Home EnterpriseData Protection New Dell PowerProtect Data Domain Appliances Deliver Critical Cyber Resiliency

New Dell PowerProtect Data Domain Appliances Deliver Critical Cyber Resiliency

by Kevin OBrien

Dell has added a pair of new PowerProtect appliances, the Data Domain DD9410 and DD9910. They’re packed with hardware and software updates that offer essential benefits for Dell customers.

Dell PowerProtect Data Domain purpose-built backup appliances (PBBAs) are #1 in their class (IDC 1Q24 PBBA Tracker) for good reason. Data Domain appliances have a long history of securing the data of many of the planet’s largest enterprises. Dell’s leadership in secure data protection is even more critical today with the explosive growth of AI. The need to not only secure existing business data from increasingly common ransomware attacks is vital, but safeguarding the surge of data resulting from AI investments is now a growing challenge.

Dell PowerProtect bezel

To help organizations protect their data and applications, Dell has added a pair of new PowerProtect appliances to its broad appliance portfolio: the Data Domain DD9410 and DD9910. These appliances pack substantial hardware and software updates that deliver several essential benefits to Dell customers.

These new appliances deliver up to 38% faster backups and 44% faster restores. The systems are more power efficient than ever, especially considering the TB/watt consumed. Data Domain offers broad scalability, from 1TB to 1.5PB of usable capacity in a single appliance in a more rack-dense deployment. With deduplication, that’s up to 97.5PB of logical storage on a single appliance.

Also available for Data Domain systems is a unique guaranteed deduplication ratio of 55:1, a cyber recovery guarantee that offers up to $5M to assist in the recovery of production data, and an additional up to $5M to assist in the recovery of data in a cyber vault.

New Dell PowerProtect DD9410 and DD9910 Data Protection Appliances

The DD9410 and DD9910 are explicitly designed for data protection and are optimized for performance, efficiency, and security. Developed by Dell’s engineers, these new appliances offer unique and proprietary technology, simplifying operations, reducing risks, and lowering costs. Thanks to a comprehensive partner and backup software-agnostic ecosystem, they can seamlessly integrate into your existing environments.

DD Boost

DD Boost is a patented technology that enables deduplication at the source, minimizing the amount of data that needs to be backed up. Any time data can be processed at the source, it reduces the impact on networks, clients, servers, and the Data Domain system. Advanced integration with backup applications and database utilities enhances performance and ease of use.

Instead of sending all data to the system for deduplication processes, DD Boost enables the backup server or application client to send unique data segments across the network to the system. This capability allows users to choose the backup software that is right for them, as Data Domain is backup software agnostic.

Deduplication and Compression

Data Domain typically provides up to 65:1 data reduction and inline data compression, which shorten backup windows, deliver faster replication, and increase retention. This technology equates to a reduced storage footprint and lower data center operating expenditure.

DD Replicator

DD Replicator provides automated, policy-based, network-efficient, and encrypted replication for disaster recovery, multi-site backup, and archive consolidation. It asynchronously replicates only compressed, deduplicated data over the WAN and supports flexible replication topologies to meet broad disaster recovery requirements.

Cloud Tier for Long-Term Retention

Furthermore, Data Domain can tier deduplicated data to any supported object storage provider for long-term retention using Cloud Tier, supporting a wide array of cloud and on-premises object storage solutions. This allows for long-term retention of backup data at reduced costs.

Enhanced Performance and Efficiency

As with Dell’s entire storage lineup, the hardware platforms have significantly improved with each generation, benefiting from CPU, DRAM, storage, and I/O upgrades. The new Data Domain appliances are no different, with new security, management, and support benefits that make the DD9410 and DD9910 the best iteration of Data Domain hardware yet.

Compared to the previous generation DD9400/DD9900 appliances, the non-HA (High Availability) deployment of the DD9410/DD9900 gets significantly more compact as it is 1U smaller than the DD9410/DD9910 and no longer needs the space used by the FS25 cache shelf. Cache drives now go inside the DD9410/DD9910 head units. By removing the externally connected cache storage shelf, the overall complexity of the system is reduced. This leads to better power efficiency — up to 11% less power consumption — and easier installations. There is also a resiliency benefit as removing the cache server is one less piece of equipment to service. For an HA deployment, the cache SSDs are moved into the 2U FS240 DAE 24-bay SAS-4 enclosure, which adds 2U of space but is shared with the other Data Domain appliances.

