Welcome to Data Domain 6.1 Technical Differences: Software and Security.

Copyright © 2017 Dell Inc. or its subsidiaries. All Rights Reserved. Dell, EMC, and other trademarks are trademarks
of Dell Inc. or its subsidiaries. Other trademarks may be the property of their respective owners. Published in the
USA.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” DELL EMC MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO
THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE.

Use, copying, and distribution of any DELL EMC software described in this publication requires an applicable software license. The trademarks, logos, and service marks
(collectively "Trademarks") appearing in this publication are the property of DELL EMC Corporation and other parties. Nothing contained in this publication should be construed
as granting any license or right to use any Trademark without the prior written permission of the party that owns the Trademark.

AccessAnywhere Access Logix, AdvantEdge, AlphaStor, AppSync ApplicationXtender, ArchiveXtender, Atmos, Authentica, Authentic Problems, Automated Resource Manager,
AutoStart, AutoSwap, AVALONidm, Avamar, Aveksa, Bus-Tech, Captiva, Catalog Solution, C-Clip, Celerra, Celerra Replicator, Centera, CenterStage, CentraStar, EMC
CertTracker. CIO Connect, ClaimPack, ClaimsEditor, Claralert ,CLARiiON, ClientPak, CloudArray, Codebook Correlation Technology, Common Information Model, Compuset,
Compute Anywhere, Configuration Intelligence, Configuresoft, Connectrix, Constellation Computing, CoprHD, EMC ControlCenter, CopyCross, CopyPoint, CX, DataBridge ,
Data Protection Suite. Data Protection Advisor, DBClassify, DD Boost, Dantz, DatabaseXtender, Data Domain, Direct Matrix Architecture, DiskXtender, DiskXtender 2000, DLS
ECO, Document Sciences, Documentum, DR Anywhere, DSSD, ECS, elnput, E-Lab, Elastic Cloud Storage, EmailXaminer, EmailXtender , EMC Centera, EMC ControlCenter,
EMC LifeLine, EMCTV, Enginuity, EPFM. eRoom, Event Explorer, FAST, FarPoint, FirstPass, FLARE, FormWare, Geosynchrony, Global File Virtualization, Graphic
Visualization, Greenplum, HighRoad, HomeBase, Illuminator , InfoArchive, InfoMover, Infoscape, Infra, InputAccel, InputAccel Express, Invista, Ionix, Isilon, ISIS,Kazeon, EMC
LifeLine, Mainframe Appliance for Storage, Mainframe Data Library, Max Retriever, MCx, MediaStor , Metro, MetroPoint, MirrorView, Mozy, Multi-Band
Deduplication,Navisphere, Netstorage, NetWitness, NetWorker, EMC OnCourse, OnRack, OpenScale, Petrocloud, PixTools, Powerlink, PowerPath, PowerSnap, ProSphere,
ProtectEverywhere, ProtectPoint, EMC Proven, EMC Proven Professional, QuickScan, RAPIDPath, EMC RecoverPoint, Rainfinity, RepliCare, RepliStor, ResourcePak,
Retrospect, RSA, the RSA logo, SafeLine, SAN Advisor, SAN Copy, SAN Manager, ScaleIO Smarts, Silver Trail, EMC Snap, SnapImage, SnapSure, SnapView, SourceOne,
SRDF, EMC Storage Administrator, StorageScope, SupportMate, SymmAPI, SymmEnabler, Symmetrix, Symmetrix DMX, Symmetrix VMAX, TimeFinder, TwinStrata, UltraFlex,
UltraPoint, UltraScale, Unisphere, Universal Data Consistency, Vblock, VCE. Velocity, Viewlets, ViPR, Virtual Matrix, Virtual Matrix Architecture, Virtual Provisioning, Virtualize
Everything, Compromise Nothing, Virtuent, VMAX, VMAXe, VNX, VNXe, Voyence, VPLEX, VSAM-Assist, VSAM I/O PLUS, VSET, VSPEX, Watch4net, WebXtender, xPression,
xPresso, Xtrem, XtremCache, XtremSF, XtremSW, XtremIO, YottaYotta, Zero-Friction Enterprise Storage.

Revision Date: June 2017

Revision Number: MR-7WN-DD61TDSS

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 1
 This course covers the software and security changes made for DD OS 6.1.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 2
 This module focuses on software enhancements made in DD OS 6.1, including BoostFS expansion,
enhanced upgrade features, ELMS changes, vDisk integration with eCDM, and improvements in MTree
replication.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 3
 This lesson covers the Boost FS application validation tool and performance enhancements.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 4
 BoostFS Profiler is a software tool designed to help users evaluate or qualify backup applications for
BoostFS file system using comparative performance analysis against NFS.

It is an interactive terminal that guides users through the evaluation process which includes environment
setup for the test, execution of the test, cataloguing the test artifacts, and compilation of test results for
analysis.

