Archiving IBM Storage Defender Data Protect data to IBM Storage Protect tape

You can use tape media to store monthly archives of IBM Storage Defender Data Protect cluster data. This allows you to take advantage of existing IBM Storage Protect tape environments and provides a longer term retention than cluster disk space might allow.

About this task

Before you can register the IBM Storage Protect tape storage to archive data on an Data Protect cluster, you must configure the server to communicate with the cluster and to enable process requests for backup and restore operations. For more information about archiving data to an IBM Storage Protect server, see Configuration for copying or archiving data to IBM Storage Protect.

Requirements:

The IBM Storage Protect server must be at version 8.1.20 or later.
The Data Protect clusters must be at version 7.1 or later. For more information about supported versions, see IBM Storage Defender: Data Protect support information.
On the IBM Storage Protect server, you must have already configured a primary storage pool that represents a tape device or VTL. This primary storage pool is the destination for the object data that you want to copy. For instructions, see Creating a tape storage pool and a cold-data-cache storage pool for copying data to tape. When you define the cold-data-cache storage pool in step 1, you must specify this tape pool as the next storage pool for the cold-data-cache pool.

Tips and limitations:

Use the archive to tape feature only for monthly archives to tape. Frequent, full archives to tape are not recommended since incremental functionality is not available.
To ensure that recovery amounts are manageable, restrict the size of your protection groups to less than 100 virtual machines.
Ensure that you have sized your cold cache storage needs by using the sizing tool. By default, the cold cache retention is 7 days after a restore operation from tape. This retention period might impact the amount of disk space you plan for while sizing your cold cache storage needs.
You must use separate nodes for S3 Glacier to tape operations and S3 Glacier to cloud-container storage pool operations. When archiving data on Data Protect clusters, you cannot use the same node and bucket for both cloud and tape.
You must use a separate node/bucket for each Data Protect cluster in your environment.
Tape archives do not provide disaster recovery and will not assist in recovering a data from a lost Data Protect cluster.
Throttling is not supported, so it is important to correctly size your cold cache storage needs.

Procedure

To configure the IBM Storage Protect server, complete the following steps:

Create a cold-data-cache storage pool for copying data to tape by issuing the DEFINE STGPOOL command and specifying the STGTYPE=COLDDATACACHE parameter value:
```
DEFINE STGPOOL S3COLDCACHE STGTYPE=COLDDATACache NEXTSTGPOOL=LTO8POOL DIRECTORY=/TSMdisk1/coldcache/,/TSMdisk2/coldcache/ DESCRIPTION='COLD DATA CACHE FOR S3 to TAPE’ MIGPRO=number_of_tape_drives
```
Where S3COLDCACHE is the storage pool name, NEXTSTGPOOL is the primary tape storage pool to which files are migrated, DIRECTORY is a list of one or more directories that can be used for the cold-data-cache storage pool, DESCRIPTION is an optional description of the storage pool, MIGPRO is the number of parallel processes to use for migrating the files from the volumes in this storage pool. The value that you set for the MIGPRO parameter should be equal to the number of tape drives that you have configured.
Define a server for the object agent by issuing the DEFINE SERVER command and specifying the OBJECTAGENT=YES parameter value:
```
DEFINE SERVER SERVER_NAME HLAddress=myserver.mycompany.tucson.com LLAddress=9000 OBJECTAgent=yes
```
Where SERVER_NAME is the name of the server, HLADDRESS is the IP address or hostname of the server, LLADDRESS is the low-level address or TCP port number of the server, and OBJECTAGENT is set to YES.
The command returns the file path that you need for step 3.

To start the object agent, issue the following command:

sudo command_output

Where command_output is the command output from step 2.

