Getting started on premises
The NetApp SnapCenter tool uses role based access control (RBAC) to manage user resources access and permission grants, and SnapCenter installation creates prepopulated roles. You can also create custom roles based on your needs or applications.
On Premises
1. Setup database admin user in SnapCenter
It makes sense to have a dedicated admin user ID for each database platform supported by SnapCenter for database backup, restoration, and/or disaster recovery. You can also use a single ID to manage all databases. In our test cases and demonstration, we created a dedicated admin user for both Oracle and SQL Server, respectively.
Certain SnapCenter resources can only be provisioned with the SnapCenterAdmin role. Resources can then be assigned to other user IDs for access.
In a pre-installed and configured on-premises SnapCenter environment, the following tasks might have already have been completed. If not, the following steps create a database admin user:
-
Add the admin user to Windows Active Directory.
-
Log into SnapCenter using an ID granted with the SnapCenterAdmin role.
-
Navigate to the Access tab under Settings and Users, and click Add to add a new user. The new user ID is linked to the admin user created in Windows Active Directory in step 1. . Assign the proper role to the user as needed. Assign resources to the admin user as applicable.
2. SnapCenter plugin installation prerequisites
SnapCenter performs backup, restore, clone, and other functions by using a plugin agent running on the DB hosts. It connects to the database host and database via credentials configured under the Setting and Credentials tab for plugin installation and other management functions. There are specific privilege requirements based on the target host type, such as Linux or Windows, as well as the type of database.
DB hosts credentials must be configured before SnapCenter plugin installation. Generally, you want to use an administrator user accounts on the DB host as your host connection credentials for plugin installation. You can also grant the same user ID for database access using OS-based authentication. On the other hand, you can also employ database authentication with different database user IDs for DB management access. If you decide to use OS-based authentication, the OS admin user ID must be granted DB access. For Windows domain-based SQL Server installation, a domain admin account can be used to manage all SQL Servers within the domain.
Windows host for SQL server:
-
If you are using Windows credentials for authentication, you must set up your credential before installing plugins.
-
If you are using a SQL Server instance for authentication, you must add the credentials after installing plugins.
-
If you have enabled SQL authentication while setting up the credentials, the discovered instance or database is shown with a red lock icon. If the lock icon appears, you must specify the instance or database credentials to successfully add the instance or database to a resource group.
-
You must assign the credential to a RBAC user without sysadmin access when the following conditions are met:
-
The credential is assigned to a SQL instance.
-
The SQL instance or host is assigned to an RBAC user.
-
The RBAC DB admin user must have both the resource group and backup privileges.
-
Unix host for Oracle:
-
You must have enabled the password-based SSH connection for the root or non-root user by editing sshd.conf and restarting the sshd service. Password-based SSH authentication on AWS instance is turned off by default.
-
Configure the sudo privileges for the non-root user to install and start the plugin process. After installing the plugin, the processes run as an effective root user.
-
Create credentials with the Linux authentication mode for the install user.
-
You must install Java 1.8.x (64-bit) on your Linux host.
-
Installation of the Oracle database plugin also installs the SnapCenter plugin for Unix.
3. SnapCenter host plugin installation
Before attempting to install SnapCenter plugins on cloud DB server instances, make sure that all configuration steps have been completed as listed in the relevant cloud section for compute instance deployment. |
The following steps illustrate how a database host is added to SnapCenter while a SnapCenter plugin is installed on the host. The procedure applies to adding both on-premises hosts and cloud hosts. The following demonstration adds a Windows or a Linux host residing in AWS.
Configure SnapCenter VMware global settings
Navigate to Settings > Global Settings. Select "VMs have iSCSI direct attached disks or NFS for all the hosts" under Hypervisor Settings and click Update.
Add Windows host and installation of plugin on the host
-
Log into SnapCenter with a user ID with SnapCenterAdmin privileges.
-
Click the Hosts tab from the left-hand menu, and then click Add to open the Add Host workflow.
-
Choose Windows for Host Type; the Host Name can be either a host name or an IP address. The host name must be resolved to the correct host IP address from the SnapCenter host. Choose the host credentials created in step 2. Choose Microsoft Windows and Microsoft SQL Server as the plugin packages to be installed.
-
After the plugin is installed on a Windows host, its Overall Status is shown as "Configure log directory."
-
Click the Host Name to open the SQL Server log directory configuration.
-
Click "Configure log directory" to open "Configure Plug-in for SQL Server."
-
Click Browse to discover NetApp storage so that a log directory can be set; SnapCenter uses this log directory to roll up the SQL server transaction log files. Then click Save.
For NetApp storage provisioned to a DB host to be discovered, the storage (on-prem or CVO) must be added to SnapCenter, as illustrated in step 6 for CVO as an example. -
After the log directory is configured, the Windows host plugin Overall Status is changed to Running.