It is written using Python for Linux operating system and is available for download from the EMC
Community Network.

The profiler helps speed up adoption of BoostFS for all possible backup applications as an open virtual file
system interface to Data Domain storage server for backup and restore. It provides a transparent
evaluation procedure for the applications in a user-controlled environment and helps users make an
informed decision for a wider adoption of BoostFS in production.

Automated testing format guarantees consistent setup, execution and cataloging of the test artifacts while
eliminating manual errors during a lengthy test procedure.

It also provides a standard method to evaluate backup applications, which helps with ability to compare
and analyze test results across applications or versions and discover any opportunities for improvement in
the underlying system or the test itself.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 5
 The BoostFS Profiler installer package is available as a compressed tar file.

The installation package is available for download from EMC Community Network (ECN). You must login,
then navigate within ECN to Products > Data Protection > Data Domain.

The installation package contains the “SVT Workflow Guide.doc“ document for reference to guide you
through the setup and execution of the test and help interpret the reports.

The root installation directory for the profiler is, bfsprofiler. It can be installed in any location with full read
and write access.

The BoostFS Profiler installable package does not include DD VE. The workflow document includes
references to the DD VE Setup Guide.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 6
 The configuration required for BoostFS and DD VE to execute the test is done by the BoostFS Profiler in a
transparent manner using inputs from user on the terminal.

No configuration changes for the Profiler tool are required from the user. The configuration file shipped as
part of the installation package will be available under ‘config’ directory.

BoostFS Profiler is currently not supported with a DD VE on Cloud.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 7
 You will download the installation package from the Dell EMC Community Network.

After the BoostFS Profiler is installed, you need to stage the data. Depending on the environment, this
process can take from a few hours to a few days.

The profiler goes through three phases:

1. Setup – In the setup phase, you run the script ‘profiler_deploy.sh’. You are prompted for the
application name and version as well as the DD VE system IP address and admin credentials.
2. Execute – In the Execute phase, the DD VE instance must be empty to avoid running the test
against a production system. If the profiler detects user data on the specified DD VE the test will
terminate with an error.
During execution, you are asked to provide following details:
 Test name – used as part of the report identifier to catalogue the test
 Number of generations/versions of data to be used for test
 Backup and restore method during test
Before the test begins, you are provided with information about where to find the reports, test
data files and the ID of the test.
3. In the report phase, the BoostFS Profiler generates a report as PDF and text documents at the
end of the test.
Setup, execution, and report generation can be executed multiple times if you wish to make
changes to the backup application between tests.
To generate a compressed TAR file containing test reports, run, profiler_collect.sh.
4. When the test is complete and the report is generated, it is recommended that users upload the
test results to the Dell EMC Community Network.
5. When the results are uploaded, results can be reviewed by Dell EMC.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 8
 BoostFS Profiler generates a report as PDF and text documents immediately after test execution
completes.

The report generated as a PDF file contains test analysis presented in intuitive format using charts, tables
and a brief summary.

The report generated as text file provides detailed information for each file involved in backup/restore in
each generation. This report is designed for Data Domain Support and Engineering teams for debugging
purposes.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 9
 Post-test cleanup can be done using the profiler_cleanup.sh script. This script will perform the
following modifications to roll back the changes done for the testing.
1. Un-mount BoostFS file system
2. Remove lockbox credentials
3. Un-install BoostFS
4. Remove mini-conda environment
5. Un-install mini-conda distribution
6. No changes will be done to the DD VE as part of the cleanup

BoostFS Profiler tries to recover from most of the minor error situations by allowing the user to re-attempt
the operation. The following are examples of recoverable errors:
• User actively using NFS/BFS mount while profiler is trying to unmount the filesystem
• Wrong IP address or admin password for DD VE
• Wrong option for multiple selection questions or invalid values etc.
• Some failures during backup or restore

Errors resulting in failure of the test execution will be logged in ‘log/profiler.log’ and the communication log
with the Data Domain system is recorded in log/<reportid>/ddr-interface.out.

If the user opted to provide backup and restore commands on the terminal, then the output from these
commands will be logged for each generation in ‘log/<report-id>/<protocol>_<operation><generation’.log

In the case of error during report generation, it is possible to reattempt just the report compilation by
issuing following command for a given report-id: python execution/BFSProfiler.py –I <report-id>. Before
running this command make sure to export PYTHONPATH using – export PYTHONPATH = ./: and setup
the python environment using - source ~/BoostFSAnaconda/envs/bfsprofiler/bin/activate bfsprofiler.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 10
 This lesson covers upgrade feature enhancements including the signing feature for support and safe
restore.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 11
 Two features introduced for DD OS 6.1 that improve the upgrade process are add-on package signing for
support and safe restore.

Signing add-on packages for support allows Dell EMC support personnel to sign and deliver add-on
packages to customers.

