Virtual TapeServer for NonStop Servers Configuration Guide HP Part Number: 702039-001 Published: August 2012 Edition: All J06 release version updates (RVUs), all H06 RVUs, and all G06 RVUs
© Copyright 2012 Hewlett-Packard Development Company, L.P. Legal Notice Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. The information contained herein is subject to change without notice.
Contents Preface ix About this guide ix Supported release version updates ix Audience ix Typographical conventions ix Related documentation x Support x 1 Introduction 1 The virtual environment 2 Overview of features 3 Accessing the VTS web interface 5 2 Overview of Tasks 7 3 Reconfiguring Vaults 9 Reviewing the vault layout 10 Changing vault storage 10 Adding vaults on external storage devices 14 Renaming vaults 17 4 Enabling Licensed Features 19 5 Configuring Ports 23
Exporting a virtual tape or pool 42 Importing data from a physical library or drive 44 8 Enabling and Performing Stacked Exports 45 Configuring the physical drive or library 46 Setting the backup management application password 48 Exporting virtual tapes 48 Importing data from a physical library or drive 50 9 Enabling and Configuring Data Replication 51 Configure data partitions on target servers 52 Configuring source and target settings 53 Replicating data to remote servers 57 Restori
Inserting virtual tapes into a VTL 95 Mounting and unmounting virtual tapes 95 Viewing mounts 98 Unmounting virtual tapes 99 Encrypting and decrypting virtual tapes 100 Encrypting virtual tapes 100 Decrypting virtual tapes 104 Exporting virtual tapes 107 Exporting data to physical tape using the web interface 107 Migrating a virtual tape to physical tape using the web interface 110 Automatically migrating virtual tapes to physical tapes using VTSPolicy 111 Restoring data 116 Erasing
Saving and restoring custom defaults 149 16 Configuring Web Interface Preferences 151 17 Managing the VTS Server 155 Backing up the VTS server 155 Managing certificates 156 Configuring system settings 157 Powering up and down 158 Maintaining the file system 159 Performing a file system check using fsck 159 Monitoring files and directories 160 18 Troubleshooting Diagnostic techniques 163 164 PuTTY (Telnet/SSH client) 164 Virtual Network Computing remote control software 164 HP healt
Log format 173 Message severity 174 Message IDs 174 Message text 175 Export log 188 Scan/Cleanup log files 189 Other log files 190 Logwatch reports 191 Remote logging of audit log records 191 EMS messages A Maintaining GFS for VTS 193 199 Powering hardware and starting a cluster 200 Shutting down GFS 201 Configuring GFS 202 Maintaining the file system 202 Adding a vault to a GFS cluster 204 Removing a VTS system from a GFS cluster 209 Troubleshooting 211 If VTS server fails
viii | Virtual TapeServer Configuration Guide
Preface Welcome to the Configuration Guide. VTS offers complete disaster recovery capabilities. As a primary repository for data center backups, VTS can also be used as secondary tiered storage for replicated data to meet disaster recovery requirements. About this guide The Configuration Guide is designed to help you configure VTS and then accomplish the necessary tasks for using virtual media to store and retrieve data. This guide provides procedures for all tasks you must perform to start using VTS.
Convention Description Monospace Italic Represents variables within command syntax, code, or command-line text. Blue Text Used for cross-references. This icon notes the user who is responsible for performing the procedure that follows. Related documentation The following documentation is provided for VTS: l Quick Start Guide, which provides instructions for installing the hardware and configuring VTS on the network.
You may also consider gathering the output of the getVTS_dbginfo utility, which is provided on the VTS server, or you can generate a troubleshooting package from the web interface. The utility and troubleshooting package collects log files and system information. Refer to "Troubleshooting" on page 163 for more information.
xii | Virtual TapeServer Configuration Guide
Introduction 1 Tape remains the most practical solution for removable storage, and it is often required by regulatory agencies to be archived and stored offsite. However, as the cost of commodity disk storage has decreased, many enterprises view disk-based backup solutions as a feasible alternative to tape-based backup.
For every host connection to VTS, the host system “sees” one or more tape drives; the virtual tape drive emulates the type of tape drive specified during the initial installation and setup process. Virtual tape drives behave just like real tape drives without the problems generally associated with real tape drives. VTS delivers reliable, scalable, and high performance virtual tape for backup, restore, Transaction Management Facility (TMF), archive, and data recovery operations.
Note The VTS web interface refers to virtual tapes as “cartridges.” Note that these terms are synonymous in VTS. Virtual tape drives respond to mount, write, rewind, read, and unload commands from standard backup management applications. Virtual tape drives require virtual tape media, and VTS enables you to create an unlimited number of virtual tapes. A virtual tape is the logical equivalent to a physical tape.
convert the data to LTO-4 format, you could mount each virtual tapes in a VTD that emulates an IBM TD4 drive and restore them to a host. l Scan/Cleanup, which enables VTS to scan pools and virtual tapes to identify virtual tapes that are past their retention period. Scan/Cleanup can erase old virtual tapes to recover disk space. You can also schedule virtual tape erasures when the overall disk space falls below a specified threshold.
valuable data; Data Encryption provides a robust encryption solution that deploys on existing hardware. Industry-standard 256-bit AES symmetric key encryption is used. Accessing the VTS web interface VTS is managed through a standard web browser interface. To access the web interface, launch a supported web browser that is on the same internal network as VTS and then enter the following URL: https://ip_address where ip_address is the management network interface address.
6 | Virtual TapeServerConfiguration Guide
Overview of Tasks 2 After completing the procedures provided in the Virtual TapeServer Quick Start Guide, you can continue the initial configuration of the Virtual TapeServer (VTS) server. Then, you can use VTS to manage your virtual media. The following outlines the general tasks that you must complete to configure VTS and perform dayto-day tasks to maintain VTS. Many of these procedures for the tasks are now provided in the online help. To configure the VTS server 1.
9. If licensed, configure Data Encryption, which enables VTS to encrypt data that is stored on virtual tape. See "Enabling and Configuring Data Encryption" on page 79. 10. Enable and configure Scan/Cleanup, which erases old virtual tapes to recover disk space. See "Enabling and Configuring Scan/Cleanup" on page 125 for more information. 11. Configure access control to grant or limit access to specific VTS functions. See "Configuring User Accounts" on page 131. 12.
Reconfiguring Vaults 3 By default, vault storage is preconfigured on the Virtual TapeServer (VTS) server. Prior to using this storage, you may want to review and change the configuration. For example, you may want to define additional vaults, which provide a convenient way to separate data for different applications or users. You may want to reconfigure vault storage before creating virtual tape drives (VTDs) or using VTS, though you can use VTS without reconfiguring vaults.
Reviewing the vault layout You must use a Linux partition editor, such as fdisk, parted, druid, or the HP Array Configuration Utility, to view the current configuration. (The HP Array Configuration Utility is available as part of HP SmartStart, but using HP SmartStart requires that you reboot VTS.) The following steps use parted to view the current partition layout: 1. Log in to the VTS server as the root user. 2.
Keep in mind that performance and system operations will be slow when vaults are at maximum capacity. To modify the configuration, complete these steps. You can perform this procedure multiple times, if necessary. 1. Identify the partition to modify. This example will modify VAULT01 (c0d1p1). 2. Unmount the file system. umount /VAULT01 3. Create partitions on the disk. If the disk partition is less than 2TB in size, complete these steps: a.
i. Write the settings to a file by entering the following command: w This exits the fdisk utility and displays the # prompt. j. Check the settings by entering the following command: fdisk /dev/cciss/c0d1 k. Print the settings by entering the following command: p l. To exit the fdisk utility, enter the following: q m. Repeat these steps for each of the partitions. If the disk partition is greater than 2TB in size, complete these steps: a.
Sector size (logical/physical): 512B/512B Partition Table: gpt Number Start End Size File system Name 1 17.4kB 1250GB 1250GB ext3 primary 2 1250GB 2500GB 1250GB primary Flags g. Quit parted. quit 4. Create file systems on the newly created partitions. Format the disk partition by entering the following command: mke2fs -j -L /VAULT01 /dev/cciss/c0d1p1 When specifying a vault name, use the following format: VAULTnn, where nn indicates a number.
Adding vaults on external storage devices If an external storage device is connected to VTS, you can use it to configure additional vaults. Up to 100 vaults are supported per VTS server. Note If GFS is used in your VTS environment, see "Maintaining GFS for VTS" on page 199 for instructions to create vaults. To add a vault to VTS 1. If necessary, connect the external storage device to VTS. Make sure that the cable is plugged in and the link light is illuminated (for Fibre Channel) on the VTS server.
Disk /dev/sdb: 524.2 GB, 524289048064 bytes 255 heads, 63 sectors/track, 63741 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id /dev/sdb1 1 63741 511999551 System 83 Linux Disk /dev/sdc: 524.2 GB, 524286222336 bytes 255 heads, 63 sectors/track, 63740 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes d.
f. Write the settings to a file by entering the following command: w This exits the fdisk utility and displays the # prompt. g. Check the settings by entering the following command: fdisk /dev/sdc h. Print the settings by entering the following command: p i. To exit the fdisk utility, enter the following: q j. Repeat these steps for each of the partitions. 5. If the disk partition is greater than 2TB in size, complete these steps to configure the disk partition: a.
