= Data Protection :toc: :icons: :linkattrs: :imagesdir: ../resources/images == Summary This section will cover the data protection technologies available with *Amazon FSx for NetApp ONTAP* file system. . *Snapshots*: A read-only, point in time copy of your volume that can be used instantaneous backups and short-term recovery. . *Amazon FSx Backups*: A cost-efficient offsite backup of your volume that is stored in Amazon S3 within the same region. . *SnapVault*: Disk based backup technology for performing offsite backups of your volume snapshots to a *secondary* file system in same or different region. . *SnapMirror*: Native block level replication technology for disaster recovery and data migrations. We will cover this feature in our disaster recovery section of this workshop. === Snapshots Overview When a new snapshot is created, it creates new pointers to existing blocks on the volume. Since no data is copied, snapshots do not consume any space on creation and are instantaneous. As data blocks on your volume get modified or deleted, the blocks locked by the snapshot are retained and the snapshot starts to consume space over time. Snapshots are recommended for short-term recovery and provide the ability to restore a single file, directory or entire volume using the point in time copy. Since snapshots are stored along side your volume, they are not ideal for long-term and offsite backup and do not protect against volume or file system failures. You can schedule automatic snapshots using a snapshot policy and also trigger manual snapshots. === Amazon FSx Backups Overview Amazon FSx backups allow you to take highly durable automatic daily backups or user-initiated backups of your volume that are stored in durable Amazon S3. These backups are incremental and the automatic daily backups can be scheduled to run during a daily backup window with a retention period between 0-90 days. Since no additional infrastructure needs to be provisioned with Amazon FSx backups, you get cost-effective offsite backups with retention period up to 90 days. === SnapVault Overview SnapVault is a disk-based storage backup feature in ONTAP, which allows you to backup snapshot copies of your volume to a *secondary* volume on a different file system for long-term retention. You can restore data from the SnapVault *secondary* volume to the associated source volume or to a different volume. Snapshot policy assigned to the source volume determines when snapshots are created. A SnapVault policy assigned to the SnapVault relationship determines which snapshots on the source volume are replicated to *secondary* volume. Storage efficiencies if enabled are preserved. SnapVault can be used to backup volumes from multiple source file systems to a central *secondary* system for offsite backups in same or different region. SnapVault uses the SnapMirror engine, so replication works exactly the same way. Note: SnapVault will not be covered in this workshop. == Duration NOTE: It will take approximately 15 minutes to complete this section. == Step-by-step Guide (Snapshots) === Snapshot steps . *_Return_* to the SSH connection of your *FSx for ONTAP Workshop Linux instance* and SSH to the file system management endpoint of your FSx for ONTAP file system. + [source,bash] ---- ssh ${ADMINUSER}@${MGMTENDPOINT} ---- + . *_Run_* command below to check for available snapshots. + [source,bash] ---- volume snapshot show ---- + . *_Run_* below command to check the default snapshot policy that is enabled on your volume. + [source,bash] ---- snapshot policy show -policy default ---- + NOTE: You can see the default schedule in the output which retains a total of 10 snapshots *(6 hourly, 2 daily and 2 weekly)*. . *_Run_* below command to check the timings for the various schedules: + [source,bash] ---- job schedule cron show ---- + NOTE: As you can see the hourly snapshots happen 5 mins past the hour, the daily snapshots 10 mins past midnight and weekly snapshots 15 mins past midnight on Sunday. . *_Run_* command below to trigger a *manual* snapshot for your volume. Provide a snapshot name *vol1_FSxOntapWorkshop* and a comment as shown below. + [source,bash] ---- volume snapshot create -vserver svm01 -volume vol1 -snapshot vol1_FSxOntapWorkshop -comment "Manual Snapshot created for FSx Workshop" ---- + . *_Run_* command below to list the snapshots. + [source,bash] ---- volume snapshot show vol1 ---- + . *_Run_* below command to check the snapshot snapreserve space assigned to the volume: + [source,bash] ---- volume show vol1 -fields percent-snapshot-space,snapshot-space-used ---- + . Alternately, you can also *_Run_* below command to check the snapshot snapreserve space usage on the volume: + [source,bash] ---- df -h vol1 ---- + NOTE: By default *5%* of the volume space is configured for *_snapreserve_* and this value can be modified. If the snapshot space used exceeds the 5% snapreserve, then snapshots will start consuming space in the data area of your volume. . *_Next_*, Lets make some changes to the text file created in the multiprotocol access section of the workshop. Return to the *SSH* session on Instance with name *FSx for