Windows backup applications and Unix-style symlinks
When a backup application running on Windows encounters a Unix-style symbolic link (symlink), the link is followed and the data is backed up. Beginning with ONTAP 9.15.1, you have the option of backing up the symlinks instead of the data. This feature is fully supported with ONTAP FlexGroups and FlexVols.
Overview
Before you change how ONTAP handles symlinks during a Windows backup operation, you should be familiar with the benefits, key concepts, and configuration options.
Benefits
When this feature is disabled or unavailable, each symlink is traversed and the data it links to is backed up. Because of this, unnecessary data can sometimes be backed up and in certain situations the application might end up in a loop. Backing up the symlinks instead avoids these issues. And because the symlink files are very small compared to the data in most cases, the backups take less time to complete. The overall performance of the cluster can also improve because of the reduced IO operations.
Windows server environment
This feature is supported for backup applications running on Windows. You should understand the relevant technical aspects of the environment before using it.
Windows supports extended attributes (EA) which collectively form additional metadata optionally associated with the files. These attributes are used by various applications, such as the Windows Subsystem for Linux as described at File Permissions for WSL. Applications can request extended attributes for each file when reading data from ONTAP.
The symlinks are returned in the extended attributes when the feature is enabled. Therefore a backup application must provide standard EA support which is used to store the metadata. Some Windows utilities support and preserve the extended attributes. However, if the backup software does not support backing up and restoring the extended attributes, it will not preserve the metadata associated with each file and fail to process the symlinks properly.
Backup applications running on a Microsoft Windows server can be granted a special privilege allowing them to bypass normal file security. This is typically done by adding the applications to the Backup Operators group. The apps can then back up and restore files as needed as well as perform other related system operations. There are subtle changes to the SMB protocol used by the backup applications which can be detected by ONTAP as the data is read and written.
Requirements
The symlink backup feature has several requirements including:
-
Your cluster is running ONTAP 9.15.1 or later.
-
A Windows backup application that has been granted special backup privileges.
-
The backup application must also support extended attributes and request them during the backup operations.
-
The ONTAP symlink backup feature is enabled for the applicable data SVM.
Configuration options
In addition to the ONTAP CLI, you can also manage this feature using the REST API. See What's new with the ONTAP REST API and automation for more information. The configuration determining how ONTAP processes the Unix-style symlinks must be performed separately for each SVM.
Enable the symlink backup feature in ONTAP
A configuration option has been introduced to an existing CLI command with ONTAP 9.15.1. You can use this option to enable or disable Unix-style symlink processing.
Review the basic Requirements. In addition:
-
Be able to elevate your CLI privilege to the advanced level.
-
Determine the data SVM you want to modify. The SVM
vs1
is used in the example command.
-
Set the advanced privilege level.
set privilege advanced
-
Enable symlink file backup.
vserver cifs options modify -vserver vs1 -is-backup-symlink-enabled true