Follow

Overview

The InfiniGuard is Infinidat Enterprise disk backup solution that integrates data deduplication, replication, and direct tape creation technology to connect backup and disaster recovery protection across distributed corporate environments. The InfiniGuard disk-based backup appliance uses Infinidat patented data deduplication technology to increase disk capacities by 10 to 50 times, and make WAN replication a practical, cost-effective part of disaster recovery planning. Scalable to 1 PB usable capacity, the InfiniGuard is designed for larger sites and corporate data centers.

Advanced Data Deduplication Increasing Disk Retention for Backup Data

The InfiniGuard leverages Infinidat patented data deduplication technology to dramatically increase the role that disk can play in the protection of critical data. With the InfiniGuard solution, users can retain 10 to 50 times more backup data on fast recovery disk than with conventional arrays.

Remote Replication of Backup Data Providing Automated Disaster Recovery Protection

With the InfiniGuard, users can transmit backup data from a remote site to a central, secure location to reduce or eliminate media handling. InfiniGuard replication is asynchronous, automated, and operates as a background process.

Features and Benefits

The InfiniGuard system provides the following features and benefits:

  • Inline data flow provides leading deduplication with an optimal combination of total system performance, manageability, and value.
  • Flexibility of VTL, NAS, and OST (OpenStorage) presentation layers. 
  • High throughput connectivity options 10GbE (copper or optical).
  • OST Optimized Duplication support with Veritas NetBackup™ 7.6.x or later.
  • Oracle RMAN™ support for Oracle 11.
  • LDAP/AD support.

Note

It is recommended to install the InfiniGuard system in a controlled or restricted area and using strong, private passwords to prevent access by untrained personnel.

Data Reduction

Data reduction is the process of reducing the amount of storage capacity required to store your data. The InfiniGuard systems provide two techniques to optimize the storage space required on your system:

  • Data Deduplication
  • Compression

Data Deduplication

The InfiniGuard uses patented data deduplication technology to dramatically increase the role that disk can play in data protection. Users can retain 10 to 50 times more backup data on fast recovery disk than with conventional arrays. This advantage allows IT departments to cost-effectively retain months of backup data on disk for faster, more reliable restores and more data recovery points. The innovative implementation of this core technology means that users do not have to compromise on performance to take advantage of extended retention capability. Inline data flow provides streamlined deduplication that offers a maximum combination of total system performance, manageability, and value.
The InfiniGuard deduplication technology uses a sub-file, variable-length approach to identify redundant blocks in a data stream—blocks that have appeared before in the same dataset or in datasets processed at an earlier time. When a block appears that has already been stored, the InfiniGuard inserts a reference pointer to the earlier instance of the data segment instead of storing another copy. The result is a dramatic reduction in the storage capacity needed to store the data set, and a similar reduction in the bandwidth needed to replicate deduplicated data sets over a network.

Compression

The InfiniGuard systems use compression technology after duplicate blocks have been identified and replaced as part of the deduplication process. With compression, unique data that has been through the data deduplication process can be compressed at a typical ratio of approximately 2:1. This enables you to maximize the storage capacity of your system.

Remote Replication

Today most backup occurs on isolated devices, making it difficult to deploy disk backup when disaster recovery protection is required. The InfiniGuard uses data deduplication and replication to decrease by up to 50 times the bandwidth required to move backup data over networks and between sites. This dramatic gain makes it practical and cost-effective for users to replicate backup data over WANs for secure, network-based disaster recovery protection, and it lets users combine rapid, local restores with sound disaster recovery protection.
With InfiniGuard replication, users can transmit data from a single site or multiple sites to a central location. InfiniGuard replication is an asynchronous, automated background process. This model for protecting the distributed enterprise allows users to combine disk, replication, and tape for an optimal combination of performance, simplicity, and security.

