Dell EMC AppSync 4.4 Is here
CDM (Copy Data Management) is exploding, analysts predict that most of your data in the data center is derived from copies of your data and as such, we are continuing […]
Dell Storage, PowerStore, PowerFlex PowerMax & PowerScale, Virtualization & Containers Technologies
CDM (Copy Data Management) is exploding, analysts predict that most of your data in the data center is derived from copies of your data and as such, we are continuing […]
CDM (Copy Data Management) is exploding, analysts predict that most of your data in the data center is derived from copies of your data and as such, we are continuing to invest in this field.
For the readers of my blog, you know that I’m a big fan of AppSync which allows you to copy/restore/repurpose your data with a direct integration to the Dell EMC storage products so now is a great time to explain about the 4.0 version of AppSync which we have just released.
AppSync is a software that enables Integrated Copy Data Management (iCDM) with Dell EMC’s primary storage systems.
AppSync simplifies and automates the process of generating and consuming copies of production data. By abstracting the underlying storage and replication technologies, and through deep application integration, AppSync empowers application owners to satisfy copy demand for operational recovery and data repurposing on their own. In turn, storage administrators need only be concerned with initial setup and policy management, resulting in an agile, frictionless environment.
AppSync automatically discovers application databases, learns the database structure, and maps it through the Virtualization Layer to the underlying storage LUN. It then orchestrates all the activities required from copy creation and validation through mounting at the target host and launching or recovering the application. Supported workflows also include refresh, expire, and restore production.
Dell EMC AppSync simplifies and automates the process of generating and consuming copies of production data. AppSync enables application owners to satisfy copy demand for data repurposing, operational recovery and disaster recovery across multiple EMC arrays and applications with a single user interface.
I previously blogged about AppSync here and here so today’s post is about the new, 4.4 version
• Application Integration
– Oracle
– Microsoft SQL
– VMware
• Improved Total Customer Experience
(TCE) features
– Daily log of key debugging information
– More rows for alert tabular reports
– License file included in backup/restore
– Embedded SRS agent
• Improved Infrastructure features
– Security hardening
– AppSync server high availability
Deeper Platform Support for Dell EMC PowerStore
Dell EMC PowerMax Secure Snapshots
PowerMax Secure Snapshots now supported
Service Plan settings now provide option to choose secure copy
Not available for Repurposing Plans
Only supports aged based retention and not # of copies
On-demand copy expiration is not allowed
All features supported for regular snapshot-based copies is supported
Application Integration Improvements
Application Integration Improvements – Oracle – Independent Archive Log Backups
New AppSync feature to take frequent independent archive log backups
Option to independently take archive log backups
Ability to mount and unmount these archive log backups
Expiring archive log backups
Service Plan wizard
Enable archive log backup
Choose when create
How long to retain
Select archive destination
Application Integration Improvements – Oracle – Independent Archive Log Backups
– New “Archive Log Backups” tab on
Oracle copies page
Application Integration Improvements – Oracle – Independent Archive Log Backups
Users can see the created copies page properties to know
SCN (system change number) and timestamp that this archive log correlates to
Useful for Oracle administrators to choose the best copy for manual recovery of the mounted database to the point in time they want with more granularity
Application Integration Improvements – SQL – Read Intent only on Secondary DB
AppSync 4.4+ supports SQL “read-intent only” state on secondary databases
Shows “Online, “read-intent only” in status
AppSync 4.3 only supported “readable” state, copy protection would have if “read-intent only”
Application Integration Improvements – SQL – Read Intent only on Secondary DB
Rediscover databases to show “Role in Availability Group” Changes
Application Integration Improvements – VMware – Support CBT enabled VMs
Support the use of virtual machines with CBT enabled
CBT optimizes backups by reading only allocated or modified portions of the virtual disk
Enabled by default with vm’s running hardware version 7+
Improved Total Customer Experience (TCE) Features
AppSync Server – High Availability
AppSync Server is now officially qualified and supported for VMware HA running as a VM
Future versions of AppSync will enhance product with database replication and failover to another instance
Improved Infrastructure Features – Update Security Infrastructure
Update Security Infrastructure
Ensure AppSync is not utilizing any third-party components known to be vulnerable or EOL
Avoid security breaches in end user environments
Adhere to Dell security guidelines
Security items:
Authentication and authorization mechanism is implemented using industry standard IAM solution “Keycloak” (https://www.keycloak.org/)
https://developer.dell.com will be updated with an example of how to authenticate via REST API
OpenID Connect and OAuth 2.0 based authentication and authorization
JWT Token based access to AppSync REST resources will make AppSync stateless (No more user sessions maintained)
AppSync can easily integrate with 3rd party software using REST API
No more browser redirection to get access token
Keycloak integration allows AppSync to provide well defined end points to get access token with exchange of credentials
Access token can be used to access AppSync REST API resources
Access tokens are short lived, 5 mins by default (new advanced server setting keycloak.access.token.timeout)
Refresh tokens can be used to refresh access token, valid for 30 mins (new advanced server setting keycloak.refresh.token.timeout)
Login attempts advanced server setting keycloak.login.attempts
SSO will get logged out after 30 mins of inactivity
Any active sessions will be auto logged out after 12 hours, security best practice
Wildfly replacing Tomcat
Changes in permissions, (access roles), live in 5 mins
Sensitive cookies in the AppSync environment set to “HttpOnly” to ensure their security
Improved Infrastructure Features – Update Security Infrastructure
New checkbox to login as “LDAP” user
Unchecked logs in with “local” user
IAM or Identity Access Management
“Keycloak”
Requires these changes to support both login types
LDAP support is still the same
Improved Infrastructure Features – Security improvements to UI, Agents, and Server
Enable “Content Security Policy” / CSP in UI
Implement anti “Cross-Site Request Forgery” / CSRF flags in UI
Check all output is encoded to a common format in UI / CLI
Check the file content type, size of files (licenses, certificates) for any user provided files before uploading
– CLI/UI validations to prevent any command injection attacks
Most secure algorithm to be selected by default for SNMP V3 in UI
Warning message to user when they try to configure V2C in UI SHA is default authentication algorithm
AES 256 default privacy protocol
Improved Infrastructure Features – Rotation of public/private keys
Rotation of public keys/ private keys for setting up SSH connection with Python agents
Improved Infrastructure Features – Daily log of key information for support debug
AppSync server version, dump of variable settings
Hosts: operating system version, AppSync plugin version, last discovery
VMware vCenter: version, VC id, last discovery
Arrays: type, firmware version, license status, last discovery
Copy Management: Oracle, SQL, Exchange, SAP, Filesystems, VMW instances discovered
Current copies for all above and service plan created
List of all service plans and all configured settings
The logs are in <install location>\jboss\logs\resourceInfo.log, along with other log files
Single file that will grow up to 10 megabytes
After 1st file is full, it’s renamed to resourceInfo.log1 and so on up to 10 files
These log files will be included in the automated log collection bundle
Advanced setting “resourceInfo.logging.enable” is set to true by default
Can be set to false if user wants to stop this feature from running
You can download Appsync 4.4 by clicking the screenshot below
Documentation links