Dell EMC Avamar Virtual Edition for Azure

Installation and Upgrade Guide

18.1

Dell Inc.

Regulatory Model: 302-004-692

June 2020
Rev. 05
Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your product.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the
problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

© 2016 - 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other
trademarks may be trademarks of their respective owners.
 Contents

Tables............................................................................................................................................4

Preface..........................................................................................................................................5

Chapter 1: Introduction................................................................................................................... 8
Overview of Avamar Virtual Edition for Azure...................................................................................................................8
Appropriate environments for AVE..................................................................................................................................... 8

Chapter 2: Installation.....................................................................................................................9
Preinstallation requirements and best practices................................................................................................................9
System requirements...................................................................................................................................................... 9
AVE virtual disk requirements........................................................................................................................................ 9
Software requirements..................................................................................................................................................10
Installation............................................................................................................................................................................. 10
Deploying from the Azure Marketplace............................................................................................................................ 10
Deploy AVE from the Azure Marketplace.................................................................................................................... 11
Deploy AVE and DDVE from the Azure Marketplace................................................................................................ 13
Deploy AVE and DDVE with an Azure solution template................................................................................................ 17
Upload the AVE image................................................................................................................................................... 18
Solution template parameters......................................................................................................................................20
Deploy from the Azure Resource Manager.................................................................................................................21
Deploy from the Azure Powershell..............................................................................................................................22
Deploy from the Azure CLI........................................................................................................................................... 23
Complete post-deployment configuration..................................................................................................................25
Network security group......................................................................................................................................................25
Inbound ports for the Azure network security group............................................................................................... 25
Outbound ports for the Azure network security group............................................................................................26
Azure security best practices.............................................................................................................................................27
Install and configure the Avamar software...................................................................................................................... 28
Upgrade the Avamar software.......................................................................................................................................... 29
Post-installation and post-upgrade tasks.........................................................................................................................30

Contents 3
 Tables
1. Revision history..................................................................................................................................................................5

2. Typographical conventions.......................................................................................................................................... 5

3. Maximum change rates AVE supports for file server and mixed environments................................. 8

4. Minimum requirements for AVE................................................................................................................................ 9

5. AVE virtual disk requirements...................................................................................................................................10

6. Additional AVE software installation requirements......................................................................................... 10

7. Inbound ports for the Azure network security group.................................................................................... 26

8. Outbound ports for the Azure network security group............................................................................... 26

9. Inbound ports for Linux gateways..........................................................................................................................28

10. Inbound ports for Windows gateways................................................................................................................28

4 Tables
 Preface
As part of an effort to improve its product lines, Dell EMC periodically releases revisions of its software and hardware. Therefore, some
functions that are described in this document might not be supported by all versions of the software or hardware currently in use. The
product release notes provide the most up-to-date information on product features.
Contact a technical support professional when a product does not function correctly or does not function as described in this document.
NOTE: This document was accurate at publication time. To find the latest version of this document, go to Online
Support (https://www.dell.com/support).

Purpose
This guide describes how to install the Avamar Virtual Edition solution, a single-node, non-RAIN server that runs as a virtual machine in a
Microsoft Azure environment.

Audience
The information in this guide is primarily intended for system administrators who are responsible for installing and maintaining Avamar
virtual servers.

Revision history
The following table presents the revision history of this document.

Table 1. Revision history

Revision Date Description
05 June, 2020 Included procedure for creating swap partition manually

04 April 3, 2019 Updates for deployment in Azure Marketplace (all methods)

03 January 31, 2019 Updates for AVE/DDVE deployment in Azure Marketplace

02 January 21, 2019 Updates for Azure Marketplace

01 July 7, 2018 GA release of Avamar 18.1

Related documentation
The following publications provide additional information:
• Avamar Release Notes
• Avamar Administration Guide
• Avamar Operational Best Practices Guide
• Avamar Product Security Guide
• Avamar Backup Clients User Guide

Typographical conventions
These type style conventions are used in this document.

Table 2. Typographical conventions

Bold Used for names of interface elements, such as names of windows, dialog boxes, buttons, fields, tab
names, key names, and menu paths (what the user specifically selects or clicks)

Preface 5
Table 2. Typographical conventions (continued)
Italic Used for full titles of publications that are referenced in text
Monospace Used for:
• System code
• System output, such as an error message or script
• Pathnames, filenames, prompts, and syntax
• Commands and options

Monospace italic Used for variables

Monospace bold Used for user input
[] Square brackets enclose optional values
| Vertical bar indicates alternate selections - the bar means "or"
{} Braces enclose content that the user must specify, such as x or y or z
... Ellipses indicate nonessential information that is omitted from the example

Where to get help

The Avamar support page provides access to licensing information, product documentation, advisories, and downloads, as well as how-to
and troubleshooting information. This information may resolve a product issue before contacting Customer Support.
To access the Avamar support page:
1. Go to https://www.dell.com/support.
2. Type a product name in the Enter a Service Tag, Serial Number, Service Request, Model, or Keyword search box.
3. Select the product from the list that appears. When you select a product, the Product Support page loads automatically.
4. (Optional) Add the product to the My Products list by clicking Add to My Saved Products in the upper right corner of the Product
Support page.

Documentation
The Avamar product documentation provides a comprehensive set of feature overview, operational task, and technical reference
information. To supplement the information in product administration and user guides, review the following documents:
• Release notes provide an overview of new features and known limitations for a release.
• Technical notes provide technical details about specific product features, including step-by-step tasks, where necessary.
• White papers provide an in-depth technical perspective of a product or products as applied to critical business issues or requirements.

Knowledgebase
The Knowledgebase contains applicable solutions that you can search for either by solution number (for example, KB000xxxxxx) or by
keyword.
To search the Knowledgebase:
1. Go to https://www.dell.com/support.
2. Under the Support tab, click Knowledge Base.
3. Type either the solution number or keywords in the search box. Optionally, you can limit the search to specific products by typing a
product name in the search box and then selecting the product from the list that appears.

Online communities
Go to Community Network at https://www.dell.com/community for peer contacts, conversations, and content on product support and
solutions. Interactively engage online with customers, partners, and certified professionals for all products.

6 Preface
Live chat
To engage Customer Support by using live interactive chat, click Join Live Chat on the Service Center panel of the Avamar support
page.

Service Requests
For in-depth help from Customer Support, submit a service request by clicking Create Service Requests on the Service Center panel
of the Avamar support page.
NOTE: To open a service request, you must have a valid support agreement. Contact a sales representative for details
about obtaining a valid support agreement or with questions about an account.
To review an open service request, click the Service Center link on the Service Center panel, and then click View and manage
service requests.

Enhancing support
It is recommended to enable ConnectEMC and Email Home on all Avamar systems:
• ConnectEMC automatically generates service requests for high priority events.
• Email Home sends configuration, capacity, and general system information to Customer Support.

Comments and suggestions

Comments and suggestions help to continue to improve the accuracy, organization, and overall quality of the user publications. Send
comments and suggestions about this document to [email protected].
Please include the following information:
• Product name and version
• Document name, part number, and revision (for example, 01)
• Page numbers
• Other details to help address documentation issues

Preface 7
 1
Introduction
Topics:
• Overview of Avamar Virtual Edition for Azure
• Appropriate environments for AVE

Overview of Avamar Virtual Edition for Azure

Avamar Virtual Edition (AVE) is a single-node non-RAIN (Redundant Array of Independent Nodes) Avamar server that runs as a virtual
machine in a Microsoft Azure environment. AVE integrates the latest version of Avamar software with SUSE Linux as a Hyper-V virtual
machine.
AVE is similar to single-node Avamar servers in the following ways:
• Runs autonomously as a target for all Avamar client backups
• Supports replication in the cloud.
AVE on Azure can be used to replicate on-premises physical Avamar servers and AVEs, including non-Azure types of AVEs. However,
because of security considerations, replication should be performed by using a VPN, VPC, or a direct connect link.
AVE supports the following configurations: 0.5 TB, 1 TB, 2 TB, and 4 TB licensed capacity. AVE is not scalable to a multi-node Avamar
server and resizing the virtual machine is not supported. You can increase storage capacity by deploying additional AVE virtual machines,
and then divide backups among them. Or you can replicate the data to another AVE server, delete the smaller virtual machine, create a
larger virtual machine, and replicate the data back to the larger virtual machine.
The Azure documentation provides more information about the Azure environment, including the Resource Manager portal, CLI, and
Powershell.