ONTAP Workshop Linux Instance* run: + [source,bash] ---- cat ${MOUNTPOINT}/${DIRNAME}/multiprotocol-demo.txt echo "Appending text before single file restore" >> ${MOUNTPOINT}/${DIRNAME}/multiprotocol-demo.txt cat ${MOUNTPOINT}/${DIRNAME}/multiprotocol-demo.txt ---- + . We are now going to restore the previous version of the file. *_Restore_* the previous version of the file from the snapshot taken earlier in this workshop. You can overwrite the file in its original location or copy the file to a new location. Lets create a new directory to restore this file. + [source,bash] ---- mkdir ${MOUNTPOINT}/${DIRNAME}/restore ---- + . *_Change directory_* to the *_.snapshot_* directory and list snapshots available for restore. cd to the the snapshot *vol1_FSxOntapWorkshop* directory that corresponds to the manual snapshot created earlier and copy the file from the snapshot to the target directory. + [source,bash] ---- cd ${MOUNTPOINT}/${DIRNAME}/.snapshot ls cd vol1_FSxOntapWorkshop/ ls cat multiprotocol-demo.txt cp -p multiprotocol-demo.txt ${MOUNTPOINT}/${DIRNAME}/restore cd ---- + . *_cat_* the restored file to view its contents. + [source,bash] ---- cat ${MOUNTPOINT}/${DIRNAME}/restore/multiprotocol-demo.txt ---- + . Was the file successfully restored to a previous point in time? + TIP: To *perform* an entire volume restore from snapshot you can run *volume snapshot restore -vserver -volume -snapshot * from your ONTAP CLI session. + . *_Return_* to the RDP to your Windows Instance with name *FSx for ONTAP Workshop Windows Instance* . Using *File explorer* *_Right-click_* on the file *multiprotocol-demo.txt*, *Select* _properties_ -> _Click_ on *Previous Versions* tab to browse for available snapshots. *_Double-Click_* on the version of the file shown under *File versions:* to view the contents. *_Click_* *Restore* to restore to a previous point in time. . Were you able to restore the file? . *_Return_* to the SSH connection of your *FSx for ONTAP Workshop Linux instance* and SSH to the file system management endpoint of your FSx for ONTAP file system. + [source,bash] ---- ssh ${ADMINUSER}@${MGMTENDPOINT} ---- + . *_Run_* command below to check the security style for your volume. + [source,bash] ---- volume show -volume vol1 -fields security-style ---- + NOTE: Your volume inherited the *Unix* security style from the SVM and enforces Unix style permissions. ONTAP performs name mapping between Windows and Unix users to authorize access. If a Windows user tries to access a Unix security style volume their Windows username will be mapped to Unix UID because a Unix security style volume will not understand its Windows username. The Unix user will be verified by /etc/password files, NIS or LDAP. Administrators can configure explicit manual mapping from a Windows user to Unix user. For example a windows user "john" is mapped to Unix user "john" to identify the permissions and authorize access. if no mappings are found then its mapped to *pcuser* with UID and GID 65634. You were denied access because you were trying overwrite a file owned by Unix user *ec2-user* as *admin* user from Windows. To learn more about user mapping and multiprotocol best practices refer link:https://www.netapp.com/pdf.html?item=/media/27436-tr-4887.pdf[Multiprotocol NAS in NetApp ONTAP] == Step-by-step Guide (Amazon FSx Backups) === Amazon FSx Backup steps . Go to the link:https://console.aws.amazon.com/fsx/[Amazon FSx] console, *_Click_* the *_File system ID_* of your Amazon FSx for NetApp ONTAP file system. . *_Click_* on the *volumes* tab. *_Select_* *vol1* and *_click_* *Actions* -> *Create backup*. Input a name for your backup (Ex: FSxONTAP-workshop-backup) and *_Click_* *Create backup*. . *_Click_* on the *backups* tab and you can see the backup status as *Creating*. Once the backup is complete the status will show as *Available*. . *_Restore_* the backup to a new volume. *_Select_* the backup we created in the previous step, *_Click_* *Actions* -> *Restore backup*. Input the following values: + [cols="2,7"] |=== | *File system* a| Select the file system ID for your file system | *Storage virtual machine name* a| Select the Storage virtual machine you created | *Volume name* a| Input restorevol | *Junction path* a| Input /restorevol | *Volume Size* a| Input 100000 | *Storage efficiency* a| Select Enabled | *Capacity pool tiering policy* a| Accept Default |=== + . After you have entered or accepted values for all parameters, *_click_* *Confirm* . *_Click_* on the *volumes* tab to check the progress of the restore. Once the status changes to *Created* you can mount the volume to access the data. . Were you able to modify any volume configuration parameters during the restore when compared to your source volume? == Next section Click the button below to go to the next section. If you have time and want to try our *Bonus* section, go to the SnapMirror section. If you are done with the workshop, go to the *Cleanup resources* section. [cols="2,1"] |=== a|image::snapmirror.jpg[link=../09-snapmirror/, align="left",width=420] a| image::cleanup-resources.jpg[link=../10-cleanup-resources/, align="left",width=420] |===