In this NetApp tutorial, you’ll learn about tape backups and NDMP in ONTAP. Scroll down for the video and also text tutorial.
NetApp Tape Backups Video Tutorial
ONTAP does not have its own native tape backup application. You can use ‘smtape’ commands at the command line for SnapMirror or SnapVault tape seeding. However, you would not want to be configuring and running backup jobs manually using the command line every day.
Therefore, for your day-to-day tape backups, you’re going to want to use NDMP compliant backup software from a third-party vendor.
Let’s look at what software and what tape devices are available. If you search in Google for ‘backup to tape solutions’, you will find the Backup to Tape Solutions page by NetApp. There’s a tab here for NDMP certification because the backup software needs to be NDMP compliant.
On this page, you can see a list of currently supported backup applications. NetApp update this as new ones become available. In the overview tab, you can see there’s also a link where you can review a list of supported devices below.
If I open that up, it will open up the Interoperability Matrix Tool, then when this page opens, I’ll just search in the IMT. I’m going to search for ‘tape’ and add that to the list of things that I’m looking for. I can see tape drives on the right panel and then, click on the ‘Skip To Results’ button.
When this loads, it’s going to give me 12 pages of supported tape devices. You can see whether they’re attached via SAS or FC. That’s how you find out the latest compatible software and hardware devices.
The backup software that you’re going to use is going to come from a third party and it needs to be NDMP compliant. NDMP is the Network Data Management Protocol, it’s an open standard for backup software.
NDMP backup and restore commands are sent over an IP network from the backup server to the storage system. You’re going to have a backup server which is connected to your IP network and it’s going to send commands to the ONTAP system over that IP network to control the backups and the restores from tape.
Adding Tape Devices
You can add tape drives and libraries to the storage system dynamically without taking it off line. You must use a qualified tape device that has been tested and found to work properly on the storage system. When you do add a new tape device, the storage system will detect its presence and add it to the configuration automatically.
You’ve got your tape device attached and you’ve got your NDMP compliant backup software as well, so now, you’re ready to configure the ONTAP side of the configuration. Obviously, I can’t show you how to configure that third party tape backup software because it depends what particular software you’re using, they’re all going to be different.
We can have a look at how to configure the ONTAP side though. There are only a few commands that you need to enter.
NDMP authentication can be configured at the cluster and/or SVM level. The backup software is going to need to log into the ONTAP system to have permission to control the backups and restores. You’re going to have to authenticate it and it’s using NDMP for the connection to the storage system.
If you’re logged in as a cluster level administrator, you can manage backups and restores for all of the SVMs in the entire cluster. You can also enable SVM level administrators to look after their own backups and restores, while having no visibility of other SVMs.
If you’re acting as a storage service provider for your own department, let’s say you’ve got department A and department B, and you want them to be able to manage their own backups and restores, then you can enable that at the SVM level.
Or maybe you’re a larger provider and you’ve got customers of Coke and Pepsi, and you want them to be able to manage their own backups and restores but not be able to see each other, you can enable that at the SVM level as well.
You can use the built-in admin and vsadmin accounts. The admin account is a cluster-level account, which is the superuser there. We have vsadmin accounts for each of your SVMs. You can enable the vsadmin account for that SVM and it’s got superuser access to that particular SVM.
You can use those built in admin and vsadmin accounts, but better practice would be to use and create a dedicated account just for the backup with the correct permissions.
Whichever account you use, you have to generate an NDMP password for it. Cluster level accounts must belong to either the admin or the backup role. SVM level accounts must belong to either the vsadmin or the vsadmin_backup role.
The backup software that you’re using requires Cluster Aware Backup (CAB) extensions for SVM aware backup. Make sure that you are using backup software which is on the approved list from NetApp.
With Cluster Aware Backup (CAB), NDMP can back up any volume on any node and use any tape device connected to any node in the entire cluster. That was not the case with the old, now deprecated, node-scoped NDMP, which was supported in previous versions.
The data LIFs used for incoming connections from the backup software should not have failover enabled because if a LIF fails over during a backup or restore, it will fail. You should create dedicated LIFs for your backup software. They can still be homed on the same underlying physical port that’s used for other connections, such as client data access.
The backups do not traverse junctions, you must list every volume to be backed up. Say if you’re going to back up an entire SVM, you can’t just point the backup software at the SVM root volume. You have to point it at each volume in that SVM that you want it to back up.