Appropriate environments for AVE

The following factors have the most direct impact on the long-term reliability, availability, and supportability of the AVE virtual machine:
• I/O performance capability of the AVE storage subsystem
• Amount of data added daily to the AVE virtual machine (change rate)
• Capacity that is utilized within the AVE virtual machine
Specifications in this section and AVE virtual disk requirements on page 9 describe minimum or maximum requirements for these
factors. AVE generally performs better when I/O performance is higher. Change rate and utilized capacity are also lower. To maximize the
capacity the AVE virtual machine can use, the daily change rate of the data AVE protects must be balanced with adequate I/O
performance.
The first step in determining the proper implementation of AVE is to establish which kind of customer environment AVE is used to protect,
file server or mixed environment. File server environments include file system data and mixed environments include file system data and
structured data (for example, database data).
The following table describes the maximum change rates that AVE supports for file server and mixed environments.

Table 3. Maximum change rates AVE supports for file server and mixed environments
Configuration File server data Mixed data
0.5 TB AVE Less than 2 GB per day Less than 5 GB per day

1 TB AVE Less than 4 GB per day Less than 10 GB per day

2 TB AVE Less than 8 GB per day Less than 20 GB per day

4 TB AVE Less than 20 GB per day Less than 20 GB per day

Actual results depend on the retention policy and the actual data change rate. When the daily change rate exceeds the limits that are
specified in the previous table, deploy a single or multi-node Avamar server.

8 Introduction
 2
Installation
Topics:
• Preinstallation requirements and best practices
• Installation
• Deploying from the Azure Marketplace
• Deploy AVE and DDVE with an Azure solution template
• Network security group
• Azure security best practices
• Install and configure the Avamar software
• Upgrade the Avamar software
• Post-installation and post-upgrade tasks

Preinstallation requirements and best practices

Before you install an AVE virtual machine, follow the preinstallation requirements and review the best practices in the following sections.
• The default password is no longer a fixed value. Instead, the default password is the private IPv4 address for the AVE virtual machine.
• Direct root access via SSH is not allowed before or after installation of the Avamar software.
NOTE: Using third party tools to create clones or exact copies of deployed Avamar Virtual Edition systems is known to
cause issues. Cloning of Avamar Virtual Edition systems is not supported.

System requirements
Avamar Virtual Edition (AVE) is supported on Microsoft Azure.
The following table defines the minimum system requirements for each size of AVE.

Table 4. Minimum requirements for AVE

0.5 TB AVE 1 TB AVE 2TB AVE 4 TB AVE
Processors Minimum two 2 GHz Minimum two 2 GHz Minimum two 2 GHz Minimum four 2 GHz
processors processors processors processors

Memory 6 GB 6 GB 14 GB 28 GB

Disk space 850 GB 1,600 GB 3,100 GB 6,100 GB

Network connection 1 GbE connection 1 GbE connection 1 GbE connection 1 GbE connection

Azure Standard Tier A5 A6 A5 A6

AVE virtual disk requirements

The AVE disk layout comprises one operating system disk (126 GB) and several storage partitions (250 GB, 500 GB, or 1000 GB,
depending on the AVE configuration).
The OS disk stores the operating system, Avamar application, and log files.
The storage partitions store the backup data. Backup data is evenly distributed across the storage partitions. The primary amount of the
disk read, write, and seek usage occurs on the storage partitions.
In addition to the OS partition, the following table defines the number and size of virtual disks that are required for each AVE
configuration.

Installation 9
Table 5. AVE virtual disk requirements
AVE configuration Number of virtual disks
0.5 TB 3 storage partitions (250 GB each)

1 TB 6 storage partitions (250 GB each)

2 TB 3 storage partitions (1000 GB each)

4 TB 6 storage partitions (1000 GB each)

Software requirements
Before you install AVE, ensure that you have the software that is listed in the following table.

Table 6. Additional AVE software installation requirements

Requirement Description
Applications Azure Cloud subscription

7zip to decompress virtual hard drive file (.vhd) from Avamar

Azure Powershell to execute Azure specific Powershell commands

Files AVE Package, operating system security patches (if applicable)

Support for application databases in standalone configuration only

Backup and recovery of the following applications are supported with AVE on Azure. However, these applications are supported in
standalone configuration only. Clustered configurations of application databases are not supported with AVE on Azure.
• SQL
• Exchange
• SharePoint
• Lotus
• DB2
• Sybase
• SAP
• Oracle

Installation
Avamar provides multiple deployment methods for AVE virtual machines on Microsoft Azure. Select a method from the following list:
• By deploying AVE, or AVE and DDVE together, from the Azure Marketplace.
Deploying from the Azure Marketplace on page 10 provides more information.
• By deploying AVE and DDVE together via the Azure solution template.
Deploy AVE and DDVE with an Azure solution template on page 17 provides more information, and provides instructions for the
following options:
○ Azure Resource Manager
○ Azure Powershell
○ Azure CLI

Deploying from the Azure Marketplace

The AVE software and the Data Domain Virtual Edition (DDVE) software are available from the Microsoft Azure Marketplace, and can be
deployed separately or together. The following topics provide instructions for each scenario:
• Deploy AVE from the Azure Marketplace on page 11
• Deploy AVE and DDVE from the Azure Marketplace on page 13

10 Installation
 NOTE: For security considerations, deploy AVE in a private network and configure a secure gateway from which you can
install, configure, and manage the Avamar server. Azure security best practices provides detailed information on how to
set up an additional secure gateway system for AVE maintenance in the cloud.

Deploy AVE from the Azure Marketplace

This section provides information about how to deploy a stand-alone AVE VM from the Azure Marketplace.

Prerequisites
Review Preinstallation requirements and best practices on page 9 and note the applicable requirements for the selected capacity
configuration.

Steps
1. Open the Azure portal at https://portal.azure.com and log in to the Azure account.
2. In the Azure Marketplace, search for the Avamar Virtual Edition application.
3. Locate the correct version of AVE from the Marketplace search results, and then click the listing.
The right pane opens and presents a description of the Avamar software. Review the description.
4. From the Select a software plan drop-down at the bottom of the right pane, choose the correct version of AVE.
5. Click Create.
The Create a virtual machine wizard opens.

Configure the basic settings for the AVE VM

With the Create a virtual machine wizard open to the Basics tab, complete the following basic configuration:

Steps
1. Select an available Azure subscription.
2. From the Resource group drop-down, select an existing resource group or click Create new.
Create a resource group on page 18 and the Azure portal documentation provide more information.
3. In the Virtual machine name field, type a name for the AVE VM. The maximum length is 10 characters.
4. From the Region drop-down, select an available location in which to deploy the AVE VM.
5. From the Availability options drop-down, select No infrastructure redundancy required.
6. From the Image drop-down, select the option for Dell EMC Avamar Virtual Edition that corresponds to the current
version of AVE.
7. Using the information in AVE virtual disk requirements on page 9, select a value for Size.
8. For Authentication type, select Password or SSH public key.
a. If you selected Password, complete the Username, Password, and Confirm password fields.
b. If you selected SSH public key, complete the Username and SSH public key fields.
The installation process creates an OS-level administrative user account with this username and password.
9. For Public inbound ports, select one of the following options:

Option Description
None For environments where the protected clients reside in the Azure cloud and that require no public
Internet access.
Allow selected For environments where the protected clients may reside outside of the Azure cloud, or that require
ports access from the public Internet.

a. If you selected Allow selected ports, check values from the Select inbound ports drop-down.
Network security group on page 25 contains information about required inbound/outbound rules for AVE.
10. Click Next : Disks.