6. Format the disk partition by entering the following command: mke2fs -j -L /VAULT01 /dev/sdc1 When specifying a vault name, use the following format: VAULTnn, where nn indicates a number. Repeat this command, incrementing nn for each new vault. Replace /dev/sdc1 with each new partition name and so on, as in these examples: mke2fs -j -L /VAULT02 /dev/sdc2 mke2fs -j -L /VAULT03 /dev/sdc3 7. Create the mount directories by using the mkdir command for each of the vaults that were created above.
To rename a vault 1. Click Administration > System Tasks on the navigation pane and then click Stop TapeServer. 2. Log in to the server as root. 3. Review the existing vault layout and identify the device to rename. Use the df command to view the current disk utilization: df –h Here is an example of the output: Filesystem Size Used Avail Use% Mounted on /dev/cciss/c0d0p2 19G 6.
Enabling Licensed Features 4 Before you can use Virtual TapeServer (VTS), you must enable licensing. You can enable licensing for the following: l Managed capacity, which includes licensing for virtual tape libraries (VTLs) l Standalone virtual tape drives (VTDs) and compression, if included l Data Encryption Suite l Data Replication Suite, which is implemented as replicate jobs l 300Mb, 1Gb, 2.
To add a license key Requires Administration group membership 1. Click Configuration > System on the navigation pane. 2. Click Manage System Licenses. The following page is displayed: 3. To enable VTS to store data (managed capacity), including VTLs and VTDs, type or paste the license key in the Capacity Key field and then click SUBMIT. On the pop-up dialog, click OK to confirm that you want to add the key.
generates keys; you can now add a key database backup host. If a key is not valid, an error message is displayed and the key is not accepted. After licensing is initially enabled for one or more features, you can update a license key. For example, you can add to or subtract capacity. You can also remove a licensed feature. Refer to the online help for instructions. If necessary, obtain the license key from your Sales representative.
22 | Virtual TapeServerConfiguration Guide
Configuring Ports 5 After cabling the host server(s) and external devices to the VTS server, you must configure the ports to enable VTS to communicate properly with each device (target or initiator). Or, if you attach a physical tape drive or storage device to the server after initial configuration, you must define the port as physical. Ports connected to host servers must be defined as virtual. To configure ports Requires the View/Manage Configuration access right 1.
4. Configure each port that is used to attach VTS to an external storage device (tape drive, library, or disk array). From the drop-down list for the port attached to the device, select physical. 5. Click Submit. 6. When prompted, click OK to confirm that you want to reboot the server. 7. On the Reboot The System - Confirmation page, click REBOOT. If problems arise: l Make sure there are no bus conflicts with a physical drive or library on a virtual port or with a host server on a virtual port.
Creating and Managing VTLs and VTDs 6 After Virtual TapeServer is deployed, you can create virtual tape libraries (VTLs). A VTL emulates the functionality of a tape library, which contains one or more tape drives, magazines that hold tape cartridges, a barcode reader to identify tape cartridges, and a media changer for loading and unloading tape cartridges.
A naming convention is used when the components of the VTL are created. The VTL name is specified by the user. All other names are automatically assigned by VTS.
To create a virtual tape library 1. If necessary, log in to the web interface. 2. Click Configuration > Virtual Devices on the navigation pane. The following page is displayed: 3. Click Add Virtual Tape Library in the VIRTUAL TAPE LIBRARIES section of the page.
4. Select the Type option that corresponds to the connection type of the port (Fibre Channel or SCSI) to which the host is connected. Note VTS assigns ID 6 to the SCSI cards because VTS acts as a SCSI target for virtual devices. Using ID 6 instead of 7, which is the industry standard, avoids SCSI ID conflicts with SCSI hosts. You may need to modify settings on the host server or attached physical devices accordingly. 5. In the Name field, specify a name for the VTL.
After creating a VTL, you should l create pools, which organize and set properties on the l add virtual tapes to the pools l insert virtual tapes into the VTL See "Managing virtual tapes" on page 92 for more information.
To view the contents of VTLs 1. Click Administration > Virtual Tapes on the navigation pane. 2. From the Show Cartridges In list, select an option: l To view virtual tapes on the shelf only, select Shelf from the Show Cartridges In dropdown list. l To view virtual tapes in a VTL, select the VTL name from the Show Cartridges In dropdown list. VTL details are displayed at the top of the page and its virtual tapes are listed in the table.
Property Description Presented to Host? Target ID The SCSI ID on which the VTD responds. This ID is not presented to the host if the connection is over Fibre Channel. Yes, for SCSI only Logical unit number (LUN) The sub-ID on the port. This ID is used by the host for SCSI and Fibre Channel connections. Yes Serial number The serial number or other string describing the VTD. Only alphanumeric characters should be used.
2. Click Configuration > Virtual Devices on the navigation pane. The following page is displayed: 3. Click Add Virtual Tape Drive in the VIRTUAL TAPE DRIVES section of the Configure Virtual Devices page. The following is displayed: 4. Select the connection type: FC, SCSI, or SAS. Note VTS assigns ID 6 to the SCSI cards because VTS acts as a SCSI target for virtual devices. Using ID 6 instead of 7, which is the industry standard, avoids SCSI ID conflicts with SCSI hosts.
6. Select the drive type from the Tape Type drop-down list. This property defines the type of tape drive that the VTD emulates. 7. From the Port drop-down list, select the ID of the port to which the host server is connected. This ID is not presented directly to the host; the host will see this port numbered according to its own numbering scheme. If the connection is over Fibre Channel, the port ID is associated with a port WWN that is used by the host to identify the VTS server.
l Windows Server 2008 Values 0-15 are acceptable. 2. From the Lun drop-down list, select the logical unit number. This number identifies the sub-ID on the port, and this ID typically ranges from 0-255. For SCSI connections, this ID is typically 0. Note SCSI devices use target-based addressing. Fibre Channel devices use LUN-based addressing. For Fibre Channel devices, the LUN determines the unique address of the device on the port, so you cannot assign a LUN value more than once per port.
After creating a VTD, you should l create virtual tapes l create pools, which organize and set properties on the tapes l mount a virtual tape in the VTD See "Managing virtual tapes" on page 92 for more information. Viewing standalone VTDs To view standalone VTDs on the server Click Configuration > Virtual Devices on the navigation pane. A list of VTDs is provided in the VIRTUAL TAPE DRIVES section of the page. Here is an explanation of the columns: l VTD - The name of the VTD.
Configuring the NonStop BladeSystem Cluster I/O Module If the NonStop BladeSystem is used as the host server and the Cluster I/O Module (CLIM) will be used, you must configure the virtual tape drives on the NonStop. Complete the following steps to do so: 1. Verify that the serial number specified for each virtual tape drive (in VTS) is unique. 2. Verify that the CLIM is connected to the VTS server using a Fibre Channel cable. 3.
Validating access to VTDs from the NonStop server To validate that the NonStop server can back up to configured VTDs in VTS, you must configure the NonStop server to add the VTD. Then, you can start the virtual tape drive from the NonStop server. Issue the following command on Integrity series servers to configure the virtual tape drive: SCF ADD TAPE $VTD, SENDTO STORAGE, LOCATION (x,y,z), LUN #, SAC #, PORTNAME WWN#, COMPRESSION OFF where $VTD — The virtual tape drive name, such as $TAPE00.
Total Errors = 0 Total Warnings = 0 If unsuccessful, messages similar to the following are displayed: SCF - T9082G02 - (06JAN06) (31OCT05) - 01/19/2007 09:09:06 System \DEV3 (C) 1986 Tandem (C) 2006 Hewlett Packard Development Company, L.P. STORAGE E00002 START TAPE \DEV3.$TAPE30 rejected, file system error: 190STOPPED: 0,63 CPU time: 0:00:00.
7 Enabling and Performing Tape-to-tape Exports You can export data on a virtual tape to a physical tape in an external tape drive or library. This provides a one-to-one mapping of virtual to physical tape. When creating the tape-to-tape export job, you can choose whether the data remains in virtual tape format or host format. This allows application-aware exports because you have the ability to name the virtual tapes such that they are the same as a pool of physical tape cartridges.
Considerations l If the VTS server is rebooted while a tape-to-tape export job is in progress, the job will fail. l To encrypt data that is exported: l Enable Data Encryption and select an encrypted virtual tape for tape-to-tape export (in virtual tape format). The tape is exported as-is if the target library supports encryption on all of its drives. l Enable drive-level encryption and export an unencrypted virtual tape using virtual tape format.
3. Click Physical Devices to expand this area of the page. 4. To specify a user-friendly name or short description of the drive or library, type a name in a drive or library's Friendly Name column. This name will be used when selecting a drive or library on other pages in the web interface. 5. Click Apply. To dedicate a physical library or drive for use by tape-to-tape or stacked export jobs 1. Click Configuration > System on the navigation pane. 2. Click Edit System Settings. 3.
Exporting a virtual tape or pool You can export one virtual tape to one physical tape using a tape-to-tape export job, and you can choose whether the data remains in virtual tape format or host format. You can perform this procedure if a capacity license is enabled on the server. To export a virtual tape or pool Requires the Virtual Tape Import and Export, Vault Access, and Access to all Vaults access rights 1. Click Administration > Virtual Tapes on the navigation pane. 2.