Regarding peak capacity, the Data Domain DD9410 tops out at 768TB, while the DD9910 can reach 1.5PB of physical capacity. When you factor in cloud tiering, the capacity grows to 2.3PB usable capacity for the DD9410 and 4.5PB for the DD9910. The logical capacity is much greater once 65:1 data reduction is factored in, bringing those totals under 150PB on the DD9410 and 293PB on the DD9910.

Data Domain DD9410 In rack

Diving deeper into the onboard drive layout, four 1.92TB SSDs in RAID6 are used for the Data Domain OS. RAID6 allows the appliances to survive two drive failures while remaining operational. Looking at the SSD cache, the DD9910 takes advantage of ten 3.84TB SSDs, while the DD9410 gets five 3.84TB SSDs. When configured in HA, the FS240 cache shelf comes into play so each controller can maintain redundant communication to the cache SSDs.

Data Domain DD9410 SSD

Both appliances leverage hardware integration to deliver capabilities previously delivered as add-on cards. The hardware compression engine that was an add-on card before is now integrated into the processors directly, which is made possible with the availability of QAT support in the Intel Xeon processor. Integrating the hardware compression engine into the processor is a significant advantage for the DD9410 and DD9910 for three reasons. First, this means a slot opens up for additional networking connectivity if required; second, the overall system design continues to be simplified, reducing complexity; and third, the rate of compression increases.

With the hardware refresh of the new DD9410 and DD9910 appliances, PCIe connectivity inside the system also saw a significant update. Depending on which slots are used, the rear slots now offer PCIe Gen5 support. The outer twin slots on the left and right of the chassis support PCIe Gen5 I/O adapters, while the center slots remain PCIe Gen4.

We tested the DD9410 in a Dell lab. The Data Domain DD9410 offers a plethora of connectivity on the rear to handle attaching to a wide range of networks simultaneously. On the back are three quad-port 10GbE NICs, a dual-port 100GbE NIC for high-speed connectivity, a quad-port 10/25GbE NIC, and onboard 1GbE networking provided by the server alongside out-of-band management. Two quad-interface external SAS cards are also visible, providing connectivity to the DS600 shelf across redundant connections.

Looking at power, the DD9410 ships with twin 1,100W Titanium PSUs, whereas the DD9910 increases that to dual 2,800W Titanium PSUs. Redundancy is carried through to power delivery, where the appliance can remain online even with one PSU active.

Data Domain DD9410 rear

The DS600 HDD shelf is the same as before, offering up to 768TB of storage capacity across 60 HDDs. The DS600 attached to the DD9410 we tested in Dell’s lab was populated with 8TB HDDs. The 60 drives are split into four disk groups (DGs) with 15 drives in each DG. SAS connectivity is across redundant controllers, connected through redundant SAS cards on the back of the DD9410 appliance.

Data Domain DD9410 disk shelf

Opening the Data Domain DD9410, the two power protection units are visible left and right, protecting the Data Domain during operation. This is part of the VOSS or Vault Optimized Storage Solution at the heart of the Data Domain. In the middle is a Software-Defined Persistent Memory (SPDM) module.

A combination of hardware and software protects the appliance’s memory subsystem in case of a system power loss. When triggered, a high-speed memory dump is performed from the DDR5 memory to M.2 SSDs inside the VOSS. When the server returns to service after a power outage, the SDPM helps restore the data from the M.2 SSD to the system memory on the next boot.

Data Domain DD9410 Controller inside

The Data Domain upgrades follow through to the inside, where they see new 5th-Gen Intel Xeon Scalable processors. The Intel processors offer faster performance, alongside efficiency gains such as having QAT support onboard, where the prior generation needed the add-on card. Faster and more efficient DDR5 memory is another perk with the upgraded hardware. Regarding memory footprint, the DD9410 includes 768GB of RAM across 12 64GB DIMMs, whereas the DD9910 more than doubles that to 2TB across 32x 64GB DIMMs.

Kevin has a walkthrough video from the Dell Hopkinton lab that provides a deep dive into the new DD9410 platform.

Security

The Data Domain platform offers a wide range of security features, including inline and in-flight data encryption, retention lock, role-based access control, multifactor authentication, the option to deploy in an isolated cyber vault, and CyberSense. These built-in features provide robust security measures for cyber resilience, with multiple layers of Zero Trust security. Additionally, the Data Domain platform utilizes AI-based machine learning and analytics via CyberSense to enhance recoverability.

In addition, Data Domain appliances incorporate new critical security features originally delivered via its servers, notably Hardware Root of Trust (HWRoT) and Secure Boot. These features are designed to ensure the integrity and authenticity of the system’s firmware and software from the start of the boot process. Hardware Root of Trust establishes a foundational level of trust within the hardware, ensuring the initial code is secure and verified. This foundational trust extends through the system, preventing any unverified or malicious code from executing.

