Virtual TapeServer for NonStop Servers Configuration Guide HP Part Number: 661329-001 Published: June 2011 Edition: All J06 release version updates (RVUs), all H06 RVUs, and all G06 RVUs
© Copyright 2011 Hewlett-Packard Development Company, L.P. Legal Notice Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. The information contained herein is subject to change without notice.
Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Supported release version updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9 Enabling and Configuring Data Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39 Configure data partitions on target servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Enabling Data Replication licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Configuring source and target settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14 Enabling and Configuring Scan/Cleanup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93 15 Configuring User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99 Managing operating system accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Using the vtsa account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Log format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Message severity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Message IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Message text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Export log .
Preface Welcome to the Configuration Guide. VTS offers complete disaster recovery capabilities. As a primary repository for data center backups, VTS can also be used as secondary tiered storage for replicated data to meet disaster recovery requirements. About this guide The Configuration Guide is designed to help you configure VTS and then accomplish the necessary tasks for using virtual media to store and retrieve data. This guide provides procedures for all tasks you must perform to start using VTS.
This icon is used throughout the guide to note the access right(s) required to perform the procedure that follows. Related documentation In addition to this guide, the following documentation is provided: • Quick Start Guide, which provides instructions for installing the hardware and configuring VTS on the network.
Introduction Tape remains the most practical solution for removable storage, and it is often required by regulatory agencies to be archived and stored offsite. However, as the cost of commodity disk storage has decreased, many enterprises view disk-based backup solutions as a feasible alternative to tape-based backup.
VTS delivers reliable, scalable, and high performance virtual tape for backup, restore, Transaction Management Facility (TMF), archive, and data recovery operations. You can deploy VTS to simplify and streamline traditional tape operations, reduce costs for storage hardware and tape media, automate backup and restore operations, and increase flexibility in managing backed-up data. The virtual environment The basic building blocks of VTS are vaults, pools, virtual tape drives, and virtual tapes.
needed, it can be discarded just like a physical tape. A virtual tape is synonymous with a file in a directory. Overview of features The heart of VTS is a middleware tape emulation engine that enables VTS to emulate tape storage to host servers and provides backup storage for the data on industry standard, lowcost disk arrays. Data stored in VTS can later be copied to real tape media for archival storage or disaster recovery if long-term backup copies are required.
Accessing the VTS web interface VTS is managed through a standard web browser interface. To access the web interface, launch a supported web browser that is on the same internal network as VTS and then enter the following URL: https://ip_address where ip_address is the management network interface address. Or, if the Domain Name System (DNS) is configured on the network, enter the following: https://hostname where hostname is the hostname of the VTS server.
Overview of Tasks After completing the procedures provided in the Virtual TapeServer Quick Start Guide, you can continue the initial configuration of the Virtual TapeServer (VTS) server. Then, you can use VTS to manage your virtual media. The following outlines the general tasks that you must complete to configure VTS and perform day-to-day tasks to maintain VTS. Many of these procedures for the tasks are now provided in the online help. To configure the VTS server 1.
11. Configure access control to grant or limit access to specific VTS functions. See Configuring User Accounts on page 99. 12. Configure the user interface as described in Configuring Web Interface Preferences on page 115. 13. Write labels to the virtual tapes from the host server as described in Labeling virtual tapes on the host server on page 70. 14. Verify EMS settings by running a labeled backup on each VTD. 15.
Reconfiguring Vaults By default, vault storage is preconfigured on the Virtual TapeServer (VTS) server. Prior to using this storage, you may want to review and change the configuration. For example, you may want to define additional vaults, which provide a convenient way to separate data for different applications or users. You may want to reconfigure vault storage before creating virtual tape drives (VTDs) or using VTS, though you can use VTS without reconfiguring vaults.
Reviewing the vault layout You must use a Linux partition editor, such as fdisk, parted, druid, or the HP Array Configuration Utility, to view the current configuration. (The HP Array Configuration Utility is available as part of HP SmartStart, but using HP SmartStart requires that you reboot VTS.) The following steps use parted to view the current partition layout: 1. Log in to the VTS server as the root user. 2.
3. Create partitions on the disk. If the disk partition is less than 2TB in size, complete these steps: a. Starting with the first recognized disk after the system disk, create the partition by entering the following command: fdisk /dev/cciss/c0d1 The fdisk command displays a : prompt. b. Print the current partition table by entering the following command: p c. Delete any partitions that you want to reconfigure by entering the following command: d d.
e. Create a primary partition at the beginning of the disk (4TB in this example): mkpart primary 0 4000G Or, you can create multiple partitions to consume all disk space: mkpart primary 0 50% mkpart primary 51% 100% f. Review the layout by entering the following command: print Here is an example of the output: Model: Compaq Smart Array (cpqarray) Disk /dev/cciss/c0d1: 2500GB Sector size (logical/physical): 512B/512B Partition Table: gpt Number 1 2 Start 17.
Adding vaults on external storage devices If an external storage device is connected to VTS, you can use it to configure additional vaults. Up to 100 vaults are supported per VTS server. Note If GFS is used in your VTS environment, see Maintaining GFS for VTS on page 157 for instructions to create vaults. To add a vault to VTS 1. If necessary, connect the external storage device to VTS. Make sure that the cable is plugged in and the link light is illuminated (for Fibre Channel) on the VTS server.
d. If the partition is not visible, enter the following command to scan the SCSI connections and detect new hardware: /usr/local/tape/bin/rescan-scsi-bus.sh -l -c -r -w Output similar to the following is displayed: 1 new device(s) found. 0 devices indicates that this is a pre-existing SAN. If you cannot see the partition after rescanning the SCSI connections, reboot the VTS server. 4. If the disk partition is less than 2TB in size, complete the following steps to configure the disk partition: a.
c. Create a primary partition at the beginning of the disk (3TB in this example): mkpart primary 0 3000G Or, you can create multiple partitions that consume all available disk space: mkpart primary 0 50% mkpart primary 51% 100% d. Quit parted. quit 6. Format the disk partition by entering the following command: mke2fs -j -L /VAULT01 /dev/sdc1 When specifying a vault name, use the following format: VAULTnn, where nn indicates a number. Repeat this command, incrementing nn for each new vault.
Renaming vaults You may need to rename a vault that is used by VTS. This example demonstrates how to rename /VAULT03 to /VAULT05. To rename a vault 1. Click Administration→System Tasks on the navigation pane and then click Stop TapeServer. 2. Log in to the server as root. 3. Review the existing vault layout and identify the device to rename.
Enabling Licensed Features Before you can use Virtual TapeServer (VTS), you must enable licensing. You can enable licensing for the following: • Managed capacity, which includes licensing for virtual tape libraries (VTLs) • Standalone virtual tape drives (VTDs) and compression, if included • Data Encryption Suite • Data Replication Suite, which is implemented as replicate jobs To request license keys, contact the HP VTS Program Manager, Glenn Garrahan, at glenn.garrahan@hp.com.
3. Click Manage System Licenses. The following page is displayed: 4. Enter license keys as described in the help. To view the help, click the Help button at the top of the page. 5. If this is the first time you are entering license keys, you are prompted to accept the enduser license agreement. Read the agreement and click ACCEPT. If you do not accept the agreement, you cannot use the server. 6. Restart the TapeServer service. Click Administration→System Taskson the navigation pane.
3. Click Manage System Licenses. The following page is displayed: 4. Configure licensing as described in the online help. To view help, click Help at the top of the page. 5. Restart the TapeServer service. Click Administration→System Tasks on the navigation pane. Then, click Stop TapeServer and then click Start TapeServer.
18 | Enabling Licensed Features
Configuring Ports After cabling the host server(s) and external devices to the VTS server, you must configure the ports to enable VTS to communicate properly with each device (target or initiator). If you attach an external tape drive or external disk array to the server after initial configuration, you must define the port as physical. Ports connected to host servers must be defined as virtual. Requires the View/Manage Configuration access right To configure ports 1.
20 | Configuring Ports
Creating and Managing VTLs and VTDs After Virtual TapeServer is deployed, you can create virtual tape libraries (VTLs). A VTL emulates the functionality of a tape library, which contains one or more tape drives, magazines that hold tape cartridges, a barcode reader to identify tape cartridges, and a media changer for loading and unloading tape cartridges.