The safe restore feature allows for quick and automatic failure recovery during an upgrade.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 12
 RPMs released by Data Domain are digitally signed. The types of RPMs delivered to the customers are:
• System RPM
• MDU bundle
• MDU add-on

The types of keys used for signing are development, production and support. The development key is
used by the development team. The production key is used by release engineering for general releases.
The support key is used by support engineering for signing support packages.

A support key can be enabled or disabled using the following commands:

# system upgrade option set se-software {enabled|disabled}
Note: This command requires SE privileges
# system upgrade option reset [se-software]
Note: This command requires SE privileges
# system upgrade option show
Note: This command requires admin privileges

The signing server contains the production and support keys and will sign packages with the production
key. Support personnel can log in to the access server, upload a package that needs to be signed with the
support key, and then run the command to sign the package. Once a package is signed, it can be
uploaded to the system to be used for upgrade.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 13
 Safe restore is a mechanism to automatically recover the system at an upgrade failure after the upgrade
reboot

How to know the safe-restore has happened

• If the upgrade has failed after upgrade reboot, but the system is running the pre-upgrade version
• If there is an upgrade failure alert
• Upgrade history includes the upgraded version

The safe-restore might not happen. Some conditions that can block a safe-restore are:
• Firmware upgrade has happened
• Data upgrade has started

If a safe-restore can’t proceed:

• Upgrade halts the system in single user mode
• Prompt as “Action [reboot]:”
• Type “shell-escape” to go to bash

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 14
 This lesson covers The ELMS served model and how it applies to DD VE instances.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 15
 At this time, served licenses are supported only with DD VE, and not physical Data Domain systems.

The Common Licenses Platform server serves the licenses to the DD VE. Users can deploy the license
server on any supported system.

Users download the license file from ELMS portal and load it on to the license server.

Users deploy DD VE capacity licensing and identify capacity amounts and capacity is deployed via CLI
command.

DD VE system automatically checks feature licenses when checking capacity. The system enables
replication, DD Boost, encryption and the specified amount of capacity.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 16
 Customers start at the MyQuotes page to order e-licenses. When the order is complete, the customer
receives a License Authorization Code letter that is used to activate purchased licenses.

When downloading the license file, customers choose either served or unserved licenses. The process for
unserved licenses has not changed from DD OS version 6.0.

After receiving a served license, the customer applies the license file to the Common License server
where it can serve licenses to any DD VE systems configured to use the license server.

For additional details, please refer to the License Server Guide at:
https://www.emc.com/collateral/TechnicalDocument/docu61080.pdf

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 17
 The EMC License Server is supported on physical or virtual Windows and Linux systems.
• Windows 2008 (32 and 64 bit), Windows 2012 (64 bit)
• Linux Red Hat Enterprise Linux 6.x, 7.x; SuSE Linux Enterprise Server 10.x,11.x, 12.x

An EMC License Server installer will load these files onto the target system:
• License Server Manager - The lmgrd binary, the license server
• License Server Utilities – The lmutil binary – provides many commands to aid lmgrd administration
• EMC Vendor Daemon – The EMCLM binary - Launched by lmgrd to interpret EMC-generated
license files
• Debug log - Written by the License Server Manager and EMC Vendor Daemon – contains process
startup information and all license operations – always useful to aid in troubleshooting problems

License file - Created by the EMC Software Licensing Central customer portal and entitlement activation,
and downloaded by customers to place with the EMC License Server.
• The EMC licensed-enabled software must also be configured to know where to find the running
License Server.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 18
 This lesson covers vDisk expanded integration topics including managing copies through EMC Enterprise
Copy Data Management (eCDM), retention lock on a vDisk pool and troubleshooting.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 19
 Data Domain systems store multiple generations of backups for multiple applications. The number of
backup files is doubled when factoring in replication.

EMC Enterprise Copy Data Management (eCDM) software. eCDM elevates data protection and
management of data copies to be an integral part of data center operations; not something done in silos.
To do this, eCDM provides a global view of your assets and copies across both primary and protection
storage and provides a robust interface for managing data copies.

Discover – eCDM builds an inventory of assets in your data center to provide visibility into each of the
protectable assets, as well as the destination devices you can use when protecting data to secondary or
protection storage.

Automate – You can design custom protection plans in eCDM using the inventory of assets. These plans
will automate ProtectPoint configurations and enable active SLA monitoring.

Re-Use – Finally, you can use eCDM to export copies for re-use. This will reduce the number of copies in
the environment and provide a way to quickly access copies, whether they reside on primary or protection
storage.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 20
 After an initial configuration by the storage administrator, which makes a point in time copy of the LUN to
be protected and seeds the initial blocks on the Data Domain system, the environment is ready for its first
full backup via ProtectPoint.

ProtectPoint introduces a new agent on the application server, which empowers app owners to control
their own backup, recovery and replication. To trigger a ProtectPoint backup, an application owner, like an
Oracle DBA, triggers a backup at an application consistent checkpoint. This pauses the application
momentarily simply to mark the point in time for that backup.

