An Apple a day, and keep the backups at bay.

With Macintosh able to connect directly to NFS and SMB shares, you may be wondering why you would want to use the Apple File Protocol (AFP). In this case we had a customer who absolutely needed to use features that are only available via the AFP, specifically Spotlight Search. The customer is also using a classic backup to tape system to offer data protection. The process of restoring individual files was somewhat painful in both time to complete as well as people-hours to complete the job.  


To make matters worse, Microsoft discontinued the ‘Services for Macintosh’ feature in Windows Server 2003r2 since Macintosh users can   connect via CIFS or SMB.


A novel solution was to adopt a Product ExtremeZ-IP (By GroupLogic) which can exists on a server, and expose a common NTFS partition or folder as an AFP share. This software is both windows Volume Shadow Services (VSS) compatible as well as Searchlight and Time-Finder Compatible. With the Optional host software ShadowConnect they also call directly to the Shadow Services and restore individual files to previous versions directly from a Mac host, just like any windows host can. 


Since ExtremeZ-IP is a VSS writer, and our SnapDrive is a VSS Requester/VSS Provider when we call a Snapshot, it is properly flushed. One additional assumption was that the tape infrastructure could be avoided (or minimized) if we could protect a few years’ worth of file changes and offer DR functionality. 


To solve this we turn on Microsoft Shadow Copies which allows file system to store local snapshots in the file system that allow us tocall a new state every 2 hours. We are limited however to 64 of these Snapshots, which means that I can only maintain about 5 days’ worth of previousversions on the file system. I can also configure the array to take hardware based snapshots every day, and allow for a retention period of many years assuming that I only keep the end of the week snapshots after they age beyond 3 months old.  This lower granularity of older backups is quite common in the backup industry. 


Using SnapMirror we can mirror the working share and all of these long term snapshots to an alternate controller on an alternatesite as well.



Now for the acid test to show how this solution would affect daily operations.



The process of restoring a single file to a previous version is the most common request this customer gets, and by far the one that consumesthe most time of the IT department. This method allows for users to self-direct restorations that exist within that 5 day window, and allows the IT staff to only need to get involved when the request exceeds the capabilities of the Windows embedded Shadow Services technology. This time can be extended if the granularity is increased from 2 hours to 4 or 8 hours.  


When a restore is requested that does not exist in the ShadowStore, the process to create a clone from a snapshot can be done in a couple of minutes with the SnapDrive GUI, or via NetApp System Manager, or via the CLI using the NetApp PowerShell Toolkit with the following command.



Another benefit of this design is that we avoid the majority of the load on the system by preventing the need for a backup server to walk the directory tree looking for changed files on incremental days, and avoid the massive data suck on days that a full backup is needed.



Mac user calls IT, asks for access to AFP from date xx/yy/2013. IT Staff issues FlexClone Command from the snapshot date and exposes/Maps to server. Creates new share called \\Server\AFPShare_DateXXYY2013 and gives permission to that user to retrieve his lost file. At end of z hours, share can be removed, and Clone can be destroyed without affecting snapshots.



If SnapDrive is installed, the method to create a Snapshot of the X:\ drive named by todays date looks like this.


                                PS:>  SDCLI snap create –s AFPShare_Feb21_2013 –D X


To Mount that Snapshot as a new LUN you would use the SnapDrive command. In this case, I would have a new drive letter Z:\ for the point in time copy


                                PS:\SDCLI mount –s AFPShare_Feb21_2013 –D Z


And you can unmounts as easily, refer to the SnapDrive Installation and Configuration guide for more details on SDCLI Commands. As an example, youcan insert ‘-r backupserverFQDN’ in the mount command and mount the snapshotdirectly to a backup server instead of the local server. 



These SDCLI commands take minutes to run, and PowerShell commands are even faster.



If snapshot for that exact day doesn’t exist, can restorenext snapshot in series and use previous versions (ShadowConnect) to roll file back to that exact date.



Time to Complete = 5 Minutes, IT Staff Time = 5 minutes


Now the extraordinary event, a site failure. How can I recover on an alternate site.


Follow the standard SnapMirror failover or failback process. Once the LUN is up, you can re-share using ExtremeZ-ip and away you go as if nothing happened.


An alternate method to allow an ExtremeZ-IP server to return to operation fast is to run the Server as a virtual machine and host the Virtual Machine along with the Data set. This allows you to import that virtual machine on a DR site and need to reconfigure nothing within the VM.


If you want to still offer the ability to spin off the tape for extreme long storage or alternate offsite storage, this process is simplified as well as you need no host software on the AFP server. You can mount a specific snapshot directly to a backup media server and back it up directly to tape. This allows you to back-up a static copy and you don’t haveto worry about open files or walking file trees, allows for higher speed block only backups in addition.