Why Cloudian Object Storage is the Ideal Target for IBM Spectrum Protect Plus

Today, enterprises have multiple choices when it comes to deploying data protection solutions for their mission-critical data and applications in data centers and the public cloud. IBM Spectrum Protect Plus in combination with Cloudian’s fully S3-compatible HyperStore object storage offers a simple, scalable, reliable and cost-effective solution to protect such workloads. IBM Spectrum Protect Plus is a modern data protection solution that provides recovery, replication, retention, and reuse for VMs, databases, applications, file systems, SaaS workloads, containers and cloud applications such as Office 365.

Eric SanschagrinEric Sanschagrin, Sr. Pre-Sales Systems Engineer, Cloudian

View LinkedIn Profile

Today, enterprises have multiple choices when it comes to deploying data protection solutions for their mission-critical data and applications in data centers and the public cloud. IBM Spectrum Protect Plus in combination with Cloudian’s fully S3-compatible HyperStore object storage offers a simple, scalable, reliable and cost-effective solution to protect such workloads.

IBM Spectrum Protect Plus is a modern data protection solution that provides recovery, replication, retention, and reuse for VMs, databases, applications, file systems, SaaS workloads, containers and cloud applications such as Office 365.

Cloudian HyperStore is the perfect target for IBM Spectrum Protect Plus. It provides the best storage platform for that secondary tier of storage required for the long-term retention and protection of data. Hyperstore not only guarantees data durability and integrity at scale using data distribution mechanisms but also optimizes the entire backup infrastructure by reducing the need for more expensive data protection technology.

Enterprises now fully understand the value of robust data protection. Nearly every week, you hear of ransomware and other cyberattacks, often resulting in data loss and service outages.  These attacks can have a significant impact on an enterprise’s bottom line because of the cost incurred in paying ransom and man-hours for performing recoveries, in addition to the negative impact on a company’s reputation.

New workloads such as container-based applications also require data protection, and cloud-based apps can be a challenge as well. Some applications, such as Office 365, do not include backup. With other cloud services, providers may offer insufficient protection to meet your needs.

IBM Spectrum Protect Plus, using simple SLA policies, leverages Cloudian HyperStore to offload extra copies of incremental backup data for long-term data retention and disaster recovery as well as archive of entire systems and applications, thus providing data durability, scalability and security.

Over the years, enterprises have been using backup applications for both their data protection capabilities (the ability to recover lost or corrupted data quickly and efficiently), and as a way to keep copies of data long-term for compliance, regulatory purposes and legal holds. These are truly two entirely different requirements, and although backup applications are great at providing data protection, they may not always be best suited for retaining data for compliance.

Long-term data retention increases the infrastructure required for backups. To retain data for a long time, you need more storage, more media servers, larger catalogs, more licensing — all of which increase cost. Historically, tape has been the “go-to” technology for compliance retention.  Unfortunately, tape technology is not necessarily best suited for this purpose. Managing tapes, storing them and accessing them is troublesome and prone to errors and damage. Data also is not searchable or easily accessible when stored on tape.

Cloudian Hyperstore is now widely deployed as a tape alternative. It’s easily scalable and integrates seamlessly with enterprise backup applications such as IBM Spectrum Protect Plus. Object storage offers data durability and availability superior to tape and can reduce TCO when you factor in tape management costs. In short, object storage delivers a true “active” archive that is well-protected (up to fourteen nines with HyperStore), is instantly accessible to users and backup applications and is also searchable.

Many of today’s data protection/backup applications, like IBM Spectrum Protect Plus, are handling the divide between data protection/recovery and the long-term data retention with a two-tier storage approach. To provide fast and easy recoverability, they employ an application appliance or media server for short-term data storage. Then they use a resilient, highly scalable second storage layer, like Cloudian Hyperstore, as the repository for the long-term/compliance data requirement.

