The InfiniGuard is a Purpose Built Backup Appliance (PBBA) made up of two powerful DDE deduplication engines with Infinidat InfiniGuard storage array in a single rack, mounted and pre-configured to provide enterprise class, data deduplication and compression technology in a secure enterprise backup solution.
The result is a dramatic improvement in storing massive amounts of online enterprise backup data on extremely efficient data reduced disk. This in turn provides drastically reduced backup windows, reliable restores, increased available data recovery points, while reducing application recovery risk and complex media management.
The InfiniGuard system includes all required hardware and software licensing to provide turn-key success in your PBBA implementation.
For disaster recovery in distributed environments, the DDE system makes WAN replication between InfiniGuard solutions practical by dramatically reducing the bandwidth required to move backup data securely between sites.
The InfiniGuard solutions are fully integrated systems that are pre-installed and they work with virtually all the leading backup applications. This provides best-in-class performance and reliability with flexible, easy- to-use interface options including NAS, OST, virtual tape library, or mixed presentations, and NetBoost plug-in for a better integration with leading backup software, as well as Ethernet and Fiber Channel connectivity.
Optimized on delivery, Infinidat storage pools provide block volumes to pre-provision each Deduplication Engine (DDE). Clients will simply power and network the devices for integration with their backup infrastructure and configure their backup target devices in accordance with backup vendor requirements and our published user guides.
Preparing for installation
The InfiniGuard ships in a single standard four-post EIA 19” server rack. The solution is completely hardware pre-installed with the exception of the storage enclosure disk drives, which due to their weight constraints get installed by Infinidat personnel when the frame is in its final resting location. All software is also pre-installed and tested prior to delivery and completely managed by Infinidat service personnel. Pre-wired and pre-configured by Infinidat, our staff ensures speedy, consistent, client success from day1 to end-of-life. See, Physical Characteristics detailed on the Data Sheet, for system rack space requirements and to ensure that your frame is located convenient to access to power, cooling, and network requirements.
Before scheduling Installation and Integration Services
Prior to purchase of the InfiniGuard solution Infinidat personnel will work with Customer staff to complete an InfiniGuard Site Survey to ensure that that configurations and objectives are met with the solution being delivered.
Installation of the Infinidat InfiniGuard system by Infinidat is required. Prior to scheduling installation services the client team should ensure that all components have arrived, the frame is in its final resting location, power whips are run and compatible with frame requirements, and network cables are run in accordance with the InfiniGuard solution requirements.
Please contact your Infinidat sales representative to discuss installation services and questions on installation requirements.
The InfiniGuard Setup and Configuration
After all hardware has been received, installed, connected and initially configured by Infinidat, you are ready to use your InfiniGuard system. The remote management console allows you to manage each DDE configuration at any time.
To utilize the remote management console of the DDE systems, you must connect it to your network.
Note the following considerations:
DHCP (Dynamic Host Configuration Protocol) is not supported. You must provide a “static IP address” at the time of installation for each DDE.
- The default IP Address is: 10.1.1.1 – which will be changed at the time of install.
- Administrative users can return to the remote management console to modify DDE settings, including network settings. Refer to the InfiniGuard User’s Guide for additional information on initially configuring your InfiniGuard.
Network Configuration Requirements
InfiniGuard Network Requirements
The InfiniGuard and all attached Deduplication Engines (DDEs) will be configured by Infinidat support directly and maintained by Infinidat Support on the customers behalf. Coordination for storage maintenance will be navigated with cooperation between the client storage administration team and Infinidat Support.
All networking requirements pertain to the following aspects:
- Backup and restore data network
- Storage System Administration
- Storage Based Replication
- Infinidat Support
Networking to support InfiniBox Storage System Administration
The InfiniBox storage contains 3 Active/Active/Active controllers (AKA Nodes). The GUI/CLI/Restful API’s are navigated via a Floating IP address that floats across three physically static 1Gb Ethernet ports (One per controller). Additionally, 1 IP address must be supplied for the Service Appliance within the InfiniGuard (used for Support Access). This means that for management of the InfiniBox storage and Support access, 5 IP addresses are required with supporting common network information such as:
There are 4x 1GbE ports in the upper Patch Panel that must be connected to the InfiniGuard system for Remote Administration and Support Access.
