Tech ONTAP Blogs

BlueXP Backup and Recovery Feature Blog: February '23 Updates

jacoba
NetApp
2,077 Views

 

 

DataLock and Ransomware Protection Support for Azure

 

 

FEB23_16.png

 

With the February '23 release, BlueXP Cloud Backup has now introduced support for DataLock and Ransomware protection for cloud backups on Azure. With this feature, Cloud Backup provides a mechanism to lock the Cloud Snapshots replicated via SnapMirror to Cloud and provides the ability to detect a ransomware attack and recover a consistent copy of the snapshot on the Azure Blob object-store. Currently, the feature is supported for AWS , Azure and StorageGRID.

 

To read more about this feature, please follow the link for more details :- https://community.netapp.com/t5/Tech-ONTAP-Blogs/DataLock-and-Ransomware-Protection-Support-for-Azure/ba-p/441278

 

Archival Tier support for StorageGRID on On-Premise Connector to Azure Archive


With the February '23 release, BlueXP Cloud Backup service has added support for Archive Tiers for StorageGRID for On-premise BlueXP Connector installations to Azure Archive blob. With this new feature, customers can back up their data to the StorageGRID bucket and then move the data to Azure Archive blob in Microsoft Azure. This feature is supported on ONTAP version 9.12.1 GA and above, and StorageGRID versions 11.3 and above.

 

FEB23_17.png

 

 

How does Archival tier support for StorageGRID work?

 

FEB23_08.png

 

To tier the data from StorageGRID bucket to Azure Blob archive tier, make sure that a volume is backed up with a policy that has the “Tier Backups to Archive” option enabled and the appropriate parameters set. This will make sure that ILM policy and rules are created on the StorageGRID to move the data from the StorageGRID bucket to Azure Archive Blob storage when the "archive after-days" criteria are met.

 

The following picture illustrates the StorageGrid ILM policy that will be created

 

PIC08.png

 

A Cloud Storage Pool with the Azure Blob account will be created in StorageGRID to make sure that the snapshot objects are moved to archive. The  rule will be also be created and updated in the StorageGRID ILM Policy. StorageGRID should have full control access to the Azure Blob storage.

 

Please note the following while creating ILM rules on StorageGRID:-


  a. If there is an existing ILM policy in the “proposed “state, the creation and activation of a new ILM policy will not be possible.
  b. If there is an existing active ILM Policy, new rules will be added to the ILM policy to move the data to the archive tier.
  c. If there are no ILM policies available, a new ILM policy with the relevant rule will be created and activated.

 

Enabling Archive Tier for StorageGRID


While enabling backup for a Working Environment on to StorageGRID bucket using the “Activate Backup” wizard or  while creating a new policy under "Backup Settings" -> "New Policy" window, make sure to select the “Tier Backups to Archive” option under the “Archival Policy” section .

Choose the appropriate Cloud Provider.  Choose the required Azure Subscription, Region, Resource Group Type,  and Resource Group. Give in the number of days after which you would like to Archive in the “Archive After (Days)” and mention the Archive Storage Class that you like to set. Continue with the wizard and choose the required volume to be backed up and activate the backup. You can also enable backup to Archive Tiers on policies which already exists.

 

FEB23_07.png

 

Restoring from Archive

 

You can initiate the volume,  folder or  file restores from archive tier from the “Restore” dashboard. The request to restore with archive-retrieval-priority will be sent to ONTAP. ONTAP will now check for cloud objects available in the StorageGRID S3 bucket . If the backup objects are present in the StorageGRID S3 bucket, it will initiate a restore from bucket or else if the cloud backup has been archived, it initiates the archive re-hydration process which will pull the object from the Azure Archive tier to the Standard Azure Blob storage and then to StorageGRID S3 bucket. Once the object is hydrated back into StorageGRID S3 bucket, SnapMirror restore will be initiated after the approx. retrieval time based on the restore priority used.

 

FEB23_20.png

 

You can restore volume , folder or files from the archive tier using the “Browse and Restore” tab or the “Search and Restore” tab in the “Restore” dashboard. Now to do the restore, select the source, choose the appropriate Working Environment and then the volume. Now all the snapshots pertaining to the volume will be listed. Choose the appropriate cloud backup to restore and click on continue. Now a “Select Restore Priority” window will be shown where the user can select the required restore priority. Please note, for Azure only "Standard" restore priority is supported. Restore priority "High" is not currently supported. Now , proceed to select the destination , where you would like to restore and click on "Restore" to complete the process.

