Networker backup and DD6900 storage

Dell EMC Data Domain (DD) storage and EMC NetWorker backup software provide various features for data protection, including data encryption and the ability to create immutable backups, but the implementation of these features can vary depending on the specific versions and configurations of the products. Here's some information on how you can enable immutable storage/backups and full volume encryption:

1. Immutable Storage/Backups:

   • Immutable backups, also known as "write once, read many" (WORM), are designed to protect data from modification or deletion for a specified retention period. This can be crucial for compliance and data integrity purposes. Data Domain systems support WORM functionality.

   • To enable immutable backups on a Data Domain system, you typically need to:

     • Configure and enable WORM settings on the Data Domain system through the Data Domain Management Center (DDMC) or the command-line interface.
     • Set the retention period for which the data should remain immutable.

   • The process may vary depending on the specific Data Domain model and software version you are using. Refer to the official Dell EMC documentation or consult with Dell EMC support for detailed instructions on enabling immutable backups on your Data Domain system.

2. Full Volume Encryption:

   • Data Domain also supports encryption for data at rest. Full volume encryption ensures that data stored on the Data Domain system is protected from unauthorized access even if physical disks are removed from the system.

   • To enable full volume encryption on a Data Domain system, you typically need to:

     • Configure encryption settings within the Data Domain Management Center (DDMC) or through the command-line interface.
     • Generate and manage encryption keys.

   • Follow the instructions provided in the official documentation for your specific Data Domain model and software version to set up full volume encryption.

3. NetWorker Integration:

   • EMC NetWorker, now known as Dell EMC NetWorker, is compatible with Data Domain for backup and recovery operations. NetWorker can work in conjunction with Data Domain to manage backups, including immutable backups and encrypted backups.

   • To use NetWorker with Data Domain for immutable backups or encryption, you generally need to configure NetWorker policies and settings accordingly. For example, when creating a NetWorker policy, you can specify retention settings for immutable backups.

   • Ensure that you configure NetWorker to work seamlessly with Data Domain's WORM and encryption features.

It's essential to consult the documentation provided by Dell EMC for your specific versions of Data Domain and NetWorker to understand the exact steps and options available for enabling immutable backups and encryption. Additionally, consider reaching out to Dell EMC support for assistance and guidance tailored to your environment's requirements and configurations.

for immutability using a data domain, you would be looking into retention lock, a feature that needs to be licensed on the data domain end and then configured on DD and within NW.

retention lock compliancy mode cannot be undone, unlike retention lock governance mode. so with physical dd's you'd more likely to use compliance mode. up until recently DDVE only supported governance mode retention lock, but I believe from ddos7.10 or so onwards it also offers compiance mode when hosted on-prem. The thing is, that if one has access to the hypervisor, one could " simply" delete the DDVE vm and regardless of the immutability, all backup data would be gone...

So first you would need to configure retention lock on the DD, with a license for either retention lock and specify the range within which the retention period is allowed to fall, then NW can use a retention lock period within that range. for example on DD you could set the retention lock range lying between 12h and 1 month, and then configure NW workflows to use 1 week. You might not want to set it too high as when making a mistake, you cannot undo it when using compliance mode. So might wann be on the safe side. Anyways it is more likely needing a recent backup than a very old backup (often only made for compliancy reasons and often never used).

https://www.dell.com/support/manuals/en-us/networker/nw_p_ddboostdedup_integration/dd-retention-lock?guid=guid-ccfa6452-91f3-4e81-97cb-5b2b935052a4&lang=en-us

"Requirements

Review the following requirements for enabling DD Retention Lock:

- The NetWorker Server and storage node version must be NetWorker 19.7.

- The minimum DDOS version required when using the DD Retention Lock feature is DDOS 6.2. The minimum DD Boost version is 3.4.

         - Retention Lock must be licensed on the Data Domains.

         - When using Compliance, the Data Domain must be configured for Compliance (which requires rebooting the Data Domain) prior to creating any Retention Lock devices.

- Workflows that contain Data Domain Retention Lock enabled save sets require a separate destination pool. The pool cannot contain a mixture of Retention Lock and non-Retention Lock enabled Data Domain devices.

- The Data Domain devices storing primary and cloned backups with DD Retention Lock enabled cannot be labelled or deleted. Disk space utilization issues result on the Data Domain system.

- The Data Domain Retention Lock feature is only supported only for DD Boost instances.

- All configuration changes must be performed from NetWorker. Any configuration changes from the Data Domain device will not be reflected in NetWorker."

No idea why it states nw19.7 being needed, as earlier versions also supported it. It is not just only stating the version of the manual as the nw19.9 guide also states nw19.7 as minimum?

https://www.dell.com/support/manuals/en-us/networker/nw_p_ddboost_int_guide_19.9/dd-retention-lock?guid=guid-ccfa6452-91f3-4e81-97cb-5b2b935052a4&lang=en-us

I can provide information about Networker backup and Data Domain storage, but please note that software and hardware capabilities may have evolved since then.

1. Data Domain Storage: Data Domain appliances are known for their data deduplication and backup storage capabilities, but they may not inherently provide immutable storage or full volume encryption. However, Data Domain does offer certain features and capabilities that can help enhance data security and protection:

   • Replication: Data Domain appliances often support replication to a remote Data Domain system. By replicating backups to a secondary system in a remote location, you can create an additional layer of data protection.

   • Encryption: Data Domain typically supports data encryption at rest. You can enable encryption for data stored on the Data Domain appliance to protect it from unauthorized access.

   • Data Retention Policies: You can configure data retention policies to control how long backups are retained, which can help protect against accidental or malicious data deletion.

   To implement immutable storage on Data Domain, you may need to integrate it with other solutions or practices, such as creating retention locks or using third-party tools that provide immutable storage features.

2. Networker Backup Software: EMC Networker (now owned by Dell Technologies) is backup and recovery software. Like Data Domain, Networker itself may not inherently provide immutable storage or full volume encryption for backups. However, it can work in conjunction with storage systems like Data Domain to enhance backup security:

   • Encryption: Networker often supports backup data encryption in transit and at rest. You can configure encryption settings to protect your backup data.

   • Retention Policies: Networker allows you to define backup retention policies, ensuring that backups are kept for a specified period, which can help protect against data deletion.

   • Integration with Immutable Storage: To implement immutable storage for backups, you would typically need to integrate Networker with storage solutions or features that offer immutability. This may involve using features like write-once, read-many (WORM) technology or implementing retention locks in your storage infrastructure.

Please consult the latest documentation for Networker and Data Domain to determine their current capabilities regarding immutable storage and full volume encryption. It's also a good practice to stay up to date with security best practices and consider additional security measures, such as access controls, network security, and monitoring, to protect your backup data effectively.

Regards!

Richard...