Backup application vendors understand that it doesn’t make sense for enterprises to use the single-tier approach for all data. The infrastructure used as the first-tier (appliance and/or media servers) tends to be more expensive and financially unsustainable at the scale required for long-term data retention. Long-term data protection for compliance purposes is almost strictly a capacity and durability play. You need an infrastructure that is low-cost at scale but still provides data durability to keep the data safe and guarantee its integrity for years. Using public cloud at the petabyte scale that is required for compliance retention is also becoming challenging, and companies are starting to realize that the economics of using public cloud for that purpose just don’t make sense. Hence the shift to on-prem object storage.

In reality, it could be argued that the backup application’s first-tier infrastructure should be sized to retain data for only two weeks since 99% of data recoveries will come from within this retention window. Any data retained longer than this should be offloaded to a lower-cost, highly scalable platform. Cloudian HyperStore provides these capabilities at a lower cost than traditional storage, even lower than public cloud, and optimizes the entire cost structure of the backup environment.

IBM Spectrum Protect Plus and Cloudian HyperStore together let you protect and recover data locally — and replicate it to other locations for disaster recovery — with faster access, lower cost and higher security than public cloud.

In sum, this is a perfect example of integrating two leading enterprise technologies to provide a validated data protection and recovery offering that also delivers significant cost savings.


YOU MAY ALSO BE INTERESTED IN:

PRODUCT DEMO

How to Configure IBM Spectrum (TSM)

This product demonstration shows the steps to configure IBM Spectrum 7.1.7 (TSM) with Cloudian HyperStore object storage. Object storage systems make an ideal backup target, providing high scalability, compatibility with most backup solutions, and low cost.

VIEW DEMO


Optimize Data Protection with Cloudian HyperStore and IBM Spectrum Protect

ibm spectrum protect

With the surging growth in unstructured data combined with the rapid adoption of virtualization, mobile and cloud technologies, there has never been a more urgent time to think about data protection. Managing large numbers of servers and storage farms using legacy approaches is inefficient, resource-intensive, and cost-prohibitive.

LEARN MORE


IBM Spectrum Protect with Amazon S3 Cloud Storage

IBM Spectrum Protect (formerly IBM Tivoli Storage Manager) solution provides the following benefits:

  • Supports software-defined storage environments
  • Supports cloud data protection
  • Easily integrates with VMware and Hyper-V
  • Enables data protection by minimizing data loss with frequent snapshots, replication, and DR management
  • Reduce the cost of data protection with built-in efficiencies such as source-side and target-side deduplication

IBM Spectrum Protect has also enhanced its offerings by providing support for Amazon S3 cloud storage (version 7.1.6 and later) and IBM Spectrum Protect version 7.1.6 was just released on June 17th, 2016. I was actually a little nervous and excited at the same time. Why? Because Cloudian HyperStore has a S3 guarantee. What better way to validate that guarantee than by trying a plug-and-play with a solution that has just implemented support for Amazon S3?

Overview of IBM Spectrum Protect with Amazon S3 cloud storage

And the verdict? Cloudian HyperStore configured as “Cloud type: Amazon S3” works right off the bat with IBM Spectrum Protect. You can choose to add a cloud storage pool from the V7.1.6 Operations Center UI or use the Command Builder. The choice is yours.

We’ll look at both the V7.1.6 Operations Center UI and the Command Builder to add our off-premise cloud storage.

NOTE: Cloudian HyperStore can be deployed as your on-premise S3 cloud storage but it has to be identified as an Amazon S3 off-premise cloud storage and you have to use a signed SSL certificate.

Here’s how you can add an Amazon S3 cloud storage or a Cloudian HyperStore S3 cloud storage into your IBM Spectrum Protect storage pool:

From the V7.1.6 Operations Center UI

 

From the V7.1.6 Operations Center console, select “+Storage Pool”.

Adding 'Storage Pool' to the IBM Spectrum Protect V7.1.6 Operations Center console

In the “Add Storage Pool:Identity” pop-up window, provide the name of your cloud storage and the description. In the next step of the “Add Storage Pool:Type”, select “Container-based storage:Off-premises cloud”.