A naming convention is used when the components of the VTL are created. The VTL name is specified by the user. All other names are automatically assigned by VTS.
2. Click Configuration→Virtual Devices on the navigation pane. The Configure Virtual Devices page is displayed: 3. Click Add Virtual Tape Library in the VIRTUAL TAPE LIBRARIES section of the page. The following is displayed: 4. Configure the VTL as described in the help. To view the help, click the Help button at the top of the page. All VTL components are created and the VTDs are mounted. The VTDs are listed in the VIRTUAL TAPE DRIVES section of the Configure Virtual Devices page.
Managing and using VTLs You can perform the following to manage and use VTLs in your environment: • Modify VTLs, including adding and removing slots and VTDs • Modify VTDs in a VTL • Manage virtual tapes in a VTL, including inserting and replacing virtual tapes • Delete VTLs These procedures are provided in the help. To view the help, click the Help button at the top of any page. To view a list of VTLs Click Configuration→Virtual Devices on the navigation pane.
The following table describes the properties that you must set when defining a standalone VTD. For each property, this table provides a description and whether each property is presented to the host server when VTS responds to a host’s query: Property Description Presented to Host? Name A user-friendly name for the VTD. Yes Tape type The type of tape that the VTD emulates. Yes Port ID The ID of the port on the VTS server to which the host is connected.
Requires the View/Manage Configuration access right To add a VTD 1. If you have not enabled capacity or VTD licensing or if no VTD licenses remain (as indicated in the INFORMATION section of the Manage Tape Connections page), you must enable licensing or add a new license before you can create VTDs. See Enabling Licensed Features on page 15 for more information. 2. Log in using an account that has the access right listed above.
Viewing standalone VTDs To view VTDs Click Configuration→Virtual Devices on the navigation pane. A list of VTDs is provided in the VIRTUAL TAPE DRIVES section of the page. Refer to the online help for information about using this page. To view the help, click the Help button at the top of the Configure Virtual Devices page. To view virtual tapes in VTDs Click Configuration→Tapes and Pools on the navigation pane. All VTD and virtual tape procedures are documented in the online help.
Validating access to VTDs from the NonStop server To validate that the NonStop server can back up to configured VTDs in VTS, you must configure the NonStop server to add the VTD. Then, you can start the virtual tape drive from the NonStop server. Issue the following command on Integrity series servers to configure the virtual tape drive: SCF ADD TAPE $VTD, SENDTO STORAGE, LOCATION (x,y,z), LUN #, SAC #, PORTNAME WWN#, COMPRESSION OFF where $VTD The virtual tape drive name, such as $TAPE00.
This command should return messages similar to the following if successful: SCF - T9082G02 - (06JAN06) (31OCT05) - 01/19/2007 08:42:11 System \DEV3 (C) 1986 Tandem (C) 2006 Hewlett Packard Development Company, L.P. Total Errors = 0 Total Warnings = 0 If unsuccessful, messages similar to the following are displayed: SCF - T9082G02 - (06JAN06) (31OCT05) - 01/19/2007 09:09:06 System \DEV3 (C) 1986 Tandem (C) 2006 Hewlett Packard Development Company, L.P. STORAGE E00002 START TAPE \DEV3.
30 | Creating and Managing VTLs and VTDs
Enabling and Performing Tape-to-tape Exports You can export a virtual tape to physical tape using a tape-to-tape export job. This provides a one-to-one mapping of virtual to physical tape. You can export to a drive in a library or a standalone drive. When creating the tape-to-tape export job, you can choose whether the data remains in virtual tape format or host format.
Requires the System Maintenance Functions and View/Manage Configuration access rights To configure a physical drive or library for tape-to-tape exports 1. Click Configuration→System on the navigation pane of the VTS web interface. 2. Click Edit System Settings. 3. Click Physical Drives to expand this area of the page. A page similar to the following is displayed: 4. Specify friendly names, enable encryption, and designate the devices, as necessary. Then, click Apply.
3. Choose one or more virtual tapes to export. (In a later step, you can also choose virtual tapes in VTLs or pools.) 4. Select Tape-to-Tape Export from the drop-down list above the table, on the right side of the page. The Tape-to-Tape Export pop-up dialog is displayed. 5. Select the Create New Job option. 6. Specify the job options as described in the help. To view the help, click the Help button at the top of the Manage Virtual Tapes page.
34 | Enabling and Performing Tape-to-tape Exports
Enabling and Performing Stacked Exports Through integration with a backup management application server, you can read and write files to and from Virtual TapeServer (VTS). You can then create stacked export jobs on VTS to export, or “migrate”, virtual tapes to physical tapes using an attached external tape device. Note Stacked export jobs are available if a capacity license is enabled on the server. Stacked exports allow for better use of the disk space on the storage array.
To restore a virtual tape that were exported by a stacked export job, you can import the virtual tape. This restores the virtual tape to VTS so that a host server can then use the tape. Refer to the help for importing instructions. Configuring the physical drive or library After attaching a physical drive or library to VTS as described in the Quick Start Guide, you can export virtual tapes to physical tapes.
Setting the backup management application password You can configure a system account for use by backup management applications (for stacked exports). To configure a system user account 1. Click Security→Passwords on the navigation pane of the VTS web interface. A page similar to the following is displayed: 2. Select hsm from the drop-down list. 3. Type the username and password that is required to log in to the backup management applicationand then click Update.
3. Choose one or more virtual tapes to export. (In a later step, you can also choose virtual tapes in VTLs or pools.) 4. Select Stacked Export from the Actions drop-down list (above the table, on the right side of the page). The Stacked Export pop-up dialog is displayed. 5. Select the Create New Job option. 6. Specify the job options as described in the help. To view the help, click the Help button at the top of the Manage Virtual Tapes page. 7.
Enabling and Configuring Data Replication Data Replication is a advanced software feature that enables you to back up data to remote Virtual TapeServer (VTS) servers.
3. Configure source and target settings using the web interface. 4. Replicate data to remote servers by creating and running replicate jobs. To restore data from a target server, you can recover virtual tapes using the External Data page in the web interface. You can then select the target server and list of virtual tapes to restore.
Enabling Data Replication licensing Before you can use the Data Replication feature, you must enable licensing. Requires Administration group membership To enter a license key 1. Click Configuration→System on the navigation pane. 2. Click Manage System Licenses. A page similar to the following is displayed: 3. Enter the license key as described in the help. To view the help, click the Help button at the top of the page.
Requires Administration group membership To add a target server Complete these steps using the web interface on the source server: 1. Click Configuration→System on the navigation pane. 2. Click Edit System Settings. 3. Click Replication to expand this area of the page. 4. Click the Add Target Host button. The following is displayed: 5. Specify target settings as described in the help. To view the help, click the Help button at the top of the page.
3. Click Replication to expand this area of the page. The following is displayed: 4. Authorize, enable, and specify settings as described in the help. To view the help, click the Help button at the top of the page. To complete the connection and enable the target server After the target authorizes and enables this source, complete these steps using the source server's web interface: 1. Click Configuration→System on the navigation pane. 2. Click Edit System Settings. 3.
Replicating data to remote servers To replicate data to remote servers, you must create and run a replicate job. Note Partial procedures are provided below. Be sure to display the online help for full details; click Help at the top of the Manage Virtual Tapes page. Requires the Virtual Tape Import and Export, Vault Access, and Access to all Vaults access rights To create and run a replicate job 1. Click Administration→Virtual Tapes on the navigation pane. 2.
Enabling and Configuring Role Swapping To enable “role swapping” of primary and secondary Virtual TapeServer (VTS) servers in your environment, or to ensure high availability of data across sites, you can license and use the Data Replication feature. Data Replication is a advanced software feature that enables you to back up data to remote VTS servers.
• Ownership of virtual tapes is not stored, so there is no way to inform the administrator of either system of the originator of the virtual tape. • Remote export jobs push virtual tapes from one system to another. It is your responsibility to disable the remote export jobs on current primary server (at the production site) and enable them on the current secondary server when swapping roles. If you do not disable all jobs on the production site, data may be overwritten.
d. Remove virtual tapes from the newly created VTLs, if VTLs were created. These virtual tapes are created automatically but cannot be used to store data that is exported by the remote export jobs. Refer to the online help for instructions. e. Recreate and schedule all of Server A’s jobs on Server B, including the remote export jobs (whose target should be Server A). Be sure to disable these jobs; they should not run until after the roles of the servers have been swapped.
