Virtual TapeServer for NonStop Servers Installation Guide HP Part Number: 514105-003 Published: December 2009 Edition: All J06 release version updates (RVUs), all H06 RVUs, and all G06 RVUs
© Copyright 2009 Hewlett-Packard Development Company, L.P. Legal Notice Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. The information contained herein is subject to change without notice.
Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .v About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Supported release version updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
iv | Contents
Preface Welcome to the Virtual TapeServer Installation Guide. This guide provides configuration information for Virtual TapeServer (VTS). VTS enables host systems to read from and write to a local or SAN-attached file system. The virtual tape drive emulates the type of tape drive specified during the initial installation and setup process. About this guide The Virtual TapeServer Installation Guide is designed to help you configure VTS.
Related documentation In addition to this installation guide, the following documentation is provided: • Virtual TapeServer Quick Setup Guide, which provides instructions for installing the hardware and configuring VTS on the network. • Virtual TapeServer Operations and Administration Guide, which describes how to use the VTS web interface to manage VTS. • Virtual TapeServer Release Notes, which provides information about system support, known issues, and other information about the current release.
Overview of Configuration Tasks After completing the procedures provided in the Virtual TapeServer Quick Setup Guide, you can continue the initial configuration of the Virtual TapeServer (VTS) server. This guide provides those configuration procedures. The following steps outline the general tasks that you must complete to configure VTS. 1. Validate or change the standard vault layout as described in Reconfiguring Vaults on page 3. 2.
2 | Overview of Configuration Tasks
Reconfiguring Vaults By default, vault storage is configured on the Virtual TapeServer (VTS) server. Prior to using this storage, you may want to review and change the configuration. For example, you may want to define additional vaults, which provide a convenient way to separate data for different applications or users. You may want to reconfigure vault storage before creating virtual tape drives (VTDs) or using VTS, though you can use VTS without reconfiguring vaults.
You can also enter the following command to list the current configuration: df -Ph Here is an example of the output. The bolded lines indicate partitions that are eligible for configuration: Filesystem /dev/cciss/c0d0p2 /dev/cciss/c0d0p4 /dev/cciss/c0d1p1 /dev/cciss/c0d2p1 /dev/cciss/c0d0p1 tmpfs /dev/cciss/c0d3p1 Size 9.7G 83G 4.5T 2.3T 99M 4.0G 2.3T Used Avail Use% Mounted on 4.2G 5.0G 46% / 184M 79G 1% /VAULT00 192M 4.3T 1% /VAULT01 201M 2.2T 1% /VAULT10 12M 82M 13% /boot 0 4.0G 0% /dev/shm 201M 2.
10. Create partitions on the recently created array(s). If the disk partition is less than 2TB in size, complete these steps: a. Starting with the first recognized disk after the system disk, create the partition by entering the following command: fdisk /dev/cciss/c0d3 The fdisk command displays a : prompt. b. Add a new partition by entering the following command: n c. Choose the primary partition by entering the following command: p d. Select the first partition by entering the following command: 1 e.
f. Review the layout by entering the following command: print Here is an example of the output: Model: Compaq Smart Array (cpqarray) Disk /dev/cciss/c0d3: 2500GB Sector size (logical/physical): 512B/512B Partition Table: gpt Number 1 2 Start 17.4kB 1250GB End 1250GB 2500GB Size 1250GB 1250GB File system ext3 primary Name primary Flags g. Quit parted. quit 11. Create file systems on the newly created partitions.
/dev/cciss/c0d0p4 /dev/cciss/c0d1p1 /dev/cciss/c0d2p1 /dev/cciss/c0d0p1 tmpfs /dev/cciss/c0d3p1 /dev/cciss/c0d3p2 83G 4.5T 2.3T 99M 4.0G 1.2T 1.2T 184M 192M 201M 12M 0 199M 199M 79G 4.3T 2.2T 82M 4.0G 1.1T 1.