Results
The Create a virtual machine wizard moves to the Disks tab.

Installation 11
Configure the disk settings for the AVE VM
With the Create a virtual machine wizard open to the Disks tab, complete the following configuration:

Prerequisites
Because SSD volumes have better performance than other volume types, Dell EMC recommends SSD for all volumes. However, SSD
volumes incur a larger cost to the customer. Customers should balance performance and budget when selecting the volume type.

Steps
1. From the OS disk type drop-down, select Standard HDD or Standard SSD.
2. Click Create and attach a new disk.
The Create a new disk pane opens.
3. From the Disk type drop-down, select Standard HDD or Standard SSD.
4. Type a name for the data disk.
5. In the Size field, specify the size of the required storage partitions that you noted earlier.
6. From the Source type drop-down, select None (empty disk).
7. Click OK.
The Create a new disk pane closes. The Create a virtual machine wizard lists the new data disk.
8. Repeat steps 2 on page 12 to 7 on page 12 to create the remaining storage partitions, as listed in the virtual disk requirements table.
NOTE: Verify that all of the storage partitions are the same size before continuing.

9. Click Next : Networking.

Results
The Create a virtual machine wizard moves to the Networking tab.

Configure the network settings for the AVE VM

With the Create a virtual machine wizard open to the Networking tab, complete the following configuration:

Steps
1. From the Virtual network drop-down, select an existing virtual network or click Create new.
Create a virtual network and subnet on page 20 and the Azure portal documentation provide more information.
2. If required, from the Subnet drop-down, select an existing subnet.
The Azure portal automatically creates a subnet when you create a virtual network. In this case, you cannot select a value from the
Subnet drop-down.
3. From the Public IP drop-down, select an available IP address block.
NOTE: For security considerations, Dell EMC recommends that you deploy AVE in a private network and set the
Public IP drop-down to None.

4. For Network security group, select Advanced.

5. From the Configure network security group drop-down, select an existing security group or click Create new.
Creating a network security group is beyond the scope of this publication. The Azure portal documentation provides more information.
Ensure that the selected network security group contains all of the required inbound/outbound rules. Network security group on page
25 provides more information.

6. Click Next : Management.

Results
The Create a virtual machine wizard moves to the Management tab.

12 Installation
Configure the management settings for the AVE VM
With the Create a virtual machine wizard open to the Management tab, complete the following configuration:

Steps
1. For Boot diagnostics, select On.
2. From the Diagnostics storage account drop-down, select an existing diagnostics storage account or click Create new.
Creating a diagnostics storage account is beyond the scope of this publication. The Azure portal documentation provides more
information.
3. For System assigned managed identity, select Off.
4. For Enable auto-shutdown, select Off.
5. Click Next : Guest config.
The Create a virtual machine wizard moves to the Guest config tab.
6. Click Next : Tags.
The Create a virtual machine wizard moves to the Tags tab.
7. Click Next : Review + create.

Results
The Create a virtual machine wizard moves to the Review + create tab.

Create the AVE VM

With the Create a virtual machine wizard open to the Review + create tab, complete the following steps:

Steps
1. Wait for the Azure portal to validate the AVE configuration.
Review and correct any errors.
2. Review the summary of the AVE configuration, including the estimated pricing and the terms.
3. Click Create.
The Azure portal starts to deploy the AVE VM. The deployment process can take considerable time to complete, depending on the
selected capacity configuration.
4. Observe the output from the deployment process and respond to any problems.
The Azure portal displays a notification when the deployment completes.
5. Create a static IP address for the virtual machine by performing the following substeps:
a. From the network interface configuration page for the virtual machine, click IP Configurations.
b. Click the network name.
c. Select Static for the Private IP Address.
6. Install the AVE.
Install and configure the Avamar software on page 28 contains instructions.
NOTE: After launching the instance, the AVE initializes and restarts automatically. During this process, which takes
15–25 minutes, the AVE installs drivers and an updated kernel. You cannot install the AVE until this process is
complete because the AVE installation package, ave-config, is not available in the Avamar Installation Manager. SSH
is also unavailable during this time.

Deploy AVE and DDVE from the Azure Marketplace

This section provides information on how to deploy the AVE and DDVE software together from the Azure Marketplace.

Prerequisites
Review Preinstallation requirements and best practices on page 9 and the DDVE system requirements in Data Domain Virtual Edition
Installation and Administration Guide. Note the applicable requirements for the selected capacity configurations.

Steps
1. Open the Azure portal at https://portal.azure.com and log in to the Azure account.

Installation 13
2. In the Azure Marketplace, search for and deploy the Avamar and Data Domain Virtual Edition.
Select Avamar and Data Domain Virtual Editions.
3. Locate the application that corresponds to the selected versions of AVE and DDVE from the Marketplace search results, and then
click the listing.
The right pane opens and presents a description of the combined software package. Review the description.
4. From the Select a software plan drop-down at the bottom of the right pane, choose the correct version of AVE and DDVE.
5. Click Create.
The Create Avamar and Data Domain Virtual Edition wizard opens.

Configure the basic settings for AVE and DDVE

With the Create Avamar and Data Domain Virtual Edition wizard open to the Basics tab, complete the following basic configuration:

Steps
1. Select an available Azure subscription.
2. From the Resource group drop-down, select an existing resource group or click Create new.
Create a resource group on page 18 and the Azure portal documentation provide more information.
3. From the Location drop-down, select an available location in which to deploy AVE and DDVE.
4. Click OK.

Results
The Create Avamar and Data Domain Virtual Edition wizard moves to the Infrastructure Configuration tab.

Configure the infrastructure settings for AVE and DDVE

With the Create Avamar and Data Domain Virtual Edition wizard open to the Infrastructure Configuration tab, complete the
following configuration:

Steps
1. Click Virtual network.
The Choose virtual network pane opens.
2. Select an existing virtual network or click Create new.
To create a virtual network by using the wizard, complete the following substeps:
a. Type a unique name for the new virtual network.
b. Supply an address space in the form <startingIP>/<subnet>.
For example, 10.2.3.0/24 or 192.168.0.0/16.
c. Click OK to continue.
The Choose virtual network pane closes.
3. Click Subnets.
The Subnets pane opens.
4. Select a subnet from the list.
The Azure portal automatically creates a subnet when you create a virtual network. In this case, you cannot select a value. Complete
the following substeps to configure a new subnet:
a. Type a unique name for the new subnet.
b. Supply an address prefix in the form <startingIP>/<subnet>.
By default, the wizard copies this field from the value that you typed for the new virtual network.
c. Click OK to continue.
The Subnets pane closes.
5. Click Diagnostics storage account.
The Choose storage account pane opens.
6. Select an existing storage account or click Create new.
To create a storage account by using the wizard, complete the following substeps:
a. Type a unique name for the new storage account.
b. For Account kind, select Storage (general purpose v1).
c. For Performance, select Standard.

14 Installation
 d. For Replication, select Locally-redundant storage (LRS).
e. Click OK to continue.
The Choose storage account pane closes.
7. Click OK.

Results
The Create Avamar and Data Domain Virtual Edition wizard moves to the AVE Configuration tab.

Configure the instance settings for AVE

With the Create Avamar and Data Domain Virtual Edition wizard open to the AVE Configuration tab, complete the following
configuration:

Steps
1. From the AVE Version drop-down, select the available release.
Your choice of application from the Marketplace determines the available options.
2. In the AVE Name field, type the hostname for the AVE instance.
NOTE: The maximum length of the virtual machine name is 10 characters.