InfiniGuard System

InfiniGuard Features

The InfiniGuard systems includes the following features:

Feature

Description

InfiniGuard DDE Nodes (Data Deduplication Engines)

3 DDE Nodes (2 active, 1 HA standby)

Switches

  • 2 FC
  • 1 Ethernet

Expansion modules (EBODs)

0 to 6 Expansion modules (EBODs)

Network Connectivity

  • 4 x 1 GbE ports
  • 10GbE (copper or optical) ports

Usable Capacity

1 PB


Frame assembly

InfiniGuard is delivered in an Infinidat F4000 frame, as depicted below.

The InfiniGuard system is a fully optimized frame assembly for high density and extreme backup performance. InfiniGuard includes four, high density, disk-drive enclosures with 60, 6TB or 12 TB drives in each. It also includes 3 controllers, 2 FC switches, 3 data deduplication engines (DDEs), and supporting ATS and BBUs, conveniently managed via an included customer patch panel. Customers will simply cable up InfiniGuard and begin configuring devices and policies to use the high speed, space efficient, enterprise backup solution.

Deduplication Engines (DDE)

In the Infinidat InfiniGuard, there are deduplication engines that we call DDEs. The DDE is made up of common, off-the-shelf, server technology to deliver the best in class service at the lowest transferrable cost.

The DDEs are pre-installed, pre-wired, fully assembled, pre-configured for turnkey customer operation. DDE Servers are pre-installed in InfiniGuard by Infinidat support personnel only.
The DDE Servers are wired with optimal connectivity pre-configured to the InfiniBox Storage array, with all required volumes mapped and ready to use for DDE metadata and disk-pools for data deduplication for all supported protocols.
The back of the frame includes a convenient patch panel for both the InfiniBox and one for the DDEs in order to simplify and organize port access for client service implementation, as described in InfiniGuard Site Planning Guide (to access this document, see the Documentation section in this document).

Fibre Channel switches

Two enterprise class Infinidat Managed, 24 port Fibre channel switches are installed and configured in each InfiniGuard system to support redundant switch zoning of the DDEs to the Infinidat storage array. Each DDE will consist of 4 x 16GB FC Port connections to each switch fabrics (for a total of 8 connections per controller). These are connected to the back-end InfiniBox by Infinidat personnel and may not be managed by customer admins.
All FC connectivity and Zoning for internal storage access is managed by Infinidat.

The patch panel

The simplified DDE patch panel is provided in the back of InfiniGuard to support all customer managed connectivity to the InfiniGuard frame for external communications and management of InfiniGuard. The customer will run FC Fabric cables for VTL use and/or 1GbE Ethernet cables for DDE management services, as well as 10GbE cables for data ingest & replication.

In the following example, each "active DDE" has 12 active ports, as follows:

  • 4 FC ports
  • 8 Ethernet ports

InfiniGuard Naming Conventions

InfiniGuard model numbers represent the sum of the parts in an InfiniGuard system.

For example, InfiniGuard B4212N model:

  • B   refers to the InfiniGuard B4212N solution (B is for Backup)
  • 42 refers to the x4000 Infinidat storage array
  • 12 refers to using 12TB HDD disks
  • N   refers to high performance DDEs running v3 code

Other models follow the same convention.

InfiniGuard Solution Sizing

Infinidat Pre-Sales personnel work with the customer technical staff to collect sizing data on the planned implementation. When the customer fully understands the details on the environments they plan to backup with space saving benefits from InfiniGuard, we can then begin to accurately size the solution for capacity and performance to meet their backup window demands.

As plans change and/or growth is incurred, coordination between customer technical staff and the site Infinidat Technical Adviser can be navigated to re-work new sizing predications or requirements throughout the life of the product support.

Working with Infinidat personnel we can accurately size a solution that defines the anticipated capacity and/or performance of the entire backup solution across one or multiple sites with or without replication with consideration for the many protocols and applications in the backup window challenge.