8 | Reconfiguring Vaults
Configuring Licensing Before you can use Virtual TapeServer (VTS), you must enable licensing. You can enable licensing for the following: • Virtual tape drives (VTDs) and compression, if included • SecureVTS • Instant DR, which also enables AutoCopy To request license keys, contact the HP VTS Program Manager, Glenn Garrahan, at glenn.garrahan@hp.com.
3. Click Manage System Licenses. The following page is displayed: 4. If SecureVTS is licensed, type the license key in the Secure VTS Key field. 5. If Instant DR or Autocopy is licensed, type the license key in the IDR Key field. 6. In the VTD Key field, type the license key. 7. Click SUBMIT. 8. On the pop-up dialog, click OK to confirm that you want to add the key. 9. Repeat these steps for each license key you wish to enter. Only one license key can be submitted at a time. 10.
Creating Virtual Tape Drives After Virtual TapeServer (VTS) is deployed, you must create virtual tape drives (VTDs). Up to 32 VTDs are supported per VTS server, and your VTD license determines how many VTDs you can create. If you must modify a VTD after it is created, refer to the Virtual TapeServer Operations and Administration Guide. Creating a VTD The following table describes the properties that you must set when defining a VTD.
The following procedure describes how to create a VTD using the Manage Connections page. Note At least one bus must be set to Virtual (target) mode on the Manage System Limits page before you can create a VTD. Ports should have been configured as described in the Virtual TapeServer Quick Setup Guide. Requires the View/Manage Configuration To add a VTD 1. Click Manage Connections on the navigation pane. 2. Log in. See Credentials on page 47 for a list of default user accounts. 3.
unique combination. For example, you cannot assign target ID 0 LUN 0 and target ID 1 LUN 0 on the same bus; this creates a conflict. All target IDs on a bus must be identical, and you cannot assign a LUN value more than once per bus. The appropriate ID value depends on the host server: • For NonStop S-series servers IDs 4 and 5 are reserved for tape devices, while other IDs are reserved for other device types.
11. In the Serial Number field, specify the serial number of the VTD. You can specify up to 10 alphanumeric characters. This string is presented to the host and should be unique (across all VTS servers and VTDs in the environment). If you do not specify a serial number, it is automatically generated. 12. Click Submit. It is recommended that you back up the VTS database after modifying the VTS configuration. Refer to the Virtual TapeServer Operations and Administration Guide for instructions.
Validating access to VTDs from the NonStop server To validate that the NonStop server can back up to configured VTDs in VTS, you must configure the NonStop server to add the VTD. Then, you can start the virtual tape drive from the NonStop server. Issue the following command on Integrity series servers to configure the virtual tape drive: SCF ADD TAPE $VTD, SENDTO STORAGE, LOCATION (x,y,z), LUN #, SAC #, PORTNAME WWN#, COMPRESSION OFF where $VTD The virtual tape drive name, such as $TAPE00.
This command should return messages similar to the following if successful: SCF - T9082G02 - (06JAN06) (31OCT05) - 01/19/2007 08:42:11 System \DEV3 (C) 1986 Tandem (C) 2006 Hewlett Packard Development Company, L.P. Total Errors = 0 Total Warnings = 0 If unsuccessful, messages similar to the following are displayed: SCF - T9082G02 - (06JAN06) (31OCT05) - 01/19/2007 09:09:06 System \DEV3 (C) 1986 Tandem (C) 2006 Hewlett Packard Development Company, L.P. STORAGE E00002 START TAPE \DEV3.
Configuring Access Control If you have system administrator privileges, you can configure access control to grant or limit access to specific Virtual TapeServer (VTS) functions. Each login ID belongs to a group and each group has a unique set of privileges. Note VTS provides a user that has administrator privileges. You can log in as admin if no other administrative user is created on the system. The default password for this user is virtual.