7. Select a drive or library from the Destination drop-down list. Note Disconnected tape drives or libraries can be selected, though the job will fail if the drive or library remains disconnected when the job runs. 8. Select an Export Format option: l If you choose Virtual Tape Format, the tape is exported as-is and cannot be read by the host server.
e. Click Save. After the job runs, you can return to the Managed Schedules page for its status. If a problem occurred, the Last Run column will display “Failed”. Importing data from a physical library or drive To import data from an external tape device Requires the Virtual Tape Import and Export, Vault Access, and Access to all Vaults access rights Note You can perform this procedure if a capacity license is enabled on the server. 1. Click Administration > External Data on the navigation pane. 2.
8 Enabling and Performing Stacked Exports Through integration with a backup management application server, you can read and write files to and from Virtual TapeServer (VTS). You can then create stacked export jobs on VTS to export, or “migrate”, virtual tapes to physical tapes using an attached external tape device. Note Stacked export jobs are available if a capacity license is enabled on the server. Stacked exports allow for better use of the disk space on the storage array.
6. If using a standalone drive for a stacked export job, be sure to insert a labeled tape in the drive before running the job. 7. Export virtual tapes by creating stacked export jobs using the web interface as described in this chapter. If necessary, you can also import exported tapes. Or, you can configure the VTSPolicy command on the VTS server to automatically export tapes.
3. Click Physical Devices to expand this area of the page. 4. To specify a user-friendly name or short description of the drive or library, type a name in a drive or library's Friendly Name column. This name will be used when selecting a drive or library on other pages in the web interface. 5. Click Apply. To dedicate a physical library or drive for use by tape-to-tape or stacked export jobs 1. Click Configuration > System on the navigation pane. 2. Click Edit System Settings. 3.
Setting the backup management application password You can configure a system account for use by backup management applications (for stacked exports). To configure a system user account 1. Click Security > Passwords on the navigation pane of the VTS web interface. A page similar to the following is displayed: 2. Select hsm from the drop-down list. 3. Type the username and password that is required to log in to the backup management application and then click Update.
3. Choose one or more virtual tapes to export. (In a later step, you can also choose virtual tapes in VTLs or pools.) 4. Select Stacked Export from the Actions drop-down list (above the table, on the right side of the page). The following is displayed: 5. On the pop-up dialog, select the Create New Job option. 6. Specify a job name in the Job Name field. If you leave this field blank, a name is generated for you. 7.
d. In the Create Schedule area, select how often you want the job to occur from the following options. l One time — Runs the job once. You must select a start date and time. l Weekly/Daily — Runs on the days you select. You must select the days and a start date and time. l Monthly — Runs on a specific date each month. Select a date and start time. If you specify a date that does not exist in a month, the job will run on the last day of the month. e. Click Save.
9 Enabling and Configuring Data Replication You can configure VTS to export virtual tapes to a remote VTS server. This feature is implemented as replicate jobs, for redundancy or disaster recovery purposes, and remote export jobs, for high availability and role swapping purposes: l Use replicate jobs to replicate data as part of your disaster recovery solution or to enable multiple VTS servers to back up virtual tapes to a single remote server.
Steps to enable, configure, and use replicate jobs 1. Enable Data Replication licensing using the VTS web interface as described in Enabling Licensed Features. Note Multiple license keys are available for this feature, based on the desired transfer speed (WAN Acceleration). If the licensed transfer speeds do not match on the source and target systems, the lowest speed is used during replication. 2.
a. Unmount the file system: umount /VAULT04 b. Copy the /etc/fstab file to a backup file: cp /etc/fstab /etc/fstab.backup c. Relabel the device, using the file system name: e2label /dev/sdc2 /DATA04 d. Edit /etc/fstab and replace the old “VAULTnn” name with the new “DATAnn” name. e. Rename the mount point: mv /VAULT04 /DATA04 f. Mount the file system and set permissions: mount /DATA04 chown bill.root /DATA04 chown bill.replicators /DATA04 chmod 750 /DATA04 3.
To add a target server Requires Administration group membership Complete these steps using the source server's web interface: 1. Click Configuration > System on the navigation pane. 2. Click Edit System Settings. 3. Click Replication to expand this area of the page. 4. Click the Add Target Host button. The following is displayed: 5. If the local (source) server was replaced, you need to notify the target server so that it can update its source server information: a. Select the Replace System checkbox. b.
7. In the Target Host field, type the fully qualified hostname or IP address of the target server. Note It is recommended that you provide a hostname, if DNS is configured on your network. If you provide an IP address instead of a hostname and then the IP address of the source or target server changes, you must delete the target server and then complete all configuration procedures again. 8. In the Http Port field, type the port number used for accessing the web interface on the target system.
6. Select the Enabled checkbox to enable the source server, thereby allowing it to use the local (target) system as a replication target. (You cannot select this checkbox if the Authorized checkbox is not selected.) 7. In the Friendly Name field, type a name for the source server. 8. Using the Map To lists, map mount points (data volumes) on the local (target) server to the source server. This determines where replicated tapes are stored on the local server when sent from this source server.
Replicating data to remote servers To replicate data to remote servers, you must create and run a replicate job. To create and run a replicate job Requires the Virtual Tape Import and Export, Vault Access, and Access to all Vaults access rights 1. Click Administration > Virtual Tapes on the navigation pane. 2. Select All, Shelf, or a VTL name from the Show Cartridges In drop-down list. 3. Choose one or more virtual tapes to replicate. (In a later step, you can also choose virtual tapes in VTLs or pools.
10. Select the Run Immediately? option to run the job immediately after it is created. 11. Click submit. 12. To schedule the replicate job, you must create a schedule that is associated with the job. a. Click Administration > Jobs on the navigation pane. b. On the Manage Jobs page, click Schedules page is displayed. next to the job you want to schedule. The Manage c. Click Add Schedule. d. In the Create Schedule area, select how often you want the job to occur from the following options.
2. Select a remote host from the Select Destination drop-down list. 3. To name the restore job, enter a name in the Job Name field. 4. If you wish to stop the restore operation if an error occurs, select Stop on Error (above the table). If an error occurs, the restore job fails. If you do not select this option, the restore operation will skip tapes that caused an error and finish importing the selected tapes. 5. Select one or more tapes to restore from the list.
60 | Virtual TapeServerConfiguration Guide
10 Enabling and Configuring Role Swapping To enable “role swapping” of primary and secondary Virtual TapeServer (VTS) servers in your environment, or to ensure high availability of data across sites, you can use remote export jobs to export data to remote servers. To use remote export jobs, you must license the Data Replication feature. Note This feature is also implemented as replicate jobs, for redundancy or disaster recovery purposes. For role swapping, you will use remote export jobs only.
last modified a virtual tape. l Ownership of virtual tapes is not stored, so there is no way to inform the administrator of either system of the originator of the virtual tape. l Remote export jobs push virtual tapes from one system to another. It is your responsibility to disable the remote export jobs on current primary server (at the production site) and enable them on the current secondary server when swapping roles. If you do not disable all jobs on the production site, data may be overwritten.
3. Configure Server A to export data to Server B: a. Enable Data Replication licensing using the VTS web interface as described in "Enabling Licensed Features" on page 19. b. Configure the rep_ parameters in the configuration file as described in "Configuring settings for remote export jobs" on page 68. c. Export virtual tapes to Server B by creating and running remote export jobs. This is described in "Replicating a virtual tape using a remote export job" on page 69.
c. Enable jobs on Server B. d. If Data Encryption is used in the environment and Server A was the key generator, you do not need to perform additional steps to continue to use Data Encryption after swapping roles. However, if Server A is not available, you can restore a backup of Server A’s key database from a remote host. Then, you can configure Server B to be the key generator. See the Managing Data Encryption help topics in the online help for details. e.
The following steps use two sites as an example of enabling Data Replication between two sites, Boston and Los Angeles, connected by a wide area network (WAN): To configure network settings 1. Verify that the hostname, IP address, and gateway are configured on each VTS server in the environment. Refer to the Quick Start Guide for more information. 2.
3. Test connectivity by pinging the network connections. At the prompt, enter ping hostname. For example, to ping the Boston server, enter ping boston. Output similar to the following is displayed: 64 bytes from boston (10.10.2.145): icmp_seq=0 ttl=64 time=0.053 ms 64 bytes from boston (10.10.2.145): icmp_seq=1 ttl=64 time=0.053 ms 64 bytes from boston (10.10.2.145): icmp_seq=2 ttl=64 time=0.053 ms 64 bytes from boston (10.10.2.145): icmp_seq=3 ttl=64 time=0.053 ms Press CTRL-C to stop the ping process.
5. If you configured SSH and access to the bill account is restricted on the VTS servers, you must grant SSH access to the bill user for each VTS server. To do this, become root (enter su root) and then edit /etc/ssh/sshd_config to add this line: AllowUsers vtsa bill@source_svr where source_svr is the IP address or hostname of the VTS server where the AutoCopy operation is originating.