This triggers the primary storage, leveraging new primary storage change block tracking, to send only the
unique blocks (for which it has been tracking since the last backup or initial configuration) directly to Data
Domain over Fibre Channel.

Finally, the Data Domain system will ingest and deduplicate those blocks and use them to create an
independent full backup in native format, which enables greatly simplified recovery.

With ProtectPoint, you do a full backup every time, but only send unique blocks, so the full backup comes
at the cost of an incremental backup.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 21
 When backup completes, the agent notifies eCDM of its contents including vDisk static-images and other
Boost files.

eCDM uses its configured retention policy to set the retention-lock on each static-image or Boost file as
needed.

Accomplished using a REST API call to a DD Management Center that manages the target Data Domain
system.

The DD MC forwards the request via SMS API and the DD system makes the settings accordingly.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 22
 DD OS 6.1 now allows enabling of retention-lock on a vDisk pool. Retention Lock Compliance is not
supported for vDisk pools at this time. In this case, a vDisk pool is the equivalent of an MTree. eCDM is
the primary consumer of this feature.

Retention lock on vDisk pools uses existing retention lock functionality. No base retention lock changes
have been made to DD OS.

This feature allows locking of a static-image: Both user data and key-value metadata are locked by a
single request. Static-mages are identified by GUID.

Retention lock on a vDisk pool is accessed via REST API, and the CLI commands are updated in DD OS
6.1 to display static-image lock status.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 23
 Configuring retention lock for vDisk pools is accessible via DD MC or through the Data Domain system
using either the System Manager or CLI. You can set retention lock time on a static image, extend
retention lock time on a static image, revert retention lock on a static image, and retrieve lists of static
images.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 24
 Log files are a helpful resource for troubleshooting issues with retention lock for vDisk pools. Some key
log files are:
• sms.info for details of REST handling on either DD MC or DD system
• sms.info for details of SMS jobs on the DD system
• ddfs.info for details of generic retention-lock operations
• vDisk.info for details of any vDisk static-image operation

REST Schema (List of all supported REST API for a system) can be found at: https://{DD system or DD
MC ip}/api/web.xml

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 25
 This lesson covers automatic multi-streaming for MTree replication features, benefits and function.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 26
 In DD OS 6.0 using MTree replication, the system allocates only one stream per file. When a large file is
replicated, only one stream is utilized while other streams remain idle. Adding per MTree multi-streaming
in DD OS 6.1 improves throughput and reduces RPO.

Automatic Multi-Streaming for MTree Replication is similar in function to managed file replication, only the
streams are managed by the Data Domain system and not the backup application.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 27
 With automatic multi-streaming there is no longer a need for a backup application, such as Dell EMC
NetWorker, to orchestrate replication using multiple streams for large files. There is also no configuration
changes needed to be performed by the Data Domain administrator.

Automatic multi-streaming maximizes replication stream utilization and helps improve throughput under
certain workloads.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 28
 When a file needs to be replicated, and it is determined to be large enough to use automatic multi
streaming, the file is broken up into chunks for different regions of the file. Each chunk is then replicated,
utilizing all streams needed, to the replica destination system.

On the replication destination system the chunks are reassembled and synthesized to recreate the original
file.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 29
 This module covered software enhancements made in DD OS 6.1, including BoostFS expansion,
enhanced upgrade features, ELMS changes, vDisk integration with eCDM, and improvements in MTree
replication.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 30
 This module focuses on using DD VE with Amazon Web Services and Microsoft Azure for backups,
DRaaS and RaaS in the public cloud.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 31
 This lesson covers an overview of Man-in-the-Middle, how MITM relates to DD Boost and new features
added to DD OS 6.1 to protect against MITM attacks.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 32
 There are two basic types of man-in-the-middle (MITM) attacks on a networked system: Passive and
active.

A passive attack is simply eavesdropping on the data transfer by tapping wire directly or simply “listen in”
over the Internet on networked transactions seeing and copying packets as they go by. Since all the
attacker is doing is copying packets, it is difficult to detect these kinds of attacks. Luckily passive attacks
are simple to defeat by using encryption when transferring data. Data is still vulnerable if the decryption
key is available to look at the packets later.

An active attack, is a true MITM attack where an entity impersonates each side of the data
communications to the other. In doing so, the attacker can view, change, insert, and delete packets.

Prevention for this type of attack requires two-way authentication to verify each side’s identify to the other.
It also requires packet authentication via secure hash to prevent content changes by the attacker. Of
course you should also use encryption of in-flight data to prevent a man-in-the-middle from viewing your
data in the clear.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 33
 When a client application logs in to a Data Domain system:

1. The client passes a username and password to the DD Boost library.

2. DD Boost makes an informational RPC to the Data Domain system and

3. The DD returns an RSA public key.

This is where the vulnerability comes in. A man-in-the-middle, watches the exchange of information in
packets as they go by letting the original RPC pass through, then intercepts the RSA public key replacing
it with their own RSA public key.