Configuring network settings and TCP/IP security You must configure network settings and TCP/IP security for all VTS locations. To configure the primary (local) system, you must attach a monitor, keyboard, and mouse to the VTS server. To configure secondary (remote) systems, you must use a remote-access application to access those systems, or perform the steps at each site. The IP address, which will differ for each VTS server, must be configured at the primary and secondary sites.
127.0.0.1 10.10.2.145 10.10.2.144 localhost.localdomain server_b.domain.com server_a.domain.com localhost server_b server_a 3. Test connectivity by pinging the network connections. At the prompt, enter ping hostname. For example, to ping Server B, enter ping server_b. Output similar to the following is displayed: 64 64 64 64 bytes bytes bytes bytes from from from from server_b server_b server_b server_b (10.10.2.145): (10.10.2.145): (10.10.2.145): (10.10.2.
6. Check the SSH connection, if you configured SSH. a. At the command prompt, log in. b. Become bill: su - bill c. At the command prompt, enter ssh user@server uptime. For example, on Server B, enter ssh bill@server_b uptime. The first time you enter an ssh command, a message similar to the following is displayed: The authenticity of host 'server_name (IP_addr)' can't be established. RSA key fingerprint is 5f:10:3c:47:78:8f:e3:28:9d:ab:6b:34:ed:d1:e4:08.
Here is an explanation of these lines: • *filter Set the “filter” table as the table to be modified. • :INPUT ACCEPT [0:0] Sets the INPUT chain to a default value of ACCEPT. The [0:0] parameter is the count of packets and bytes to be set when establishing this chain. • :FORWARD ACCEPT [0:0] Sets the FORWARD chain to a default value of ACCEPT and its packet and byte counters to 0. • :OUTPUT ACCEPT [0:0] Sets the OUTPUT chain to a default value of ACCEPT and its packet and byte counters to 0.
4. Enter the following commands: chkconfig iptables on service iptables restart At this point, all TCP/IP traffic is blocked except for SSH, RSH, and ICMP (ping and traceroute) traffic. 5. Repeat these steps on each primary VTS server. Enabling Data Replication licensing Before you can use the Data Replication feature, you must enable licensing. Requires Administration group membership To enter a license key 1. Click Configuration→System on the navigation pane. 2. Click Manage System Licenses.
Configuring settings for remote export jobs Note A default configuration file is defined for each VTS server. To override the default settings, you must define settings as described below. Requires the Edit Configuration File access right To modify the configuration file to configure remote export jobs 1. Enable Data Replication licensing as described in Enabling Licensed Features on page 15. 2. On the primary (originating) server, complete these steps: a.
3. On the secondary (target) servers, add the rep_source_hosts parameter to the configuration file, as follows: a. Click Configuration→System on the navigation pane. b. Click Edit Configuration File. c. Add the rep_source_hosts parameter to the bottom of the file that is displayed. This parameter specifies a list of authorized primary (originating) hosts. The list of target locations cannot be generated unless the originating source is listed. This parameter is required. Example vts.
Configuring EMS Communication To automate the process of mounting and dismounting virtual tapes, you must configure the Event Management System (EMS) on the Virtual TapeServer (VTS) server. The EMS service for NonStop servers starts the EMS distributor on the NonStop server by issuing a Tandem Advanced Command Language (TACL) command. The distributor notifies the VTS EMS service when an EMS message is posted on the NonStop server.
c. Enable EMS and configure the settings, as described in the help. To view the help, click the Help button at the top of the page. 4. Set the username and password for each EMS host: a. Click Security→Passwords on the navigation pane. The following page is displayed: b. Configure a password for each EMS host defined in the configuration file. Click Help for complete instructions. 5. If you configured EMS to use SSH, you must log in to each host server to verify and accept the fingerprint.
d. Enter yes to accept the fingerprint. If a mismatch occurs after accepting the fingerprint, you can edit the /home/bill/.ssh/ known_hosts file to remove lines for host server whose key has changed. Then, after the obsolete key has been removed, repeat this step to accept the new key. 6. Click RESTART on the Virtual Media - Mounts and Locks page to restart the EMS service. Or, click Start EMS Service on the Manage System Tasks page.
58 | Configuring EMS Communication
Enabling and Configuring Data Encryption Data Encryption is an optional Virtual TapeServer (VTS) licensed feature that enables VTS to encrypt data that is stored on virtual tape. Here is how Data Encryption affects tape operations: • When an encrypted tape is mounted, the data that is written to the tape is encrypted. You can also instruct VTS to encrypt data that is already stored on a virtual tape if the tape is not encrypted.
key in the database ensures that the key will not be compromised and that it resides in a central, secure location with all other keys. The key database is backed up on the key server and on at least one other remote server to ensure that a backup of the keys is always available in case the key server is damaged or destroyed. The backup must complete successfully on the localhost and backup host before the keys are available for use by VTS. This ensures that keys are backed up before data is encrypted.
Multi-server considerations Keep the following in mind when configuring and using Data Encryption in an environment with multiple VTS servers, such as if GFS or Data Replication is configured: • Server configuration When configuring key servers and backup hosts for Data Encryption, it is highly recommended that you configure only one key generator for the environment. You must also configure at least one other server in the environment that can serve as the backup host for the key database.
Enabling Data Encryption licensing Before you can use the Data Encryption feature, you must enable licensing. Requires Administration group membership To enter a license key 1. Click Configuration→System on the navigation pane. 2. Click Manage System Licenses. A page similar to the following is displayed: 3. Enter the Data Encryption license key as described in the help. To view the help, click the Help button at the top of the page.
If three VTS servers — A, B, and C — are installed in your environment, you must perform these tasks to fully enable and configure Data Encryption: 1. Determine which server will be responsible for generating keys. For this example, server A will be the “key generator”. 2. Add server A as a key generator on servers B and C. 3. On servers B and C, remove the localhost key server. (The localhost entry is configured as a key generator.) 4.
Prerequisites for configuration Before you begin, ensure the connection between the host and VTS servers is secure, and then ensure the connection between the VTS server and the physical drive or library is secure if you want to export encrypted virtual tapes. You may also want to gather the following information to expedite the configuration process: • Username and password of a VTS user account that belongs to the Administration group.
3. Click ADD NEW SERVER in the KEY SERVERS section of the page. The following is displayed: 4. Specify key server settings as described in the help. To view the help, click the Help button at the top of the page. After you add a key generator and a key database backup host (other than localhost), allow five minutes for the key generator to create the first set of keys and key IDs. Key IDs may not be available until after this initial time period.
3. Click ADD NEW HOST in the KEY DATABASE BACKUP/RESTORE HOSTS section of the page. The following is displayed: 4. Specify host settings as described in the help. To view the help, click the Help button at the top of the page.
Creating and Managing Virtual Media VTS organizes data in vaults, which are defined for you. Vaults contain pools, and pools contain virtual tapes. You can create, modify, and delete pools.
Requires the Virtual Tape Pool Maintenance, Vault Access, and Access to all Vaults access rights To create a pool 1. Click Configuration→Tapes and Pools on the navigation pane. The Configure Tapes and Pools page is displayed. 2. Select pool maintenance from the window drop-down list at the top of the Configure Tapes and Pools page. The Virtual Media - Pool Maintenance page is displayed. 3. Specify pool settings as described in the help.
Creating virtual tapes You must create a virtual tape (for use with standalone VTDs) before the host server can mount and write data to it. When you create a virtual tape, a file is created on the VTS server’s disk.
Labeling virtual tapes on the host server After creating pools and virtual tapes, you must label the virtual tapes on the host server. Refer to the host server documentation for complete labeling instructions. To label virtual tapes 1. Configure VTS to automatically load and unload virtual tapes as they are used, from the first to the last virtual tape in the pool. See the “Modifying a pool” help topic and select the Autoloading checkbox. 2.