3. Using the information in System requirements on page 9, select a value for AVE VM Size.
This field offers a selection of values that correspond to the sizes that are listed in the resource requirement tables.
4. From the AVE Capacity drop-down, select the correct capacity configuration.
5. In the Admin User Name field, type the name for the administrator.
You can use this username to ssh into the AVE instance. The values admin and root are not permitted.
6. For Admin Authentication Type, select Password or SSH public key.
a. If you selected Password, complete the Password and Confirm password fields.
b. If you selected SSH public key, complete the SSH public key field.
The installation process creates an OS account with this username and password.
7. In the AVE Common password and Confirm AVE Common password fields, type a password for the OS admin and root accounts,
and for the Avamar software.
8. From the AVE Time Zone drop-down, select the applicable time zone.
9. (Optional) In the Email sender address field, type the email address from which notification emails are sent to Dell EMC.
10. (Optional) In the Email server field, type the hostname or IP address of the email server that ConnectEMC uses to send email to Dell
EMC. This is also the email server that sends EmailHome messages for high priority events.
11. (Optional) In the Site name field, type a name for the site where the Avamar server is physically located.
12. (Optional) In the Dell EMC Site ID/CSI Party ID field, type the assigned site ID or CSI party ID (maximum 32 characters).
You can find this ID on the Service Center at http://support.emc.com/servicecenter by clicking Administration > View and manage
company information. An incorrect site ID may lead to delays when you contact Customer Support.
13. (Optional) In the Company name field, type the name of the company that owns the Avamar server.
14. (Optional) In the Company contact name field, type the name of the administrator managing the Avamar server.
15. (Optional) In the Company contact phone number field, type the phone number of the administrator managing the Avamar server.
Valid characters are digits, plus symbol (+), parentheses ( ), hyphen (-), spaces, and x for extension.
16. (Optional) In the Company contact email address field, type the email address of the administrator managing the Avamar server.
17. Click OK.

Results
The Create Avamar and Data Domain Virtual Edition wizard moves to the DDVE on Hot Blob Configuration tab.

Installation 15
Configure the instance settings for DDVE
With the Create Avamar and Data Domain Virtual Edition wizard open to the DDVE on Hot Blob Configuration tab, complete the
following configuration:

About this task

DDVE 4.0 on Azure supports hot blob storage. The Data Domain Virtual Edition Installation and Administration Guide for DDVE 4.0
provides more information about hot blob storage.

Steps
1. From the DDVE Version drop-down, select the available release.
Your choice of application from the Marketplace determines the available options.
2. In the DDVE Name field, type the hostname for the DDVE instance.
NOTE: The maximum length of the virtual machine name is 10 characters.

3. Using the information from the DDVE system requirements, select a value for DDVE VM Size.
Select a size that meets or exceeds the DDVE system requirements for the chosen capacity configuration.
4. In the DDVE VM Size field, select an option from the options available in the list.
5. In the DDVE Capacity (TB) field, select a storage capacity from the options available in the list.
6. For Sysadmin Authentication type, select Password or SSH public key.
a. If you selected Password, complete the Password and Confirm password fields.
b. If you selected SSH public key, complete the SSH public key field.
7. In the DDBoost user name field, type the login name for the DDBoost user.
8. In the DDVE common password and Confirm password fields, type a password for the DDVE passphrase, DDBoost user account,
and sysadmin account (if DDVE authentication is key-based).
9. In the SNMP community string field, type the SNMP community string used to monitor the DDVE. Blank spaces are not allowed.
10. In the Resource ID of the blob storage account field, type the resource ID for the Azure blob storage account.
The account type must be blob storage. If you do not have an Azure blob storage account, create one before continuing.
To obtain the resource ID from the Azure portal, click Storage accounts, select the storage account from the list, and then click
Properties. A valid resource ID follows this format:

/subscriptions/<subscription GUID>/resourceGroups/<resource group name>/providers/

Microsoft.Storage/storageAccounts/<storage account name>

11. In the Container name field, type the name of the empty container that will store data for DDVE backups. The container must be
empty or the configuration fails. If you do not have an empty container, create one before continuing.
12. Click OK.

Results
The Create Avamar and Data Domain Virtual Edition wizard moves to the Summary tab.

Create the AVE and DDVE VMs

With the Create Avamar and Data Domain Virtual Edition wizard open to the Summary tab, complete the following steps:

Steps
1. Wait for the Azure portal to validate the AVE and DDVE configuration.
Review and correct any errors.
2. Click OK.
The Create Avamar and Data Domain Virtual Edition wizard moves to the Buy tab.
3. Review the estimated pricing and the terms.
4. Click Create.
The Azure portal starts to deploy the AVE and DDVE VMs. The deployment process can take considerable time to complete,
depending on the selected capacity configurations.
5. Observe the output from the deployment process and respond to any problems.

16 Installation
 The Azure portal displays a notification when the deployment completes. The output from the deployment process provides the
private IP addresses for AVE and DDVE.
After deployment completes, Azure automatically configures AVE and DDVE with the indicated selections. Deployment and
configuration may take more than one hour before AVE and DDVE are ready to use.
6. Record both private IP addresses for later use.
7. Monitor the configuration process:
a. Using SSH, connect to AVE with the private IP address that you recorded from the deployment process.
b. Check the configuration log file by typing the following command:
tail -f /usr/local/avamar/var/ave_ddve_config.log
After the configuration completes, the log file contains the following lines:

Completed ave-config
Config AVE successsfully
8. Create a static IP address for the AVE and DDVE virtual machines:
a. From the Azure portal, select the virtual machine, and then select Networking.
b. Select the network interface that is assigned to the virtual machine.
The Azure portal opens the network interface overview.
c. Click IP Configurations.
The Azure portal lists the available IP configurations.
d. Click the IP configuration that is currently assigned to the virtual machine.
The IP configuration window opens.
e. In the Private IP address settings section, for the Assignment field, select Static.
f. Verify the current setting or type a new static IP address for the virtual machine.
g. Click Save.
Repeat this step for both the AVE and DDVE virtual machines.

Deploy AVE and DDVE with an Azure solution

template
The following topics describe how to deploy AVE and Data Domain Virtual Edition (DDVE) virtual machines in Azure by using a solution
template. The solution template uses the DDVE 6.1.0 image in the Azure marketplace (ddve-31-ver-060100).
Solution templates are JSON files that simplify the deployment of multiple Azure resources and dependencies. Use the template to
programmatically deploy the combined AVE and DDVE solution.
Obtain the solution template for AVE and DDVE from Online Support (https://support.emc.com/) before proceeding. The solution
template contains two files:
• AVE_DDVE_SolutionTemplate.json
• AVE_DDVE_SolutionTemplate_parameters.json
The parameter file is only required for deployment via Powershell.
The complete deployment process consists of the following steps:
1. Upload an AVE virtual machine image to Azure and configure prerequisite items.
2. Deploy AVE and DDVE using the solution template.
3. Configure a secure gateway system.
4. Configure DDVE.
5. Configure AVE.
6. Attach the DDVE system to AVE.
Steps 3–6 are outside the scope of this installation guide. The following publications provide additional information to complete the
deployment process:
• Avamar Administration Guide
• Avamar and Data Domain System Integration Guide
• Data Domain Operating System Initial Configuration Guide
• Data Domain Operating System Administration Guide
This installation guide includes steps for the Azure Resource Manager, for Azure Powershell, and for the Azure CLI. The following
Microsoft documentation provides additional information about using solution templates with both interfaces:

Installation 17
• Deploy resources with Resource Manager templates and Azure portal
• Deploy resources with Resource Manager templates and Azure CLI
• Deploy resources with Resource Manager templates and Azure PowerShell
• Parameter files

Upload the AVE image

The solution template uses this AVE image for each automatic deployment. This section also configures several important prerequisite
items. Record the indicated values for later use.