4. The client application receives the expected response, except that it is the MITM public key and not the
key from the DD system. Without any way to detect the client received the wrong public key, it encrypts
the username and password using the RSA key the client received and sends it to the DD system.

The MITM intercepts and decrypts the packet with the MITM RSA private key, re-encrypts it with the DD
system RSA public key and

5. Passes it on to the DD system.

6. The DD system receives the expected information, decrypts it with their DD system RSA private key,
and validates the information.

At this point, the MITM has a valid username and password and can do anything it wants the DD system
to do.

The Man In The Middle system can make its own connection call to the DD system or simply listen to all of
the data exchanged between the client and the DD system.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 34
 In the previous version, DD Boost uses Transport Layer Security (TLS) 2-way authentication via
certificates where:

Each side authenticates via an X.509 certificate with packets encrypted with AES 128 or 256 and
authenticated using the Secure Hash Algorithm, SHA-1.

This security can be enabled when the application asks for these security elements when connecting
through an API or if required on a per-client basis when using the CLI command, ddboost clients
add.

The weaknesses to this defense is that it requires certificates which infrastructure that customers might
not want to set up. Other reasons include applications that do not support or do not provide certificates
cannot be secured.

Encryption without certificates is supported only without authentication which is not MITM secure.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 35
 In DD OS 6.1 DD Boost authentication uses a different method: Transport Pre-Shared Keys (PSK). In this case we use the
password for two-way authentication. With pre-shared keys you use a pre-shared key derived from the password which
both the client and DD system already know; it’s a shared secret.

When a client application logs in to a Data Domain system:

1. The client passes a username and password to the DD Boost library.

2. The DD Boost library sends an info request as it did previously.

3. The DD system returns a modified response that includes a nonce value, an arbitrary number that may be used only
once, that is used to compute the actual key, and the server hostname.

4. In response, the client generates a key using the password and the provided nonce value. Only the correct entity who
knows the password and has the correct nonce value from the server can generate a correct key.

5. The DD Boost library sends a message to the DD System using the key generated from the password and nonce value.

When the return message is sent to the DD system, the first part is sent in the clear (unencrypted). It contains the username
and the initialization vector (used to decrypt messages properly). The encrypted portion of the message contains a new
nonce (nonce-c) that it creates along with the original nonce (nonce-s) created by the DD system, the hostnames of the
client and server and the client username.

6. On the Data Domain system, it uses the username that was sent in the clear for validation to look up the password. It
generates the same key as the client did and decrypts the encrypted message and makes sure the nonce-s value is the
same one it originally sent. This validates the client.

7. The DD system generates a new encrypted response that includes the client nonce (nonce-c), the username, server
hostname, and the required authentication level and encryption back to the client .

8. The client decrypts the reply and validates the contents, and establishes the transport layer security, pre-shared key
(TLS PSK) connection.

Two-way authentication with a shared secret is complete. All subsequent traffic between these devices is encrypted and
authenticated using new TLS keys computed from the generated key.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 36
 Values for DD Boost security settings for global-authentication-mode can be none, two-way with
certificates, or two-way-password – the method that is described in this lesson and is new in DD OS 6.1.

Global encryption strength can be set to none, medium, or high. The default for both of these global
settings is “none”. This ensures that existing clients and applications continue to work without upgrading
the DD Boost client library and that by default, since no encryption is selected, you do not see the
performance impact incurred when selecting a medium or high level of encryption. Clients and
applications already using certificates with TLS continue to work without change. In the default settings,
your DD Boost communications are not secure. In order for you to be secure, you must change the
settings.

You can still set security authentication and encryption strength values on a per-client basis. In order to do
so, set the global authentication and encryption values to none. If you prefer, you can apply global settings
then apply a per-client setting understanding that you can only strengthen the security per-client and not
reduce the level of global security.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 37
 Three CLI commands are modified in DD OS 6.1 are updated to accommodate the changes to global DD
Boost authentication and encryption commands.

These three commands control the set, show, and reset commands for global authentication and
encryption.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 38
 New global authentication and encryption values are added to the ddboost option set command:
none, medium, and high.

Both authentication and encryption modes must be set at the same time because encryption is required
when setting authentication beyond the default, “none” mode.

The level of encryption can only be set to “none” if authentication is also set to “none”.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 39
 New to the ddboost option show command are the global-authentication-mode and
global-encryption-strength values. Including either of these will show the value for the named
mode.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 40
 Reset will set the values of both the authentication and encryption values to none when either mode is
reset because one mode is dependent on the other.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 41
 The ddboost clients command set is updated to allow you to add two-way-password to the add and
modify commands.

When using the ddboost clients show command, only the outputs display if the values are configured.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 42
 For reference, the authentication values ranked from weakest to strongest are, none, two-way-password
and two-way. Two-way is strongest because of its use of certificates. Encryption ranks, none, then
medium, then high.