Example:

sudo /opt/tivoli/tsm/server/bin/spObjectAgent service install /home/tsminst1/tsminst1/SERVER_NAME/spObjectAgent_SERVER_NAME_1500.config

Configure an object policy domain to define the rules that control the backup services. You must add a standard storage pool which is with a directory or cloud container based storage for copies, and a cold pool if you are copying data to tape or archiving data. Issue the DEFINE OBJECTDOMAIN command and specify the STANDARDPOOL and COLDPOOL parameter values:
```
DEFINE OBJECTDOMAIN DEFENDER_S3_DOMAIN STANDARDPOOL=S3containerpool COLDPool=S3COLDCACHE
```
Where DEFENDER_S3_DOMAIN is the name of the policy domain to be defined, STANDARDPOOL is the storage pool that will be used as the destination for requests from the object client, and COLDPOOL is the storage pool that will be used as the destination for requests from the object client. The cold pool is the storage pool that you defined in step 1.
Register each node in your Data Protect cluster by issuing the REGISTER NODE command:
```
REGISTER NODE DEFENDER_S3_CLIENT TYPE=OBJECTClient DOMAIN=DEFENDER_S3_DOMAIN
```
Where DEFENDER_S3_CLIENT is the node name, TYPE is set to OBJECTCLIENT, and DOMAIN is the domain name that you created in step 4.
Important: The command returns authentication credentials for the object client node that you registered. Retain and secure the access key and secret key that are provided by the command.
Example of command output:
```
ANR2470I The new authentication credentials for object client node DEFENDER_S3_CLIENT are: Access Key ID: SJDFPSDKJFPOAS, Secret Access Key: KD93slkd93HDLg391gxsEEsjnb3. 
```

Create an S3 Glacier bucket that Data Protect will use to configure IBM Storage Protect.

Download and install the MinIO client utility from https://dl.min.io/client/mc/release/.
Using the MinIO utility, create an alias for the IBM Storage Protect server by issuing the following commands:
```
./mcli alias set alias_name end-point access_key secret_key --insecure 
```
Where alias_name is the alias name for the object agent server that you defined in step 2, end-point is a combination of the server host name and TCP port number for the object agent server that you defined in step 2, access_key is the access key that is provided in step 5, secret_key is the secret key that is provided in step 5.
Example:
```
./mcli alias set server_name https://myserver.mycompany.tucson.com:9000 SJDFPSDKJFPOAS KD93slkd93HDLg391gxsEEsjnb3 --insecure 
```
Create a bucket on the alias that you created in step 6.b by issuing the following command:
```
./mcli mb alias/<bucket_name> --insecure
```
Where bucket_name is the name of your bucket. The bucket name that you specify will be used when you configure Data Protect.
Example:
```
./mcli mb server_name/sppod2-vm23-tape --insecure
```

Example:

Create an S3 Glacier bucket by using the MinIO utility.

[root@08a6ae132cde /]# dnf -y install https://dl.min.io/client/mc/release/linux-amd64/mcli-20230922050746.0.0.x86_64.rpm
mcli-20230922050746.0.0.x86_64.rpm                                                                                                  1.8 MB/s | 9.5 MB     00:05
Dependencies resolved.
===================================================================================================================
 Package                         Architecture                      Version                                            Repository                               Size
===================================================================================================================
Installing:
 mcli                            x86_64                            20230922050746.0.0-1                               @commandline                            9.5 M

Transaction Summary
===================================================================================================================
[root@08a6ae132cde /]# mcli alias set server_name https://myserver.mycompany.tucson.com:9000 SJDFPSDKJFPOAS KD93slkd93HDLg391gxsEEsjnb3 --insecure
mcli: Configuration written to `/root/.mcli/config.json`. Please update your access credentials.
mcli: Successfully created `/root/.mcli/share`.
mcli: Initialized share uploads `/root/.mcli/share/uploads.json` file.
mcli: Initialized share downloads `/root/.mcli/share/downloads.json` file.
Added `myalias` successfully.
[root@08a6ae132cde /]# mcli mb myalias/glacierarchive --insecure
Bucket created successfully `myalias/glacierarchive`.
[root@08a6ae132cde /]# exit
exit

What to do next

To archive your data to IBM® tape storage, you must register the IBM tape storage with the Data Protect cluster. Registering the IBM tape storage makes it eligible to be used by the Data Protect cluster. For instructions, see Register an External Target in the Data Protect User Guide in the Data Protect 7.1.

Note: To access the Data Protect reference information, you must authenticate by using IBMid credentials that are associated with your IBM Storage Defender tenant account.