Configuring settings for remote export jobs Note A default configuration file is defined for each VTS server. To override the default settings, you must define settings as described below. To modify the configuration file to configure remote export jobs Requires the Edit Configuration File access right 1. Enable Data Replication licensing as described in "Enabling Licensed Features" on page 19. 2. On the primary (originating) server, complete these steps: a.
Parameter Description Values parameter is required if rep_streams is target set to a value greater than 1. server’s name Example vts.conf entries: rep_destination_hosts='vts11, vts21' rep_streams='1' rep_source_tmp='/VAULT10/.TMP' rep_destination_tmp='vts11:/VAULT01/TMP, vts21:/VAULT00' d. Click SAVE. e. Restart the TapeServer process on the Manage System Tasks page. 3. On the secondary (target) servers, add the rep_source_hosts parameter to the configuration file, as follows: a.
4. Select Remote Export from the Actions drop-down list (above the table, on the right side of the page). The following is displayed: 5. Select a remote server from the Destination Host drop-down list. 6. Click Fetch destination details. A list of virtual tapes to be exported is then listed on the Manage Virtual Tapes page. 7. If necessary, exclude virtual tapes from the remote export job.
11 Configuring EMS Communication To automate the process of mounting and dismounting virtual tapes on a NonStop host server, you must configure the Event Management System (EMS) on VTS. The EMS service for host servers starts the EMS distributor on the host server by issuing a Tandem Advanced Command Language (TACL) command. The distributor notifies the VTS EMS service when an EMS message is posted on the host server.
d. To enable EMS, select the Enable EMS checkbox. e. To configure VTS to generate EMS messages for notifications, set the following: l To enable VTS to send notification messages back to the host from EMS messages, select Enable Host Notifications. l If you enabled notifications, set the notification level from the Notification Level drop-down list. This enables EMS to acknowledge certain EMS messages and generate completion status (success or failure) messages.
c. In the Host Name or IP field, specify a hostname or IP address of the host server for which a Telnet or SSH session will be established. d. Select the protocol to use for the session from the Protocol drop-down list. e. In the Host Port field, specify the target Telnet or SSH port on the host server. By default, SSH runs on port 22. To identify the SSH port on the host server, refer to the PORT parameter in the SCF IN file that defines the SSH process. f.
XYGATE: logon %username% SAFEGUARD: logon %username% l In the Login Password Prompt field, specify the password prompt that will be returned by the host server in response to the Telnet or SSH connection. Examples: TACL: /Password:\s*$/i TACLS: /Password:\s*$/i XYGATE: /Password:\s*$/i SAFEGUARD: /Password:\s*$/i l In the Login Password Answer field, specify the password response that will be shown during the login process.
j. In the Response Timeout field, specify the timeout value (in seconds) used to wait for each response during the EMS login process. k. In the Host and Virtual Devices section of the page, add the tape devices that are configured on the host server and connected to VTS. Each host device corresponds to a virtual device, which defines the virtual tape drive known to the host server for the host device. You must define at least one host device. Click New and specify a name in the Host Device field.
4. Set the username and password for each EMS host: a. Click Security > Passwords on the navigation pane. The following page is displayed: b. Configure a password for each EMS host defined in the configuration file. Click Help for complete instructions. 5. If you configured EMS to use SSH, you must log in to each host server to verify and accept the fingerprint. When the fingerprint is accepted, the host server’s key is stored in /home/bill/.
d. Enter yes to accept the fingerprint. e. Exit by pressing CTRL+C. If a mismatch occurs after accepting the fingerprint, you can edit the /home/bill/.ssh/known_ hosts file to remove lines for host server whose key has changed. Then, after the obsolete key has been removed, repeat this step to accept the new key. 6. Click Stop EMS Service and then click Start EMS Service on the Manage System Tasks page to restart the EMS service.
c. Add the following parameters at the bottom of the file that is displayed: Parameter Description Values cleanup_threshold_ Indicates the threshold after which a Integer percent cleanup is initiated, if Scan/Cleanup is enabled. When the VTS file system reaches this threshold (a percentage), virtual tapes can be scheduled for erasure if this parameter is set. This parameter also instructs VTS to send a notification to the NonStop server.
12 Enabling and Configuring Data Encryption Data Encryption is an optional Virtual TapeServer (VTS) licensed feature that enables VTS to encrypt data that is stored on virtual tape. Note that Data Encryption protects data at rest. It does not protect or secure the VTS server. Here is how Data Encryption affects tape operations: l When an encrypted tape is mounted, the data that is written to the tape is encrypted.
Overview of Data Encryption When Data Encryption is enabled on a VTS server, the embedded key server can be configured to generate keys for encrypting virtual tapes. VTS uses symmetric key encryption to secure data written to tape. This encryption is based on Advanced Encryption Standard-Cipher Block Chaining (AES-CBC) and uses 256-bit keys provided by a random number generator. When a key is generated, its key ID is stored with the encrypted virtual tape.
l Migrating a virtual tape (stacked export) An encrypted virtual tape is migrated as-is; that is, the data remains encrypted when it is migrated to physical tape. l Compressing data If enabled, data compression occurs before encryption. l Updating metadata, timestamps, and file sizes Every virtual tape stores header information called metadata, which is used by VTS to retain an audit trail of information about the tape. When a tape is encrypted, the metadata is not encrypted.
encrypt the tape is not configured on the server where the encrypted tape resides, the tape operation will fail and an error message will be displayed indicating that the operation failed. See "Data Encryption and failed tape operations" on page 171 for an explanation of the possible failures. l Upgraded installations Beware of using Data Encryption in an environment where some VTS servers are upgraded and others are not. It is highly recommended that you do not use Data Encryption in a mixed environment.
If you choose to designate another server (server C in this example) as the key generator after server A has generated keys, you must perform these steps to reconfigure the Data Encryption environment: 1. Add server C as a key generator on servers A, B, and C. 2. Reconfigure server A as a non-key generator on servers A, B, and C. To reconfigure a key generator as a non-key generator, you must remove the server entry and re-add it, clearing the Key Generator option. 3.
key generator. If a key generator is reconfigured to no longer generate keys, it is then referred to as a “non-key generator”. The key database remains on the non-key generator but that server no longer creates keys. When a virtual tape needs to be decrypted, VTS retrieves the encryption key from the key server that generated the key. If the key generator was reconfigured as a non-key generator, VTS must still have access to that key server.
8. Type the password of the specified user in the Password field. 9. Click SUBMIT. After you add a key generator and a key database backup host (other than localhost), allow five minutes for the key generator to create the first set of keys and key IDs. Key IDs may not be available until after this initial time period. Adding a key database backup host By default, each VTS server is configured as its own backup host. You must configure at least one other backup host on the key generator.
4. In the Host/IP Address field, type the hostname or IP address of a server that VTS will use as a backup host for the key database. 5. In the Username field, type the username of a user account that can access the SCP program on the specified server. 6. Type the password of the user account in the Password field. 7. Select a protocol from the Protocol drop-down list. 8. In the Destination field, type a path and file name to the file that will store the key database.
13 Creating and Managing Virtual Media VTS organizes data in vaults, which are defined for you. Vaults contain pools, and pools contain virtual tapes. You can create, modify, and delete pools.
Before beginning l Verify that a vault is available for storing data. Customer data should not be stored on VAULT00, which provides a small amount of space needed for system maintenance. If VAULT00 is the only vault available, it is recommended that you attach an external storage device for use in storing data. See the Quick Start Guide for cabling instructions and then refer to "Reconfiguring Vaults" on page 9. To create a pool Requires Administration, Operations, or Supervisor group membership 1.
period governs when the virtual tape can be erased to reclaim space in a vault (using the Scan/Cleanup feature). 7. Select the Autoloading checkbox to enable the pool to automatically load and unload virtual tapes as they are used, from the first to the last virtual tape in the pool. Note You may want to set this option before writing labels to the virtual tapes from the host server. After writing the labels, edit the pool to disable this option. 8.
l You must set the Trigger Policy If Enabled option when configuring jobs; jobs are responsible for performing policy actions. For example, a replication jobs and a stacked export job must exist and the Trigger Policy If Enabled option must be set on the jobs to accomplish the scenario described above. l You cannot create multiple policies that are initiated by the same event for the same pool. For example, you cannot replicate and export a tape in PoolA after the tape is unmounted.
To create a policy Requires Administration, Operations, or Supervisor group membership 1. Click Configuration > Policies on the navigation pane. The Configure Policies page is displayed. 2. Click Add Policy. 3. From the On Success Of drop-down list, select the event that must complete successfully to trigger the policy action. 4. Select the policy action from the Perform drop-down list. 5. Choose the pools to which this policy applies from the Pool Selection list. 6.
Be careful when defining attributes if multiple policies trigger the same action for the same pool. Attributes for existing policies are overwritten (for policies that trigger the same action for the same pool.) 7. Enable the policy if you want VTS to begin evaluating events and trigger policy actions. You can leave the Enable checkbox unchecked if you want to leave the policy disabled for now. 8. Click the Save button. Now, verify that jobs are configured and the Trigger Policy If Enabled attribute is set.