IBM Spectrum Protect cloud storage description

Click on “Next” to continue. The next step in the “Add Storage Pool:Credentials” page is where it gets exciting. This is where we provide the information for:

  • Cloud type: Amazon S3 (Amazon S3 cloud type is also used to identify a Cloudian HyperStore S3)
  • User Name: YourS3AccessKey
  • Password: YourS3SecretKey
  • Region: Specify your Amazon S3 region (for Cloudian HyperStore S3, select “Other”)
  • URL: If you had selected an Amazon S3 region, this will dynamically update to the Amazon region’s URL. If you are using a Cloudian HyperStore S3 cloud storage, input the S3 Endpoint Access (HTTPS).

Complete the process by clicking on “Add Storage Pool”.

IBM Spectrum Protect

NOTE: Be aware that there is currently no validation performed to verify your entries when you click on “Add Storage Pool”. Your S3 cloud storage pool will be created. I believe the IBM Spectrum Protect group is addressing this with a validation process for the creation of a S3 cloud storage pool. I hope the step-by-step process that I have provided will help minimize errors with your Amazon S3 cloud storage pool setup.

From the V7.1.6 Operations Center Command Builder

 

From the V7.1.6 Operations Center Command Builder, you can use the following define stgpool command and you are done adding your off-premise S3 cloud storage pool:

  • define stgpool YourCloudName stgtype=cloud pooltype=primary cloudtype=s3 cloudurl=https://s3.cloudianstorage.com:443 access=readwrite encrypt=yes identity=YourS3AccessKey password=YourS3SecretKey description=”Cloudian”

NOTE: You can review the server instance dsmffdc log if there’s errors. It is located in the server instance directory. There’s also a probability that the signed SSL certificate might not be correct.

For example:

06-20-2016 11:58:26.150][ FFDC_GENERAL_SERVER_ERROR ]: (sdcloud.c:3145) com.tivoli.dsm.cloud.api.ProviderS3 handleException com.amazonaws.AmazonClientException Unable to execute HTTP request: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target
[06-20-2016 11:58:26.150][ FFDC_GENERAL_SERVER_ERROR ]: (sdcntr.c:8166) Error 2903 creating container ibmsp.a79378e1333211e6984b000c2967bf98/1-a79378e1333211e6984b000c2967bf98
[06-20-2016 11:58:26.150][ FFDC_GENERAL_SERVER_ERROR ]: (sdio.c:1956) Did not get cloud container. rc = 2903

 

Importing A Signed SSL Certificate

 

You can use the IBM Spectrum Protect keytool –import command to import the signed SSL certificate. However, before you perform the keytool import process, make a copy of the original Java cacerts.

The Java cacerts is located in IBM_Spectrum_Protect_Install_Path > TSM > jre > security directory.

You can run the command from IBM_Spectrum_Protect_Install_Path > TSM > jre > bin directory.
For example, on Windows:

    • ./keytool –import ../lib/security/cacerts –alias Cloudian –file c:/locationofmysignedsslcert/admin.crt

 

Enter the keystore password when prompted. If you haven’t updated your keystore password, the default is changeit and you should change it for production environments. When you are prompted to “Trust this certificate?”, input “yes”.

NOTE: Keep track of the “Valid from: xxxxxx” of your signed SSL certificate, you will have to import a new certificate when the current one expires.

By the way, if you encounter error “ANR3704E sdcloud.c(1636): Unable to load the jvm for the cloud storage pool on Windows 2012R2”, update the PATH environment variable on the Spectrum Protect Server:
IBM_Spectrum_Install_Path\Tivoli\TSM\jre\bin\j9vm and also set the JVM_LIB to jvm.dll.

Here’s what your Amazon S3 cloud storage type looks like from IBM Spectrum Protect V7.1.6 Operations Center console:

Operations Center console final result after adding Amazon S3 cloud storage to IBM Spectrum Protect V7.1.6

And you’re off! If you encounter any issues during this process, feel free to reach out to our support team.

You can also learn more by downloading our solution brief.