(DOCSP-38437) OM Regional Backup draft (#168) (#177)

[JIRA](https://jira.mongodb.org/browse/DOCSP-38437)
[Build
Log](https://workerpool-boxgs.mongodbstitch.com/pages/job.html?collName=queue&jobId=66194d1a3a5920a29190c6d8)

[Staging: Backup
Overview](https://preview-mongodblmkerbeymdb.gatsbyjs.io/ops-manager/DOCSP-38437/core/backup-overview/#regional-backup)
[Staging: Backup
Preparations](https://preview-mongodblmkerbeymdb.gatsbyjs.io/ops-manager/DOCSP-38437/core/backup-preparations/#regional-backup-considerations)
[Staging: Enable
Backup](https://preview-mongodblmkerbeymdb.gatsbyjs.io/ops-manager/DOCSP-38437/tutorial/enable-backup/#conditional-assign-deployment-regions-for-regional-backup)
[Staging: Deployment
Regions](https://preview-mongodblmkerbeymdb.gatsbyjs.io/ops-manager/DOCSP-38437/admin/backup/deployment-regions-page/)

Author: lmkerbey-mdb

source/admin/admin-tab-backup.txt

@@ -32,4 +32,5 @@ For an overview of Backup and Backup resources, see
    /admin/backup/daemons-page
    /admin/backup/snapshot-storage-page
    /admin/backup/oplog-stores-page
+   /admin/backup/deployment-regions-page
 

source/admin/backup/daemons-page.txt

@@ -102,6 +102,10 @@ configure daemons:
          a threshold of 1 :abbr:`GBph (Gigabytes per hour)`, or
        - |mms| has no available |hdd| daemon to handle the job.
 
+   * - Deployment Id
+     - Unique identifier of the :ref:`Deployment Region <deployment-regions-interface>`
+       in which to run the daemon.
+
    * - Assignment Labels
      - Type one or more labels that can be used to assign the daemon
        to a specific project.

source/admin/backup/deployment-regions-page.txt

@@ -0,0 +1,88 @@
+.. _deployment-regions-interface:
+
+==================
+Deployment Regions
+==================
+
+.. default-domain:: mongodb
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 2
+   :class: singlecol
+
+|onprem| supports backup regionalization, which allows each cluster or
+shard to read from and write to snapshot stores in a region you
+choose. To enable regionalized backup, you must configure deployment
+regions. You then bind backup resources such as :ref:`snapshot stores
+<blockstores-page>` or :opsmgr:`backup daemons
+</reference/glossary/#std-term-Backup-Daemon>` to these deployment
+regions.
+
+The deployment region page lists all available deployment regions, and
+allows you to define new deployment regions.
+
+.. important::
+
+   Regional backups ensure storage isolation of cluster data
+   backup. Backup metadata, monitoring, and other |onprem| data not
+   related to the specific cluster backup data can still move across
+   regions depending on your |onprem| deployment configuration.
+
+   To ensure data isolation during restore procedures, you must
+   execute restores only against endpoints in that deployment's
+   configured deployment region. This requirement applies when you
+   restore replica sets and sharded clusters, as well as queryable
+   restores.
+
+   To fulfill backup data sovereignty requirements, you must ensure
+   that you configure all backup and restore endpoints correctly and a
+   user doesn't request an operation that causes backup data to move
+   across regions.
+
+   To further protect against unintentional cross-region backup or
+   restore, consider configuring network restrictions for your data
+   centers.
+
+
+To define a new deployment region:
+
+.. procedure::
+   :style: normal
+   
+   .. step:: Click :guilabel:`Add New Deployment Region`.
+
+   .. step:: Configure the deployment region.
+
+      In the :guilabel:`Set up a Deployment Region`
+      window, provide values for the following fields:
+
+      .. list-table::
+         :widths: 40 60
+	 :header-rows: 1
+
+         * - Field
+	   - Value
+
+         * - Deployment ID
+	   - Unique identifier that references this deployment region
+	     in configurations.
+
+         * - Ingestion Endpoint
+	   - |onprem| instance to which the
+	     :opsmgr:`Backup Agent </reference/glossary/#std-term-backup-agent>`
+	     writes snapshot or oplog data.
+
+         * - Restore Endpoint
+	   - |onprem| instance that serves restore requests.
+
+         * - Queryable Proxy Server Endpoint
+	   - |onprem| instance that serves
+	     :opsmgr:`Queryable Backup </reference/glossary/#std-term-queryable-backup>`
+	     requests.
+
+         * - Deployment Description
+	   - String that describes the purpose of the deployment region.
+
+   .. step:: Click :guilabel:`Confirm`.