-
To assign the host to the database management user ID, navigate to the Access tab under Settings and Users, click the database management user ID (in our case the sqldba that the host needs to be assigned to), and click Save to complete host resource assignment.
Add Unix host and installation of plugin on the host
-
Log into SnapCenter with a user ID with SnapCenterAdmin privileges.
-
Click the Hosts tab from left-hand menu, and click Add to open the Add Host workflow.
-
Choose Linux as the Host Type. The Host Name can be either the host name or an IP address. However, the host name must be resolved to correct host IP address from SnapCenter host. Choose host credentials created in step 2. The host credentials require sudo privileges. Check Oracle Database as the plug-in to be installed, which installs both Oracle and Linux host plugins.
-
Click More Options and select "Skip preinstall checks." You are prompted to confirm the skipping of the preinstall check. Click Yes and then Save.
-
Click Submit to start the plugin installation. You are prompted to Confirm Fingerprint as shown below.
-
SnapCenter performs host validation and registration, and then the plugin is installed on the Linux host. The status is changed from Installing Plugin to Running.
-
Assign the newly added host to the proper database management user ID (in our case, oradba).
4. Database resource discovery
With successful plugin installation, the database resources on the host can be immediately discovered. Click the Resources tab in the left-hand menu. Depending on the type of database platform, a number of views are available, such as the database, resources group, and so on. You might need to click the Refresh Resources tab if the resources on the host are not discovered and displayed.
When the database is initially discovered, the Overall Status is shown as "Not protected." The previous screenshot shows an Oracle database not protected yet by a backup policy.
When a backup configuration or policy is set up and a backup has been executed, the Overall Status for the database shows the backup status as "Backup succeeded" and the timestamp of the last backup. The following screenshot shows the backup status of a SQL Server user database.
If database access credentials are not properly set up, a red lock button indicates that the database is not accessible. For example, if Windows credentials do not have sysadmin access to a database instance, then database credentials must be reconfigured to unlock the red lock.
After the appropriate credentials are configured either at the Windows level or the database level, the red lock disappears and SQL Server Type information is gathered and reviewed.
5. Setup storage cluster peering and DB volumes replication
To protect your on-premises database data using a public cloud as the target destination, on-premises ONTAP cluster database volumes are replicated to the cloud CVO using NetApp SnapMirror technology. The replicated target volumes can then be cloned for DEV/OPS or disaster recovery. The following high-level steps enable you to set up cluster peering and DB volumes replication.
-
Configure intercluster LIFs for cluster peering on both the on-premises cluster and the CVO cluster instance. This step can be performed with ONTAP System Manger. A default CVO deployment has inter-cluster LIFs configured automatically.
On-premises cluster:
Target CVO cluster:
-
With the intercluster LIFs configured, cluster peering and volume replication can be set up by using drag-and-drop in NetApp Cloud Manager. See "Getting Started - AWS Public Cloud" for details.
Alternatively, cluster peering and DB volume replication can be performed by using ONTAP System Manager as follows:
-
Log into ONTAP System Manager. Navigate to Cluster > Settings and click Peer Cluster to set up cluster peering with the CVO instance in the cloud.
-
Go to the Volumes tab. Select the database volume to be replicated and click Protect.
-
Set the protection policy to Asynchronous. Select the destination cluster and storage SVM.
-
Validate that the volume is synced between the source and target and that the replication relationship is healthy.
6. Add CVO database storage SVM to SnapCenter
-
Log into SnapCenter with a user ID with SnapCenterAdmin privileges.
-
Click the Storage System tab from the menu, and then click New to add a CVO storage SVM that hosts replicated target database volumes to SnapCenter. Enter the cluster management IP in the Storage System field, and enter the appropriate username and password.
-
Click More Options to open additional storage configuration options. In the Platform field, select Cloud Volumes ONTAP, check Secondary, and then click Save.
-
Assign the storage systems to SnapCenter database management user IDs as shown in 3. SnapCenter host plugin installation.
7. Setup database backup policy in SnapCenter
The following procedures demonstrates how to create a full database or log file backup policy. The policy can then be implemented to protect databases resources. The recovery point objective (RPO) or recovery time objective (RTO) dictates the frequency of database and/or log backups.
Create a full database backup policy for Oracle
-
Log into SnapCenter as a database management user ID, click Settings, and then click Polices.
-
Click New to launch a new backup policy creation workflow or choose an existing policy for modification.
-
Select the backup type and schedule frequency.
-
Set the backup retention setting. This defines how many full database backup copies to keep.
-
Select the secondary replication options to push local primary snapshots backups to be replicated to a secondary location in cloud.