Encrypting a single virtual tape You can encrypt a single virtual tape after you create it. Requires Administration group membership To encrypt a virtual tape 1. Click Configuration→Tapes and Pools on the navigation pane. 2. Log in using an account that is a member of the Administration group. Click the Log In button at the top of the page and enter a username and password. 3. Click the virtual tape you want to encrypt. 4. Click the Encrypt button above the table.
Mounting virtual tapes You can manually mount a virtual tape in a standalone VTD. (You can automate mounting using the Event Management System; see Configuring EMS Communication on page 55.) Then, to backup to the mounted virtual tape, use the backup software you normally use to perform a backup to the mounted VTD. When you mount a virtual tape, its modification date is not updated; the ctime (inode change time) is updated.
3. Select the virtual tape to mount. In the following snapshot, the DF0000 virtual tape will be mounted on the VF40500 host device: 4. Click Mount. The following dialog box is displayed. Note If the Mount button is not displayed, see Enabling features on the web interface on page 115 for information about displaying this button. Also, if you cannot click the Mount button, maximize your browser; this should display an arrow cursor and enable you to click the button.
6. After the backup begins, you can monitor the progress from the Configure Tapes and Pools page. In the kb/sec and size(MB) columns, you can see the megabytes that have been backed up and the backup rate: After the backup completes, you can verify that the size of the virtual tape has changed. You can also monitor progress from the System Status page, which shows the current transfer rate (if enabled). When the backup is finished, VTS unloads the virtual tape.
Requires the Virtual Tape Mounts and Locks access right To view mounts 1. Click Configuration→Tapes and Pools on the navigation pane. 2. Select mounts and locks from the window menu at the top of the Configure Tapes and Pools page. The top of the page shows the recent mount requests. Only mount requests that can be handled by the server are displayed. You can also restart the EMS messaging service from this page by clicking the RESTART button.
that of the host that originally transferred the data to VTS, where it was stored as a virtual tape. If you export a pool, you can only import the tape(s) back into VTS. Also, when exporting a pool, only those virtual tapes that contain data are exported. You can also use migration to automatically export tapes, through the use of VTSPolicy. If migration is not enabled and configured, contact HP Global Critical Solution Center (GCSC) for support.
3. Click Import/Export. Or, if Data Encryption is enabled and the tape is encrypted, click Import/Decrypt&Export. The Virtual Media - Import/Export page is displayed. If one or more physical tape drives are connected to VTS, they are detected automatically. (If a physical tape drive is not listed, such as if it was connected after VTS was booted, you may need to rescan the SCSI controllers. See Common issues on page 127 for more information.
7 Could not issue SCSI write command 8 SCSI write command failed Migrating a virtual tape to physical tape using the web interface You can export a pool, which exports all virtual tapes in the pool, or you can export a single virtual tape. This is also referred to as “migration”. The virtual tape or pool is migrated according to the hsm_ parameters in the VTS configuration file.
Automatically migrating virtual tapes to physical tapes using VTSPolicy After BMA integration is configured, which enables a backup management application server to read and write files to and from VTS, you can use VTSPolicy to initiate migration by having the NonStop server send an EMS message to the VTS server. The VTS server then uses the VTSPolicy command to invoke the backup management application to complete the desired operation. VTS waits for the return code from the backup management application.
erase Enables VTS to erase the virtual tape after migration is completed successfully. Set this keyword to YES or NO. This keyword is not required and defaults to NO. delete Enables VTS to delete the virtual tape after migration is completed successfully. Set this keyword to YES or NO. This keyword is not required and defaults to NO. locked Enables VTS to lock all specified virtual tapes. Set this keyword to YES or LOCK. This keyword is not required and defaults to LOCK.
To configure the VTSPolicy command for Syncsort Backup Express Here is the syntax of the VTSPolicy command for use with Backup Express. Note that all parameters specified for the command are case-sensitive. VTSPolicy BEX 'backup_type /VAULTxx/pool/cartridge [keyword=value ...]' where backup_type. Specifies the type of backup. You can specify one of the following values: backup_base or backup_difr. /VAULTxx/pool/cartridge Specifies the pool and cartridge on which to operate.
For example, to migrate the virtual tape named CART01 on the VTS1 server and erase the selected files from VTS, issue the following command: VTSPolicy NBP '/VAULT01/POOLA/CART01 s=VTS1 erase=YES' To configure the VTSPolicy command for CommVault Galaxy Here is the syntax of the VTSPolicy command for use with CommVault Galaxy. Note that all parameters specified for the command are case-sensitive.
Specify how the message will be displayed in an EMS viewer, such as ViewPoint. In this example, inverse text is used until the event is acknowledged but the event is listed in normal text: #SET action -1 #SET emphasis -1 Issue the VTSPolicy command; see Automatically migrating virtual tapes to physical tapes using VTSPolicy on page 79 for an explanation of the parameters.
Otherwise, if a VTD license is enabled, you can import a physical tape to a virtual tape using the Import/Export page of the web interface. The import feature was designed for occasional low-volume use and requires that a standalone tape drive or simple cartridge autoloader is connected to VTS. You must ensure that the tape drive is available and that appropriate tape media is installed before beginning an import operation. Refer to the online help for procedures.
To erase or delete a virtual tape from the Configure Tapes and Pools page 1. Unmount the virtual tape first, if it is mounted. 2. Click Configuration→Tapes and Pools on the navigation pane. The Configure Tapes and Pools page is displayed. 3. Select a virtual tape in the cartridge column. You may need to expand a pool to see the list of virtual tapes. 4. Click Erase to erase the contents or click Delete to delete the entire tape.
To erase or delete a virtual tape from the Cartridge Maintenance page 1. Click Configuration→Tapes and Pools on the navigation pane. 2. Select cartridge maintenance from the window drop-down list at the top of the Configure Tapes and Pools page. The Virtual Media - Cartridge Maintenance page is displayed. 3. Select a pool where the virtual tape(s) reside from the Pool drop-down list. 4. If erasing or deleting a single virtual tape, enter the name of the virtual tape in the Cartridge field.
Automatically erasing a virtual tape using Scan/Cleanup After you enable and configure Scan/Cleanup as described in Enabling and Configuring Scan/ Cleanup on page 93, you can display the web interface for this feature by clicking Configuration→Tapes and Pools on the navigation pane. Then, select scan/cleanup from the window drop-down list. The Scan/Cleanup page is displayed.
Size Displays the size of the virtual tape (in bytes). This reflects the size of the tape data; it excludes the size of the metadata (up to 27MB). Erase Indicates whether the virtual tape is selected for erasure or not. This column also provides an explanation of the business rule that is controlling the erasure status. In the following example, virtual tape X00001 was erased on 13Feb05 15:43, last written on 17Feb05 14:49, will be retained for two weeks, and has never been migrated.
Also, if the meta_control_panel parameter is set to YES, the Meta Data Control Panel is displayed at the bottom of the page. This control panel enables you to read and write metadata. Metadata is stored with the virtual tape but is not part of the data itself.
To delete the virtual tape named GB0002, and to indicate that the vts-prod2 server should process this policy request, issue this command: VTSPolicy Delete - GB0002 s=vts-prod2 You can issue a simple FUP call to copy the contents of a text file to the $0 process. Create a text file on the NonStop server that contains the VTSPolicy command. Then, from Batchcom or within an existing backup script, run the following command: FUP COPY filename, $0 This sends the contents of the file to the EMS collector.
#PUSH evt_num action emphasis evt_text text_len #SET evt_num number #SET action -1 #SET emphasis -1 #SET evt_text VTSPolicy Erase|Delete - virt_tape...
To remove a lock 1. Click Configuration→Tapes and Pools on the navigation pane. 2. Select mounts and locks from the window menu at the top of the Configure Tapes and Pools page. 3. Select the pool or virtual tape to unlock at the bottom of the page. 4. Click REMOVE LOCK.
Enabling and Configuring Scan/Cleanup Scan/Cleanup is a Virtual TapeServer (VTS) feature that is designed to help you maintain VTS. It scans pools and virtual tapes to identify virtual tapes that are past their retention period. Scan/Cleanup can erase old virtual tapes to recover disk space. You can also schedule virtual tape erasures when the overall disk space falls below a specified threshold. Scan/ Cleanup can be used to erase tapes after they are exported to physical tape using stacked export jobs.