Local NDMP Backup
There are three different types of NDMP backup that are supported. First one is the local NDMP backup. With local NDMP backup, the data is backed up directly from the storage system to a locally attached tape device.
In the example below, we’ve got our backup server, which is connected to the ONTAP system over the IP network and it’s sending in the backup commands. The volume that is being backed up in this example is located on Node 1, and the tape device is also attached to Node 1. That would be local NDMP backup.
The next type we have is remote NDMP. With remote NDMP, data is transported from the storage system to the backup server. The server is attached to a tape device and backs up the data there.
With local NDMP backup, the tape device was attached to Node 1. Now, the tape device is attached to the backup server. The backup server still needs to communicate with the ONTAP system obviously, because that’s where the data is. The data will be sent over the IP network to the backup server and backed up to tape from there.
With three-way NDMP, data is transported from the storage system to another storage system that has a locally attached tape device. In the example below, the tape device is attached to Node 1. The control is coming from the backup server, and here we’re backing up a volume which is on Node 2 but it’s being backed up to a tape device attached to Node 1.
The ndmpcopy command has nothing to do with tape backup, but because we’ve been talking about NDMP so much in this tutorial, I want to tell you about ndmpcopy here. Just remember, it’s not really just about tape backup, this is for a different task.
The ndmpcopy command transfers data within a cluster or between storage systems using the NDMP protocol. It’s using the same NDMP protocol that’s used for your tape backups for the communication between the storage system and the backup server, but here we’re using NDMP for a different function.
With ndmpcopy, both full and incremental data transfers can be performed. You can transfer full or partial volumes, qtrees, directories, or individual files. Using the ndmpcopy command at the command line, you can move data around at the file level.
There are another couple of commands available, volcopy, and volmove. Volcopy will copy a complete volume from one aggregate to another aggregate, and volmove will move it to another aggregate.
The difference between volcopy and volmove and ndmpcopy is that ndmpcopy works at the file level. It’s more granular, you can use it to move individual files and folders around.
However, for volcopy and volmove, they work at the block level so they’re faster. They’re not as granular as ndmpcopy though. You can run ndmpcopy at the command line of the source or destination storage systems, or on an external storage system.
Now, let’s look at the NDMP commands that we need to configure on the ONTAP storage system when we’re using tape backup and we want to have our storage system integrated with our external third party backup software.
In the command line interface, the first thing is that NDMP needs to be an allowed protocol on the vserver. To see what vservers we’ve got and what protocols are allowed, I will do a:
I’ve already got an SVM set up called NAS, and currently the allowed protocols are NFS and CIFS, so I need to allow NDMP on there. I also need to say it is for vserver, NAS which is my vserver name.
The command for that is:
vserver add-protocols -vserver NAS -protocols ndmp
For configuring NDMP for the integration with the backup software, it is the ‘vserver services ndmp’ commands that we use. Let’s see what commands are available. After the command, hit the question mark key and you can see the different main commands:
- generate-password – Generates the password for the backup software to log in with NDMP.
- kill / kill-all – You can kill an individual NDMP sessions or kill all NDMP sessions.
- Modify – You can modify NDMP properties, that’s for lower level characteristics, such as what type of authentication you’re going to support.
- on / off – You can turn NDMP on and off.
- probe – It will list the NDMP sessions.
- show – Displays the properties.
- status – Displays the status which will list sessions,
- version – Used to view the version.
Let’s look at some of these commands starting with the version:
vserver services ndmp version
Now, I can see that the NDMP version is version 4, therefore, you need to use compliant NDMP backup software which supports version 4.
Next, I will do show:
vserver services ndmp show
In there, you can see that it’s currently not enabled for the NAS SVM and the authentication type is challenge. So for the authentication, you can support either challenge, which is the default, or plain text. Obviously, it’s better to use challenge authentication because that is encrypted.
Next, let’s turn NDMP on for the vserver NAS. I will say:
vserver services ndmp on -vserver NAS
The other thing that I need to do is to generate a password for NDMP for the account that I’m going to be logging in to the ONTAP storage system from the backup software. The command is:
vserver services ndmp generate-password -vserver NAS -user vsadmin
I haven’t actually configured a dedicated backup user for this demo. Therefore, the user was set was for the vsadmin which is the default super user account for my NAS SVM. Real world, I would configure a dedicated backup user account for this.
I hit enter and you see that it automatically generates a password for me. This is the password that you need to configure on your backup software, along with the user account that it’s going to use to log into the SVM and be able to control its backups and restores.