3. Under Defaults and Undo, click the Restore CLOSED Defaults button, which restores all default users, groups, and rights. 4. Click OK on the pop-up dialog box to confirm that you want to restore closed defaults. Below are closed system defaults: • • Users — The following users are defined.
Rights Administration Group Upload Encryption Keys X Upload VPD X Configuration Backup X Configuration Restore Supervisor Group X X X View log files X View/Manage Configuration X Virtual Tape Operations Operations Group X X X X Scan and Cleanup Control Panel X X Virtual Tape Cartridge Maintenance X X Delete Cartridges X X Virtual Tape Import and Export X X Virtual Tape Instant DR X X Virtual Tape Mounts and Locks X X Virtual Tape Pool Maintenance X X Erase Cartridg
Enabling closed access and restricting access to virtual tapes If you want to create an account that does not have access to virtual tapes, complete this procedure. To restrict access to virtual tapes 1. Log in using the access account. 2. Enable a closed system as described in Enabling a closed system using default users and groups on page 17. 3. Add a user as described in Creating a user on page 21. 4. Add a group: a. Click + to expand Users and Groups. b. Click ADD next to Groups. c.
Managing users You can add users to VTS or modify settings of an existing user. The following sections describe how to create, modify, and delete users. Note In the following procedures, if the Users and Groups and Rights sections of the Access Control page are not available, you must enable a closed system. These sections are not displayed if the system is configured as open access. Creating a user Requires the System Access Controls access right To create a user 1.
3. Click + to expand Users and Groups. 4. Click ADD next to Users. The name and password fields are displayed. 5. Type a username in the name field. Usernames cannot contain spaces and cannot duplicate existing usernames, group names, or reserved names. Also, they must be alphanumeric, though they can include an _ (underscore) character. 6. Type a password in the password field.
7. Click APPLY. The user is added and additional buttons are displayed. 8. To assign the user to a group, click CHANGE GROUP. The Group drop-down list is displayed. Note The user cannot perform functions until you assign the user to a group. 9. Select a group from the drop-down list and click APPLY.
Changing any user’s password It is highly recommended that you change the passwords of the default users. Requires the System Access Controls access right to change any user’s password To change a user’s password 1. Click Access Control on the navigation pane. 2. If prompted, log in. After logging in, the Access Control page is displayed. 3. Click + to expand Users and Groups.
4. Select the user from the Users drop-down list. 5. Click SET PASSWORD. The Password field is displayed. 6. Type a new password in the field. 7. Click APPLY. Changing your password Requires the User Access Controls access right to change your password only To change your own password 1. Click Access Control on the navigation pane. 2. If prompted, log in. After logging in, the User Access Control page is displayed. 3. Type your current password in the Old password field. 4.
Assigning a user to a group Requires the System Access Controls access right To assign a user to a group 1. Click Access Control on the navigation pane. 2. If prompted, log in. After logging in, the Access Control page is displayed. 3. Click + to expand Users and Groups.
4. Select the user from the Users drop-down list. The SET PASSWORD and CHANGE GROUP buttons are displayed. 5. To assign the user to a group, click CHANGE GROUP. 6. Select a group from the drop-down list and click APPLY. Deleting a user Requires the System Access Controls access right To delete a user 1. Click Access Control on the navigation pane. 2. If prompted, log in. After logging in, the Access Control page is displayed.
3. Click + to expand Users and Groups. 4. Select the user from the Users drop-down list. 5. Click REMOVE. 6. When prompted, click OK to confirm that you want to remove the selected user.
Configuring groups Groups define the access rights that are assigned to users. Three groups are provided: Administration, Operations, and Supervisor. For a list of the default rights assigned to these groups, see page 18. You can modify the access rights that are assigned to these groups. You can also save your changes as a set of custom defaults, which can be restored later if necessary.
3. Click + to expand Rights. 4. To modify access rights assigned to the Administration group, select the checkbox next to each access right in the Administration column. Note The rights are organized in categories. If you grant access to a category, all rights in the subcategories are granted by default, though you can remove individual rights in the subcategories.