Hardware Root of Trust

Dell’s Hardware Root of Trust is anchored by an immutable root key embedded within the system’s hardware. This root key forms the foundational layer of security, ensuring that the system’s initial code is authentic and unaltered. The Hardware Root of Trust uses cryptographic techniques to verify the integrity of the firmware during the boot process. This involves checking the digital signatures of firmware components against trusted keys stored in secure hardware. Additionally, Dell’s implementation includes tamper detection mechanisms that alert administrators if any unauthorized attempts are made to alter the hardware or firmware, helping in the early detection of potential security breaches.

Secure Boot

Secure Boot in Dell’s PowerProtect appliances ensures the bootloader, operating system, and other critical components are cryptographically signed and verified before execution. This step-by-step verification builds a chain of trust from the hardware root to the operating system. Secure Boot policies are enforced through the system’s firmware, which checks the signatures of all bootable components against a database of trusted certificates. Any component failing verification is blocked from execution. Dell’s approach includes secure firmware update mechanisms. Updates are signed and verified before application, ensuring the system’s firmware remains protected even during updates.

The following screencap validates that Secure Boot and Hardware Root of Trust are enabled.

PowerProtect Appliances: Minimize the Risk

Integrating Hardware Root of Trust and Secure Boot ensures that data protection appliances and software operate securely, minimizing the risk of data breaches and unauthorized access to backup and recovery systems. Dell’s implementation aligns with industry standards and compliance requirements, offering customers confidence in the security of their data protection infrastructure, which is particularly important for regulated industries. By ensuring that only trusted firmware and software can run on PowerProtect systems, Dell enhances its data protection solutions’ overall resilience and reliability. This leads to fewer vulnerabilities and reduced risk of system downtime due to security incidents.

Hardware Root of Trust and Secure Boot are two robust features incorporated into the many security features in Dell PowerProtect Data Manager. Integrating both features ensures that data protection appliances and software operate securely, minimizing the risk of data breaches and unauthorized access to backup and recovery systems.

Dell PowerMax + Data Domain

Customers can confidently protect PowerMax data from the unexpected while taking cyber resiliency to the next level. PowerMax and Data Domain are the perfect pair for protecting critical enterprise data.

Unique native integration delivered through Storage Direct Protection (delivered with PowerProtect Data Manager) provides faster, more efficient, and more secure backup and recovery for PowerMax storage.

The protection and orchestration of multiple PowerMax arrays can also be centralized. With Data Domain appliances, customers can shrink backup windows. They can also advance their cyber resilience with multiple layers of zero-trust security to ensure data integrity and recoverability and leverage an isolated cyber recovery vault.

Better Together

Via Data Manager, Storage Direct enhances protection by sending data directly to the Dell PowerProtect Data Domain appliances to benefit from unmatched efficiency, deduplication, performance, and scalability. In the continuation of data protection support for storage arrays, data protection for PowerMax 2500 and 8500 is supported, starting with Data Manager version 19.17. With this ability, you can use Data Manager to back up and restore the storage groups within the PowerMax arrays. All these security features are provided by Dell as part of its mission to be “better together.”

Conclusion

Dell’s PowerProtect Data Domain DD9410 and DD9910 purpose-built backup appliances set a new standard for modern data protection with their advanced performance, efficiency, and security features. These new systems deliver up to 38% faster backups and 44% faster restores, significantly improving operational efficiency and reducing downtime.

The DD9410 and DD9910 also offer greater power efficiency and industry-leading deduplication, providing up to 97.5PB of logical storage in a more rack-dense deployment. With a guaranteed deduplication ratio of 55:1 and substantial storage capacities, these appliances are designed to effectively manage the growing data volumes of today’s enterprises.

Security remains a cornerstone in Data Domain. Features like Hardware Root of Trust and Secure Boot ensure data integrity and reduce risk. Seamless integration into existing IT environments, combined with a backup software-agnostic design, highlights Dell’s commitment to versatility and ease of use.

Investing in the DD9410 and DD9910 means equipping your organization with industry-leading tools to tackle today’s cyber resiliency challenges and the world of emerging data protection needs from AI and advanced workloads. With over two decades of market leadership and perpetual improvements, it’s clear why Dell continues to dominate the PBBA category with its Data Domain appliances.

Visit the Dell PowerProtect 3D Hardware Demo for further details.

Dell PowerProtect Data Domain Appliances

Engage with StorageReview

Newsletter | YouTube | Podcast iTunes/Spotify | Instagram | Twitter | TikTok | RSS Feed