 

FEB23_19.png

 

BlueXP Cloud Backup Support for Metro-Cluster Configuration

 

MetroCluster is a Data Protection and DR solution that provides transparent recovery from failures and allows the user to manage switchover and switchback activities easily and efficiently. Until today there was a limitation in activating Cloud Backup on a (primary or Site-A ) cluster that has an MCC configuration.

 

With the February ’23 release, customers using ONTAP 9.12.1 GA and above can activate backups on volume belonging to a primary or Site-A cluster and the information about the backup (relationship and object storage configuration) will be transferred between the clusters.

 

FEB23_09.png

 

How does this Work?

 

The workflow for enabling backups on the Cloud Backup Service remains similar to backing a normal volume from a ONTAP cluster. Choose the primary or Site-A Cluster  and click on the "enable" button on "backup and recovery" tab. Make sure to give in the "Provider setting", create the appropriate policy , choose the required volumes on the primary or the Site-A cluster and click on "Activate Backup". SnapMirror to Cloud relationships will be created for all the chosen volumes on the MCC configured Cluster.  Please Note that backing up FlexGroup volumes on MCC using Cloud Backup Service is not currently supported.

 

FEB23_10.png

 

The following ONTAP CLI shows the SnapMirror to Cloud relationships created on the MCC Cluster after the backup activation is completed using  BlueXP Cloud Backup Service. If a backup was activated on primary or Site-A cluster on which the MCC configuration is activated, the relationship will be reflected on the secondary or Site-B cluster as well and the user will not be able to activate a backup for the same volume on the other cluster.

 

snapmirror show command

 

 

 

sti105-vsim-ucs557b7a_siteA::*> snapm show
  (snapmirror show)
                                                                       Progress
Source            Destination Mirror  Relationship   Total             Last
Path        Type  Path        State   Status         Progress  Healthy Updated
----------- ---- ------------ ------- -------------- --------- ------- --------
vs1:siteA_vol1 XDP netapp-backup-fd332f4f-98cf-11ed-baf5-005056a7650a-mc:/objstore/vs1_siteA_vol1_dst Snapmirrored Idle - true -
vs1:siteA_vol2 XDP netapp-backup-fd332f4f-98cf-11ed-baf5-005056a7650a-mc:/objstore/vs1_siteA_vol2_dst Snapmirrored Idle - true –

 

 

 

 

 

snapmirror show destination endpoint command

 

 

 

sti105-vsim-ucs557b7a_siteA::*> snapm show -fields destination-endpoint-uuid
  (snapmirror show)
source-path    destination-path                                                                   destination-endpoint-uuid
-------------- ---------------------------------------------------------------------------------- ------------------------------------
vs1:siteA_vol1 netapp-backup-fd332f4f-98cf-11ed-baf5-005056a7650a-mc:/objstore/vs1_siteA_vol1_dst 5f2a71ed-9d9f-4837-8746-73082b7de90f
vs1:siteA_vol2 netapp-backup-fd332f4f-98cf-11ed-baf5-005056a7650a-mc:/objstore/vs1_siteA_vol2_dst 5d4cb6f9-ec9b-4c59-a48a-b335f63038dc

 

 

 

 

 

Now lets go ahead and examine the destination or Site-B Cluster of the MCC configuration( before switchover). As you can see, the relationship exists on the destination or Site-B cluster as well. Once the relationship is created, the object storage configuration, together with the relationship configuration will be transferred between the clusters and will also appear in the secondary cluster.

 

snapmirror show command

 

 

 

sti105-vsim-ucs557b7a_siteA::*> snapm show
  (snapmirror show)
                                                                       Progress
Source            Destination Mirror  Relationship   Total             Last
Path        Type  Path        State   Status         Progress  Healthy Updated
----------- ---- ------------ ------- -------------- --------- ------- --------
vs1:siteA_vol1 XDP netapp-backup-fd332f4f-98cf-11ed-baf5-005056a7650a-mc:/objstore/vs1_siteA_vol1_dst Snapmirrored Idle - true -
vs1:siteA_vol2 XDP netapp-backup-fd332f4f-98cf-11ed-baf5-005056a7650a-mc:/objstore/vs1_siteA_vol2_dst Snapmirrored Idle - true -