Prerequisites
In general, select the same resource group for each task, and select the same location.

Steps
1. Download and decompress the AVE virtual appliance file.
Download the required software from https://support.emc.com/.
2. Open the Azure portal at https://portal.azure.com and log in to the Azure account.

Create a resource group

Create a resource group for solution template deployment by performing the following steps:

Steps
1. From the Favorites list, click Resource groups.
2. Click Add.
3. In the Resource group name field, type a name for the resource group.
4. Select an available Azure subscription.
5. From the Resource group location drop-down, select an available location.
6. Click Create.

Next steps
Record the name of the new resource group.

Create a storage account

The storage account holds the uploaded AVE virtual appliance file and stores the diagnostic logs from the deployment. Create a storage
account for solution template deployment by performing the following substeps:

Steps
1. From the Favorites list, click Storage accounts.
2. Click Add.
The Create storage account wizard opens on the Basics tab.
3. Select an available Azure subscription.
4. From the Resource group drop-down, select the new resource group.
5. In the Storage account name field, type a name for the storage account.
6. From the Location drop-down, select an available location.
7. For Performance, select Standard or Premium.
8. From the Account kind drop-down, select StorageV2 (general purpose v2).
9. From the Replication drop-down, select Locally-redundant storage (LRS).
10. For Access tier (default), select Hot.
11. Click Review + create.
The remaining fields on the Advanced and Tags tabs are optional for most users.
The Create storage account wizard moves to the Review + create tab.
12. Wait for the Azure portal to validate the storage account configuration.
Review and correct any errors.

18 Installation
13. Click Create.
The Azure portal starts to deploy the storage account. The deployment process can take several minutes to complete.
14. Observe the output from the deployment process and respond to any problems.
The Azure portal displays a notification when the deployment completes.

Next steps
Record the name of the new storage account.

Create a container
Create a container for solution template deployment by performing the following steps:

Steps
1. From the Favorites list, click Storage accounts.
2. Select the new storage account.
3. From the navigation pane for the new storage account, click Blobs.
4. Click + Container.
5. In the Name field, type a name for the container.
6. For Public access level, select Private (no anonymous access).

Results
The Blobs pane lists the new container.

Upload the AVE virtual appliance file

Upload the AVE virtual appliance file to the container for solution template deployment by performing the following steps:

Prerequisites

NOTE: Transferring the AVE virtual appliance file may take considerable time.

If you encounter difficulty while uploading the AVE virtual appliance file, retry the upload with the Azure command line tool AzCopy or the
Azure command-line interface (CLI).
• https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy provides more information about AzCopy, including
download instructions and usage examples.
• https://docs.microsoft.com/en-us/azure/virtual-machines/linux/classic/create-upload-vhd provides more information about the
Azure CLI, including usage examples.
Transfer the AVE virtual appliance file as a page blob.

Steps
1. Select the new container.
The Azure portal opens the contents of the container.
2. Click Upload.
3. Select the AVE virtual appliance file that you downloaded and decompressed earlier.
4. Click Advanced.
5. For Blob type, select Page blob.
6. Ensure that Upload .vhd files as page blobs is checked.
7. Click Upload.

Next steps
The upload progresses in the background. You can continue to complete tasks in the Azure portal while uploading the AVE virtual
appliance file.

Installation 19
Create a virtual network and subnet
Create a virtual network and subnet for solution template deployment by performing the following steps:

Steps
1. From the Favorites list, click Virtual networks.
2. Click Add.
The Create virtual network wizard opens.
3. In the virtual network Name field, type a name for the virtual network.
4. In the Address space field, supply an address space in the form <startingIP>/<subnet>.
For example, 10.2.3.0/24 or 192.168.0.0/16.
5. Select an available Azure subscription.
6. From the Resource group drop-down, select the new resource group.
7. From the Location drop-down, select an available location.
8. In the subnet Name field, type a name for the new subnet.
9. Supply an address prefix in the form <startingIP>/<subnet>.
By default, the wizard copies this field from the value that you typed for the new virtual network.
10. Click Create.
The Azure portal validates the virtual network settings and starts to deploy the storage account. Review and correct any validation
errors. The deployment process can take several minutes to complete.

Next steps
Record the names of the new virtual network and subnet.

Create an image
Create an image for solution template deployment by performing the following steps:

Steps
1. From the Azure portal navigation pane, click + Create a resource.
2. In the Search field, type image.
3. From the search results, select the component Image, published by Microsoft.
The component description pane opens on the right.
4. Click Create.
The Create image wizard opens.
5. In the Name field, type a name for the new image.
6. Select an available Azure subscription.
7. From the Resource group drop-down, select the new resource group.
8. From the Location drop-down, select an available location.
9. For OS type, select Linux.
10. For the Storage blob field, browse to the uploaded AVE virtual appliance file.
11. For Account type, select Standard HDD.
12. For Host caching, select None.
13. Click Create.

Next steps
Record the resource ID for the new AVE image.

Solution template parameters

These template parameters are common to every deployment method. Use the following descriptions to provide parameters to the
template:

AVE Name Required. Type the hostname to assign to AVE. Limited to 10 characters, special characters are prohibited.
AVE Image Required. Provide the value that you recorded when you uploaded the AVE image.
Resource ID

20 Installation
AVE Size in TB Select the installed capacity for this AVE instance: either 2 or 4 TB. This selection governs the choice of Azure
standard tier, as detailed in System requirements on page 9, and the automatic creation of virtual disks, as detailed
in AVE virtual disk requirements on page 9.
AVE Username Required. Type the name of a new user with administrative privileges for AVE. Cannot be root or admin.
AVE Select the method by which users are authenticated when initiating an SSH connection: either Password or SSH
Authentication Public Key.
Mode
AVE User Type a password for the new user. Input must be 12–72 characters that include any three of the following: one
Password lowercase letter, one uppercase letter, one number, and one special character. Complete this field even if using an
SSH public key for authentication. The Avamar Product Security Guide provides more information.
The default is Changeme123#.
AVE Ssh Public Required. Provide the representation of the new user's SSH public key. This field applies only when SSH Public
Key Key authentication is selected. Complete this field even if using a password for authentication.
DDVE Name Required. Type the hostname to assign to DDVE. Limited to 10 characters, special characters are prohibited.
DDVE Virtual Select the maximum installed capacity for this DDVE instance: either Standard_F4 or Standard_F8. This
Machine Size selection governs the choice of Azure standard tier and the automatic creation of virtual disks. All virtual disks are
1000 GB.
Standard_F4 supports a maximum capacity of 7 TB. Standard_F8 supports a maximum capacity of 15 TB.
DDVE Data Disk Select the actual installed capacity for this DDVE instance: integer values between 1–15 TB. The choice of DDVE
Size in TB Virtual Machine Size limits the values that are available for selection.
The 0.5 TB value is only for use with the evaluation license. Do not use this value for any other installations.
DDVE Select the method by which users are authenticated when initiating an SSH connection: either Password or SSH
Authentication Public Key.
Mode
DDVE Sysadmin Type a password for the sysadmin user. Input must be 12–72 characters that include any three of the following:
Password one lowercase letter, one uppercase letter, one number, and one special character. Complete this field even if
using an SSH public key for authentication. The Data Domain Product Security Guide provides more information.
The default is Changeme123#.
DDVE Ssh Public Provide the representation of the sysadmin user's SSH public key. This field applies only when SSH Public Key
Key authentication is selected.
Vnet Existing Required. Type the name of the resource group in which you created the virtual network.
Resource Group
Vnet Name Required. Type the name of the new virtual network.
Vnet Subnet Name Required. Type the name of the subnet that you created within the new virtual network.
Diagnostics Required. Type the name of the resource group in which you created the storage account.
Storage Account
Existing Resource
Group
Diagnostics Required. Type the name of the new storage account.
Storage Account
Name

Deploy from the Azure Resource Manager

The Azure Resource manager provides a graphical interface for deployment of the appliances.