A standard InfiniGuard unit configuration will require 4 x 1GbE cables and up to 36 x 10GbE cables from the client networks. If FC will be used for VTL/NDMP, then 12 x 16Gb FC cables from the FC Fabrics and 24 x 10GbE cables will be run to the InfiniGuard Cabinet.
Wiring depends on planned deployment. We offer some flexibility in configuration depending on whether you will deploy FC cables for the use of Virtual Tape Libraries (VTL’s) from the InfiniGuard.
- If you wish you use VTL’s you will need to run 12 FC cables from redundant fabrics (4 per node).
- If you do not require VTL integration then the 12 FC ports can be replaced with 12 x 10GbE ports at the time of the InfiniGuard order. Additionally, you will need to run an additional 24 x 10Gb Ethernet cables for TCP/IP data & replication support for the InfiniGuard (8 per DDE).
Notes on Networking Flexibility:
If data ingest and replication can be managed from the same networks, it is possible to configure LACP bonds across all 12 ports on each of the DDEs
- All of the ports will be used for all of the needs: Ingest, Restores and Replication.
- For more granular control of ports for data traffic:
- Configure some ports for Data and others for Replication.
- The ports can be established either as common access ports or LACP bonded port groups on the switches, and consult with Infinidat personnel can help with these decisions.
TCP/IP Addresses Required
There is some flexibility on how you configure addressing the InfiniGuard storage. Perhaps the simplest way to configure the storage is to configure an LACP bond across all the 10GbE ports on all 3 Deduplication Engines (DDEs), of which 2 will be Active Deduplication Engines (DDEs). In a standard configuration that supports 8 x 10GbE & 4 FC (for VTL), you would bond all 8, 10GbE ports across 2 switches to create a virtual 80GbE connection for TCP/IP services for Data Access and Replication (Shared port service). FC connections will be configured with Single Initiator – single target zoning from the backup servers to the DDEs (and should be configured for all 3 DDEs to support node failover).
When the ports are connected, they will appear on the “System Configuration” panel. You can select the port to configure the addressing, and 1 to 10 IP addresses can be assigned per Bond or port configured, and each can be assigned specifically for Ingest (Data) or Replication, or Both Ingest and Replication.
Network Changes do require DDE reboot. An Active LACP bond across the ports allows for virtualized addressing and use of the port Bonds to be used for either Data or Replication or Both. Allowing the InfiniGuard to use all the ports as needed provides the highest possible redundancy and utilization (as needed). Ports can also be configured with Jumbo frames and VLANs as configured.
Installers can and will help you define Initial configurations as needed using the InfiniGuard Single-sign-on HMTL5 UI.
- Navigate to the InfiniGuard DDE Panel, then select Configuration>System>Network to manage network configurations. Once Network is configured and IPs are applied the DDE will prompt for a Reboot.
This should be carefully considered and decided prior to scheduling installation.
Our engineers at Infinidat are willing to help review the proposed design to help you optimize the data flow in your backup environment.
Alternatively, you may decide to Bond in 2 port pairs and define port groups for specified use Data or Replication or both (Data & Replication).
The InfiniGuard typically allows for 10GbE ports for share/VTL based replication between InfiniBox storage frames. However, in the initial releases of the InfiniGuard all replication is managed thru the DDE devices and other uses directly from the InfiniGuard are not supported. This means that other than the Five 1GbE cables for the InfiniGuard no other cables need to be run to the InfiniBox storage at the time of install.
The InfiniBox storage also uses a 1Gb Ethernet port for support access, (as mentioned previously), which is only enabled when a support is activated by the Storage Administrator. This port and IP address should also be provided at the time of installation.
Network / Firewall Ports for Infinidat Storage Communications
The InfiniGuard also requires firewall exceptions for the following network ports for common storage use cases.
|6717 TCP||Host PowerTools|
|8000/9000 TCP||Remote Support|
DDE Network Configuration
During network configuration, each individual interface on the active DDEs can be configured as a subnet with its own network settings. Each physical Ethernet port can be configured as an interface. In addition, you can also create bonded interfaces (logical ports) consisting of two or more physical ports. You can specify the type of traffic allowed on each interface (management, replication, or data). Alternately, you can allow any traffic type on an interface. In this case, the routing of different traffic types, as well as firewall capability, must be controlled using the network infrastructure (routers and switches) that the DDE is connected to.