• You can force an erasure or block an erasure by using the checkboxes on the Scan/Cleanup page. However, when an erase process completes (either auto-erase or erase-now), these overrides are removed. • When Scan/Cleanup erases a virtual tape, the header information (metadata) remains stored on VTS. • Scan/Cleanup does not affect a virtual tape's encryption setting. This chapter describes how to enable and configure Scan/Cleanup.
Parameter Description Values cleanup_autoerase Enables Scan/Cleanup and controls the automated erase process. When set to NO, Scan/Cleanup is disabled and the Scan/ Cleanup page displays the erasure cleaning status of each virtual tape but no virtual tapes are erased without further configuration. YES or NO Default value: NO If you want to automate virtual tape erasures, set this parameter to YES and set the cleanup_scan_at and cleanup_interval parameters.
Parameter Description Values cleanup_show_erase_ control_files Displays Scan/Cleanup files that are used to implement the Scan/Cleanup erasure process. This is typically set to NO and may be enabled to help diagnose a system problem, if indicated. YES or NO Default value: NO cleanup_minimum_size_ GB and cleanup_minimum_size_ MB Define which files to ignore based on size by using either cleanup_minimum_size_MB or cleanup_minimum_size_GB.
Parameter Description Values cleanup_show_size_ column Shows or hides the Size column in the Status Table. YES or NO Default value: NO meta_control_panel Shows or hides the Meta Data Control Panel, which enables you to read and write metadata on the virtual tape. Set this parameter only if diagnosing problems or instructed to do so by Support.
98 | Enabling and Configuring Scan/Cleanup
Configuring User Accounts This chapter describes how to manage and use the operating system and web interface accounts on the VTS server. Managing operating system accounts By default, the following user accounts are provided for the VTS operating system (Linux): • root • bill • vtsa The first time you log in to the VTS operating system using one of these usernames, you are prompted to change the password.
• Through “sudo”, can issue the following commands: • /sbin/tune2fs -l /* (runs as root) • /bin/cat • /usr/bin/passwd • /usr/local/tape/bin/ getVTS_dbginfo (runs as root) • /sbin/chkconfig • /bin/ping • /bin/bash/usr/local/tape/bin/ • /usr/bin/clear getVTS_dbginfo (runs as root) • /bin/ps • /usr/bin/updatedb (runs as root) • /usr/bin/crontab • /sbin/reboot (runs as root) • /sbin/fdisk -[vl] (runs as root) • /bin/date • /usr/bin/rsh • /sbin/fdisk -[sl] /* (runs as root) • /bin/df • /usr/bin/
Adding accounts You can create additional accounts in the vtsmaint group, and the new user will have the same privileges as the vtsa user. To create an account 1. Log in to the VTS server. 2. Become the root user: su 3. Enter the following command to create the user account: useradd -n username 4.
Restricting access to bill The bill account has the same access rights as the root account. You can restrict access of the bill account, thereby forcing users to use vtsa and denying access to functions that may present security vulnerabilities. To restrict access to bill 1. Log in to the VTS server as root. 2.
Note In the following procedures, if the Users and Groups and Rights sections of the Manage Access Control page are not available, you must enable a closed system. These sections are not displayed if the system is configured as open access. Enabling a closed system using default users and groups You can enable a closed system to require authentication. The user can access only the resources assigned to a particular group. You can enable or disable individual rights to resources.
Rights Supervisory Functions Access Administration Administration Group Operations Group X Supervisor Group X X System Access Controls X User Access Controls X Block and Unblock TapeServer X X Database Download X X Database Upload X Edit Configuration File X Halt and Reboot TapeServer X X Manage Scheduled Jobs X X Server Certificate Maintenance X X System Maintenance Functions X X System Upgrade/Update Functions X X Turn Compression On or Off X X Upload Encryption Keys
Rights Administration Group Operations Group Supervisor Group Virtual Tape Pool Maintenance X X Erase Cartridges X X HSM Migration X X Mount Cartridges X X Unmount Cartridges X X View System Status X X X Change Refresh Rate X Stop and Start TapeServer X X X X X X X X X Vault Access Access to All Vaults X Enabling closed access and restricting access to virtual tapes If you want to create an account that does not have access to virtual tapes, complete this procedure.
Creating a user Requires the System Access Controls access right To create a user 1. Click Security→Access Control on the navigation pane. 2. If prompted, log in. After logging in, the Manage Access Control page is displayed. 3. Click + to expand Users and Groups.
4. Click ADD next to Users. The name and password fields are displayed. 5. Type a username in the name field. Usernames cannot contain spaces and cannot duplicate existing usernames, group names, or reserved names. Also, they must be alphanumeric, though they can include an _ (underscore) character. 6. Type a password in the password field. 7. Click APPLY. The user is added and additional buttons are displayed. 8. To assign the user to a group, click CHANGE GROUP. The Group drop-down list is displayed.
Changing any user’s password It is highly recommended that you change the passwords of the default users. Requires the System Access Controls access right to change any user’s password To change a user’s password 1. Click Security→Access Control on the navigation pane. 2. If prompted, log in. After logging in, the Manage Access Control page is displayed. 3. Click + to expand Users and Groups.
4. Select the user from the Users drop-down list. 5. Click SET PASSWORD. The Password field is displayed. 6. Type a new password in the field. 7. Click APPLY. Configuring groups Groups define the access rights that are assigned to users. Three groups are provided: • Administration • Operations • Supervisor For a list of the default rights assigned to these groups, see page 103. You can modify the access rights that are assigned to these groups.
3. Click + to expand Rights. 4. To modify access rights assigned to the Administration group, select the checkbox next to each access right in the Administration column. Note The rights are organized in categories. If you grant access to a category, all rights in the subcategories are granted by default, though you can remove individual rights in the subcategories.
Right Description Block and Unblock TapeServer Displays the Block/Unblock TapeServer Startup link on Manage System Tasks page, which enables the user to block and unblock VTS functions Database Download Enables the user to create a system restore image from the Manage System Updates page Database Upload Enables the user to restore a system restore image from the Manage System Updates page Edit Configuration File Enables the user to edit the VTS configuration file from the Manage System Configuratio
Right Virtual Tape Cartridge Maintenance Delete Cartridges Description Grants access to the Virtual Media - Cartridge Maintenance page Enables the user to delete virtual tapes from the Virtual Media - Operation and Virtual Media - Cartridge Maintenance pages Virtual Tape Import and Export Grants access to the Virtual Media - Import/ Export page Virtual Tape Instant DR Grants access to the Virtual Media - Instant DR page Virtual Tape Mounts and Locks Grants access to the Virtual Media - Mounts and Loc
Saving and restoring custom defaults After configuring users and group rights, you can save all settings as a custom configuration. Later, you can restore these settings by simply clicking the Restore CUSTOM Defaults button in the Defaults and Undo section of the page. This button becomes available after you save a custom configuration. These procedures require the System Access Controls access right To save custom default settings 1. Click the Save as CUSTOM button above the access rights table. 2.
To restore the custom default settings Click the Restore CUSTOM Defaults button to restore the custom configuration and discard changes made since the custom defaults were last saved.
Configuring Web Interface Preferences This chapter describes how to configure web interface preferences by setting parameters in the configuration file and how to set the refresh rate of the System Status page. Enabling features on the web interface You can set a number of parameters in the VTS configuration file to specify the following: • Whether and how often to display status messages at the top of the page. • Whether and when to display a notification regarding low vault space.
Parameter Description Values opwin_Delete Displays the Delete button on the Configure Tapes and Pools page. YES or NO Default value: YES opwin_ImportExport Displays the Import/Export button on the Configure Tapes and Pools page. YES or NO Default value: YES opwin_Migrate Displays the Migrate button on the Configure Tapes and Pools page. Note that the hsm_enable parameter must also be set to YES to display the button.
Parameter Description Values lowspace_notify Enables notification on low vault space. If EMS is enabled, a message is also sent to the NonStop host server (the ems_hsm_backup_notification or ems_notification_enable parameter must also be set to YES). YES or NO Default value: YES lowspace_notify_keep Specifies whether to continue to display the low vault space notification until it is no longer valid.