Customers should be prepared to communicate the number of servers and platforms they plan to incorporate into InfiniGuard backup solution, as well as describe the Backup Software used for managing backup services and the backup window maximums for each solution backup cycle. It is also recommended that the customer is prepared to disclose the number of ports and types/configurations of networking on each backup server for data ingest from clients as well as data bandwidth to the defined DDE targets. Include the number of full and incremental backups as well as the target retention period for each.
Depending on the backup software used for managing scheduled backups, there are many options available for backup service support for any platform. These choices will impact performance and timing.
Also be prepared to discuss the number of sites to be supported and any backup replication requirements, as this too, will impact performance and timing.

With careful planning the sizing engineers will be able to determine the schedule compliance targets and the number of InfiniGuard required for your enterprise backup plan based on target performance and capacity with your planned retention.

InfiniGuard Licensing

As with all Infinidat products, licensing is all-inclusive. In other words, with the purchase of an Infinidat InfiniGuard, all software associated with functionality is included with the base product. The table below provides details on all included features.
Reviewing the Licensing of pre-installed features:

  • Network Attached Storage (NAS): Option for presenting the DDE Servers to the host.
  • OpenStorage Technology (OST): Option for presenting the DDE Servers to the host. Specific versions of NetBackup are required. For more details, refer to: Configuring InfiniGuard DDEs for OST .
  • Virtual Tape Library (VTL): Option for presenting the DDE Servers to the host when a Fibre Channel card is installed. This license is for 512 virtual tape drives.
  • Deduplication: Enables data deduplication. Replication: Enables replication to other DDE systems.
  • InfiniMetrics integration for InfiniGuard systems.

Licensed features included as a license certificate (these features require enabling for use):

  • Data-in-Flight Encryption: Enables use of AES encryption (128-bit or 256-bit) when sending data to another system. This option refers to DDE encryption as opposed to the Encryption at Rest on the InfiniBox Storage. (Not available in all regions)
  • Data-at-Rest Encryption: This involves the built-in availability for Encryption at Rest for the InfiniBox Storage. (Not available in all regions)
  • Storage Capacity: The default storage capacity of 500 TB or 1PB per active DDE (depending on the model number) is a pre-configured feature; scalable up to 1PB or 2PB for InfiniGuard usable capacity.

With the current release of Veritas NetBackup, Veeam, and Oracle RMAN offer the deepest level and most flexible integration with InfiniGuard. Additionally, customers can use other backup software, such as Commvault, IBM TSM, EMC NetWorker, etc. with backup target types such as VTL, NFS, SMB.

Networking

As InfiniGuard is a pre-wired, fully assembled organization of equipment groups, and the patch panel is provided in the back of the frame for simplifying customer connectivity to the product. The type of patch panel is provided to match whether the customer chose (Copper or Optical) Type connections for 10GbE.

Ethernet

Customers will run either Copper or Optical 10GbE cables (depending on what they ordered for connectivity) to the back of InfiniGuard frame and simply connect the cables to the DDE & InfiniBox ports in accordance with the InfiniGuard User Guide.
Each InfiniGuard will have 4 x 1GbE ports for management (as depicted below) and each of the DDEs will have 12 x 10GbE ports for Ingest & replication that are configured with LACP or as independent Active ports. One example might be to use 8 x 10GbE ports for Ingest and 4 x 10GbE ports for Replication (as shown above), for each DDE. The bottom row of the patch panel is dedicated to the DDE Ethernet connections. Left to Right (node1–red, node2-yellow, node3-green).

If there is no intention to use VTL then the slot reserved for 4 FC ports can be ordered/used for 4 more 10GbE ports instead, expanding the Ethernet based bandwidth capacity to 12 per DDE.

Four 1GbE cables must be run to the upper patch panel for Management Services. 5 IP addresses will be supplied by the customer to support the management services with supporting DNS/NTP/GW/etc..

When the customer chooses an “all TCP/IP” configuration, 36 10GbE cables will be run to the center patch panel for Data Ingest and Replication with a minimum of One IP per bond and a maximum of Ten IPs per bond. Optimal Bond IP configurations should be coordinated with Infinidat Professional Services prior to installation to ensure that the installation team has what it needs to fully configure the customer configurations at the time of install.

