CDM (Copy Data Management) is exploding, analysts predict that most of your data in the data center is derived from copies of your data and as such, we are continuing to invest in this field.

For the readers of my blog, you know that I’m a big fan of AppSync which allows you to copy/restore/repurpose your data with a direct integration to the Dell EMC storage products so now is a great time to explain about the 4.0 version of AppSync which we have just released.

AppSync is a software that enables Integrated Copy Data Management (iCDM) with Dell EMC’s primary storage systems.

AppSync simplifies and automates the process of generating and consuming copies of production data. By abstracting the underlying storage and replication technologies, and through deep application integration, AppSync empowers application owners to satisfy copy demand for operational recovery and data repurposing on their own. In turn, storage administrators need only be concerned with initial setup and policy management, resulting in an agile, frictionless environment.

AppSync automatically discovers application databases, learns the database structure, and maps it through the Virtualization Layer to the underlying storage LUN. It then orchestrates all the activities required from copy creation and validation through mounting at the target host and launching or recovering the application. Supported workflows also include refresh, expire, and restore production.

Dell EMC AppSync simplifies and automates the process of generating and consuming copies of production data. AppSync enables application owners to satisfy copy demand for data repurposing, operational recovery and disaster recovery across multiple EMC arrays and applications with a single user interface.

I previously blogged about AppSync here and here so today’s post is about the new, 4.4 version

• Application Integration
– Oracle
– Microsoft SQL
– VMware
• Improved Total Customer Experience
(TCE) features
– Daily log of key debugging information
– More rows for alert tabular reports
– License file included in backup/restore
– Embedded SRS agent
• Improved Infrastructure features
– Security hardening
– AppSync server high availability

Deeper Platform Support for Dell EMC PowerStore

  • NVMe-oFC Support (Non-Volatile-Memory-Express over Fibre Channel)
  • Supports physical hosts with Linux Operating System
  • Red Hat Enterprise Linux 8 – 8.3 & SUSE Linux Enterprise Server 15 – 15SP2
  • nvme-cli RPM is required to be installed on hosts
  • All Fibre Channel AppSync use cases supported
  • NVMe Benefits:
  • Separates administrative and I/O commands
  • Multiple queues, high parallelism, and low latency access
  • NVMe over FC is a full featured, high-performance technology for NVMe-based fabric-attached enterprise storage

Dell EMC PowerMax Secure Snapshots

PowerMax Secure Snapshots now supported

Service Plan settings now provide option to choose secure copy

Not available for Repurposing Plans

Only supports aged based retention and not # of copies

On-demand copy expiration is not allowed

All features supported for regular snapshot-based copies is supported


Application Integration Improvements

Application Integration Improvements – Oracle – Independent Archive Log Backups

New AppSync feature to take frequent independent archive log backups

Option to independently take archive log backups

Ability to mount and unmount these archive log backups

Expiring archive log backups

Service Plan wizard

Enable archive log backup

Choose when create

How long to retain

Select archive destination


Application Integration Improvements – Oracle – Independent Archive Log Backups

– New “Archive Log Backups” tab on
Oracle copies page


Application Integration Improvements – Oracle – Independent Archive Log Backups

Users can see the created copies page properties to know

SCN (system change number) and timestamp that this archive log correlates to

Useful for Oracle administrators to choose the best copy for manual recovery of the mounted database to the point in time they want with more granularity

Application Integration Improvements – SQL – Read Intent only on Secondary DB

AppSync 4.4+ supports SQL “read-intent only” state on secondary databases

Shows “Online, “read-intent only” in status

AppSync 4.3 only supported “readable” state, copy protection would have if “read-intent only”

Application Integration Improvements – SQL – Read Intent only on Secondary DB

Rediscover databases to show “Role in Availability Group” Changes

Application Integration Improvements – VMware – Support CBT enabled VMs

Support the use of virtual machines with CBT enabled

CBT optimizes backups by reading only allocated or modified portions of the virtual disk

Enabled by default with vm’s running hardware version 7+


Improved Total Customer Experience (TCE) Features

AppSync Server – High Availability

AppSync Server is now officially qualified and supported for VMware HA running as a VM

Future versions of AppSync will enhance product with database replication and failover to another instance

Improved Infrastructure Features – Update Security Infrastructure

Update Security Infrastructure

Ensure AppSync is not utilizing any third-party components known to be vulnerable or EOL

Avoid security breaches in end user environments

Adhere to Dell security guidelines

Security items:

Authentication and authorization mechanism is implemented using industry standard IAM solution “Keycloak” (https://www.keycloak.org/)

https://developer.dell.com will be updated with an example of how to authenticate via REST API

OpenID Connect and OAuth 2.0 based authentication and authorization

JWT Token based access to AppSync REST resources will make AppSync stateless (No more user sessions maintained)

AppSync can easily integrate with 3rd party software using REST API

No more browser redirection to get access token

Keycloak integration allows AppSync to provide well defined end points to get access token with exchange of credentials

Access token can be used to access AppSync REST API resources

Access tokens are short lived, 5 mins by default (new advanced server setting keycloak.access.token.timeout)

Refresh tokens can be used to refresh access token, valid for 30 mins (new advanced server setting keycloak.refresh.token.timeout)

Login attempts advanced server setting keycloak.login.attempts

SSO will get logged out after 30 mins of inactivity

Any active sessions will be auto logged out after 12 hours, security best practice

Wildfly replacing Tomcat

Changes in permissions, (access roles), live in 5 mins

Sensitive cookies in the AppSync environment set to “HttpOnly” to ensure their security

Improved Infrastructure Features – Update Security Infrastructure

New checkbox to login as “LDAP” user

Unchecked logs in with “local” user

IAM or Identity Access Management

“Keycloak”

Requires these changes to support both login types

LDAP support is still the same

Improved Infrastructure Features – Security improvements to UI, Agents, and Server

Enable “Content Security Policy” / CSP in UI

Implement anti “Cross-Site Request Forgery” / CSRF flags in UI

Check all output is encoded to a common format in UI / CLI

Check the file content type, size of files (licenses, certificates) for any user provided files before uploading

– CLI/UI validations to prevent any command injection attacks

Most secure algorithm to be selected by default for SNMP V3 in UI

Warning message to user when they try to configure V2C in UI SHA is default authentication algorithm

AES 256 default privacy protocol

Improved Infrastructure Features – Rotation of public/private keys

Rotation of public keys/ private keys for setting up SSH connection with Python agents

Improved Infrastructure Features – Daily log of key information for support debug

  • Daily log of key information required for debugging (SERAPPSYNC-4)

AppSync server version, dump of variable settings

Hosts: operating system version, AppSync plugin version, last discovery

VMware vCenter: version, VC id, last discovery

Arrays: type, firmware version, license status, last discovery

Copy Management: Oracle, SQL, Exchange, SAP, Filesystems, VMW instances discovered

Current copies for all above and service plan created

List of all service plans and all configured settings

The logs are in <install location>\jboss\logs\resourceInfo.log, along with other log files

Single file that will grow up to 10 megabytes

After 1st file is full, it’s renamed to resourceInfo.log1 and so on up to 10 files

These log files will be included in the automated log collection bundle

Advanced setting “resourceInfo.logging.enable” is set to true by default

Can be set to false if user wants to stop this feature from running

You can download Appsync 4.4 by clicking the screenshot below


Documentation links

Support for AppSync | Documentation | Dell US

Posted on 0 By itzikr Uncategorized Posted in Uncategorized

itzikr

Working For DellEMC as a VP & CTO For XtremIO

Leave a Reply Cancel reply