Steps
1. Extract AVE_DDVE_SolutionTemplate.json to a temporary folder on the local computer.
2. Return to the Azure portal.
3. From the Favorites list, click Dashboard.
4. Click Template deployment.
If you do not see Template deployment, complete the following substeps:

Installation 21
 a. Type template deployment in the dashboard search field.
b. From the search results, select the Marketplace item Template deployment, published by Microsoft.
The Template deployment description pane opens on the right.
5. Click Create.
The Custom Deployment page opens.
6. Click Build your own template in the editor.
The Edit Template page opens to an empty template and default values in the editor.
7. Click Load File.
8. Browse to AVE_DDVE_SolutionTemplate.json and then click Open.
The AVE/DDVE solution template opens in the editor.
9. Click Save.
The Custom Deployment page opens and displays the new template.
10. The Basics section is common to all Azure deployments. Choose an appropriate Subscription, Resource Group, and Location.
11. Provide all required AVE and DDVE parameters.
Some fields are preconfigured. Mandatory fields have red names and an *. Validated fields have a purple border and a green check
mark.
Solution template parameters on page 20 provides additional information on parameter values.

12. Review the terms and conditions, and then check I agree to the terms and conditions stated above.
13. Click Purchase.
Deployment may take 15–30 minutes. Note all of the return values from the deployment process.

Deploy from the Azure Powershell

You can also deploy the appliances from the command line by using Azure Powershell. This method provides the required parameters in
the AVE_DDVE_SolutionTemplate_parameters.json file.

Steps
1. Extract AVE_DDVE_SolutionTemplate.json and AVE_DDVE_SolutionTemplate_parameters.json to a temporary
folder on the local computer.
2. Edit AVE_DDVE_SolutionTemplate_parameters.json with a text editor and provide the required values.
Solution template parameters on page 20 provides additional information. Each parameter in this file corresponds to an input field in
the Azure Resource Manager method.
For example:

{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/
deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"AVEName": {
"value": "AVE-test"
},
"AVEImageResourceID": {
"value": "/subscriptions/azure-test/resourceGroups/rg-test/providers/provider-test/vm-
image/ave-image"
},
"AVESizeInTB": {
"value": "2"
},
"AVEUsername": {
"value": "test"
},
"AVEAuthenticationMode": {
"value": "Password"
},
"AVEUserPwd": {
"value": "S3cure#P@ssW0rd!"
},
"AVESshPublicKey": {
"value": "Input only when SSH Public Key is selected as the authentication mode."
},

22 Installation
 "DDVEName": {
"value": "DDVE-test"
},
"DDVEVirtualMachineSize": {
"value": "Standard_F4"
},
"DDVEDataDiskSizeInTB": {
"value": "1"
},
"DDVEAuthenticationMode": {
"value": "Password"
},
"DDVESysadminPwd": {
"value": ".DdV3#P@ssW0rd%"
},
"DDVESshPublicKey": {
"value": "Input only when SSH Public Key is selected as the authentication mode."
},
"vnetExistingResourceGroup": {
"value": "rg-test"
},
"vnetName": {
"value": "vnet-test"
},
"vnetSubnetName": {
"value": "subnet-test"
},
"diagnosticsStorageAccountExistingResourceGroup": {
"value": "rg-test"
},
"diagnosticsStorageAccountName": {
"value": "storage-test"
}
}
}
3. Save and close the file.
4. In the Azure Powershell interface, log in and select an appropriate subscription.
5. In the Azure Powershell interface, type the following command on one line:
New-AzureRmResourceGroupDeployment -Name <DeploymentName> -ResourceGroupName
<ResourceGroupName> -TemplateFile AVE_DDVE_SolutionTemplate.json -TemplateParameterFile
AVE_DDVE_SolutionTemplate_parameters.json
where:
• <DeploymentName> is a unique name for this AVE and DDVE deployment.
• <ResourceGroupName> is a resource group in which to place the new instances of AVE and DDVE.

Deployment may take 15–30 minutes. Note all of the return values from the deployment process.

Deploy from the Azure CLI

You can also deploy the appliances from the command line by using Azure Command Line Interface (CLI). This method provides the
required parameters in the AVE_DDVE_SolutionTemplate_parameters.json file.

Steps
1. Extract AVE_DDVE_SolutionTemplate.json and AVE_DDVE_SolutionTemplate_parameters.json to a temporary
folder on the local computer.
2. Edit AVE_DDVE_SolutionTemplate_parameters.json with a text editor and provide the required values.
Solution template parameters on page 20 provides additional information. Each parameter in this file corresponds to an input field in
the Azure Resource Manager method.
For example:

{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/
deploymentParameters.json#",
"contentVersion": "1.0.0.0",

Installation 23
 "parameters": {
"AVEName": {
"value": "AVE-test"
},
"AVEImageResourceID": {
"value": "/subscriptions/azure-test/resourceGroups/rg-test/providers/provider-test/vm-
image/ave-image"
},
"AVESizeInTB": {
"value": "2"
},
"AVEUsername": {
"value": "test"
},
"AVEAuthenticationMode": {
"value": "Password"
},
"AVEUserPwd": {
"value": "S3cure#P@ssW0rd!"
},
"AVESshPublicKey": {
"value": "Input only when SSH Public Key is selected as the authentication mode."
},
"DDVEName": {
"value": "DDVE-test"
},
"DDVEVirtualMachineSize": {
"value": "Standard_F4"
},
"DDVEDataDiskSizeInTB": {
"value": "1"
},
"DDVEAuthenticationMode": {
"value": "Password"
},
"DDVESysadminPwd": {
"value": ".DdV3#P@ssW0rd%"
},
"DDVESshPublicKey": {
"value": "Input only when SSH Public Key is selected as the authentication mode."
},
"vnetExistingResourceGroup": {
"value": "rg-test"
},
"vnetName": {
"value": "vnet-test"
},
"vnetSubnetName": {
"value": "subnet-test"
},
"diagnosticsStorageAccountExistingResourceGroup": {
"value": "rg-test"
},
"diagnosticsStorageAccountName": {
"value": "storage-test"
}
}
}
3. Save and close the file.
4. In the Azure CLI, log in and select an appropriate subscription.
5. In the Azure CLI, type the following command on one line:
az group deployment create --name <DeploymentName> -ResourceGroupName <ResourceGroupName> -
TemplateFile AVE_DDVE_SolutionTemplate.json -TemplateParameterFile
AVE_DDVE_SolutionTemplate_parameters.json
where:
• <DeploymentName> is a unique name for this AVE and DDVE deployment.
• <ResourceGroupName> is a resource group in which to place the new instances of AVE and DDVE.

Deployment may take 15–30 minutes. Note all of the return values from the deployment process.

24 Installation
Complete post-deployment configuration
These steps prepare the deployed AVE for installation of the Avamar software.

Prerequisites
Note and record the deployment status, and the AVAMARURL and DDSMURL values from the deployment task. Access to these URLs
requires a secure gateway system, which is beyond the scope of this installation guide.

Steps
1. Create a static IP address for the virtual machine by performing the following substeps:
a. From the network interface configuration page for the virtual machine, click IP Configurations.
b. Click the network name.
c. Select Static for the Private IP Address.
2. Obtain the AVE private IPv4 address by performing one of the following substeps:
a. Use the Azure Portal to obtain the private IPv4 address.
The Microsoft documentation for the Azure Portal provides more information.
b. Use the Azure CLI to obtain the private IPv4 address by typing the following command:
az vm list-ip-addresses --name vm-name
c. Record the private IPv4 address for future use. This value is the default password for AVE.
3. Configure a secure gateway system.
4. Install the AVE.
Install and configure the Avamar software on page 28 contains instructions.
NOTE: After launching the instance, the AVE initializes and restarts automatically. During this process, which takes
15–25 minutes, the AVE installs drivers and an updated kernel. You cannot install the AVE until this process is
complete because the AVE installation package, ave-config, is not available in the Avamar Installation Manager. SSH
is also unavailable during this time.