 

 

 

 

 

snapmirror show destination endpoint command

 

 

 

sti105-vsim-ucs557d7c_siteB::*> snapm show
  (snapmirror show)
                                                                       Progress
Source            Destination Mirror  Relationship   Total             Last
Path        Type  Path        State   Status         Progress  Healthy Updated
----------- ---- ------------ ------- -------------- --------- ------- --------
vs1-mc:siteA_vol1 XDP netapp-backup-fd332f4f-98cf-11ed-baf5-005056a7650a:/objstore/vs1_siteA_vol1_dst - - - - -
vs1-mc:siteA_vol2 XDP netapp-backup-fd332f4f-98cf-11ed-baf5-005056a7650a:/objstore/vs1_siteA_vol2_dst - - - - -

 

 

 

 

 

Switch-Over Mode

 

In the event of a switch-over, SnapMirror to Cloud relationship will be activated on site B and the backups will resume. The backups will continue to be performed automatically and transparently to the user. If a schedule is configured for the relationship, the next scheduled update will work automatically. This update will be an incremental backup transfer.

 

Please note:-

  • During a switch-over, if a transfer is in progress on Site-A, it will be aborted and in site-B the aborted transfer will restart when the next scheduled time starts.
  • You can configure new SnapMirror to Cloud or modify/delete existing SnapMirror to Cloud relationship post switchover or post switch back as well.

 

 

 

cluster_A::*> metrocluster operation show
  Operation: Switchover
 Start time: 10/4/2012 19:04:13
      State: in-progress
   End time: -
     Errors:

cluster_A::*> metrocluster operation show
  Operation: Switchover
 Start time: 10/4/2012 19:04:13
      State: successful
   End time: 10/4/2012 19:04:22
     Errors: -

 

 

 

 

 

snapmirror show command

 

 

sti105-vsim-ucs557d7c_siteB::*> snapm show
  (snapmirror show)
                                                                       Progress
Source            Destination Mirror  Relationship   Total             Last
Path        Type  Path        State   Status         Progress  Healthy Updated
----------- ---- ------------ ------- -------------- --------- ------- --------
vs1-mc:siteA_vol1 XDP netapp-backup-fd332f4f-98cf-11ed-baf5-005056a7650a:/objstore/vs1_siteA_vol1_dst Snapmirrored Idle - true -
vs1-mc:siteA_vol2 XDP netapp-backup-fd332f4f-98cf-11ed-baf5-005056a7650a:/objstore/vs1_siteA_vol2_dst Snapmirrored Idle - true –

 

 

 

 

 

snapmirror show destination endpoint  command

 

 

sti105-vsim-ucs557d7c_siteB::*> snapm show -fields destination-endpoint-uuid
  (snapmirror show)
source-path       destination-path                                                                destination-endpoint-uuid
----------------- ------------------------------------------------------------------------------- ------------------------------------
vs1-mc:siteA_vol1 netapp-backup-fd332f4f-98cf-11ed-baf5-005056a7650a:/objstore/vs1_siteA_vol1_dst 5f2a71ed-9d9f-4837-8746-73082b7de90f
vs1-mc:siteA_vol2 netapp-backup-fd332f4f-98cf-11ed-baf5-005056a7650a:/objstore/vs1_siteA_vol2_dst 5d4cb6f9-ec9b-4c59-a48a-b335f63038dc

 

 

 

 

As you can see from the above output, SnapMirror to Cloud relationship has been activated on site B and the backups will resume as per the schedule.

 

Restore

While restoring, users shall be able to perform a restore from object storage to MCC or to an alternative cluster. If an update is made from one site and a snapshot is copied to the cloud storage, it can be restored from the cloud to another site after switchover/switchback.

 

SnapMirror to Cloud will not replicate the restore relationship configuration post-switchover or post switchback, Therefore customers would need to manually start the restore again.

 

Support for Multi-level Folder Restore

 

With the initial release of the Folder restore feature , only top-level folder restores were supported. Multi-level or nested folder restore feature was not supported.
With the February ’23 release of BlueXP Cloud Backup , customers using ONTAP 9.13.1 can now do multi-level or nested folder restores.  You can restore a folder to a volume in the original working environment, to a volume in a different working environment that’s using the same cloud account, or to a volume on an on-premises ONTAP system.

