Prerequisites, Considerations and Recommendations

Introduction

As a service provider, Expedient serves multiple tenants (clients) in isolated networks with the same IP address ranges and subnets on the same Cohesity cluster. As a result, the Cohesity cluster cannot uniquely identify a given tenant entity using its IP address. For example, tenant A and tenant B might have SQL Server VMs with the same IP address on their respective tenant private networks). To resolve this issue, Expedient can deploy a Hybrid Extender VM on each organization to uniquely identify the virtual entities using the tuple of organization ID and virtual entity's IP address. The Hybrid Extender acts as a proxy VM between the organization and Cohesity cluster and provides source-side deduplication.

Prerequisites

• Ensure that the Hybrid Extender option is enabled within the client's Cohesity organization. Due to the multitenant nature of the Cohesity platform, this task is to be completed by Expedient.
• (Default) Ensure port 29994 is open on the Hybrid Extender VM, and ports 11117 and 29991 are open on the Cohesity cluster. See Firewall and Port Requirements for Hybrid Extender for more information.
• DNS configuration - The DNS configuration on your Hybrid Extender is used for general name resolution and to lookup the domain controller to join the Cohesity cluster to the tenant AD. This is used during source registration for name resolution and mount-based restores/clones for data protection of MS-SQL server, Oracle, etc.

The following are the considerations for DNS configuration on Hybrid Extender:

• When you assign an IP address using DHCP, the Hybrid Extender automatically gets the DNS configuration.
• When you assign a static IP address, you must add the DNS in the Hybrid Extender VM by accessing the VM using SSH. You can access the Hybrid Extender VM and add your DNS in the /etc/resolv.conf file.
• Register the tenant's AD domain on the tenant's DNS server, and create DNS entries for the registered AD machine accounts with Hybrid Extender IPs. This ensures that the clients connected to the tenant network are able to access the views.
• Ensure that Network Time Protocol (NTP) is set up on the Hybrid Extender. For more information, see Set Up NTP Servers.
  If NTP is not setup:
• RPC requests between the Hybrid Extender and the cluster can timeout.
• If the time skew between the AD server and the Hybrid Extender is greater than five minutes, Kerberos authentication may fail.
• Hybrid Extender may not be able to connect if the time lag between the Hybrid Extender and the cluster is extensive enough to invalidate TLS certificates.

Considerations

• Currently, Cohesity does not support the auto-upgrade of the Hybrid Extender. Therefore, you must upgrade the Hybrid Extender after upgrading the Cohesity cluster from one major release to another.
• Expedient will proactively notify and work with clients using Hybrid Extender well ahead of any major platform upgrade.
• All Cohesity networking will be dependent on the Hybrid Extender appliance's availability; if no Hybrid Extender appliance is available, backups and restores will fail.

Hybrid Extender does not support the following features:

• S3
• NFS/SMB clients
• SMB Multichannel
• Keystone
• Kerberos client for NFS
• SSO
• NFS authentication

Recommendations

• Deploy multiple Hybrid Extender VMs to distribute client traffic and achieve high availability and increased throughput.
• Download a new configuration file from Cohesity Cluster every time you deploy a new Hybrid Extender VM.
• Cohesity recommends using the Hybrid Extender version provided with the Cohesity version to get access to the supported sources.
• Once the Hybrid Extender is connected, the backup and recovery communication between cluster and source will be proxied through the Hybrid Extender VM.
• If upgrading the Cohesity cluster, you must upgrade the Hybrid Extender. To upgrade the Hybrid Extender, you should first redeploy the new version and then decommission the existing version of the Hybrid Extender. 
• After upgrading a cluster, the Hybrid Extender version should either be the same as the Cohesity cluster or remain in the previous version. However, Cohesity recommends that the Cohesity cluster version and the Hybrid Extender version should be the same.