How to Install and Configure Veritas Alta SaaS Protection Link-based Stubbing

Description

• Select a Windows Server to act as the Retrieval Server.  This server can an existing Windows Server or a provisioned virtual machine.
• Create a stub share on the Retrieval Server. (The stub share does not need much storage space as it will essentially maintain corresponding zero-byte files for each shortcut that exists in the target CIFS/NFS directories.)
• Install and configure the Retrieval Service on the Retrieval Server.
• Install and configure the Connector Service (if not already installed).
• Create a connector in the Veritas Alta SaaS Protection Connector Service (HCS) that targets data on a CIFS/NFS directory and applies a stub policy with link-based stubbing.

Architecture

A single Retrieval Service per region (Veritas Alta SaaS Protection StorSite) provides link-based stubbing services.  The Retrieval Service will support any number of file shares from various storage appliances in that region.  Link-based stubs work by creating two levels of indirection to the data stored in Veritas Alta SaaS Protection. 

 

For example:  A link-based stub on a Storage Appliance points to a seamless stub on a Windows file share of the Retrieval Server.  The Veritas Alta SaaS Protection Retrieval Service retrieves data from the cloud on demand and caches it.  It also manages share permissions to ensure proper access controls are maintained based on permissions to the link-based stub files.

                                

If you have a geographically distributed storage scenario, it is generally a good idea keep the Retrieval Server central to the storage that will be stubbed with link-based stubbing.

Step 1 -- Configure a Stub Share

It is recommended to create a stub share locally on the Windows machine that will serve as the Retrieval Server. The stub share will contain offline files only.

Stub Share Permission

Link-based stubs are shortcuts that will pass the file open request over to the stub share, thus the 'everyone' permission is required on this directory since any user or application may try to open a file through link-based stubs.

IMPORTANT: Below is the best practice for configuring the 'Everyone' permission on the stub share:

1. Manually share the folder of the stub share directory with ‘Everyone’, giving it read/write permissions. 

 

Right-click the folder > Share with > Specific people and add the Everyone group. 

 

 

2. Next, remove the NTFS permission for the 'Everyone' group that is added as a result of applying the share in the previous step.

Right-click the folder > Properties > Security 

 

2. Click the ' Force Permissions Update...' button to update the stub share's permissions immediately.    

 

By default, the Retrieval Service on an hourly basis will programmatically set the minimum permissions for the 'Everyone' group on the stub share to prevent directory browsing and maintain appropriate access.  This permissions update will apply write access permission for instances of the Veritas Alta SaaS Protection Connector Service (HCS) that exist in your configuration and the service account they use in your domain.

 

The 'Force Permissions Update...' button is useful if you later add a new HCS instance that runs with a service account that has not previously been used in your Veritas Alta SaaS Protection configuration.

 

3.  Confirm permissions have been updated.  When configured properly, the NTFS permissions for the 'Everyone' ACE should look like this:

 

Step 4 -- Configure a File Connector with Link-based Stubbing

This step will discuss the specific link-based stubbing settings of a file connector only. If you are not generally familiar with how to configure a file system connector in the HCS, please see How to Create Connectors for Files.

 

When configuring a file connector, the drop-down menu called ' Stubbing Format' is where you will find the setting to enable Link-Based stubbing.

(The Link-Based stubbing option is only available when the Link-Based Stubbing option is selected in the Retrieval Service Advanced settings) 

 

 

NOTE: A single HCS instance can have some connectors capturing and stubbing data in CIFS shares with link-based stubbing enabled, while other connectors capture and stub data in Windows file shares with the seamless stubbing method.

 

With the above four steps complete, you should now have a fully working environment for link-based stubs.

NOTE: With link-based stubbing active in your environment, the Export Utility in ' Admin Mode' will now present the option of recovering/exporting content as link-based stubs.