 

FEB23_11.png


Please note the following behavior for multi-folder-level restore:-

 

1. Nested Folder Level restore works for SaaS, Gov Cloud, On-premise and Dark-Site deployments.
2. Restoring multiple folders is not supported. Only one folder is supported currently.
3. Nested Folder level restores on Volumes with DataLock and Ransomware Protection enabled are not supported.
4. The folder path should exist while restoring the nested folder back
5. Nested Folder level restores on Volumes with Archival enabled are not supported
6. File-level restore and multiple folder-level restore cannot be done at the same time. We can either do folder level restore or file level restore


Folder Restore and ONTAP compatibility

  • On ONTAP versions below 9.11.1GA: Folder restores are not supported.
  • On ONTAP versions >= 9.11.1GA and <= 9.13.0: First/Top level Folder restores are allowed
  • On ONTAP versions above 9.13.0: Nested folder restores are allowed.

 

Folder Restores while using “Browse and Restore” & “Search and Restore”

 

How to restore a folder?

 

1. When you want to restore a nested folder, from a volume backup, click the Restore tab, and click Restore Files or Folder under Browse & Restore.
2. Select the source working environment, volume and backup in which the nested folders reside.
3. Cloud Backup displays the nested folders and files that exist within the selected backup file.
4. Select the nested folder that you want to restore from that backup by traversing through the different levels of folder.
5. Select the destination location where you want the folder or file(s) to be restored (the working environment, volume, and folder), and click Restore.
6. The nested folders will be restored.

 

FEB23_12.png

 

Moving Backups to GCP Archival tier for CVO is now Supported


Support for moving backups to Google Cloud archive tier had been introduced during December ’22 release. This feature supported moving backups only from On-Prem ONTAP Cluster to Google Cloud Archive. With the latest release, BlueXP Cloud Backup has added support for moving backups from Cloud Volumes ONTAP to Google Cloud Archive as well.

 

For more information, please read the following blog:-  https://community.netapp.com/t5/Tech-ONTAP-Blogs/BlueXP-Backup-and-Recovery-Feature-Blog-December-22-Updates/ba-p/440319#toc-hId--846620502

 

Multiple Aggregate selections during FlexGroup Full Volume Restores

 

BlueXP Cloud Backup service had added support for FlexGroup volume backup and restore during the December ‘22 release. The restore workflow allowed users to restore only to a FlexGroup volume that was created by Cloud Backup Service on a single aggregate that had space. FlexGroup volumes, in general, can span multiple aggregates and the restore workflow should give the customers the flexibility to choose multiple aggregates while creating the pre-restore FlexGroup volume.


With the February ’23 release, the FlexGroup Volume Restore workflow will now allow customers to manually select the aggregates for the pre-restore destination volume. This is supported on both “Browse and Restore” and “Search and Restore”.

 

 

FEB23_13.png

 

The following picture shows the “Destination Details” page of the “Restore Volume” wizard.  A new “Select Destination Aggregates” option has been included. Choosing this option will open up a page that will allow users to select the aggregates. The “Select one or more aggregate” page will display all the available aggregates, the corresponding disk types, tiering status, and the space available in each aggregate.

 

Please Note:-

 

FEB23_14.png

 

  • To make sure that the user doesn’t mix disk types and tiering status, if the user chooses an aggregate of a particular disk-type with a specific tiering status, then all the other aggregates of different disk types and tiering status will be disabled.
  • Cloud Backup also verifies if the geometry of the destination FlexGroup matches with the source FlexGroup volume. It will specifically highlight the factor that should be used while choosing the number of aggregates. It will also recommend the number of aggregates that should be added so that the geometry matches the layout of the source FlexGroup.
  • In general, the number of aggregates should be a factor of geometry. So, if the geometry is 6, we can choose 1 aggregate, 2 aggregates, 3 aggregates, or a maximum of 6 aggregates. If the number of aggregates that are chosen is not as per the geometry, the UI will prompt that the number of aggregates chosen is invalid.

 

FEB23_15.png


This feature will work for:-


• SaaS, Restricted (Gov Cloud), private (Dark Site), on-prem
• Cloud Volumes ONTAP. On-Prem ONTAP Cluster
• AWS, Azure, Google, StorageGRID Destination Endpoints
• ONTAP versions: 9.12.1+

Public