Because authentication and encryption can be set in three ways, in the connection request via the API on
the client, in the per-client setting CLI command on the Data Domain system, and in global settings CLI
command on the Data Domain system, a hierarchy. If more than one of these methods is used at the time
of connection, three rules come into play.

First, the global settings determine the minimum authentication and encryption value. Any connection
attempts greater than these settings will fail.

Second, if a per-client setting is applied, it can increase the requirements. If the per-client setting is higher
than the global setting, the higher mode is applied otherwise the setting is ignored.

Third, the caller specified values are applied if they are greater than either of the first two settings.

In short, in the case of multiple methods of authentication and encryption is set, the system will use the
strongest setting and ignore the others.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 43
 System clients running DD Boost plugin versions earlier than DD OS 6.1 cannot perform two-way
password authentication. Attempting to do so cause the apps to fail.

Global or per-client DD system authentication settings must be either “none” or “two-way”

The DD OS 6.1 system version is backward compatible and allows connection protocols for pre-6.1
clients.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 44
 DD systems running DD OS versions prior to DD OS 6.1 cannot perform two-way password
authentication. Further, the older system will fail attempts to globally set authentication or encryption
values.

A pre-6.1 DD system will fail when a DD OS 6.1-enabled client attempts a new connection protocol. The
client will then revert to its pre-6.1 behavior and attempt to use either two-way or none for authentication.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 45
 This lesson covers an overview of support for Key Management Interoperability Protocol (KMIP) with DD
systems running DD OS 6.1.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 46
 In the DD filesystem stack, incoming data is first segmented then filtered and compressed before it is
encrypted, and finally stored. Encryption must be impartial to logical file layout or MTrees or other similar
entity. Only data is encrypted and not the file index. Secure key management is essential to manage
encryption of data at rest.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 47
 In current key management, Data Domain uses a key table holding up to 254 keys. Among these keys
there is only one active key used to encrypt incoming data. Currently two key managers are supported: the
Embedded Key Manager (eKM) in Data Domain and RSA Data Protection Manager.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 48
 External key management provides a secure external framework for managing secure keys. They provide
lifecycle management and key rotation, and vaulting. They also limit data exposure if a key is
compromised.

In its simplest form, the RSA Data Protection Manager stores and protects data encryption keys in a
separate system and provides secure keys when requested by a DD system. If a key is compromised, the
key manager will replace the compromised key and re-encrypt the data with that key.

In DD OS 6.1, a new key manager is supported, the SafeNet™ KeySecure key manager. It works exactly
like the RSA DPM.

KMIP server version for SafeNet KeySecure is version 8.4.

KeySecure key manager is for both single and clustered KMIP servers.

It supports both virtual and physical SafeNet servers and is supported on both virtual and physical Data
Domain instances.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 49
 There are two main reasons Data Domain supports KMIP in DD OS 6.1. Dell/EMC wants to provide more
than one option for external key management.

Also, as KMIP gains wider support in the IT community, many Data Domain customers already have a
KMIP environment installed and want to add support for their DD systems.

KMIP is a good choice to work with Data Domain because of its feature parity with RSA DPM. What is
currently supported with DPM is also supported in KMIP.

It supports Key Trust Platform (KTP) and KMIP protocol. KTP offers key management capabilities,
including support for OASIS Key Management Interoperability Protocol, that enables EMC products to
interoperate with key management servers from multiple vendors and to support new key management
use cases driven by customers, markets and technical deployments.

KMIP supports the SafeNet™ KeySecure product. Keys must be pre-created on the key manager and not
within the DD system.

Note that KMIP KM cannot be enabled on systems that have encryption enabled on one or more cloud
units.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 50
 In DD OS 6.1, there are three plugins in DDFS – one for eKM, one for DPM, and one for KeySecure.

There is a separate daemon that services KMIP requests. Having a separate process/daemon that
handles all KMIP requests makes it easier from a manageability perspective. For example, if you want to
store secrets used by other processes on KMIP in the future. It can be handled by the KTP daemon and
passed along to the KMIP key manager.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 51
 Two additional arguments are added to the set CLI command – server-type and kmip-user. Server-type
can be either RKM or KeySecure. KMIP user is the encryption key owner on the KeySecure key manager.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 52
 In the filesys encryption key-manager show command, you will see the server type and kmip user as part
of the display as well.

A new KMIP log file is also available: /ddr/var/log/debug/kmip.log

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 53
 In the filesys encryption keys show detailed command, you see the key manager type – in
this case, key ID 0.1 is a Data Domain key manager type, and key ID 0.2 is a KeySecure key manager
type. You also see its status as part of the display. In this case, the Data Domain key manager type shows
a deactivated state and the KeySecure key manager type shows an activated, read-write state.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 54
 The Change Key Manager window in the DD System Manager, has added support for KeySecure Key
Manager (KMIP) for Encryption-at-Rest.

