Universal Share Enhancements
Universal Shares present a powerful option for protecting workloads. Universal Shares are configured for specific hosts, helping to keep them secure, and leverage the MSDP (Media Server Deduplication Pool) filesystem to allow deduplication and storage savings. Delegate recovery from Universal Shares to Workload Administrators with a new role enabling folder and file recovery. With the new RBAC (Role Based Access Control) role, access and use of Universal Shares can align to zero trust principles and organizational workflows (see Figure 1). Universal Share configuration is still managed via the Storage node in the WebUI (Web User Interface), but there is now a Workload > Universal Share section of the WebUI.
Figure 1. New RBAC Role for Universal Share Administration
After a host has injected data into a Universal Share, the data remains available to the end user for any immediate restore needs. Further, the NetBackup Administrator can perform a Universal-Share type backup of one or more of the Universal Shares on the MSDP host. This ingests the data from the Universal Share into the NetBackup catalog, allowing for further operations, such as SLP (Storage Lifecycle Policy), as well as indexing the image for single file restores. At this point, the backup of the Universal Share becomes what is called an Asset-an item with data protection within NetBackup, which is tracked under the Workloads > Universal Share section of the NetBackup WebUI. With this new set of RBAC permissions, workload admins can now browse and select the recovery points of previous Universal Share backups and perform their own restores for their own assets in just a few clicks.
Figure 2. RBAC Role for Universal Share permissions
When a recovery is needed from a previous data set, the asset’s Universal Share can be exposed to Workload admins that have reason to see backups on a particular Universal Share, as well as being able to see any other available backup image copies on other media using this new RBAC role as a template (see Figure 2). Once a recovery point is identified, the workload administrator will be able to provision the share with the desired recovery data. Next, the path can be mounted on the desired host and the data is now available for workload-specific operations. For this Universal Share recovery workflow, the mount point becomes a source for the desired asset. Permission control also allows for the potential to delete the Universal Share, offering more control when business operations require it.
The NetBackup Administrator can control these permissions, as well as delegate this new RBAC role to specific users, or create a new role for more granular permissions to each of the Universal Shares. The user’s permissions will also enable API calls to do the same tasks as the WebUI, allowing for automated workflows. User permissions can further be restricted to only interact with specific Universal Shares in the workloads section. The Recovery points are found in the Universal Shares workload section of the WebUI. The recovery points can be filtered as well as constrained to a data range when browsing, allowing the workload administrator to find their desired data quickly.
Figure 3. Universal Share recovery point with 1 copy
Universal Shares offer compelling ease of use for workloads without an agent or for any platform where they may be needed. With this new RBAC role, the workload administrator’s restore experience is enhanced, offering more end-to-end control of their data. Additionally, users with this RBAC role can meet simple restore point objectives through a self-service restore model.