When the customer chooses a mixed configuration of FC & Ethernet, Four 16GbE FC ports and Twenty-four 10GbE cables will be run to the center patch panel for Data Ingest and Replication. FC ports with be zoned as single initiator – single target zones (single path)  with a minimum of One IP per Ethernet bond and a maximum of Ten IPs per bond. Optimal FC Zoning & Bonded IP configurations should be coordinated with Infinidat Professional Services prior to installation to ensure that the installation team has what it needs to fully configure the customer configurations at the time of install.

Fibre Channel

Each DDE can support 16GbFC ports for external connectivity for NDMP and VTL solutions. These are optional, and if the customer chooses not to support NDMP and VTL these FC ports can be replaced (before shipping) with 10GbE ports to expand the TCP/IP based protocol bandwidth capabilities. The InfiniGuard includes 2 x internal enterprise class 24 Port Fibre Switches for supporting 3 DDE devices with internal Zoning to InfiniGuard. Customer managed Zoning for external FC ports is managed by the customer team and configured as Single port zoning to each FC port on all three controllers. FC Zoning to VTLs and NDMP devices is single path, as multi-path zoning to the VTL devices is not supported. All zoning changes should be communicated and coordinated through Infinidat support.

When the customer chooses a mixed configuration of FC & Ethernet, Four 16GbE FC ports and Twenty-four 10GbE cables will be run to the center patch panel for Data Ingest and Replication. FC ports with be zoned as single initiator – single target zones (single path)  with a minimum of One IP per Ethernet bond and a maximum of Ten IPs per bond. Optimal FC Zoning & Bonded IP configurations should be coordinated with Infinidat Professional Services prior to installation to ensure that the installation team has what it needs to fully configure the customer configurations at the time of install.

Back-end storage configuration

As InfiniGuard is a pre-configured and 100% dedicated to Backup Services and the scale of two active deduplication engines, the internal InfiniBox storage provisioning to the DDE’s is locked down and invisible to customer administrators. Integration with InfiniMetrics will be provided and accounts can be configured as needed. This work will be accomplished by Infinidat support on behalf of the customer.


The InfiniGuard system is based upon solid state drives and high speed disk drives in the array expansion. The usable capacity is 1 PB. The InfiniGuard can present its drive storage using multiple protocols: Virtual Tape Library, Network Attached Storage and OpenStorage. By making use of high speed drives, the InfiniGuard greatly reduces the time required for backup/restore functions and improves confidence in completing the backup in the time allowed.

InfiniGuard Usage Scenarios

InfiniGuard is optimized for backup usage rather than file sharing. Backup application usage is typically characterized by:

  • Aggregated name spaces and file contents. 
  • Limited direct, active file access.
  • Limited browsing, scanning, or stating.
  • Limited metadata manipulation (including rename).

Usage diverging from these characteristics must be qualified to ensure acceptable behavior with respect to functionality, performance, replication, and recovery.

Virtual Tape Storage

A virtual tape storage or virtual tape library (VTL) presentation allows the storage space on these hard drives to appear to the backup application as LTO tape cartridges. Data is stored on the hard drives through an interface that appears as a tape library, with virtual cartridges, virtual drives, and a virtual changer mechanism. The InfiniGuard system can be configured to present multiple VTL interfaces of different sizes and types at once. This allows backup applications to recognize and integrate the system into a data center environment just like one or more physical tape libraries.

Network Attached Storage (NAS)

The InfiniGuard system has the ability to serve as a NAS backup system where the following protocols are supported: CIFS, NFS and application specific protocols.