5. Configure the DDVE instance.

If you cannot access the DDVE instance from the secure gateway via HTTP or HTTPS, perform the following substeps:
a. SSH to the DDVE instance and log in as the sysadmin user.
b. Type the following command:
adminaccess enable http/https
6. Attach the DDVE system to AVE.

Network security group

The following tables describe the rules that should be added to an Azure network security group.

Inbound ports for the Azure network security group

The following tables describe the rules that should be added to an Azure network security group.
NOTE: If you want to restrict the source of traffic, set the source with IPv4 or IPv6 CIDR block, or a single IPv4 or IPv6
address.

NOTE: Avamar no longer supports HTTP access to TCP port 80. Use the HTTPS ports 443 to access these services
instead.
For all table entries:
• The Source and Destination fields are Any.
• The Source port range field is *
• The Action is Allow.
• Assign a unique priority value to each rule, starting at 100.
• Type a unique description for each rule. The value must be unique for both inbound and outbound rules.

Installation 25
Table 7. Inbound ports for the Azure network security group
Type Protocol Destination port range
SSH TCP 22

Custom TCP Rule TCP 161

Custom UDP Rule UDP 161

Custom TCP Rule TCP 163

Custom UDP Rule UDP 163

HTTPS TCP 443

Custom TCP Rule TCP 700

Custom TCP Rule TCP 7543

Custom TCP Rule TCP 7778 - 7781

Custom TCP Rule TCP 8543

Custom TCP Rule TCP 9090

Custom TCP Rule TCP 9443

Custom TCP Rule TCP 27000

Custom TCP Rule TCP 28001 - 28002

Custom TCP Rule TCP 28810 - 28819

Custom TCP Rule TCP 29000

Custom TCP Rule TCP 30001 - 30010

Outbound ports for the Azure network security group

NOTE: If you want to restrict the source of traffic, set the source with IPv4 or IPv6 CIDR block, or a single IPv4 or IPv6
address.
By default, Azure has a rule AllowInternetOutBound with priority 65001 to allow all outbound internet traffic. Override this rule by adding
a rule with a priority (that is, an integer number) that is greater than all customized rules' priority, and less than 65000: source: *,
destination: *, protocol: *, action: Deny. Azure documentation contains information about creating a firewall rule.
For all table entries:
• The Source and Destination fields are Any.
• The Source port range field is *
• The Action is Allow.
• Assign a unique priority value to each rule, starting at 100.
• Type a unique description for each rule. The value must be unique for both inbound and outbound rules.

Table 8. Outbound ports for the Azure network security group

Type Protocol Destination port range
Custom TCP Rule TCP 7

SSH TCP 22

SMTP TCP 25

DNS (UDP) UDP 53

Custom TCP Rule TCP 111

Custom UDP Rule UDP 111

26 Installation
Table 8. Outbound ports for the Azure network security group (continued)
Type Protocol Destination port range
Custom TCP Rule TCP 161

Custom UDP Rule UDP 161

Custom TCP Rule TCP 163

Custom UDP Rule UDP 163

HTTPS TCP 443

Custom TCP Rule TCP 700

Custom TCP Rule TCP 2049

Custom UDP Rule UDP 2049

Custom TCP Rule TCP 2052

Custom UDP Rule UDP 2052

Custom TCP Rule TCP 3008

Custom TCP Rule TCP 8443

Custom TCP Rule TCP 8888

Custom TCP Rule TCP 9090

Custom TCP Rule TCP 9443

Custom TCP Rule TCP 27000

Custom TCP Rule TCP 28001-28010

Custom TCP Rule TCP 29000

Custom TCP Rule TCP 30001-30010

Azure security best practices

Consider the following issues when deploying AVE to an Azure environment, to create as secure an environment as possible.

Follow the Azure network security best practices

Follow the Azure network security best practices at https://docs.microsoft.com/en-us/azure/best-practices-network-security to define
an Information Security Management System (ISMS). Build a set of security policies and processes for the organization to protect the
Avamar server and clients in the Azure cloud.

Disable the public IP address when launching AVE

Because AVE in the cloud only backs up resources in the same Virtual Private Cloud (VPC), AVE does not need a public IP address.
Isolating AVE from public network access helps to secure AVE in a cloud environment.
When creating the virtual machine, select None for the public IP address setting to disable the public IP address for AVE.

Set up an additional secure gateway system for AVE

maintenance in the cloud
You can also set up a secure gateway system, with a public IP address, in the same VPC as AVE and the clients. Perform all operation and
maintenance of AVE through this secure gateway system. Configure the gateway system for high security by, for example, defining the
security group to enable only a must-have level of network access.

Installation 27
• For Linux gateways, enable only the SSH port, with key-based SSH access, and the VNC port range. Restrict the permitted original
network address (a white-listed IP address or range is suggested).
• For Window gateways, enable only the RDP port. Restrict the permitted original network address (a white-listed IP address or range is
suggested).
You can install Avamar Administrator on the Secure gateway system. In this case, configure a security group for the following ports:

Table 9. Inbound ports for Linux gateways

Type Protocol Port range Source
Custom TCP rule TCP 7778-7781 Subnet IPv4 CIDR

HTTPS TCP 443 Subnet IPv4 CIDR

SSH TCP 22 0.0.0.0/0

Table 10. Inbound ports for Windows gateways

Type Protocol Port range Source
Custom TCP rule TCP 7778-7781 Subnet IPv4 CIDR

RDP TCP 3389 0.0.0.0/0

HTTPS TCP 443 Subnet IPv4 CIDR

SSH TCP 22 Subnet IPv4 CIDR

Use only key-based SSH access

Use an SSH public key when launching AVE in Azure. Select SSH public key as the Authentication type when creating the virtual
machine.

Use a security group with custom IP address ranges

In addition to the ports, restrict the source and destination network address ranges in the inbound/outbound security group. Enable only
the necessary ports for both inbound and outbound network access, as defined in Network security group on page 25.

Timely application of Avamar security patches

Avamar releases quarterly OS security patch roll-ups. Apply these patches to AVE on a regular basis.

Install and configure the Avamar software

To install the Avamar software on a new AVE virtual machine, follow the instructions that are included in the help file for the AVE
installation workflow on the SW Releases page of the Avamar Installation Manager.

Steps
1. Open a web browser and log in to the Avamar Installation Manager:
The Avamar Administration Guide provides more information.
a. Type the following URL:
https://Avamar-server:7543/avi
where Avamar-server is the IP address or the resolvable hostname of the Avamar server.

The Avamar Installation Manager login page appears.

b. Log in as the root user for the Avamar software with the default password.
The default password is the private IPv4 address for the virtual machine.
c. Click Login.
The Avamar Installation Manager opens to the Package Selection page.

28 Installation
2. In the menu bar, click SW Releases, and then select the ave-config workflow package from the Package List.
3. Click the ? button next to the ave-config package.
The Avamar Virtual Edition Configuration Workflow Guide opens.
4. Review the workflow guide for information about the required and optional user input fields.
After you click Install, you are no longer able to access the workflow guide.
5. Click Install next to the AVE installation package ave-config.
The Installation Setup page displays.
6. On the Installation Setup page, provide the required information in the user input fields for each tab, and then click Continue.
The Installation Progress page displays.
7. On the Installation Progress page, monitor the installation and respond to any installation problems:
a. To resolve the problem, take the appropriate action.
b. After resolving the problem, click Call Support.
The Call Support dialog box appears.
c. Click Issue resolved, continuing the installation.
The installation resumes.
d. Repeat these substeps for all problems that occur during the installation.