118 | Configuring Web Interface Preferences
Managing the VTS Server This chapter describes several tasks that are performed from time-to-time as needed. For more information about system tasks, refer to the online help. Backing up the VTS server It is recommended that you back up the VTS server before and after any major operation, such as an upgrade.
3. If Data Encryption is enabled, back up the most current backup of the key database by completing these steps: a. Log in to the VTS server. b. Use the su command to change to the bill user: su - bill c. Determine the location of the most recent backup file by entering the following command: psql -d database -c "SELECT last_local_backup FROM ks_backup_config" Here is an example of the output from this command: last_local_backup ------------------------------------------/VAULT00/.ks_backups/LocalKSBackup.
Configuring system settings You can configure the following settings for the VTS server: • Session timeouts, to allow inactive browser and command line sessions to time out • SMTP settings, to define the email host and port that will use to send email notifications • Notification settings, to define email addresses that will notifications about disk and capacity usage To configure system settings 1. Click Configuration→System on the navigation pane. 2. Click Edit System Settings.
To power down 1. Stop tape services on the NonStop server by entering the SCF STOP $VTAPE command, where VTAPE is the name of the tape device. Here is an example of the output: SCF - T9082H01 - (04DEC06) (15NOV06) - 10/02/2008 11:55:37 System \DEV5 (C) 1986 Tandem (C) 2006 Hewlett Packard Development Company, L.P.
To review fsck status 1. Click Administration→System Tasks on the navigation pane of the VTS web interface. 2. Click View File System Check Information. The FSCK Information page is displayed: For more information, see the online help. To view help, click the Help button at the top of the page. Monitoring files and directories The following files and directories should be monitored. Remove old data as needed.
The system facility, which is called logrotate, is used to rotate log files on a daily basis. The configuration files for logrotate are located in /etc/logrotate.d. You can tune the settings in this file to rotate and overwrite files as needed. Several scripts are available that clean up after files that were created and abandoned due to system or application errors. These include the following: • rmoldpipes • rmoldbylist • rmoldsync • rmoldfilelist.
Troubleshooting This chapter provides information to assist you in addressing problems you may encounter while installing and using VTS.
Virtual Network Computing remote control software VNC software enables you to remotely access the console of a UNIX server. VNC must be configured on the host server before you can use it from a client. You can download VNC from http://www.vnc.com/. HP health monitoring utilities The VTS server provides the following: • HP Systems Insight Manager (SIM_6.2_575369_004.bin) • HP Insight Diagnostics (hpdiags-8.7.0-26.linux.x86_64.rpm) • HP System Health Application and Command Line Utilities (hp-health-8.
Note that if you are using a serial connection over the physical serial port (connected through /dev/ttyS0), use the following connection settings: • Speed: 115200 bps • Data Bits: 8 • Parity: None • Stop bits: 1 After iLO or Lights-Out 100 is configured, you can enable iLO or Lights-Out 100 access on the system boot menu by running /usr/local/tape/bin/grub-serial.bash as root and then rebooting the system.
If the drives are operational but errors are encountered while accessing the data, check the media class, or density, setting for that cartridge using the DSPTAP command. The currently recommended media classes supported by AS/400 with VTS are the following: • 3580-TD1 • 3580-TD3 • 3580-TD4 VTS server module You can troubleshoot various areas of the VTS server module.
File system Verify the following: • Has anything changed? • Is performance slow? • Is GFS running on the system? • Is the problem occurring for a particular vault or all vaults? Is the problematic vault on internal or external disk storage? • What is the result of the last vault check on the external storage? You can check for FSCK messages in the system log and the result of the last vault check.
Web interface If the web interface stops responding, verify the following: • Access the interface from a different workstation. • Ping the address. • Check the Ethernet cable. • Check Ethernet connectivity and activity LEDs. The Apache web server is responsible for running the VTS web interface. To verify that Apache is running: /etc/init.d/httpd status A message similar to the following should be displayed: httpd (pid 25380 25015 25014 25013 25012 25011) is running...
Event Management System (EMS) Verify the following: • Has the EMS logon expired? • Is there network connectivity between VTS and the NonStop server? • Was the VTS operating system or the EMS template upgraded? • Is VTS up-to-date with the latest product enhancement code? • Is there a typographical error in the VTS configuration file? You can check the EMS log file for the last timestamp of messages.
• Check that the tape is in the drive. • Check the media write-protection. If you cannot access a virtual tape because it is locked, perform the following: • Check MEDIACOM for label in use. • Check other VTS systems for remotely mounted virtual tapes. • Reboot VTS to clear all local file locks. If an autoloading pool did not recycle, verify that Autoloading or Recycle is selected on the Pool Maintenance page.
• Exporting an encrypted tape: A message similar to the following is displayed on the web interface: Thu 2008-01-17 09:49:31: SHARE:SH0000 rc=3 • Export data transfer failed, Erasing all virtual tapes in a pool on the Cartridge Maintenance page: A message similar to the following is displayed on the web interface: Erased 1 cartridge; Erasure of cartridge SH0002 in pool SHARE failed! • Setting the virtual tape size on the Pool Maintenance page: A message similar to the following is displayed on the web
Log format Each entry in the event log follows the same format, as shown in the following example: 2006-08-28 16:25:18|WARNING|440002|5900-E| 127.0.0.1|Tapeserver01|administrator||Access Control RESTORE OPEN defaults have been restored Messages are up to 255 characters in length; each message field has a character limit. The attributes that have a variable length are automatically compressed to the available space.
Message severity The severity attribute indicates the potential impact of the event or condition that the message reports. Note Though you can change the debug level on the Set Debug Level page, the debug level is reset to Error every time VTS is restarted. The following table lists the severity levels for log messages, starting from the lowest level of impact to the highest. Severity ID Severity Level Description 2 Info A normal operation.
ID Subsystem 53 Virtual tapes 61 Access Control defaults 62 Access Control users 63 Access Control groups 64 Access Control rights 65 Secure password management 71 Erase by list 72 Delete by list 81 Crumb 91 System status Message text The following tables list the message IDs and corresponding message text that are generated for events in the system event message log.
Severity ID Subsystem ID Event ID Subsystem Message text 2 20 005 EMS unmount ems telnet ems dismount of TAPE by HOST 4 20 006 EMS cancel mount ems telnet cancel mount of TAPE 6 20 007 EMS cancel mount ems telnet cancel mount of TAPE failed 8 20 007 EMS Mount ems telnet mount of TAPE failed: Tape missing 4 20 008 EMS Mount Read-Write ems telnet ems mount of TAPE by HOST as read-write 8 20 008 EMS Mount ems queue cancel TAPE for HOST of type TYPE failed 2 20 010 EMS Poli
Severity ID Subsystem ID Event ID 2 20 8 Subsystem Message text 041 EMS Policy BEX ems telnet BEX completes, rc=0 20 042 EMS Policy BEX ems telnet BEX completes, rc=RC 2 20 050 EMS Policy TSM ems telnet TSM POLICY 2 20 051 EMS Policy TSM ems telnet TSM2 completes, rc=0 8 20 052 EMS Policy TSM ems telnet TSM2 completes, rc=RC 2 20 060 EMS Policy NetBackup ems telnet NBP POLICY 2 20 061 EMS Policy NetBackup ems telnet NBP completes, rc=0 8 20 062 EMS Policy NetBackup
Severity ID Subsystem ID Event ID Subsystem Message text 2 20 104 EMS TMF ems telnet TMF accepts mount of PATH on HOST 2 20 133 EMS Policy Migrate Cartridge PATH un-migrated 6 20 133 EMS Policy Migrate Cartridge PATH un-migrate failed path in use rc=RC 8 20 133 EMS Policy Migrate Cartridge PATH un-migrate failed rc=RC 8 20 202 EMS Policy Mount ems mount request for TAPE from HOST failed to queue 8 20 203 EMS Policy Mount ems mount TAPE for HOST failed parametric test 8 20
Severity ID Subsystem ID Event ID Subsystem Message text Cartridge maintenance 2 21 010 Cartridge created Cartridge TAPE created in Pool POOL 4 21 010 Cartridge created Cartridge TAPE not created in Pool POOL 2 21 011 Cartridge deleted Cartridge TAPE deleted in Pool POOL 4 21 011 Cartridge deleted Cartridge TAPE not deleted in Pool POOL 6 21 011 Cartridge deleted Cartridge TAPE not deleted in Pool POOL because it is locked.
