Creating a Protected Group for NAS File Systems

Prerequisites

• At least one Air Gap network isolation area has been created.
• At least one storage device has been added.
• The standby storage array at the Air Gap site is Dorado 6.1.3 or later or OceanProtect X8000 1.2.0 or later.
• Air Gap remote devices support only Fibre Channel and iSCSI links and do not support RoCE links.

Context

Protected objects in a protected group must reside on the same storage device.

Procedure

1. In the menu bar, Choose Protection.
2. Click Create.
3. Select a protected object type.
   1. Select Owning Site and Storage Array.
   2. Select the file systems that you want to protect.

      Set Available File System to vStore or File system.

      

      If Available File System is set to vStore, you need to disable synchronization sharing and authentication when creating a remote replication tenant pair.

4. Click Next.
5. Set a protection policy.

   The system automatically matches supported protection policies. Select a policy based on your data protection solution.

   Click Settings. In the Set Protection Policy dialog box, set the protection policy.

   • For the Air Gap Backup (NAS) protection policy, perform the following operations:
     1. In the Quick Backup area of the Policy page, click Set to set the protection policy for the protected group.
     2. Click Enable Quick Backup and select Backup Type.
        • HyperCDP
        • Common snapshot
          

          If you have purchased the HyperCDP license, you are advised to use the secure snapshot function.

     3. (Optional) Enable Security Snapshot.
        

        • Both HyperCDP and common snapshots support secure snapshots for NAS file systems.
        • Based on the read-only snapshot technology, you can set the copy expiration time to prevent copies from being deleted by mistake or maliciously deleted. Copies cannot be deleted using the DR management system before they expire.
        • If Secure Snapshot is enabled, expired snapshots will be automatically deleted from DeviceManager.
     4. (Optional) Enable Grace Period Mode.
        

        • If a protection plan is not completed within the specified port time window or protected group execution period, the system does not stop the protection task.
        • If Grace Period Mode is enabled for a protected group and a protected group task is being executed at the time when the periodic task of the protected group is triggered, the periodic task will not be executed.
        • If the grace period mode is enabled for a protected group, the current protected group task is still restricted by the timeout period. By default, the timeout period of a protected group task is 12 hours, you can modify the array.sync.monitor.timeout configuration item in the /opt/BCManager/Runtime/LegoRuntime/conf/lego.properties configuration file to change the timeout period of a protected group task. For example, if the timeout period of a protected group task is set to 1 hour, the corresponding configuration item is array.sync.monitor.timeout=3600. Restart eReplication for the modification to take effect.
     5. Click the Scheduling Policy tab. In the Time Policy area, set the time policy for the protected group. Table 1 lists the related parameters.

        

        Table 1 Time policies

        Time Policy	Description
        On-demand scheduling	Manually starts protection jobs.
        Period-based scheduling	Automatically starts protection jobs based on a period set by the system. NOTE: To ensure data consistency, the execution timetable for a protection group policy template must be set. You are advised to set the execution time to off-peak hours. Jobs can be executed at multiple time points of a day, a week, or a month. Alternatively, at a specific time segment of a day, a week, or a month with a fixed frequency. It is recommended that the starting time of the validate period is set to a time later than the completion of the initial synchronization. If daylight saving time (DST) is enabled on the eReplication management server, a DR protection job whose trigger time point falls within the DST shift period cannot be executed at the scheduled time. Details are as follows: (UTC-08:00) Pacific Time (United States and Canada) is used as an example. The DST starts at 2016-03-12 02:00:00, and ends at 2016-11-06 02:00:00. If the start time of the protection policy falls within the first hour (2016-03-12 02:00:00 to 03:00:00) after the DST starts, for example, 2016-03-12 02:30:00, the protected group will be automatically executed with a delay of one hour, that is 2016-03-12 03:30:00. If the start time of the protection policy falls with the last hour (2016-11-06 01:00:00 to 02:00:00) before the DST ends, for example, 2016-11-06 01:30:00, the protected group will be executed after the DST ends for half an hour. The minimum interval for executing a security snapshot is 15 minutes. In periodic scheduling scenarios, security is preferred by default. If the execution time of a protection job exceeds the port time window and execution time window, storage replication is interrupted. When the execution time window is earlier than the execution time of the protection plan, the protection plan fails to be executed.

     6. When the Scheduling Policy is set to Period-based scheduling, in the Expected RPO area, if you select Enable RPO Requirement Satisfaction Check, the actual RPO will be checked against the configured RPO. If the actual RPO exceeds the expected RPO, the system generates an alarm, indicating that the RPO requirement is not satisfied.