source/core/backup-overview.txt

@@ -10,11 +10,10 @@ Backup Process
    :depth: 1
    :class: singlecol
 
-Backups depend upon which
-:manual:`version of MongoDB your database is compatible </reference/command/setFeatureCompatibilityVersion>`.
-This Feature Compatibility Version ranges from the current version to
-one version earlier. For MongoDB 4.2, the FCV can be ``4.0`` or
-``4.2``.
+Backups depend upon which :manual:`version of MongoDB your database is
+compatible </reference/command/setFeatureCompatibilityVersion>`.  This
+Feature Compatibility Version ranges from the current version to one
+version earlier. For MongoDB 4.2, the FCV can be ``4.0`` or ``4.2``.
 
 .. tabs::
 
@@ -72,6 +71,14 @@ The following table lists the states of a backup job:
            - No
            - No
 
+         * - ``Misconfigured``
+	   - Yes
+	   - No
+
+      .. note::
+
+         The ``Misconfigured`` state applies only to :ref:`regional-backup`.
+
    .. tab:: FCV 4.0 or earlier
       :tabid: fcv40
 
@@ -145,3 +152,17 @@ Once created, a backup job goes through the following process flow:
       **Subsequent Backups**
 
       .. include:: /includes/backup/legacy-process-subsequent-backup.rst
+
+.. _regional-backup:
+
+Regional Backup
+---------------
+
+You can assign backup jobs to :ref:`deployment-regions-interface` to
+promote data isolation. When you assign a backup job to a deployment
+region, |onprem| writes all snapshots, oplogs, and sync data that the
+job generates to the relevant storage configured for that
+region. Regional backup is available for replica sets and sharded
+clusters. To enable regional backup for a sharded cluster, you must
+assign deployment regions and initiate backup jobs for each shard
+separately.

source/core/backup-preparations.txt

@@ -537,7 +537,43 @@ data loss or orphaned data.
 Snapshots when Agent Can't Contact a ``mongod``
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-For :manual:`sharded clusters </reference/glossary/#std-term-sharded-cluster>`, if the {+bagent+} can't
-reach a :manual:`mongod </reference/program/mongod/#mongodb-binary-bin.mongod>` process, whether a shard or config server, then
-the agent can't insert a synchronization :manual:`oplog </reference/glossary/#std-term-oplog>` token. In these
-cases, |mms| doesn't create the snapshot and displays a warning message.
+For :manual:`sharded clusters
+</reference/glossary/#std-term-sharded-cluster>`, if the {+bagent+}
+can't reach a :manual:`mongod
+</reference/program/mongod/#mongodb-binary-bin.mongod>` process,
+whether a shard or config server, then the agent can't insert a
+synchronization :manual:`oplog </reference/glossary/#std-term-oplog>`
+token. In these cases, |mms| doesn't create the snapshot and displays
+a warning message.
+
+.. _regional-backup-considerations:
+
+Regional Backup Considerations
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+To enable :ref:`regional-backup` you must associate at least one
+of the following with the :ref:`deployment region
+<deployment-regions-interface>` that a replica set or shard targets:
+
+- :ref:`manage-snapshot-blockstore`
+
+- :ref:`manage-s3-snapshot-store`
+
+- :ref:`manage-snapshot-filestore`
+
+Additionally, you must associate one of each of the following items
+with a deployment region:
+
+- :ref:`oplog-stores-page`
+- :opsmgr:`sync store </reference/glossary/#std-term-sync-store>`
+  (unless you set ``mms.backup.noSyncState`` to ``true``)
+- :opsmgr:`backup daemons
+  </reference/glossary/#std-term-Backup-Daemon>`
+
+If you add a shard to a sharded cluster after you enable regional
+backup for that sharded cluster, you must assign a deployment region
+to the new shard to continue the backup jobs for the existing
+shards. Until you assign a deployment region to the new shard, the
+entire sharded cluster backup job has a ``Misconfigured`` state and
+doesn't generate new snapshots. A sharded cluster with a
+``Misconfigured`` state continues to generate oplog entries.