Each configured network interface requires its own set of network settings (IP address, network mask, and gateway). For effective bonded network use, a properly configured network switch is required. (A network switch is not supplied with the DDE.) The DDE bonding settings on the switch should be set as Active (to provide both redundancy and BW teaming).
It is important to note that if LACP is a challenge in the customer environment it is acceptable to simply configure each port individually as a standard access port, and later balance use of all ports on the Backup Media Servers to further balance data read & write thru the use of multiple shares and exports mounted on the media thru different, specified, IP’s (this does however, reduce the port resiliency). Media Servers should be provisioned with multiple shares dedicated to each media server to reduce the need to lock files to the same data folders across multiple media servers.
Configuring the Network on the DDEs
Infinidat Support will manage all DDE network configurations, to support the client admin team. Using the Network page, each physical Ethernet port in the DDE can be configured as a separate device. In addition, you can create bonded devices (logical ports) consisting of two or more physical ports of the same link speed (10GbE). For each port or device, you can specify the MTU (Maximum Transmission Unit) frame size.
After you define “devices” (single port or bonded), you can create up to ten network interfaces for each device. Each interface has its own IP address information.
Assign the interface to a VLAN (Virtual Local Area Network). Indicate whether the interface IP address will be used to externally identify the system (external host IP address). A maximum of 64 VLAN IDs are supported (ID=2-4094).
Specify the types of traffic allowed on the interface (management, replication, or data). Specify the NAT address that the interface is mapped to if it is used for replication through a NAT firewall. Add routing information for an interface to enable connectivity with devices on different subnets.
You can choose to allow any traffic type (management, replication, or data) on an interface. In this case, the
routing of different traffic types, as well as firewall capability, must be controlled using the network infrastructure (routers and switches) that the DDE is connected to.
Virtual Device Limits and Hardware Interfaces
|VTL backup target|
64 partitions maximum, 512 virtual tape drives (VTDs) maximum.
|NAS backup target||128 shares maximum (NFS of CIFS)|
|OST backup target||100 storage servers maximum|
DDE network cabling hardware
8 or 12 ports; 10GbE Ethernet
To client network (optical 10GBASE-SR via LC connector)If no FC is in use, 12 x 10GbE will be available per DDE.
4 or 0 ports; 16Gb Fibre Channel
(LC connector) to client fabric
For an effective bonded network use, a properly configured network switch is required. (An external network switch is not supplied with the InfiniGuard.) The DDE and InfiniBox bonding settings must match the switch settings. If the switch settings and the DDE settings do not match, your system may become inaccessible through the switch.
Planning the network configuration
Prior to installation of the DDE, make sure to work with your network administrator to determine the network settings that will be needed to properly integrate the DDE with your network infrastructure.
Prepare the following data before the installation.
What hostnames and IP address will each DDE and the InfiniBox storage be assigned?
- 1 FQHN per InfiniBox UI (using three, 1GbE connections) & Floating IP
- 1 FQHN per InfiniBox SA device (using one 1GbE connection for remote support)
- 1 FQHN per InfiniBox Controller (using one, 1GbE connections – total of 3)
InfiniBox TCP IP Address Requirements (for 1GbE Networks)
|Node device name||Role||IP address||Subnet mask||Gateway|
InfiniBox fully qualified GUI-CLI host name
|InfiniBox Controller 1 physical port||Storage Controller 1||10.0.0.20||255.255.255.0||10.0.0.1|
|InfiniBox Controller 2 physical port||Storage Controller 2||10.0.0.21||255.255.255.0||10.0.0.1|
|InfiniBox Controller 3 physical port||Storage Controller 3||10.0.0.23||255.255.255.0||10.0.0.1|
InfiniBox Service Appliance (SA)
|InfiniMetrics1 (VM-IP) - if not already installed.||InfiniMetrics (reporting)||10.0.0.100||255.255.255.0||10.0.0.1|
What are the default gateway, NTP and DNS servers of your company?
Please make sure you have them ready.
Will you configure ethernet ports individually or bond multiple ports into a single network device?
- LACP Bonded ports may provide for better aggregate throughput and reliability.
- This should be discussed between client and Infinidat support prior to system delivery.
If bonding ethernet ports, several bonding modes are available for your network switch (Round Robin, Mode 4, LACP, or Active Backup). Mode 4 is recommended.