Upgrade the Avamar software

To upgrade the Avamar software on an AVE virtual machine, follow the instructions that are included in the workflow guide for the AVE
upgrade workflow package on the SW Releases page of the Avamar Installation Manager.

Steps
1. Download the AVE upgrade workflow package for the appropriate version of AVE.
Download the required software from https://support.emc.com/.
You can also use the Avamar Download Manager or Local Downloader Service to download the software. The Avamar Administration
Guide contains information about configuring and using the Avamar Download Manager and the Local Downloader Service.

2. Open a web browser and log in to the Avamar Installation Manager:

The Avamar Administration Guide provides more information.
a. Type the following URL:
https://Avamar-server:7543/avi
where Avamar-server is the IP address or the resolvable hostname of the Avamar server.

The Avamar Installation Manager login page appears.

b. Log in as the root user for the Avamar software.
The root user password is typically set as part of the ave_config workflow during Avamar software installation.
c. Click Login.
The Avamar Installation Manager opens to the Package Selection page.
3. Upload the AVE upgrade workflow package that you downloaded in step 1 on page 29 by performing the following substeps:
a. Click Repository.
The Repository tab appears.
b. For Package Upload, click Browse and select the package to upload.
Once the package upload completes, it automatically appears in the Repository table.
4. Click SW Upgrade.
The SW Upgrade tab appears.
5. Click the ? button for the AVE upgrade workflow package (AvamarUpgrade-version.avp) to open the workflow guide.
6. Click Upgrade.
7. On the Installation Progress page, monitor the upgrade and respond to any problems:
a. To resolve the problem, take the appropriate action.
b. After resolving the problem, click Call Support.
The Call Support dialog box appears.
c. Click Issue resolved, continuing the installation.
The upgrade resumes.
d. Repeat these substeps for all problems that occur during the upgrade.

Installation 29
8. When the upgrade is complete, run the following optional, but recommended, packages:
• Avamar platform OS security patch rollup (AvPlatformOsRollup_<year>R<r>.avp)
• Upgrade client downloads (UpgradeClientDownloads-<version>.avp)
• Upgrade client plugin catalog (UpgradeClientPluginCatalog-<version>.avp)
The Avamar Administration Guide provides more information.

Post-installation and post-upgrade tasks

Perform the following tasks after completing the installation or upgrade of the AVE server. Note that some of these tasks might apply only
to an upgrade and are not applicable for a new installation.

Starting the backup scheduler

The pre-upgrade steps included suspending the backup scheduler. Start the backup scheduler by typing the following command as the
admin user:
dpnctl start sched
Output similar to the following appears:

Identity added: /home/admin/.ssh/dpnid

(/home/admin/.ssh/dpnid)
dpnctl: INFO: Resuming backup scheduler...
dpnctl: INFO: Backup scheduler resumed.

Starting the maintenance scheduler

The pre-upgrade steps included suspending the maintenance scheduler. Start the maintenance scheduler by typing the following
command as the admin user:
dpnctl start maint
Output similar to the following appears:

Identity added: /home/admin/.ssh/dpnid (/home/admin/.ssh/dpnid)

dpnctl: INFO: Resuming maintenance windows scheduler...
dpnctl: INFO: maintenance windows scheduler resumed.

Verify services
As a best practice, verify that all services are online by typing the following command as the admin user:
dpnctl status
Output similar to the following appears:

Identity added: /home/admin/.ssh/admin_key (/home/admin/.ssh/admin_key)

dpnctl: INFO: gsan status: up
dpnctl: INFO: MCS status: up.
dpnctl: INFO: emt status: up.
dpnctl: INFO: Backup scheduler status: up.
dpnctl: INFO: Maintenance windows scheduler status: enabled.
dpnctl: INFO: Unattended startup status: enabled.
dpnctl: INFO: avinstaller status: up.
dpnctl: INFO: ConnectEMC status: up.
dpnctl: INFO: ddrmaint-service status

30 Installation
Create swap partition
Swap partition is not created automatically during installation. To create it manually, complete the following steps:
1. Run the following commands to create swap partition:
dd if=/dev/zero of=/data01/aveswap bs=1G count=16
mkswap /data01/aveswap
swapon /data01/aveswap
2. Verify that the swap partition is created by checking whether /data01/aveswap exists.
3. Add the following line in the /etc/fstab file:
/data01/aveswap swap swap defaults 0 0
This enables the swap partition to mount automatically during each OS boot.

Adding Secure Remote Services to the AVE virtual

machine (optional)
Secure Remote Services (ESRS) is a two-way connection between Dell EMC products and solutions and Dell EMC Customer Service.
ESRS provides:
• Proactive remote monitoring and repair
• 5x faster issue resolution times
• 15 percent higher levels of availability
Depending on the type of warranty or maintenance contract, ESRS might be available to you at no charge.
Documentation, downloads and product information are available on Online Support.

Rebooting Avamar proxy clients

If Avamar proxy clients are installed, reboot the proxy clients by typing the following commands:
su -
mccli mcs reboot-proxy --all=true
exit
Output similar to the following appears:

0,22357,Initiated request to recycle proxy power.

NOTE: The Avamar for VMware User Guide contains information about deploying proxies.

Testing Data Domain integration

If you use AVE with Data Domain, verify the status of the Data Domain integration and open any necessary service requests with
Customer Support when problems occur.
NOTE: The Avamar and Data Domain System Integration Guide contains information about how to add a Data Domain
system to the Avamar system and then verify it. This document also contains information about replication.

Selecting a Data Domain target for backups

To select a Data Domain system as the storage for a backup, select the Store backup on Data Domain system checkbox in the plug-in
options for the backup, and then select the Data Domain system from the list.

Installation 31
Generating new certificates with Data Domain systems
When you upgrade an AVE that is connected to a Data Domain system to Avamar release 7.3 or greater, and session ticket authentication
is enabled during upgrade, you must generate new certificates on the Data Domain system. The Avamar Product Security Guide contains
more information.

Storing Avamar server checkpoints on a Data Domain

system
You can store checkpoints for a single-node Avamar server or Avamar Virtual Edition (AVE) on a Data Domain system. Checkpoints are
system-wide backups that are taken for disaster recovery of the Avamar server. Restoring checkpoints from a Data Domain system
requires assistance from Dell EMC Professional Services. The Dell EMC Avamar Administration Guide provides details about checkpoints.
To store checkpoints, perform the following steps:
1. In Avamar Administrator, click the Server launcher button to open the Server window.
2. Click the Server Management tab.
3. Select a Data Domain system.
4. Navigate to Actions > Edit Data Domain System to open the Edit Data Domain System window .
5. Click the System tab and then select Use system as target for Avamar Checkpoint Backups.
6. Click OK.
7. After the edits are complete, click Close.

Setting the passphrase on Data Domain systems

When you upgrade an AVE that is connected to a Data Domain system to Avamar release 7.3 or greater, enable a passphrase for the DD
Boost user by performing the following steps:
1. Log in to the Data Domain system.
2. Type the following command at the Data Domain CLI:
system passphrase set
3. When prompted, type a passphrase.

NOTE: The DD Boost user must have admin rights.

Testing replication
If you are performing an AVE upgrade and if replication was configured before the upgrade, verify the status of replication and open any
necessary service requests with Customer Support when problems occur. The Avamar Administration Guide contains information about
replication.

Upgrading the Avamar client downloads

The Avamar Client Downloads and Client Manager Installer Upgrades Technical Note, which is available on Online Support contains
information about the procedures to upgrade client installation packages.

Installing the server hotfixes and the Avamar platform

security patch rollup
Server hotfixes and the Avamar platform security patch rollup are released on a periodic basis. When available, you should install these
hotfixes and the Avamar platform security patch rollup on new and existing AVE systems.
The Avamar Administration Guide contains information about installing hotfixes, and the Support KB article https://support.emc.com/kb/
335359 provides instructions for installing the Avamar platform security patch rollup.

32 Installation