Before beginning l Verify the name(s) of the tape(s) on the host server. It is recommended that you use consistent naming on the VTS and host servers. For example, specify $VTAPE1 on the VTS server if the tape is named $TAPE1 on the host server. l Be sure that virtual tape names are unique across all pools on the VTS server and all VTS servers in the environment. (Think of virtual tape names as you would physical tape barcodes; duplicates are not supported.
characters in length (total). Note The names applied to virtual tapes are not tape labels. They are equivalent to the stickon labels applied to physical tapes. 4. In the How Many? field, type the number of tapes to create. 5. In the Start At field, indicate where numbering begins. For example, if you enter VT in the Prefix field and enter 2 here, the first tape created is named VT0002. 6. Click Save.
Inserting virtual tapes into a VTL You can move virtual tapes from the shelf, where they are placed after creation, to a VTL. (The shelf contains virtual tapes that are not associated with a VTL.) Before beginning l Make sure empty slots are available in the VTL. To add virtual tapes to a VTL 1. Click Administration > Virtual Tapes on the navigation pane. 2. From the Show Cartridges In drop-down list, select Shelf. 3. Choose the virtual tapes you want to add to the VTL by selecting them in the table. 4.
To mount a virtual tape Requires the Mount Cartridges, Vault Access, and Access to all Vaults access rights Use this procedure if a capacity license is enabled on the server. 1. Click Administration > Virtual Tapes on the navigation pane. 2. From the Show Cartridges In drop-down list, select All or Shelf. 3. Choose the virtual tape that you want to mount. 4. Select Mount from the Actions drop-down list (above the table, on the right side of the page). The following is displayed: 5.
4. Select the virtual tape to mount. In the following snapshot, the DF0000 virtual tape will be mounted on the VF40500 host device: 5. Click Mount. The following dialog box is displayed. Note If the Mount button is not displayed, see "Configuring Web Interface Preferences" on page 151 for information about displaying this button. Also, if you cannot click the Mount button, maximize your browser; this should display an arrow cursor and enable you to click the button.
7. After the backup begins, you can monitor the progress from the Virtual Media - Operation page. In the kb/sec and size(MB) columns, you can see the megabytes that have been backed up and the backup rate. After the backup completes, you can verify that the size of the virtual tape has changed. You can also monitor progress from the System Status page, which shows the current transfer rate (if enabled). When the backup is finished, VTS unloads the virtual tape.
To view mounts Requires the Virtual Tape Mounts and Locks access right Click Administration > Mounts and Locks on the navigation pane. The top of the page shows the recent mount requests. Only mount requests that can be handled by the server are displayed. You can also restart the EMS messaging service from this page by clicking the RESTART button. Unmounting virtual tapes You can unmount a virtual tape from a standalone VTD only. VTDs in VTLs are controlled by initiating hosts only.
3. Select the host device where the virtual tape is mounted. 4. Click Unmount. Encrypting and decrypting virtual tapes You can encrypt virtual tapes individually or you can encrypt a pool, which instructs VTS to automatically encrypt virtual tapes when they are added to the pool.If you encrypt a pool, all virtual tapes in the pool are encrypted when they are created. If virtual tapes exist in the pool when the pool is configured for encryption, you can specify whether they should also be encrypted.
4. Select Encrypt from the Actions drop-down list (above the table, on the right side of the page). The following is displayed: 5. On the pop-up dialog, select the Create New Job option. 6. Specify a job name in the Job Name field. If you leave this field blank, a name is generated for you. 7. To choose pools to encrypt (in addition to those selected on the Manage Virtual Tapes page), move pools from the Available list to the Selected list.
d. In the Create Schedule area, select how often you want the job to occur from the following options. l One time — Runs the job once. You must select a start date and time. l Weekly/Daily — Runs on the days you select. You must select the days and a start date and time. l Monthly — Runs on a specific date each month. Select a date and start time. If you specify a date that does not exist in a month, the job will run on the last day of the month. e. Click Save.
Requires Administration, Operations, or Supervisor group membership To encrypt all virtual tapes in a pool If a pool contains virtual tapes and then you edit the pool to encrypt tapes in the pool, VTS creates a job to encrypt the existing tapes. 1. Click Configuration > Tapes and Pools on the navigation pane. 2. Click next to the pool you want to encrypt. The following is displayed: 3. Select the Encryption checkbox.
Decrypting virtual tapes To decrypt one or more virtual tapes Requires Administration group membership 1. Click Administration > Virtual Tapes on the navigation pane. 2. From the Show Cartridges In drop-down list, select Shelf. 3. Choose the virtual tapes you want to decrypt by selecting them in the table. 4. Select Decrypt from the Actions drop-down list (above the table, on the right side of the page). The following is displayed: 5. On the pop-up dialog, select the Create New Job option. 6.
10. Select Trigger Policy If Enabled if you want to initiate actions defined in policies associated with the selected virtual tapes. Policies apply to pools, so this option triggers policies that are defined for pools in which the selected virtual tapes reside. 11. Click submit. 12. To schedule the Decrypt job, you must create a schedule that is associated with the job. a. Click Administration > Jobs on the navigation pane. b. On the Manage Jobs page, click Schedules page is displayed.
Requires Administration, Operations, or Supervisor group membership To decrypt all virtual tapes in a pool If a pool contains virtual tapes and then you edit the pool to disable encryption, VTS creates a job to decrypt the existing tapes. 1. Click Configuration > Tapes and Pools on the navigation pane. 2. Click next to the pool you want to decrypt. The following is displayed: 3. Select the Encryption checkbox to remove the checkmark. 4. Click Save .
Exporting virtual tapes If a capacity license is enabled on the server, you can export data in the following ways: l Export to a physical library or tape drive using a tape-to-tape export job to an external tape library or standalone drive (your license type determines how you perform this procedure using the web interface). . l Export a virtual tape to one or more physical tapes using a stacked export job. See "Enabling and Performing Stacked Exports" on page 45 for details.
To export a virtual tape or pool Requires the Virtual Tape Import and Export, Vault Access, and Access to all Vaults access rights 1. Click Administration > Virtual Tapes on the navigation pane. 2. Click the Advanced Media Actions link in the upper right corner of the page. The Configure Tapes and Pools page is displayed. 3. Expand a pool in the pool column and select a virtual tape in the cartridge column.
4. Click Import/Export. Or, if Data Encryption is enabled and the tape is encrypted, click Import/Decrypt&Export. The Virtual Media - Import/Export page is displayed. If one or more physical tape drives are connected to VTS, they are detected automatically. (If a physical tape drive is not listed, such as if it was connected after VTS was booted, you may need to rescan the SCSI controllers. See "Common issues" on page 165 for more information.
4 — Could not open physical tape drive 5 — Could not load and rewind tape before copy 6 — Could not rewind tape after copy 7 — Could not issue SCSI write command 8 — SCSI write command failed Migrating a virtual tape to physical tape using the web interface If a VTD license is enabled on the server, you can export a pool, which exports all virtual tapes in the pool, or you can export a single virtual tape. This is also referred to as “migration”.
3. Select a pool to migrate by clicking on the name of a pool in the pool column. Or, expand a pool and select a virtual tape in the cartridge column. Note VTS locks all virtual tapes that are selected for migration, until the operation is complete. If you select a pool to migrate, all virtual tapes in the pool are locked. Thus, to migrate a pool, there must be no locks on the pool or any of its virtual tapes. 4. Click the Migrate button at the top of the page. 5. When prompted, confirm the action.
/VAULTxx/pool/cartridge — Specifies the pool and cartridge on which to operate. If you want to migrate an entire pool, specify /VAULTxx/pool only. keyword=value — Specifies a valid combination of keywords and their values. Supported keywords include the following: l source or s — Specifies the fully-qualified hostname of the VTS system on which the specified pool resides. In a VTS cluster, this keyword specifies the VTS server that will execute the command. This keyword is required in a VTS cluster.
keyword=value — Specifies a valid combination of keywords and their values. Supported keywords include the following: l source or s — Specifies the fully-qualified hostname of the VTS system on which the specified pool resides. In a VTS cluster, this keyword specifies the VTS server that will execute the command. This keyword is required in a VTS cluster. l erase — Enables VTS to erase the virtual tape after migration is completed successfully. Set this keyword to YES or NO.
where /VAULTxx/pool/cartridge — Specifies the pool and cartridge on which to operate. If you want to migrate an entire pool, specify /VAULTxx/pool only. keyword=value — Specifies valid keywords and their values, as follows: l source or s — Specifies the fully-qualified hostname of the VTS system on which the specified pool resides. In a VTS cluster, this keyword specifies the VTS server that will execute the command. This keyword is required in a VTS cluster.
To use a TACL macro in obey script On the NonStop server, you can create an obey script that includes a TACL macro that communicates with the VTS server through EMS. In the script file, add the commands specified below. To initiate the script, run the script using the obey command, add the lines to the end of an existing script, or schedule the script to run from Batchcom.
Restoring data You can restore data in the following ways (if a capacity license is enabled on the server): l Import from a physical library; this is the reverse of a tape-to-tape export job to an external tape library and can be performed from the Manage External Data page of the web interface. or Import from a physical tape drive; this is the reverse of a tape-to-tape export to a standalone drive and can be performed from the Manage External Data page.
Note You can also automate these operations from the NonStop server using the VTSPolicy command if Event Management Service communication is configured. See "Configuring EMS Communication" on page 71; VTSPolicy is described below. Manually erasing a virtual tape using the web interface Before beginning l Remove the virtual tape from the VTL, if necessary. Or, unmount the virtual tape, if it is mounted.
