Configuring VAST as a Cloud Library
To use VAST storage as a cloud library, you can create a storage bucket on the VAST cluster and follow the steps for Configuring Cloud Storage using VAST Data Platform as the cloud vendor type. For previous versions of Commvault, you can use S3 Compatible as the cloud vendor type.
Note
When configuring VAST as a cloud library, Commvault defaults to using a 512KB block size for deduplication. To maximize Commvault’s deduplication efficiency, a 128KB block size is recommended, especially if there are secondary copies on other storage devices. You may want to configure this on the storage pool after the new DDB is created for the library but before any jobs are written.
SSL Certificates
Typically, you will need to create SSL certificates (trusted or self-signed) to communicate securely with the storage. The certificates can be in the Trusted Root Certificate Authorities at the OS layer, or manually imported into the VAST and Commvault software. See Error Code: 60: SSL certificate problem: unable to get local issuer certificate (Commvault.com) for details on importing and troubleshooting certificate issues.
Although not recommended in a production environment, you can disable the certificate check. For more information, see Cloud Library Server Failed to Do the Verification (Commvault.com).
Using WORM Storage Mode
To use WORM storage mode to write and protect backups using immutable storage, follow the step below:
-
In the VAST console, create a new storage bucket, and in the S3 Features section, use the following settings:
-
Turn the S3 Object Lock slider ON (This will also automatically enable S3 Versioning)
-
Leave the Retention mode as none
-
Leave the S3 Retention Period as 0d
-
-
Follow the steps in the following pages:
- Configuring Cloud Storage using VAST Data Platform as the cloud vendor type
- Configuring WORM Storage Mode on Cloud Storage.
-
In some combinations of Commvault and VAST an additional setting is required to allow for proper WORM functionality.
Commvault Version VAST OS Additional Setting Required v11.28 Any No vv11.30 - v11.36+ < 5.0 SP11 Yes v11.30 - v11.36+ 5.0 SP11+ No The bDisableNativeFileForMacroPruning additional setting required if the VAST OS is less than version 5.0 SP11 used with any versions of Commvault at v11.30 or greater.
This key must be set for all MediaAgents and Storage Accelerator clients that will access the VAST library directly. You can set this under the Additional Settings tab under group, client or MediaAgent properties setting.
Space Reclamation
With VAST configured as cloud storage, Commvault space reclamation should be run regularly to compact the backup files and increase storage efficiency.
Encryption
It is important to understand encryption on the VAST cluster, Commvault encryption and how it can impact deduplication.
Encryption of data in-flight
To secure data on the network between Commvault servers and a VAST cluster, it is recommended to configure the VAST cluster as a cloud library which will use the SSL protocol for communication. SSL will use TLS encryption on all data in-flight. You may need to add the VAST SSL security certificate to the Commvault CA bundle to enable this configuration.
For Commvault clients that will back up through a MediaAgent you can enable network-only encryption in the Commvault software to secure the data in transit between these devices. The MediaAgent will then transmit the data via the encrypted SSL tunnel to the VAST cloud library.
For Commvault clients that utilize the Storage Accelerator, they can move data directly to and from the VAST cloud library using an SSL encrypted tunnel.
Encryption of data at rest
If you need to have data encrypted at rest, both Commvault and VAST offer this capability and you can choose the option which best meets your requirements. Note that enabling encryption on either solution may reduce system performance.
-
Option 1 – Use VAST encryption: To get the advanced benefits of VAST’s data reduction (Adaptive Chunking, Similarity etc.), you would turn off Commvault encryption on media, and enable encryption on VAST (All new systems have encryption at rest turned on by default). Combined with the in-flight TLS encryption from the previous section, this will achieve end-to-end security and still allow VAST to perform its advanced data reduction techniques on the non-encrypted data and write it in a secure format.
If additional copies are needed to different non-encrypting storage, you can enable encryption in Commvault for the auxiliary copy. Commvault will write the data in an encrypted format to the secondary device so that it’s also protected at rest on that copy.
-
Option 2 – Use Commvault encryption on media: If there are specific security needs, you can have Commvault encrypt the data and write it to the VAST storage in the secure format. Note that this will require additional computer resources on the Commvault MediaAgents, and the VAST Similarity Engine will not be able to provide the additional storage reduction since encrypted data will look like random data to the device.
Compression and Deduplication
Compression
Commvault and VAST data compression and deduplication are complementary of each other. Using them both simultaneously provides an overall best practice for both network efficiency and storage capacity considerations.
The default Commvault compression type of LZO should be used due to its balance of resource needs and highly favorable compression results.
Deduplication
Enabling Commvault client-side deduplication and compression minimizes the data sent over the local network and to the VAST cluster which results in greater throughput and reduced backup times.
The VAST Data Platform’s unique deduplication techniques, including adaptive chunking and similarity, reduce misaligned data well and can give additional reduction savings on top of Commvault’s already deduplicated data. These are complementary will provide a high level of data reduction in most instances.
Additionally, if WORM mode is enabled, or for some reason the DDB needs to be sealed and a new set of baseline full backups are run, the VAST Data Platform can deduplicate the new set of (baseline) data against the older set leading to reduced storage consumption.
DDB Block Size
To maximize Commvault’s deduplication efficiency, a 128KB block size is recommended for high-speed local disk storage. 128KB will give better deduplication ratios for Commvault (less data moved through the network) and more granular data aging to minimize storage bloat. 128KB should be used if there are copies on other storage devices so that the storage efficiency is maximized across all copies.
Note when configuring VAST as a cloud library, Commvault defaults to using a 512KB block size for deduplication. This can be used if VAST is the only copy or if there are secondary copies to public cloud (such as Commvault Air Gap Protect).
Commvault Storage Accelerator
The Commvault Storage Accelerator can be used on clients to directly send the backup data to the VAST cloud storage library (sometimes referred to as Client-Direct mode). Without the Storage Accelerator, backups send the client data to the MediaAgent first, and then the MediaAgent stores the data in the VAST cloud storage library. When used on many clients, this can achieve high aggregate throughout for both backup and restores while lowering MediaAgent requirements. Storage Accelerator does consume more resources on the client, so resource allocation should be considered on systems that are heavily loaded.
The Storage Accelerator configuration has the following advantages:
- Speeds up backup and restore process by directly backing up and restoring from the cloud storage library and avoiding additional network transmission.
- Reduces the load on the cloud MediaAgent by eliminating the need for processing backup data. (Pruning, Data Verification (DDB Lookups), and defragmentation operations would continue to be processed by the destination MediaAgent.)
Any client that has the Storage Accelerator installed and has a backup policy configured to a cloud storage library will automatically try and use the direct mode, and if the connection to the storage fails, it will fall back to sending data through the MediaAgent instead. The same SSL certificate requirements and additional settings that are required by the MediaAgent would also be needed on each client.