Severity ID Subsystem ID Event ID 2 22 2 2 Subsystem Message text 009 Set Pool to Autoloader vtape_pool libApply change autoload PATH from PATH to PATH 22 010 Set Pool to Autoloader vtape_pool libApply set autoload PATH 22 011 Remove retention vtape_pool libApply remove retention PATH 2 23 001 Canceled lock ems cancel lock PATH 2 23 002 Canceled mounts/locks page ems cancel mount NNNN 6 23 002 Canceled mounts/locks page ems cancel mount NNNN failed 2 24 001 Job Started m
Severity ID Subsystem ID Event ID Subsystem Message text 6 25 004 Job Retried AutoCopy (retry NN) of TAPE started 2 25 010 EMS AutoCopy ems telnet start autocopy of TAPE for HOST 8 25 011 EMS AutoCopy Invalid target path: $targetpath 4 26 001 Scan/Cleanup ScanCleanup cart TAPE in pool POOL is being scheduled for erasure 2 26 003 Scan/Cleanup erase by list submitted 2 26 007 Scan/Cleanup ScanCleanup completes 4 26 007 Scan/Cleanup ScanCleanup file system: SYS exceeds th
System administration and configuration Subsystem ID Event ID 2 33 4 Severity ID Subsystem Message text 000 Unblock TapeServer Startup perform UNBLOCK 33 001 Block TapeServer Startup perform BLOCK 4 33 002 Disable Compression perform COMPRESSION_OFF 2 33 003 Enable Compression perform COMPRESSION_ON 4 33 004 Edit VTS Configuration File edit vts.
Severity ID Subsystem ID Event ID Subsystem Message text 2 35 015 TM Started perform TMSTART 4 35 016 TM stopped perform TMSTOP Severity ID Subsystem ID Event ID Subsystem Message Text 4 40 001 Factory Setup accessed factory setting accessed 4 40 002 Factory Setup Access Control RESTORE OPEN defaults have been restored 4 40 003 Factory Setup Access Control RESTORE CLOSED defaults have been restored 4 40 014 Factory Setup Access Control RESTORE PASSWD defaults have been
Severity Subsystem ID Event ID Subsystem Message Text 2 53 002 Edit Virtual tape VXXXX edited 4 53 003 Delete Virtual tape VXXXX deleted Subsystem ID Event ID Subsystem Message Text 2 61 001 Access Control accessed Access Control Opened 4 61 002 Restore Open defaults Access Control RESTORE OPEN defaults 4 61 003 Restore Closed defaults Access Control RESTORE CLOSED defaults 4 61 004 Restore CUSTOM defaults Access Control RESTORE CUSTOM defaults 2 61 005 Undo last us
Subsystem ID Event ID 2 64 2 2 Severity ID Subsystem Message Text 001 Rights changed/ altered Access Control Save Rights 64 002 Save rights as CUSTOM Access Control Save Custom Rights 64 004 Change Group Access Control CHANGE USER GROUP for UUUU to GGGG Secure Password Management Error retrieving factoryprovided password with label,
Severity ID Subsystem ID Event ID Subsystem Message Text 4 81 002 Erase by List erase-by-list-crumb 8 90 003 XML Mount xml_socket id=50 MSG 2 90 004 XML Mount xml_socket id=50 safely mounted VOL 2 90 005 XML Mount xml_socket id=50 no space check mount VOL XML Mount System Status 8 91 003 Space check chk_space MSG 8 91 004 Space check system_status WARN 8 91 004 System Status Warning: low space opwin_filesystem_alert 8 91 004 System Status Warning: low spa
Return Code Possible Cause(s) Corrective Action(s) 3 • Could not open data source file • Invalid data source file specified or file not found Specify a valid source file 4 Could not open physical tape drive; usually due to a configuration error • Make sure tape drive is on and properly configured • Check cabling 5 Could not load and rewind tape before copy • Load tape in drive • Make sure tape drive is on and properly configured • Check cabling 6 Could not rewind tape after copy • Make sure ta
Other log files The following log files are generated and saved in various directories on the VTS server. Operating system logs: • /var/log/messages • /var/log/cron • /var/log/boot.log Apache web server logs: • /var/log/httpd/error_log • /var/log/httpd/access_log VTS function logs: • /usr/local/tape/log/ems.* (available from the VTS web interface) • /usr/local/tape/log/debug.* (available from the VTS web interface) • /usr/local/tape/log/mount.log • /usr/local/tape/log/export.
reports are generated by an implementation of the logwatch system monitoring system; see http://www.logwatch.org/index.html for more information. The VTS Events section of the logwatch report consists of topic headings followed by subject lines. Each subject line begins with a message ID (see Message IDs on page 135), is followed by a message explanation and ends with the count of such messages in the event.log file for the previous day. Requires the View log files access right To view a Logwatch report 1.
The following steps describes how to configure syslog on a remote Linux server. a. On the target (remote) system, log in. b. Become root: su c. Add the -r parameter to the command line for the syslog daemon. This can be done by modifying the /etc/sysconf/syslog file and setting the SYSLOGD_OPTIONS variable. Here is an example of a default /etc/sysconf/syslog file: # Options to syslogd # -m 0 disables 'MARK' messages.
EMS messages The following table lists the messages that are generated by VTS if EMS is enabled and configured. Here is an explanation of the information for each EMS message: • The message text. Some of the text in the messages and errors is parameterized, as indicated by the dollar sign ($). In a real message, the parameterized text is replaced by a real value.
Message Text Severity Recommended Action Error: $jobname ENDED $jobnumber to $backupSystem Canceled by operator Warning Error: $jobname ENDED $jobnumber to $backupSystem Unable to create temporary link Critical Check the Virtual Media - Mounts and Locks page to ensure that the virtual tape exists on the system and that another process has not locked the virtual tape.
Message Text Severity Recommended Action Error: hsmget: no file(s) specified for $cart_request Warning No non-empty files were found for the HSM backup request. Error: hsmput: no file(s) specified for $cart_request, (n=$n: $cart1 $cart2 … $cartn) Critical No non-empty files were found for the HSM backup request. Error: LEG/BEX/NBP/TSM command failure for $cart_request Critical The EMS Policy for HSM failed. Check the command syntax and context. Repair and resubmit.
Message Text Severity Recommended Action HSM not enabled Critical The hsm_enable parameter is incorrect. Repair and resubmit the request. Info: $host $code $policy Inform Info: $host $hsm $policy processed # file(s) for $cart_request.
Message Text Severity Recommended Action Warning: hsm_pool_retrieve: $pool does not contain pool: $pool Critical The pool information is missing from the hsm_pool_retrieve parameter in the VTS configuration file, which is available on the Manage System Configuration page. Warning: there is no pool in the file path. Critical The virtual tape path is not valid. Repair and resubmit the request.
Maintaining GFS for VTS The Global File System (GFS) is an advanced feature that allows Linux servers to simultaneously read and write files on a single shared file system on a SAN. VTS is based on Linux, and GFS enables multiple VTS servers to access a shared set of pools and virtual tapes. The Event Management Service (EMS) can then automatically mount virtual tapes from the GFS pools as if they were separately mounted.
e. On all subsequent VTS servers, log in, become root, and enter these commands: service service service service f. clvmd start cman start ricci start gfs start On the first VTS server, enter these commands: service gfs start clustat Verify that media is now available on the VTS servers by clicking Configuration→Tapes and Pools on the navigation pane. You can now start the tape devices on the host server and begin backups.
Shutting down the cluster The following steps describe how to shut down your entire cluster. If you shut down half of the servers, you need to shut down the entire cluster down. GFS requires that you have a quorum of the servers up for the cluster to function. 1. Make sure that tape devices are stopped on the host server. 2. On each server you want to shutdown, perform these steps: a. Log in as root. b.
Jun 29 23:45:53 Jun 29 23:45:53 Jun 29 23:45:53 Jun 29 23:45:53 Jun 29 23:45:53 Jun 29 23:45:53 Jun 29 23:45:53 Jun 29 23:45:53 Jun 29 23:45:53 Jun 29 23:45:53 of file rgrp.