This window is found in DATA MANAGEMENT > File System > DD Encryption Tab > Key Management
Section > Configure

In the drop-down menu for Key Manager > Type, is the newly added value for KeySecure Key Manager.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 55
 On selecting KeySecure Key Manager, the dialog asks for the Server Name, Key Class, Port and User
Name.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 56
 Change Key manager includes an option to upload the CA and host certificates.

Click the link button, Manager Certificates to open the dialog then upload the CA and host certificates.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 57
 When configured, the encryption page displays the configured values.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 58
 This lesson covers an overview of NFS v4 added to DD OS 6.1.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 59
 A new version of Network File System (NFS) server, NFSv4, is added to DD OS 6.1.

Disabled by default, DD OS allows NFS v3 behaviors to continue after upgrading to the newer version of
DD OS.

Some if its new features include a redesign of NFS exports, with manageability and server scaling
improvements.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 60
 NFS exports are redesigned in version 4. Here are some of the changes:

Similar to CIFS shares, exports are now named objects.

They are not tied to clients or particular paths as they were previously. This change allows you to create
an export and associate clients to it afterward. If clients are changed or removed, the export will persist.

Operations are added such as modifying, renaming, and destroying existing exports.

Additional operations are a part of NFS v4 that you can apply to multiple exports at a time such as lists of
exports, applying wildcards, and selecting all. This is more helpful in cases of large enterprise systems
managing over 500 exports than previously by applying an operation to a group of exports at once.

There are new operations for showing lists, details about exports and displaying summary information.

You can now create a referral which is an export path that points to a different NFS v4 server. For instance
an export path might not exist on a given DD system but may have been moved to a different system.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 61
 New with DD OS 6.1, nfs disable/enable is persistently maintained by the DD system. Additionally,
you can also enable and disable NFS v3 and v4 individually.

nfs restart is now added to the command set allowing NFS to be reset without the need to restart the
file system. This is a useful feature when clearing NFS v4 open files, locks and clients.

Some NFS options, such as making changes to TCP ports, can be changed from an admin mode –
usually without the need for a file system restart.

Lastly, nfs show detailed-stats shows much more useful diagnostic information than what was
provided in nfs show stats.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 62
 There is now a forced maximum of 2048 exports within NFS which includes all of the built-in exports such
as \ddvar. Looking up these exports is much faster than previous versions of NFS.

Depending on the system environment, you can now create a maximum 8192 clients combined between
NFS v3 and v4.

Internal bottlenecks are now removed which improves simultaneous processing large numbers of clients
and exports.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 63
 This table shows a brief comparison of features in NFS v3 and NFS v4. Some of these features are
described in this lesson.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 64
 Compound operations are a new feature in NFS v4 where each RPC contains multiple operations.

NFS v4 has only two RPC types: null and compound.

The benefit of compound operations is that they allow server-side optimizations that reduce latency. For
instance, a write command is really a compound of three operations: PUTFH, WRITE, and GETAAR.

For reporting,nfs show histogram command reports a culmination NFSv4 operations, not RPCs.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 65
 Another difference is a global namespace. NFS v4 does not have a mount protocol or mount paths. The
client might still have the mount command in the CLI, but internally it is different. Clients navigate from a
root to accessible files and directories. From root, you might navigate through /data/col1 and so on. As you
navigate you might be referred to a different server using export referrals. The protocol automatically
realizes that this is a different system. It obtains the IP address of that system and access the referred
export.

NFS v4 integrates exports to the global namespace using the same paths as NFS v3 to maintain
consistency. That way /data/col1/backup in version 3 works the same for NFS version 4.

NFS also constructs what’s known as a PseudoFS that is unique for each client that provides exports
visible only to that client. So if you are exporting /data/col1/backup, the customer will only have access to
/backup and not the entire path through the creation of unique namespaces visible to the client.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 66
 Previous versions of NFS featured only authentication with krb5. With performance optimized for krb5,
NFS version 4 emphasizes security above previous versions providing additional Kerberos support for
authentication, integrity and privacy. Each export can have one or more of these security types.

Performance with DD OS 6.1 is optimized for use with krb5 authentication and is the recommended mode
to use.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 67
 NFSv4 has security domains such as SYS, and KRB5.

PseudoFS allows all domains to be negotiated – whatever the client is using, you can browse it in
PsuedoFS.

When you transition from a PseudoFS to an export type, you might encounter a security domain change.
For example, you may be using SYS security and then you encounter an export that requires krb5. You
have to use the appropriate Generic Security Services (GSS) security for krb5. NFS4 server then returns
appropriate error codes and the client will use a SECINFO operation to get the required security attributes
and then reconnect automatically with appropriate security.

This process is transparent to the client, but if you are providing configuration support – specifically
mounts – because with mounting, the system starts at root then browses through the PseudoFS and
arrives at an export. By doing this, the client might need to change to a different supported security type.