CIFS/SMB Protocol

The CIFS (Common Internet File System) / SMB (Server Message Block) protocol defines a standard for remote file access from many computers at a time in Windows environments.
Active Directory Support
The InfiniGuard supports ADS (Active Directory Services) as well as ACLs (Access Control Lists). This provides the following benefits:

  • Compatibility with CIFS/SMB domains - NAS shares are able to join CIFS/SMB domains and use domain authentication.
  • Precise control of file system permissions - Administrators can specify which users and groups can perform what actions.
  • Robust administrative support - Administrators have the same implicit permissions as they do in Windows operating systems

Additional Information

  • Windows 2008 R2, Windows 2012 R2, 2016 and 2019 are supported for Active Directory domain membership.
  • When you create a CIFS/SMB share, the initial permissions are the same as the default permissions for a Windows 2003 share with the addition of an ACE (Access Control Entry) that permits full access to the share for all authenticated users. Administrators can choose to remove this full access ACE, set up custom permissions, or leave the ACL (Access Control List) as is if the server is set up in a fully trusted environment.

NFS Protocol

The NFS (Network File System) protocol was originally designed by Sun™ Microsystems and allows all network users to access shared files stored on computers of different types. NFS provides access to shared files through an interface called the Virtual File System (VFS) that runs on top of TCP/IP. Users can manipulate shared files as if they were stored locally on the user's own hard disk. With NFS, computers connected to a network operate as clients while accessing remote files, and as servers while providing remote users access to local shared files. This protocol is used with UNIX and Linux networks. It can also be used with Windows networks.

Application-Specific Protocol

The Application Specific Protocol allows users to create:

  • Oracle Recovery Manager (RMAN) shares on a InfiniGuard DDE. RMAN provides the foundation for efficiently backing up and recovering an Oracle database.
  • Veritas OST (OpenStorage) allows NetBackup to seamlessly integrate with a InfiniGuard, taking advantage of the system's replication and deduplication capabilities.

OpenStorage (OST

With the OST presentation, the InfiniGuard system presents storage servers to a Veritas NetBackup media server through a specific Veritas protocol. A storage server consists of logical storage units (LSUs), which are similar to directories in a NAS file system or tape cartridges in a VTL partition.
The OST presentation requires the Veritas NetBackup (7.6.x or later) host application and the OST Plug-in client installation on the media server.
Plug-in clients are host-OS dependent and are supplied by Infinidat. To use the InfiniGuard in OST mode, you must configure an OST storage server and LSUs on the InfiniGuard DDEs. You must also map the LSUs on the NetBackup server so that NetBackup can perform backups and restore from them.  Additionally, policies for optimized duplication (OST replication) and OST direct to tape may need to be set on the NetBackup server.

RAID Configuration

As part of the process of destaging data from system cache to disk drives, every 64KB of data has an added 4KB for metadata that is written in a RAID6-like or Dual Parity data protection scheme. Full stripes of 1088KB (using 68KB stripe members) are spread across all the disks within the system, creating hundreds of thousands of independent RAID-Groups; and which provide key architectural benefits for both performance and support for fast recovery from single or double disk failures. If a drive fails, the RAID configuration immediately rebuilds the data into the spare capacity in the system, carefully distributing the data across all the remaining disks, relieving the administrator from the need to physically replace the disk for the process to complete. Resuming protection after a disk failure is achieved so quickly as the failed disk was a member of 1000's of independent RAID-groups, each spread over different disks. This means that all the disks participate in the recovery process, minimizing the impact on each disk.

Network Configuration

During network configuration, each individual interface on the InfiniGuard DDEs can be configured as a subnet with its own network settings. Each physical Ethernet port can be configured as an interface. In addition, you can also create bonded interfaces (logical ports) consisting of two or more physical ports.
Keep in mind that any traffic can pass through any of the configured Ethernet ports. This means that the routing of different traffic types, as well as firewall capability, must be controlled using the network infrastructure (routers and switches) connected to the InfiniGuard DDEs.

Note

Each configured network interface requires its own set of network settings (IP address, network mask, and gateway).


Caution

For effective bonded network use, a properly configured network switch is required. (A network switch is not supplied with the InfiniGuard.) The InfiniGuard bonding settings must match the switch settings. If the switch settings and the InfiniGuard settings do not match, your system may become inaccessible through the switch.
Was this article helpful?
0 out of 0 found this helpful

0 out of 0 found this helpful

Comments