Manually deleting a virtual tape using the web interface Before beginning l If the virtual tape resides in a VTL, you must remove it from the VTL before you can delete it. To delete a virtual tape To delete an unencrypted virtual tape: Requires the Delete Cartridges, Vault Access, and Access to all Vaults access rights; also, requires Administration group membership if deleting an encrypted tape 1. Click Administration > Virtual Tapes on the navigation pane. 2.
Automatically erasing a virtual tape using Scan/Cleanup After you enable and configure Scan/Cleanup as described in "Enabling and Configuring Scan/Cleanup" on page 125, you can display the web interface for this feature by clicking Configuration > Scan Cleanup on the navigation pane. Click the Show/Hide ‘No’ button to display the cartridges: To view the Status table This table lists all virtual tapes on the system and their Scan/Cleanup status.
not past retention,” which means the virtual tape is not scheduled for erasure because it is not past the retention time. Pool :: Cartridge Erased Written Retention Migrated Erase TEST :: X00001 13Feb05 15:43 17Feb05 14:49 2 weeks not by VTS no, not past retention In the following example, there are two virtual tapes, N00014 and N00015, which were erased on 13Feb05 15:43 and last written on 17Feb05 14:49. Their retention time is 2 weeks and they never have been migrated by VTS.
stored with the virtual tape but is not part of the data itself.
You can issue a simple FUP call to copy the contents of a text file to the $0 process. Create a text file on the NonStop server that contains the VTSPolicy command. Then, from Batchcom or within an existing backup script, run the following command: FUP COPY filename, $0 This sends the contents of the file to the EMS collector. Or, you can create a TACL macro to issue the command. On the NonStop server, create an obey script that includes a TACL macro that communicates with the VTS server through EMS.
ZEMS^TKN^TEXT [#charcount evt_text] [evt_text]] #SET evt_error [#SSPUT evt_buf ZEMS^TKN^EMPHASIS [ZSPI^VAL^TRUE]] #SET evt_error [#SSPUT evt_buf ZEMS^TKN^ACTION^NEEDED [ZSPI^VAL^TRUE]] #APPENDV req_prompt evt_buf Managing locks on virtual tapes Pools are locked when VTS needs uninterrupted access to any of the cartridges in a pool. The Virtual Media - Mounts and Locks page enables you to view current locks on pools and virtual tapes.
To remove a lock 1. Click Administration > Mounts and Locks on the navigation pane. 2. Select the pool or virtual tape to unlock at the bottom of the page. 3. Click REMOVE LOCK.
14 Enabling and Configuring Scan/Cleanup Scan/Cleanup is a Virtual TapeServer (VTS) feature that is designed to help you maintain VTS. It scans pools and virtual tapes to identify virtual tapes that are past their retention period. Scan/Cleanup can erase old virtual tapes to recover disk space. You can also schedule virtual tape erasures when the overall disk space falls below a specified threshold. Scan/Cleanup can be used to erase tapes after they are exported to physical tape using stacked export jobs.
l You can force an erasure or block an erasure by using the checkboxes on the Scan/Cleanup page. However, when an erase process completes (either auto-erase or erase-now), these overrides are removed. l When Scan/Cleanup erases a virtual tape, the header information (metadata) remains stored on VTS. l Scan/Cleanup does not affect a virtual tape's encryption setting.
Parameter Description Values automated erase process. When set to NO, Scan/Cleanup is disabled and the Scan/Cleanup page displays the erasure cleaning status of each virtual tape but no virtual tapes are erased without further configuration. Default value: NO If you want to automate virtual tape erasures, set this parameter to YES and set the cleanup_scan_at and cleanup_interval parameters. Once enabled, the start time and interval are used to determine how many times per day the erasure process runs.
Parameter Description Values daily. If you specify 0, the feature is disabled. Default value: 0 cleanup_nonMigrated Indicates to erase virtual tapes that have YES or NO not been migrated. Migration is used to move data from VTS to permanent storage. Default value: NO cleanup_show_erase_ Displays Scan/Cleanup files that are used to control_files implement the Scan/Cleanup erasure YES or NO process. This is typically set to NO and may be enabled to help diagnose a system problem, if indicated.
Parameter Description Values rows on the Scan/Cleanup page. Many of the virtual tapes will not be scheduled for erasure. To make the display smaller and simpler, the NO rows are suppressed. When this parameter is set to NO, a small button is shown that permits the user to temporarily override this parameter and show the NO rows. Default value: NO cleanup_show_erase_ Shows or hides the Erase meta data column column in the Status Table.
cleanup_nonMigrated='YES' cleanup_show_erase_control_files='NO' cleanup_show_erase_column='YES' cleanup_minimum_size_GB='8' cleanup_show_size_column='NO' meta_control_panel='NO' 4. Click SAVE to save all changes.
15 Configuring User Accounts This chapter describes how to manage and use the operating system and web interface accounts on the VTS server. Managing operating system accounts By default, the following user accounts are provided for the VTS operating system (Linux): l root l bill l vtsa The first time you log in to the VTS operating system using one of these usernames, you are prompted to change the password.
Note the following about the vtsa account: l Accessible by SSH l Runs in a restricted shell l Can “su” to other accounts l Through “sudo”, can issue the following commands: l /sbin/tune2fs -l /* l /bin/cat l /usr/bin/passwd l /sbin/chkconfig l /bin/ping l /usr/bin/clear l /bin/ps l /usr/bin/crontab l /sbin/reboot (runs as root) l /usr/local/tape/bin/getVTS_ dbginfo (runs as root) l /bin/bash/usr/local/tape/bin/getVTS_dbginfo (runs as root) l /usr/bin/updatedb (runs as root) l
Adding accounts You can create additional accounts in the vtsmaint group, and the new user will have the same privileges as the vtsa user. To create an account 1. Log in to the VTS server. 2. Become the root user: su 3. Enter the following command to create the user account: useradd -n username 4.
Expiring passwords By default, account passwords expire in 90 days (this does not apply to the bill or root accounts). To change account expiration 1. Log in to the VTS server. 2. Enter the following command: chage -M days user_acct where days specifies the number of days after which the password expires, and user_acct specifies the user account.
Managing web interface accounts Here is a list of the default user accounts provided for accessing the VTS web interface: Username Default Password Group Privileges operator tapelabs Operations Can view system status, including vaults. tapelabs tapelabs Supervisor Can perform all VTS functions but cannot administer access control, edit the VTS configuration file, restore the Linux configuration, or view and manage configurations.
Enabling a closed system using default users and groups You can enable a closed system to require authentication. The user can access only the resources assigned to a particular group. You can enable or disable individual rights to resources. Requires the System Access Controls access right To enable a closed system 1. Click Security > Access Control on the navigation pane. 2. If prompted, log in. After logging in, the Manage Access Control page is displayed. 3.
Rights Administra- Operations Supervisor tion Group Group Group Supervisory Functions X X Access Administration X System Access Controls X User Access Controls X Block and Unblock TapeServer X X Database Download X X Database Upload X Edit Configuration File X Halt and Reboot TapeServer X X Manage Scheduled Jobs X X Server Certificate Maintenance X X System Maintenance Functions X X System Upgrade/Update X X Turn Compression On or Off X X Upload Encryption Keys X
Rights Administra- Operations Supervisor tion Group Group Group Virtual Tape Operations X X X Scan and Cleanup Control Panel X X Virtual Tape Cartridge X X Delete Cartridges X X Virtual Tape Import and Export X X Virtual Tape Instant DR X X Virtual Tape Mounts and Locks X X Virtual Tape Pool Maintenance X X Erase Cartridges X X HSM Migration X X Mount Cartridges X X Unmount Cartridges X X View System Status X Change Refresh Rate X Stop and Start TapeServer X
Enabling closed access and restricting access to virtual tapes If you want to create an account that does not have access to virtual tapes, complete this procedure. To restrict access to virtual tapes 1. Log in using the admin account. 2. Enable a closed system as described in "Enabling a closed system using default users and groups" on page 136. 3. Add a user as described in "Creating a user" on page 140. 4. Add a group: a. Click + to expand Users and Groups. b. Click ADD next to Groups. c.
Creating a user Requires the System Access Controls access right To create a user 1. Click Security > Access Control on the navigation pane. 2. If prompted, log in. After logging in, the Manage Access Control page is displayed. 3. Click + to expand Users and Groups.
4. Click ADD next to Users. The name and password fields are displayed. 5. Type a username in the name field. Usernames cannot contain spaces and cannot duplicate existing usernames, group names, or reserved names. Also, they must be alphanumeric, though they can include an _ (underscore) character. 6. Type a password in the password field. 7. Click APPLY. The user is added and additional buttons are displayed. 8. To assign the user to a group, click CHANGE GROUP. The Group drop-down list is displayed.
Changing any user’s password It is highly recommended that you change the passwords of the default users. To change a user’s password Requires the System Access Controls access right to change any user’s password 1. Click Security > Access Control on the navigation pane. 2. If prompted, log in. After logging in, the Manage Access Control page is displayed.
3. Click + to expand Users and Groups. 4. Select the user from the Users drop-down list. 5. Click SET PASSWORD. The Password field is displayed. 6. Type a new password in the field. 7. Click APPLY.