        

        Expected RPO can be set to 0 to 31 days, 0 to 23 hours, and 5 to 59 minutes.

        

        If days and hours are not set, the Expected RPO is 15 minutes by default.

     7. Click the Reservation Policy tab and set the copy validity period, latest copy, and copy retention policy. For details about the related parameters, see Table 2.
        Figure 1 Enabling the Security Snapshot Retention Policy
        
        Figure 2 The Security Snapshot retention policy is not enabled.
        

        Table 2 Retention policies

        Retention Policy	Description
        Copy validity period	This parameter is displayed when the backup type is secure snapshot. The value of Daily Copy ranges from 1 to 7300, and the default value is 1. The value of Monthly Copy ranges from 1 to 240, and the default value is 1. The value of Yearly Copy ranges from 1 to 20, and the default value is 1.
        Latest duplicate	The number of duplicates cannot exceed the maximum number of snapshots that can be taken for a storage resource.
        Duplicate retention	The duplicate retention policy defines the retention policy of duplicates generated during the protected group protection. When the system starts duplicate maintenance, expired and invalid duplicates will be deleted based on the duplicate retention policy. By default, the time to maintain duplicates is the 39th minute of every hour. You can set the minimum number of duplicates to be retained. The system will not delete valid duplicates until the number of invalid duplicates exceeds the minimum number of duplicates you set. The value range for a daily policy is 0–365. The default value is 0, meaning to retain no duplicates. The value range for a weekly policy is 0–52. The default value is 0, meaning to retain no duplicates. The value range for a monthly policy is 0–60. The default value is 0, meaning to retain no duplicates. When determining the number of retained duplicates, consider the following: Data importance and DR requirements. If data of the latest five months must be retained, you are advised to set the retention period by month. Available storage space of a storage device. If the available space of a storage device is sufficient, you are advised to retain more duplicates that are more important. NOTE: For example, if the current time is 2017/4/11 08:40:00, configure the protected group as following: Set the execution policy to be performed at every hour exactly. Set the retention policy to keep five latest duplicates, three daily duplicates, two weekly duplicates, and one monthly duplicate. If the protected group is under the automatically scheduled protection for a long time, the duplicates retained are as follows after the duplicate maintenance is complete at the current time: Latest duplicates were generated at: 2017-04-11 08:00, 2017-04-11 07:00, 2017-04-11 06:00, 2017-04-11 05:00, and 2017-04-11 04:00. Daily duplicates are generated at: 2017-04-10 23:00, 2017-04-09 23:00, and 2017-04-08 23:00. Weekly duplicates were generated at: 2017-04-09 23:00 and 2017-04-02 23:00. The monthly duplicate was generated at: 2017-03-31 23:00. NOTE: If the duplicate maintenance is not triggered, or daily, weekly, or monthly duplicate retention is configured, the number of retained duplicates may exceed the number of latest duplicates being retained. If the scheduling time period is second, the copy retention policy is automatically executed by the storage device.

     8. Click Replication Policy tab to set the remote replication rate between storage arrays. Table 3 lists the related parameters.

        

        Table 3 Replication policies

        Replication Policy	Description
        Default configuration	The remote replication rate is the default one set on the storage array.
        Manual configuration	Users can set the remote replication rate for each time segment. Configure the automatic remote replication rate of the storage based on the pre-set replication rate of time period. Select Manual configuration. Click a time color block to modify the replication rate during a time segment.

     9. Click OK.

6. Click Next.
7. Specify Name and Description of the protected group.
   • Name: contains 4 to 32 characters, including letters, digits, hyphens (-), and underscores (_), but cannot start with a hyphen (-).
   • Description: contains 0 to 255 characters.

8. When the Backup (NAS) DR technology is used, if you do not want to manually create a recovery plan for the protected group, select Automatically create a recovery plan after creating protected groups at the lower left corner.
9. Click Finish.
10. Click OK.

Related Operations

• If the protected objects of a protected group or their used storage devices change, on the menu bar, select Resources. Refresh resources or storage devices where the protected objects reside. Then go to the protected group page and refresh protected objects of the protected group by clicking More > Refresh. After the command for refreshing information is sent, you can view details about the command execution in Background Task.
  

  If a recovery plan has been created for a protected group, you can refresh protected objects only when the recovery plan status is Ready or Rollback completed.

• To ensure that information about protected groups is refreshed successfully, you must refresh information about storage devices and hosts at both the production site and DR site.
  

  If a snapshot copy is being used by a recovery plan, the snapshot copy cannot be deleted. To delete such a snapshot copy, wait until the recovery plan finishes clearing.