Use caution when converting from NFSv3 to NFSv4. Transition from the PseudoFS to an export is on the
very first export path match. This is different with NFS v3 with mounts which can request a sub-mount
path..

If you have a sub-path with security attributes that are different than a main path such as
/data/col1/backup is CIFs security and /data/col1/backup/foo is krb5 security, in NFS v4, only the top
directory in the hierarchy is seen, but with NFS v3, the closest path is seen.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 68
 NFSv3 is stateless with no open, close, or recovery states. Access is checked with each read or write and
reduces performance.

NFSv4 on the other hand is stateful where the client establishes a client state on the server. Files are
opened and closed by the clients using a state ID of which the clients are aware and use with each
access. File permissions are checked at the time a file is opened and not with each access. Reads and
writes occur when the file is open.

In NFSv4, locks are supported and are associated with the open file state. These are very similar to and
are integrated with CIFs file share and byte range locks.

If the server or client crashes, the state can be used for server recovery.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 69
 NFSv4 has a fine-grained access control mechanism that is similar to CIFs access control lists (ACLs).

There are two types of ACLs: a discretionary type of ACL that manages permissions such as reading,
writing, and appending files. DACLs are fully supported and enforced. They are compatible with CIFs.

A system ACL (SACL) is used primarily by administrators for audit trails and security alarms. Like Data
Domain CIFs configurations, SACLs are stored and retrieved but not enforced in NFS.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 70
 NFS identity mapping in an active directory environment can use one of three types: NIS, local mapping or
Active Directory.

Active Directory provides a security descriptor for NFSv4 ACLs. When enabled, CIFs and NFSv4 will use
common security descriptors for ACLs allowing identification integration. If Active Directory is not
configured, users will see a default UNIX security descriptor.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 71
 The new NFS server for version 4 handles only NFSv4 unlike the previous version which also handled DD
Boost, VTL, and vDisk/ProtectPoint as well as NFSv3. This change is due to the increased number of
operations per compound handled in its remote procedure calls.

Exports are shared between NFSv3 and v4 servers.

You can use the same TCP RPC ports or customize different ports for use in your environment.

Engineers expect port 2049 to be commonly configured for NFSv4 and NFSv3/DD Boost to move to a
different port.

Inside the DD filesystem, you will see errors labeled as nfs4.

NFSv4 uses the File Manager subsystem just like NFSv3 and CIFs.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 72
 This lesson covers an overview of distro upgrade and its benefits.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 73
 A Linux distribution package (often shortened as distro) is an operating system made from a software
collection to add to and modify Linux core elements. It is used to create the unique Data Domain
Operating System.

Distro packages are a fundamental component in the DD OS software stack. Lying on top of the Linux
core kernel, distro packages contain the fundamental components for the functionality, performance, and
stability of the DD OS.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 74
 There are over 200 packages used in the DD OS originating from three different sources.

These packages are spread across three main components in five different layers: cross toolchain, distro
runtime toolset and distro desktop toolset.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 75
 Over time, many of the packages contained in the distro are rendered end of life (EOL) by their developers
or when more functionality is required to support new features of a Data Domain system. Gradually DD
Engineering needs to upgrade the distro packages. There are two types of upgrades: Major and Minor.
Major upgrades, when a large number of major packages according to the requirements to introduce or
enhance function and features.

Minor upgrades when there is some small set of packages that need to be upgraded for minor function
enhancement. As you might guess, the minor upgrade has less impact to the DD OS than a major
upgrade as, by definition, there are no changes to the critical core elements of the distro.

The third approach follows the upstream development of the core RHEL/CentOS release cycle and
creates a release matching the feature changes that occur with the core system development. The
advantage to this is ensuring the latest security is introduced into the DD OS at the core level as soon as
possible and a 10-year maintenance commitment by the upstream developers over time and an upstream
community commitment of up to three years.

DD OS 6.1 is considered a major upgrade because of the component areas and number of component
packages that are replaced in this build.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 76
 A new glibc version is required to support new use cases and security roadmap development. Upgrading
to these new tools also help increase DD OS performance as new compilers and toolchains are used and
recognize new platforms, CPUs, etc.

Most of these improvements are affecting parts of the DD OS that are invisible to the user. While there is
no change in behavior to the OS from the distro upgrade, users will reap the benefit of an overall
improvement in API functionality, performance of management tools, and feature operations within the DD
OS for a long time to come.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 77
 In this module we discussed some of the key security additions to DD OS 6.1 including hardening against
man-in-the-middle (MITM) attacks, an added support for a key management interoperability protocol key
manager, SafeNet™ KeySecure key manager, Key Trust Platform (KTP) and the addition of NFSv4
server. Also included is an explanation of the improvement to function, performance, and security through
the upgrade of distro packages in DD OS 6.1.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 78
 This course covered software and security changes made for DD OS 6.1.

Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 79
Copyright © 2017 Dell Inc. Data Domain Operating System 6.1 Technical Differences: Software and Security 80