Adding a vault to a GFS cluster Note If path failover is configured in the environment, be sure to reference the multipathed mapper device instead of the sd device in the following procedure. For example, reference /dev/mapper/mpathX instead of /dev/sdX. Complete the following steps to create a vault in a GFS cluster: 1. Launch a command prompt on a VTS server in the cluster and log in. 2. Become root: su 3. Choose the partition to use.
Device Boot /dev/sdd1 Start 1 End 2238 Blocks 17976703+ Id 83 System Linux If the vault will be 2-4TB in size, complete these steps to partition the disk: a. Start the partition editor, which is an interactive program similar to fdisk: parted /dev/sdd b. Create a GPT disk label, which is a GUID partition table: mklabel gpt c. Create a 4TB primary partition at the beginning of the disk: mkpart primary 0 4000G d. Quit parted. quit 5. Perform LVM initialization of the device.
VG Name PV Size Allocatable PE Size (KByte) Total PE Free PE Allocated PE PV UUID gfsvg1 17.14 GB / not usable 3.37 MB yes (but full) 4096 4388 0 4388 tTHBFt-6pqc-ILIY-Uis5-L8Yn-bvBu-SCN3MV h. Enter the following to view details about the volume group: vgdisplay Here is an example of the output: --- Volume group --VG Name System ID Format Metadata Areas Metadata Sequence No VG Access VG Status MAX LV Cur LV Open LV Max PV Cur PV Act PV VG Size PE Size Total PE Alloc PE / Size Free PE / Size VG UUID i.
6. Enter the following command (for the example above) to create the GFS file system on the assembled pool and partition: gfs_mkfs -t TapeServer:pool3 -p lock_dlm -j 5 /dev/gfsvg1/lv1 where TapeServer is the name of the cluster and pool3 is any name that is unique. In this case, the pool is named after the third pool in the cluster. The -j 5 parameter specifies the number of journals to create (the number of nodes) plus two. The following is displayed: This will destroy any data on /dev/mapper/gfsvg1-lv1.
f. To confirm that the partition was successfully mounted and now available, enter the following command: df -H 9. Add GFS storage to the cluster: a. In left-hand column of the web interface, under the cluster name, click Resources. b. Click Add a resource. c. Select GFS. d. For the name, enter the vault name (for example, VAULT03). e. For the device, enter the name of the device. f. Leave the options and filesystem ID blank. g. Click Submit.
Troubleshooting The following topics describe common GFS problems and their solutions. If VTS server fails to join the cluster after reboot If a VTS server fails to join the GFS cluster after it reboots, complete these troubleshooting steps: 1. Check your SAN to make sure the port is enabled. Below is a MSA/Brocade example. Make sure that the port is checked “Enable.” 2.
3. If the No sg devices found message is displayed or partitions are missing, direct the operating system to rescan for the devices on the Fibre Channel bus(es) from the console or using an SSH command prompt. Enter the following commands: [root@VTS001 root]# cd /usr/local/tape/bin/ [root@VTS001 bin]# ./rescan-scsi-bus.sh -l -c -r -w Here is the output: Rescanning /proc/scsi/qla2300/4... Rescanning /proc/scsi/qla2300/5...
168 |
Reinstalling and Restoring VTS This appendix describes how to reinstall the operating system and VTS system, and it describes how to recover the VTS configuration and data. Finally, it provides an overview of the steps you must take to recover customer data, which is not restored by a system restore image. If you must reformat the vaults, refer to Reconfiguring Vaults on page 7 for instructions.
4. Insert the Install/System Rescue DVD. 5. At the Linux prompt, enter reinstall. The installation process begins. 6. To confirm that you want to reinstall VTS on the displayed device name, navigate to Yes and press ENTER. Note During the reinstallation process, a warning may be displayed that asks you to verify that you want to reinitialize the device (erasing ALL DATA). You must select Yes to continue. You cannot cancel the reinstallation at this point. 7.
4. Click Restore a System Restore Image. The Apply System Restore Image page is displayed. 5. Browse to and select the system restore image. Note Check the file size of the system restore image. If the system restore image is larger than 1GB, this step may fail. Contact support for assistance if necessary. 6. Select the Set hostname and machine ID from image (override current settings)? checkbox to set the hostname and machine ID according to those specified in the restore image.
11. If the system image was restored on a system that is different than the one used to create the image, you must manually delete the old MACHINEID file in /boot. Log in to the VTS operating system, change to the root user (using the su command), and delete the file. 12. Reboot VTS by clicking Administration→System Tasks→Reboot the System. Restoring Data Encryption The following provides an overview of the steps you must take if you are restoring Data Encryption as part of a disaster recovery operation.
sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/sda1 on /boot type ext3 (rw) /dev/sda4 on /VAULT00 type ext3 (rw) tmpfs on /dev/shm type tmpfs (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) 192.168.60.40:/TEST/TEST on /TEST type nfs (rw,soft,addr=192.168.60.40) /dev/sdb1 on /DATA01 type ext3 (rw) In this example, /dev/sdb1 is mounted on DATA01. 3. Unmount the data partition.
174 |
Attaching External Devices after Initial Deployment You can attach an external tape device, such as a tape drive or robotic library, to VTS after initial deployment. You can then export to physical tapes loaded in the device if migration, Requires the View/Manage stacked export, or tape-to-tape export is enabled. Configuration and Halt and Reboot TapeServer access rights To add an external tape device to the VTS server 1.
/dev/sg6 /dev/sg7 6 0 0 5 6 0 0 6 5 5 /dev/scd5 /dev/scd6 Then, find the nst0 entry (tape drive) attached and then enter this command: sg_inq /dev/sgn where sgn is the number that matches the /dev/nstn device. For the output listed above, you would enter sg_inq /dev/sg0.
TCP/IP Ports and Protocols This appendix describes the ports and protocols that are used by Virtual TapeServer (VTS). Note Port Not all ports are used on all VTS servers; port use varies according to the VTS configuration. Protocol Comment ICMP Type 8 Used by ping and tracert on Windows, for remote testing and VTS networking. 21 TCP, UDP, FTP This port and other ephemeral ports are used if the client is configured for passive (PASV) mode.
Port Protocol Comment 8080 TCP 8888 TCP Used by the Eruces encryption provider (te-server) for Data Encryption.
Index Numerics 256-bit AES-CBC encryption 59 A access control overview 99 saving and restoring custom defaults 113 access rights, See rights adding key database backup host 65 key server 64 physical tape drive 175 vault to GFS cluster 161 vaults for external storage 7 administration tasks 119 AS/400 server, troubleshooting 127 assigning rights to a group 109 attaching physical tape drives 175 AutoCopy, configuring TCP/IP security 50 automating deleting, erasing virtual tapes 89 erasing by Scan/Cleanup 95 m
default groups 103 users 103 Delete button on Operation page 116 diagnostic commands 129 tools 125 disaster recovery 173 displaying c/ratio column on Operation page 116 Change Rate button 117 Delete button 116 Erase button 115 free space on System Status page 117 Import/Export button 116 last written column on Operation page 116 Migrate button 116 Mount button 115 read-only column on Operation page 116 Stop/Start Refreshing button 117 Unmount button 115 virtual tape size limits 116 dynamic import 83 E EMS
L N licensing compression 15 Data Encryption 15 Data Replication 15 managing VTD licenses 16 SecureVTS 15 VTD 15 VTL 15 locks on virtual tapes 91 removing 92 viewing 75 log files erasebylist.log 148 overview 133 remote 150 return codes 147 Scan/Cleanup 148 SecureVTS.
rep_source_tmp parameter 53 rep_streams parameter 53 restoring configuration settings 170 creating system restore image 119 customer data 173 system image 170 restoring data 83 return codes export operations 147 for export 77 rights assigning to groups 109 descriptions 110 S Scan/Cleanup configuring 94 enabling 94 log files 148 overview 45, 93 overview of Status table 87 page 87 SCSI controllers, troubleshooting 128 converter, troubleshooting 130 SecureVTS licensing 15 overview 59 SecureVTS.
virtual tapes (cont.
184 | Index