Configuring groups Groups define the access rights that are assigned to users. Three groups are provided: l Administration l Operations l Supervisor For a list of the default rights assigned to these groups, see 136. You can modify the access rights that are assigned to these groups. You can also save your changes as a set of custom defaults, which can be restored later if necessary.
3. Click + to expand Rights. 4. To modify access rights assigned to the Administration group, select the checkbox next to each access right in the Administration column. Note The rights are organized in categories. If you grant access to a category, all rights in the subcategories are granted by default, though you can remove individual rights in the subcategories.
Right Description Access Administration Grants access to the Manage Access Control page System Access Controls Enables the user to administer groups and rights within Access Control User Access Controls Enables the user to change his or her password only within Access Control Block and Unblock TapeServer Displays the Block/Unblock TapeServer Startup link on Manage System Tasks page, which enables the user to block and unblock VTS functions Database Download Enables the user to create a system res
Right Description Turn Compression On or Off Enables the user to enable or disable compression from the Manage System Configuration page Upload Encryption Keys Obsolete; do not assign this access right Upload VPD Enables the user to upload the VPD file Configuration Backup Obsolete; do not assign this access right Configuration Restore Obsolete; do not assign this access right View log files Enables the user to view log files from the Logs page View/Manage Configuration Grants access to the C
Right Description Virtual Tape Pool Maintenance Grants access to the Virtual Media - Pool Maintenance page Erase Cartridges Enables the user to erase virtual tapes from the Configure Tapes and Pools and Virtual Media Cartridge Maintenance pages HSM Migration Enables the user to migrate virtual tapes using the Migrate button on the Configure Tapes and Pools page Mount Cartridges Enables the user to manually mount virtual tapes using the Mount button on the Configure Tapes and Pools page Unmount Car
Saving and restoring custom defaults After configuring users and group rights, you can save all settings as a custom configuration. Later, you can restore these settings by simply clicking the Restore CUSTOM Defaults button in the Defaults and Undo section of the page. This button becomes available after you save a custom configuration. These procedures require the System Access Controls access right To save custom default settings 1. Click the Save as CUSTOM button above the access rights table. 2.
To restore the custom default settings Click the Restore CUSTOM Defaults button to restore the custom configuration and discard changes made since the custom defaults were last saved.
16 Configuring Web Interface Preferences This chapter describes how to configure web interface preferences by setting parameters in the configuration file and how to set the refresh rate of the System Status page. You can set a number of parameters in the VTS configuration file to specify the following: l Whether and how often to display status messages at the top of the page. l Whether and when to display a notification regarding low vault space.
Parameter Description Values Media - Operation page. Default value: YES opwin_Erase Displays the Erase button on the Virtual YES or NO Media - Operation page. Default value: YES opwin_Delete Displays the Delete button on the Virtual YES or NO Media - Operation page. Default value: YES opwin_ImportExport Displays the Import/Export button on the YES or NO Virtual Media - Operation page. Default value: YES opwin_Migrate Displays the Migrate button on the Virtual YES or NO Media - Operation page.
Parameter Description Values Default value: NO opwin_ShowCompression Displays the compression ratio (c/ratio) YES or NO column on the Virtual Media - Operation page. Default value: YES opwin_ShowLastWritten Displays the last written column on the YES or NO Virtual Media - Operation page. Default value: NO opwin_filesystem_alert Sets the percentage for the /VAULTxx file Integer system usage alert on the Virtual Media Operation page.
Parameter Description Values Default value: NO free_space_status Specifies whether to display the Free YES or NO Space information (for each vault) on the System Status page. Default value: YES status_ChangeRate Specifies whether to display the CHANGE YES or NO RATE button on the System Status page. Default value: YES status_StopStart Specifies whether to display the Stop/Start Refreshing button on System Status.
17 Managing the VTS Server This chapter describes several tasks that are performed from time-to-time as needed. For more information about system tasks, refer to the online help. Backing up the VTS server It is recommended that you back up the VTS server before and after any major operation, such as an upgrade.
It is recommended that you save a copy of the system restore image (.tgz file) to a remote system, for safe keeping. 3. If Data Encryption is enabled, back up the most current backup of the key database by completing these steps: a. Log in to the VTS server. b. Use the su command to change to the bill user: su - bill c.
To create and manage certificates 1. Click Security > Certificates. The following page is displayed: 2. Create a certificate as described in the online help. To view help, click Help at the top of the page.
Powering up and down To power up 1. Press the power button located on the front panel of the VTS server module. The power button on the front panel changes from yellow to green, and the server module self-boots. Allow the VTS server to completely boot before proceeding. The console will display a login prompt when it is ready to proceed. 2. Power up the VTS SCSI converter using the power switch on the rear panel, if necessary. (This step is not necessary is connected over Fibre Channel.) 3.
\DEV5 (C) 1986 Tandem (C) 2006 Hewlett Packard Development Company, L.P. STORAGE - Status TAPE \DEV5.$VTAPE01 LDev State PID 289 STOPPED Total Errors = 0 Primary Backup DeviceStatus PID 0,312 1,1069 NOT READY Total Warnings = 0 2. Power down the SCSI converter using the power switch on the rear panel, if necessary. (This step is not necessary is connected over Fibre Channel.) 3.
To review fsck status 1. Click Administration > System Tasks on the navigation pane of the VTS web interface. 2. Click View File System Check Information. The FSCK Information page is displayed: For more information, see the online help. To view help, click the Help button at the top of the page. Monitoring files and directories The following files and directories should be monitored. Remove old data as needed.
The system facility, which is called logrotate, is used to rotate log files on a daily basis. The configuration files for logrotate are located in /etc/logrotate.d. You can tune the settings in this file to rotate and overwrite files as needed. Several scripts are available that clean up after files that were created and abandoned due to system or application errors. These include the following: l rmoldpipes l rmoldbylist l rmoldsync l rmoldfilelist.
162 | Virtual TapeServerConfiguration Guide
Troubleshooting 18 This chapter provides information to assist you in addressing problems you may encounter while installing and using VTS.
Diagnostic techniques For diagnosing problems, the following tools may be helpful. PuTTY (Telnet/SSH client) This is a GUI-based application to issue Telnet, SSH, and other connection commands to a host server. You can download PuTTY from http://www.chiark.greenend.org.uk/~sgtatham/putty/. Virtual Network Computing remote control software VNC software enables you to remotely access the console of a UNIX server. VNC must be configured on the host server before you can use it from a client.
HP Integrated Lights-Out, Integrated Lights-Out 2, Integrated LightsOut Advanced Pack, and Lights-Out 100 Models VT5900-H and VT5900-L support HP Integrated Lights-Out (iLO), HP Integrated Lights-Out 2, and HP Integrated Lights-Out Advanced Pack, which are collectively referred to here at “iLO”. Model VT5900-K supports HP ProLiant Lights-Out 100. These remote control services enable you to log in to the VTS server using the iLO virtual serial port or Mgmt port.
If error 224 occurs on the SCF, perform the following: l Verify that the virtual tape is using the 519X or 5257 definition. l Verify that the WWPN, SAC, and Module are correctly listed in SCF for the tape device. If an “end of media” message is displayed on the host, erase expired virtual tapes to clear disk space. If a tape drive stops responding from SCF, perform the following: l Check the system log for parity errors or other SCSI-related failures. l Check power indicators on the SCSI converter.
l Are all of the PCI cards seated properly? Is the plastic clip secured for each? l Are messages present in the Power On Self Test (POST)? If necessary, reseat the PCI cards. Halt VTS from the web interface, power down the server, unplug the power cord, and then remove cables and reseat the PCI cards. Hard drives Verify the following: l Are the hard drives seated properly? l What is the color of the drive LED? A green LED indicates normal operation; amber indicates failure.
ps –xaf — Lists running processes tail –f –n 24 filename — Displays a real-time file listing grep filename — Searches for a string in a file man — Displays help for a program more filename — Lists a file reset — Resets the current terminal Following a hard (unclean) shutdown of VTS (such as a system crash or loss of power), the system may be left in an inconsistent state. Many services running on the server use PID files to tell the system that a service is running.
l Are any pins bent on any of the cables? l Are all four ports in use? l Is normal communication occurring while SCF is running? Be sure to stop the tape drive in SCF on the host server and power off the SCSI converter before disconnecting cables.
l From the NonStop server, enter STATUS *, USER (username) to see if the EMSDIST process is active. l Check /usr/local/tape/log/ems.log. Go to the bottom of the log to look for problems. l View the Virtual Media - Mounts and Locks page. View the list of locked virtual tapes. If you are certain that a particular virtual tape is not in use but VTS indicates that it is locked, remove the lock here.