source/includes/steps-admin-add-blockstore.yaml

@@ -93,6 +93,11 @@ content: |
          For proper syntax, see :manual:`Connection String URI
          Format </reference/connection-string>` in the MongoDB manual.
 
+     * - Deployment Id
+       - Optional
+       - Unique identifier of the :ref:`Deployment Region <deployment-regions-interface>`
+         in which to host the database.
+
      * - Encrypted Credentials
        - Optional
        - Select if the Username and Password for the database were

source/includes/steps-admin-add-oplogstore.yaml

@@ -94,6 +94,11 @@ content: |
           :manual:`Connection String URI
           Format </reference/connection-string>` in the MongoDB manual.
 
+      * - Deployment Id
+        - Optional
+        - Unique identifier of the :ref:`Deployment Region <deployment-regions-interface>`
+          in which to host the oplog store.
+
       * - Encrypted Credentials
         - Optional
         - Select if the credentials for the database were encrypted

source/includes/steps-admin-add-s3-blockstore.yaml

@@ -168,6 +168,11 @@ content: |
          For proper syntax, see :manual:`Connection String URI
          Format </reference/connection-string>` in the MongoDB manual.
 
+     * - Deployment Id
+       - Optional
+       - Unique identifier of the :ref:`Deployment Region <deployment-regions-interface>`
+         in which to host the bucket.
+ 
      * - Encrypted Credentials
        - Optional
        - Select if the credentials for the database were encrypted

source/includes/steps-admin-add-s3-oplogstore.yaml

@@ -183,6 +183,11 @@ content: |
          For proper syntax, see :manual:`Connection String URI
          Format </reference/connection-string>` in the MongoDB manual.
 
+     * - Deployment Id
+       - Optional
+       - Unique identifier of the :ref:`Deployment Region <deployment-regions-interface>`
+         in which to host the bucket.
+
      * - Encrypted Credentials
        - Optional
        - Select if the credentials for the database were encrypted

source/includes/steps-create-backup-wt.yaml

@@ -26,7 +26,23 @@ content: |
 
   .. include:: /includes/list-table-edit-backup-host-credentials-ui.rst
 ---
-title: "Click :guilabel:`Start`."
+title: "(Conditional) Assign Deployment Regions for Regional Backup."
 stepnum: 4
+ref: select-deployment-regions
+content: |
+
+  If you want to enable :ref:`regional-backup` for your replica set
+  or sharded cluster, assign :ref:`deployment regions
+  <deployment-regions-interface>`. For a sharded cluster, you must assign
+  a deployment region to each shard.
+---
+title: "Click :guilabel:`Start`."
+stepnum: 5
 ref: start-the-backup
+content: |
+
+  If you enabled regional backup for your sharded cluster, click
+  :guilabel:`Start` for each shard separately to initiate distinct backup
+  jobs for each. If you initiate a single backup job at the level of the
+  sharded cluster, |onprem| can't guarantee regional data isolation.
 ...