Symantec Backup Exec Blueprints 1
Symantec Backup Exec Blueprints Blueprint for Private Cloud Services
Backup Exec Technical Services Backup & Recovery Technical Education Services
Symantec Backup Exec Blueprints 2
Notice
This Backup Exec Blueprint presentation includes example diagrams that contain objects that represent applications and platforms from other companies such as Microsoft and VMware. These diagrams may or may not match or resemble actual implementations found in end user environments. Any likeness or similarity to actual end user environments is completely by coincidence.
The goal of the diagrams included in this blueprint presentation is not to recommend specific ways in which to implement applications and platforms from other companies such as Microsoft and VMware, but rather to illustrate Backup Exec best practices only.
For guidelines and best practices on installing and configuring applications and platforms from other companies, please refer to best practice documentation and other resources provided by those companies.
Symantec Backup Exec Blueprints Preface/disclaimer
• Blueprints Help Customers Avoid Common Challenges/Pitfalls
• Each Blueprint Contains: ‒ Recommended Configuration: Best-practice implementation example
‒ Life Preservers: Best practices and pitfalls to avoid
• Use Blueprints to: ‒ Present the Backup Exec best practice implementation example
‒ Highlight key “life preserver” guidelines to avoid problems
Symantec Backup Exec Blueprints 3
Symantec Backup Exec Blueprints How to use
4
Introduction
Key terms and principles
Symantec Backup Exec Blueprints
Symantec Backup Exec Blueprints 5
Backup Exec 2012 Private Cloud Services Key terms and definitions
Term Definition Backup Exec Private Cloud Services The feature name.
Enterprise Server Option The parent option of the Central Admin Server Option (CASO).
Central administration server The Backup Exec server on which CASO is installed.
Managed Backup Exec server The new name for a managed media server .
Cloud Backup Exec server
The Backup Exec server that is located in the managed service provider’s
data center that hosts the deduplication disk storage.
The Backup Exec server can be a central administration server or a
managed Backup Exec server, depending on configuration.
Deduplication disk storage The disk storage device that is enabled for data deduplication and is
located on the Backup Exec server.
Backup definition A group of options that you select that define the backup selections, the
backup job methods and options, and any stages.
Offsite copy The backup data that is stored on a managed Backup Exec server, then
“copied” to a cloud Backup Exec server.
6
Example Diagrams and Life Preservers
Multitenant cloud Backup Exec server configuration of Private Cloud Services
Symantec Backup Exec Blueprints
Example Diagram: Private Cloud Services Multitenant cloud Backup Exec server configuration
Symantec Backup Exec Blueprints 7
DC/DNS Server
Customer 1 LAN Customer 2 LAN
MSP Data Center LAN
Backup Exec - CAS
Customer 2 Domain Customer 1 Domain MSP Domain
High-level Best Practices Backup Exec servers at customer sites in MSP’s domain
Use transfer drives to seed the cloud Backup Exec server
Backup Exec servers at customer sites on physical hardware
Backup Exec servers at customer sites protected by encryption
Local backups of customer servers for fast restore capability
Leverage deduplication to optimized backup storage
Optimized duplication can improve WAN transfer speeds
The Backup Exec 3600 appliance can be used as MBES
1
2
3
4
5
6
7
VPN
DC/DNS Server Virtual Host Virtual Host DC/DNS Server BE 3600 - MBES Backup Exec - MBES
Managed Services Provider NOC
Customer 2 Remote Site Customer 1 Remote Site
Optimized Duplication Stream
Microsoft BitLocker
8
1
2
3
4
5
6
7
8 1
5
6
Tape Out
Virtual Machines Virtual Machines
Diagram Legend
Backup Exec UI (CAS) Cloud Backup
Exec Server
6
Symantec Backup Exec Blueprints 8
Life Preservers: Private Cloud Services Managed Services Provider NOC
• Backup Exec Server at Managed Service Provider’s NOC – Cloud Backup Exec server and Central Administration Server
– Enabled with local deduplication disk storage device
– Deduplication device shared with Backup Exec servers at customer sites
– Select “Private cloud server” option
• Cloud Backup Exec Server Deduplication Disk Device – Maximum of 64 TB of deduplicated data (should scale to 10x or better)
• Tape Considerations – Customer backups can be stored to tape attached to cloud Backup Exec
server