Right User Access Controls Description Enables the user to change his or her password only within Access Control Block and Unblock TapeServer Displays the Block & Unblock TapeServer link on Supervisory Functions page, which enables the user to block and unblock VTS functions Database Download Enables the user to create a system restore image from the Supervisory Functions page Database Upload Enables the user to restore a system restore image from the Supervisory Functions page Edit Configuration Fi
Right Delete Cartridges Description Enables the user to delete virtual tapes from the Virtual Media - Operation and Virtual Media - Cartridge Maintenance pages Virtual Tape Import and Export Grants access to the Virtual Media - Import/ Export page Virtual Tape Instant DR Grants access to the Virtual Media - Instant DR page Virtual Tape Mounts and Locks Grants access to the Virtual Media - Mounts and Locks page Virtual Tape Pool Maintenance Grants access to the Virtual Media - Pool Maintenance page
Saving and restoring custom defaults After configuring users and group rights, you can save all settings as a custom configuration. Later, you can restore these settings by simply clicking the Restore CUSTOM Defaults button in the Defaults and Undo section of the page. This button becomes available after you save a custom configuration. These procedures require the System Access Controls access right To save custom default settings 1. Click the Save as CUSTOM button above the access rights table. 2.
To restore the custom default settings Click the Restore CUSTOM Defaults button to restore the custom configuration and discard changes made since the custom defaults were last saved.
Managing Certificates Virtual TapeServer (VTS) uses X.509 certificates Secure Sockets Layer (SSL) communication between the browser and the VTS web server. Certificates can be self-signed and generated by VTS or they can be issued by a Certificate Authority. Note If you use a self-signed certificate, your browser may display a certificate warning when you access VTS. To prevent this warning, use a certificate signed by a Certificate Authority or add an exception to the browser.
3. Create a location to store the files that will be generated. It is recommended that you store the files in a location that will be backed up when a system restore image is created, such as /etc/pki. This example uses /etc/pki/mycompany as the location: mkdir /etc/pki/mycompany 4. Change to the new location: cd /etc/pki/mycompany 5. Create a key file, as follows: a. Generate the key file: openssl genrsa -out server_name.key 2048 where server_name is the host name of the VTS server. b.
A challenge password []: An optional company name []: Send the certificate request file to the Certificate Authority. When the Certificate Authority returns the actual certificate, copy it to the directory created above. After the Certificate Authority returns a certificate, install it on the server. To install a certificate 1. Log in to the VTS server. 2. Become root: su 3. Configure the web server to use the new certificate, as follows: a.
38 | Managing Certificates
Configuring EMS Communication To automate the process of mounting and dismounting virtual tapes, you must configure the Event Management System (EMS) on Virtual TapeServer (VTS). The EMS service for NonStop servers starts the EMS distributor on the NonStop server by issuing a Tandem Advanced Command Language (TACL) command. The distributor notifies the VTS EMS service when an EMS message is posted on the NonStop server.
c. Click Show General Settings. The following fields are displayed: d. To enable EMS, select the Enable EMS checkbox. e. f. To configure VTS to generate EMS messages for notifications, set the following: • To enable VTS to send notification messages back to the NonStop host from EMS messages, select Enable Host Notifications. • If you enabled notifications, set the notification level from the Notification Level drop-down list.
i. Click the Save EMS Configuration button (at the bottom of the page) to save the settings. 5. Define the EMS hosts that identify the NonStop servers for which a Telnet or SSH session will be established. a. Click the New EMS Host button. The following fields are displayed: b. Specify a name for the host in the Host ID field. This is used for display purposes only. c.
e. In the Host Port field, specify the target Telnet or SSH port on the NonStop server. By default, SSH runs on port 22. To identify the SSH port on the NonStop server, refer to the PORT parameter in the SCF IN file that defines the SSH process. f. To define the service settings, set the following: • If you chose Telnet, specify the service selection prompt to which the EMS login process responds and begins in the Service Prompt field.