-
Specify any optional script to run before and after a backup run.
-
Run backup verification if desired.
-
Summary.
Create a database log backup policy for Oracle
-
Log into SnapCenter with a database management user ID, click Settings, and then click Polices.
-
Click New to launch a new backup policy creation workflow, or choose an existing policy for modification.
-
Select the backup type and schedule frequency.
-
Set the log retention period.
-
Enable replication to a secondary location in the public cloud.
-
Specify any optional scripts to run before and after log backup.
-
Specify any backup verification scripts.
-
Summary.
Create a full database backup policy for SQL
-
Log into SnapCenter with a database management user ID, click Settings, and then click Polices.
-
Click New to launch a new backup policy creation workflow, or choose an existing policy for modification.
-
Define the backup option and schedule frequency. For SQL Server configured with an availability group, a preferred backup replica can be set.
-
Set the backup retention period.
-
Enable backup copy replication to a secondary location in cloud.
-
Specify any optional scripts to run before or after a backup job.
-
Specify the options to run backup verification.
-
Summary.
Create a database log backup policy for SQL.
-
Log into SnapCenter with a database management user ID, click Settings > Polices, and then New to launch a new policy creation workflow.
-
Define the log backup option and schedule frequency. For SQL Server configured with a availability group, a preferred backup replica can be set.
-
SQL server data backup policy defines the log backup retention; accept the defaults here.
-
Enable log backup replication to secondary in the cloud.
-
Specify any optional scripts to run before or after a backup job.
-
Summary.
8. Implement backup policy to protect database
SnapCenter uses a resource group to backup a database in a logical grouping of database resources, such as multiple databases hosted on a server, a database sharing the same storage volumes, multiple databases supporting a business application, and so on. Protecting a single database creates a resource group of its own. The following procedures demonstrate how to implement a backup policy created in section 7 to protect Oracle and SQL Server databases.
Create a resource group for full backup of Oracle
-
Log into SnapCenter with a database management user ID, and navigate to the Resources tab. In the View drop-down list, choose either Database or Resource Group to launch the resource group creation workflow.
-
Provide a name and tags for the resource group. You can define a naming format for the Snapshot copy and bypass the redundant archive log destination if configured.
-
Add database resources to the resource group.
-
Select a full backup policy created in section 7 from the drop-down list.
-
Click the (+) sign to configure the desired backup schedule.
-
Click Load Locators to load the source and destination volume.
-
Configure the SMTP server for email notification if desired.
-
Summary.
Create a resource group for log backup of Oracle
-
Log into SnapCenter with a database management user ID, and navigate to the Resources tab. In the View drop-down list, choose either Database or Resource Group to launch the resource group creation workflow.
-
Provide a name and tags for the resource group. You can define a naming format for the Snapshot copy and bypass the redundant archive log destination if configured.
-
Add database resources to the resource group.
-
Select a log backup policy created in section 7 from the drop-down list.
-
Click on the (+) sign to configure the desired backup schedule.
-
If backup verification is configured, it displays here.
-
Configure an SMTP server for email notification if desired.
-
Summary.
Create a resource group for full backup of SQL Server
-
Log into SnapCenter with a database management user ID, and navigate to the Resources tab. In the View drop-down list, choose either a Database or Resource Group to launch the resource group creation workflow. Provide a name and tags for the resource group. You can define a naming format for the Snapshot copy.
-
Select the database resources to be backed up.
-
Select a full SQL backup policy created in section 7.
-
Add exact timing for backups as well as the frequency.
-
Choose the verification server for the backup on secondary if backup verification is to be performed. Click Load Locator to populate the secondary storage location.
-
Configure the SMTP server for email notification if desired.
-
Summary.
Create a resource group for log backup of SQL Server
-
Log into SnapCenter with a database management user ID, and navigate to the Resources tab. In the View drop-down list, choose either a Database or Resource Group to launch the resource group creation workflow. Provide the name and tags for the resource group. You can define a naming format for the Snapshot copy.
-
Select the database resources to be backed up.
-
Select a SQL log backup policy created in section 7.
-
Add exact timing for the backup as well as the frequency.
-
Choose the verification server for the backup on secondary if backup verification is to be performed. Click the Load Locator to populate the secondary storage location.
-
Configure the SMTP server for email notification if desired.
-
Summary.
9. Validate backup
After database backup resource groups are created to protect database resources, the backup jobs runs according to the predefined schedule. Check the job execution status under the Monitor tab.
Go to the Resources tab, click the database name to view details of database backup, and toggle between Local copies and mirror copies to verify that Snapshot backups are replicated to a secondary location in the public cloud.
At this point, database backup copies in the cloud are ready to clone to run dev/test processes or for disaster recovery in the event of a primary failure.