– One job definition can include all backup stages: (1) Local backup at customer site
(2) Duplication of backup from customer site to cloud Backup Exec server at MSP NOC
(3) Duplication of backup at cloud Backup Exec server to tape
Symantec Backup Exec Blueprints 9
Life Preservers: Private Cloud Services Customer sites
• Backup Exec Servers at Customer Sites – Managed Backup Exec servers (controlled by CAS at MSP NOC)
– Enabled for deduplication
– Member of MSP’s domain, not customer’s domain
– No local logon access for customers (required for multitenant security)
– Customer backups stored to local Backup Exec server, then copied to cloud Backup Exec server (optimized duplication)
– Can be custom Backup Exec server or BE 3600 Appliance
• Security Requirements – Custom Backup Exec servers should be on standalone hardware (not VMs)
– Should be enabled with disk encryption
– Member of MSP’s domain, not customer’s domain
– No local logon access for customers (required for multitenant security)
Symantec Backup Exec Blueprints 10
Life Preservers: Private Cloud Services Replicating backups to cloud Backup Exec server
• Optimized Duplication – Only unique blocks transmitted to cloud Backup Exec server
– Blocks already contained at cloud Backup Exec server are skipped
– Can greatly improve WAN transfer efficiency
• Backup Exec Built-in Security Features – Communication between Backup Exec servers/components secured
– TSL/SSL encryption technology
• Other Security Recommendations – Enable SSL on all VMware hosts being protected by Backup Exec
– Secure communications between MSP NOC and customer sites using VPN
– See planning and deployment guide for additional information
Symantec Backup Exec Blueprints 11
Life Preservers: Private Cloud Services Multitenancy support
• Multitenancy in Private Cloud Services – Customer data not physically separate from other customers
– Data co-exists in cloud Backup Exec server’s deduplication disk device
– Managed Services Provider is full owner/controller of backup operations
– Clients cannot control, see, or restore their data or other client’s data
– Fully dependent upon Managed Services Provider for backup/restore
– Managed Services Provider is trusted advisor; has “keys to the kingdom”
• Domain Requirements – Client Backup Exec servers part of Managed Services Provider’s domain
– Clients not given local logon access (multitenant security)
• Seeding the Cloud Backup Exec Server – Process for adding data to cloud Backup Exec server’s deduplication device
– One option is transfer drives; details in planning and deployment guide
Symantec Backup Exec Blueprints 12
Life Preservers: Private Cloud Services Performance
• Network Recommendations – Less than one percent packet loss
– Round-trip latency of 250ms or better
• Loss of Network Connection – Results in stopping of scheduled backup operations
– Backups resume when network connection is restored
– If necessary, Backup Exec servers at client sites can be reverted to standalone
– Details in planning and deployment guide
– Related resource: cloud backup calculator
Symantec Backup Exec Blueprints 13
Life Preservers: Private Cloud Services Catalog modes
• Centralized Catalogs – Catalog data stored at cloud Backup Exec server (CAS)
– Easy catalog backup/protection
– High demands on network connectivity between sites
– Requires persistent network connection
• Distributed Catalogs – Most catalog data maintained at Backup Exec servers at client sites
– Usually recommended for distributed configurations
– Persistent network connection between sites not required
• Replicated Catalogs – Combination of centralized and distributed
– Catalogs maintained at CAS as well as Backup Exec servers at client sites
– Requires persistent network connection
Symantec Backup Exec Blueprints 14
Life Preservers: Private Cloud Services Other considerations
• Two Private Cloud Services Configurations – Multitenant cloud Backup Exec server (dealt with in this blueprint)
– Single-tenant cloud Backup Exec servers
• Single-tenant Configuration – Each customer has own cloud Backup Exec server at MSP NOC
– Backup Exec server at customer site in customer’s domain
– Customer has logon access to local Backup Exec server
– Some customers may require this due to regulations in their vertical
• Mix-and-Match – MSPs may use either or both Private Cloud Services configurations
• Other Related Backup Exec Blueprints – Blueprint: Optimized Duplication
– Blueprint: Remote Office Protection
Symantec Backup Exec Blueprints 15
Thank You!
Backup Exec Product Management