LACP-Active/Active (Mode 4) is optional for 10GbE ports, alternatively backup software can make use of multiple independent IP assignment from the 10GbE connections for active, active connection management at the backup media servers.
Will you assign a VLAN Tag ID to an interface?
Please have a ready answer.
Will an interface use Jumbo Frame MTU size?
Only recommended when all resources can use Jumbo Frames and switch ports are configured appropriately.
What is the IP address, network mask, and gateway to use for each network interface?
You will need approximately 5 IP’s for management and 8 IPs (8 up to 24) for Data & Replication for a basic InfiniGuard configuration.
Will host routes be required to communicate with systems that are on subnets not reachable through the default gateway?
Please have a ready answer.
Firewall ports for InfiniGuard
TCP Ports Opened for Software Upgrade Traffic
TCP Ports Opened for Management Traffic
|TCP Ports Opened for DDE Replication Traffic|
|UDP Ports Opened for Data Traffic|
TCP Ports Opened for Data Traffic
The InfiniGuard system specifications are available on the product Data Sheet.
InfiniGuard service and warranty
Three-Year Warranty. Service Requests (SRs) can be submitted via Infinidat's Online Service Request Form or telephone 24x7x365. SRs will receive a response no later than the next business day. Telephone support will include diagnosis of covered warranty issues and parts replacement. Replacement parts will be shipped within one business day of Infinidat's determination that a replacement part is required.
Infinidat Support will perform all HW maintenance and return of all identified CRU (Customer Replaceable Unit) components. Identified FRU (Field Replaceable Unit) components will be replaced onsite by a Infinidat Field Engineer or Authorized Service Provider, with a next business day onsite response. Onsite support for FRU replacement is provided on a Next Business Day (excluding weekends, evenings and holidays) response following determination, by Infinidat, that FRU replacement is the right action to resolve the equipment or operational problem that led to the creation of the Service Request. Support includes the rights for the customer to receive new software releases applicable to registered equipment under this warranty.
Troubleshooting, help and support
Our focus is to make it better, faster, easier, while reducing cost and complexity. Our success will be measured by our clients.
Before reaching out to Infinidat Storage Support the following should be understood by administrators and considered before calling.
How can I free up disk space on my DDE?
There are multiple ways you can remove data from your DDE:
- Delete data from your NAS share or VTL partition.
- Erase or re-label tapes from your backup application.
- Delete the virtual media altogether.
- If the DDE is a replication target system, delete replicated snapshots.
After you take one or more of the previous actions, and after space reclamation completes, space consumed will be returned to the system.
When should I schedule replication for best performance?
Optimize your performance by scheduling your backups, and replication to run at different times throughout the day.
How can I increase my deduplication ratio?
Optimize your deduplication ratio by disabling software compression, encryption, and multiplexing in the backup application. Space reduction rates are a combination of deduplication and compression and a direct result of the number of redundant backups of data over the life cycle of defined retention. Therefore, client that run more full backups with higher retention values tend to see greater reduction rates than clients that run frequent incremental backups with shorter retention rates.
What should I do when my backups fail?
Backup jobs may fail for some of these reasons:
- The DDE ran out of space during the backup window.
- Your backup host lost network connectivity to the DDE.
- Your backup application may have crashed. Try re-running the backup
- Your client in backup or the data mover managing backup traffic is over-whelmed and unable to process the work at hand.
- A backup policy or resource configuration access is misconfigured.
The complete InfiniGuard documentation set is available here: https://support.infinidat.com/hc/en-us/articles/360000491457-InfiniGuard-3-0-documentation
Scope of Support
Support Services shall be provided 24 hours per day, 7 days a week. As part of the Support Services, Infinidat shall provide Installation Services, Updates, Telephone Support, Online Support, Remote Support (if applicable), and Onsite Support (if applicable), solely with respect to a Supported Release of the Product.
Infinidat shall provide Telephone Support, Online Support and Error Correction services in accordance with the chart below, as long as access to the Product is granted to Infinidat.
Response time for acknowledgement by Infinidat
- Infinidat will provide you with an acknowledgement of the Support Request within the following time periods:
- Priority A - 1 hour
- Priority B - 4 hours
- Priority C - next business day Onsite Support Availability
- Onsite support will be provided within the following time periods, after Infinidat deems Onsite Support is necessary:
- Priority A - 4 hour
- Priority B - next business day
- Priority C - to be scheduled with you