs 10.0.10.8 and 10.0.10.10 in the same VLAN or subnet . If another host with IP 10.0.10.9 sends a request to 10.0.10.10, the request reaches 10.0.10.8 due to the different interfaces for incoming and outgoing packages, and the system blocks the communication.
• If an existing default network is added as a new VLAN by selecting Management or Data for Management Components option leads to RPF.
• If PowerProtect Data Manager Appliance has more than one route to the hosts in the same VLAN, it breaks the one-route path principle of the network, which can cause RPF.