parameter) that is up to six characters in length (including the $). Here is an example: (for TACL): #SET #INFORMAT TACL EMSDIST /CPU 0, PRI 100, NAME $VTMS1, TERM $ZHOME/ BACKUP 1, TYPE P, COLLECTOR $0, TEXTOUT [#MYTERM] h. In the Notify Wait Timeout field, specify the number of seconds to allow the host to process commands before VTS expects to prompt for another command. Typically, this should be 2-3 seconds but it causes no harm to allow more time for the host. i.
7. Set the username and password for each EMS host: a. Click Supervisor Functions on the navigation pane. b. Click Manage Passwords. The following page is displayed: c. From the drop-down list, select the EMS host. Note If the EMS hostnames are not in the list, EMS may not be enabled. d. In the Username field, type a username for that host. e. In the New Password field, type a password for the user. f. Retype the password in the New Password (again) field. g. Click Update. h.
c. Enter yes to accept the fingerprint. If a mismatch occurs after accepting the fingerprint, you can edit the /home/bill/.ssh/ known_hosts file to remove lines for host server whose key has changed. Then, after the obsolete key has been removed, repeat this step to accept the new key. 9. Click RESTART on the Virtual Media - Mounts and Locks page to restart the EMS service. Or, click Start EMS Service on the Supervisory Functions page.
46 | Configuring EMS Communication
Credentials This appendix describes the operation system and web interface accounts that are provided with Virtual TapeServer (VTS). Operating system accounts Here is a list of the user accounts for the VTS operating system (Linux). • root • bill • vtsa The first time you log in to the VTS operating system using one of these usernames, you are prompted to change the password.
• 48 | Through “sudo”, can issue the following commands: • /sbin/tune2fs -l /* (runs as root) • /bin/cat • /usr/bin/passwd • /usr/local/tape/bin/ getVTS_dbginfo (runs as root) • /sbin/chkconfig • /bin/ping • /bin/bash/usr/local/tape/bin/ • /usr/bin/clear getVTS_dbginfo (runs as root) • /bin/ps • /usr/bin/updatedb (runs as root) • /usr/bin/crontab • /sbin/reboot (runs as root) • /sbin/fdisk -[vl] (runs as root) • /bin/date • /usr/bin/rsh • /sbin/fdisk -[sl] /* (runs as root) • /bin/df • /us
Adding accounts You can create additional accounts in the Maintenance group, and the new user will have the same privileges as the vtsa user. To create an account 1. Log in to the VTS server as a user with root access. 2. Enter the following command to create the user account: useradd -n username 3.
Web interface accounts Here is a list of the default user accounts provided for accessing the VTS web interface: Username Default Password Group Privileges operator tapelabs Operations Can view system status, including vaults. tapelabs tapelabs Supervisor Can perform all VTS functions but cannot perform factory setup activities, administer access control, edit the VTS configuration file, restore the Linux configuration, or view and manage configurations.
Index A access control overview 17 saving and restoring custom defaults 33 access rights, See rights assigning groups to a user 26 rights to a group 29 audience v AutoCopy licensing 9 automating mounts 39 B BTLI 11 C certificates overview 35 CLIM configuring VTDs 14 closed (access) system 17 compression licensing 9 configuring access control 17 EMS 39 EMS user accounts 44 groups 29 licensing 9 passwords any user’s 24 yours 25 users 21 creating users 21 virtual tape drives 11 custom defaults, saving and re
P passwords, modifying any user’s 24 yours 25 R related documentation vi rights assigning to groups 29 descriptions 30 S SecureVTS licensing 9 Support vi T typographical conventions v U users assigning groups 26 creating 21 default accounts 18 deleting 27 EMS 44 V validating NonStop-to-VTS server backups 15 virtual tape drives configuring the CLIM 14 creating 11 VTD licensing 9 52 | Index