Data Encryption and failed tape operations If VTS attempts to perform an operation on an encrypted virtual tape, Data Encryption must be enabled and the key server that was used to encrypt the tape must be configured on the server where the tape resides. If not, the tape operation will fail and an error message is displayed indicating that the operation failed. This section provides an overview of the error messages that are displayed.
l Exporting an encrypted tape: A message similar to the following is displayed on the web interface: Thu 2008-01-17 09:49:31: SHARE:SH0000 Export data transfer failed, rc=3 l Erasing all virtual tapes in a pool on the Cartridge Maintenance page: A message similar to the following is displayed on the web interface: Erased 1 cartridge; Erasure of cartridge SH0002 in pool SHARE failed! l Setting the virtual tape size on the Pool Maintenance page: A message similar to the following is displayed on the web
Log format Each entry in the event log follows the same format, as shown in the following example: 2006-08-28 16:25:18|WARNING|440002|5900-E| 127.0.0.1|Tapeserver01|administrator||Access Control RESTORE OPEN defaults have been restored Messages are up to 255 characters in length; each message field has a character limit. The attributes that have a variable length are automatically compressed to the available space.
Message severity The severity attribute indicates the potential impact of the event or condition that the message reports. Note Though you can change the debug level on the Set Debug Level page, the debug level is reset to Error every time VTS is restarted. The following table lists the severity levels for log messages, starting from the lowest level of impact to the highest. Severity ID Severity Level Description 2 Info A normal operation.
ID Subsystem 33 Utilities 35 Services 40 Factory setup 51 Tape connections 52 Logical tapes 53 Virtual tapes 61 Access Control defaults 62 Access Control users 63 Access Control groups 64 Access Control rights 65 Secure password management 71 Erase by list 72 Delete by list 81 Crumb 91 System status Message text The following tables list the message IDs and corresponding message text that are generated for events in the system event message log.
Severity ID Subsystem ID Event ID Subsystem Message text 8 20 001 Manual mount Cartridge XXX mount failed, rc=RC 2 20 002 Manual unmount Cartridge XXX has been manually unmounted 6 20 002 Manual unmount Cartridge XXX unmount failed, rc=RC 2 20 003 EMS mount ems mount TAPE for HOST as ACCESS completed 8 20 003 EMS Mount ems mount TAPE for HOST failed rc=RC 2 20 004 EMS mount Read-Only ems telnet ems mount of TAPE by HOST as read-only 2 20 005 EMS unmount ems telnet ems
Severity ID Subsystem ID Event ID Subsystem Message text 2 20 031 EMS Policy IDR ems telnet IDR completes, rc=0 8 20 031 EMS Delete Cartridge PATH delete in Pool POOL failed, rc=RC 4 20 032 EMS Policy IDR ems telnet IDR completes, rc=RC 8 20 032 EMS Policy IDR vtape-operation-erase-PATHfailed-rc=RC 2 20 033 EMS Policy Migrate Cartridge PATH migrated 6 20 033 EMS Policy Migrate Cartridge PATH migrate failed, path in use, rc=RC 8 20 033 EMS Policy Migrate Cartridge PATH
Severity ID Subsystem ID Event ID Subsystem Message text Legato 2 20 071 EMS Policy Legato ems telnet LEG completes, rc=0 8 20 072 EMS Policy Legato ems telnet LEG completes, rc=RC 2 20 096 EMS Policy HSMPUT hsmput XXXXXX for HOST completed 8 20 096 EMS Policy HSMPUT hsmput XXXXXX for HOST failed, error MSG, rc=RC 2 20 097 EMS Policy HSMGET hsmget XXXXXX for HOST completed 8 20 097 EMS Policy HSMGET hsmget XXXXXX for HOST failed, error MSG, rc=RC 2 20 098 EMS Policy HSM
Severity ID Subsystem ID Event ID Subsystem Message text 8 20 204 EMS Policy Mount ems cancel TAPE for HOST failed parametric test 8 20 205 EMS Policy Mount ems reject TAPE for HOST virtual cartridge missing 8 20 2060 EMS Policy Mount ems reject TAPE for HOST tapeserver not running 6 20 207 EMS Policy Mount ems reject TAPE for HOST no host drives available 8 20 208 EMS Policy Mount ems reject check TAPE failed for HOST 8 20 209 EMS Policy Mount ems reject TAPE for HOST no v
Severity ID Subsystem ID Event ID Subsystem Message text 4 21 011 Cartridge deleted Cartridge TAPE not deleted in Pool POOL 6 21 011 Cartridge deleted Cartridge TAPE not deleted in Pool POOL because it is locked.
Severity ID 2 Subsystem ID Event ID Subsystem Message text Autoloader PATH 22 011 Remove retention vtape_pool libApply remove retention PATH 2 23 001 Canceled lock ems cancel lock PATH 2 23 002 Canceled mounts/locks page ems cancel mount NNNN 6 23 002 Canceled mounts/locks page ems cancel mount NNNN failed 2 24 001 Job Started manually IDR start NNNN as MMM 2 24 002 Job Stopped manually IDR Job JOB stopped by operator 2 24 003 Job successful IDR job JOB done rc=0 8
Severity ID Subsystem ID Event ID Subsystem Message text 2 25 002 Job Successful AutoCopy of TAPE complete 8 25 003 Job Failed AutoCopy of TAPE failed 6 25 004 Job Retried AutoCopy (retry NN) of TAPE started 2 25 010 EMS AutoCopy ems telnet start autocopy of TAPE for HOST 8 25 011 EMS AutoCopy Invalid target path: $targetpath 4 26 001 Scan/Cleanup ScanCleanup cart TAPE in pool POOL is being scheduled for erasure 2 26 003 Scan/Cleanup erase by list submitted 2 26 007
System administration and configuration Severity ID Subsystem ID Event ID Subsystem Message text 2 33 000 Unblock TapeServer Startup perform UNBLOCK 4 33 001 Block TapeServer Startup perform BLOCK 4 33 002 Disable Compression perform COMPRESSION_OFF 2 33 003 Enable Compression perform COMPRESSION_ON 4 33 004 Edit VTS Configuration File edit vts.
Severity ID Subsystem ID Event ID Subsystem Message text 2 35 010 ICS Started perform VTSISC_START 4 35 011 ICS stopped perform VTSISC_STOP 2 35 015 TM Started perform TMSTART 4 35 016 TM stopped perform TMSTOP Severity ID Subsystem ID Event ID Subsystem Message text 4 40 001 Factory Setup accessed factory setting accessed 4 40 002 Factory Setup Access Control RESTORE OPEN defaults have been restored 4 40 003 Factory Setup Access Control RESTORE CLOSED defaults ha
Severity Subsystem ID Event ID Subsystem Message text 2 52 001 Add Logical tape LXXXX added 2 52 002 Edit Logical tape LXXXX edited 4 52 003 Delete Logical tape LXXXX deleted 2 53 001 Add Virtual tape VXXXX added 2 53 002 Edit Virtual tape VXXXX edited 4 53 003 Delete Virtual tape VXXXX deleted Subsystem ID Event ID Subsystem Message text 2 61 001 Access Control accessed Access Control Opened 4 61 002 Restore Open defaults Access Control RESTORE OPEN defaults
Severity ID Subsystem ID Event ID Subsystem Message text 4 62 002 Delete/Remove user Access Control REMOVE USER UUUU 2 62 003 Set user password Access Control SET PASSWORD for UUUU 2 62 005 Change user group Access Control CHANGE PASSWORD for UUUU 2 63 001 Add Group Access Control ADD GROUP GGGG 4 63 002 Remove Group Access Control REMOVE GROUP GGGG 2 64 001 Rights changed/altered Access Control Save Rights 2 64 002 Save rights as CUSTOM Access Control Save Custom Righ
Severity ID Subsystem ID Event ID Subsystem Message text 4 71 002 Erase by List erase-by-list-cron 8 71 003 Erase by List EraseByList command XXXX not recognized 6 71 004 Erase by List EraseByList vclear error on CART is RC 6 71 005 Erase by List EraseByList failed 2 72 000 Delete by List DeleteByList start 2 72 002 Delete by List DeleteByList complete 8 72 003 Delete by List DeleteByList command XXXX not recognized 6 72 004 Delete by List DeleteByList vclear erro
Severity ID Subsystem ID Event ID Subsystem Message text notify_percentage 8 91 004 System Status Warning: low space cleanup_ threshold_percentage Export log This log provides information about all export operations.
Return Code 6 Possible Cause(s) Could not rewind tape after copy Corrective Action(s) l Check cabling l Make sure tape drive is on and properly configured 7 8 254 l Check cabling l Use larger tape or less data l Verify configuration l Check cabling SCSI write command failed l Use larger tape or less data Too much data for physical tape l Verify configuration l Check cabling.
Other log files The following log files are generated and saved in various directories on the VTS server. Operating system logs: l /var/log/messages l /var/log/cron l /var/log/boot.log Apache web server logs: l /var/log/httpd/error_log l /var/log/httpd/access_log VTS function logs: l /usr/local/tape/log/ems.* (available from the VTS web interface) l /usr/local/tape/log/debug.* (available from the VTS web interface) l /usr/local/tape/log/mount.log l /usr/local/tape/log/export.
Logwatch reports Daily Logwatch reports enable you to view significant events that occurred on the system in the last 24 hours. The reports are generated by parsing events in the Linux log directory (/var/log) and VTS log directory (/usr/local/tape/log). A report is generated every day at 4AM before VTS log files are rotated. Each Logwatch reports is deleted after 120 days. These reports are generated by an implementation of the logwatch system monitoring system; see http://www.logwatch.org/index.
4. Run the following commands: chkconfig auditd off service auditd stop service syslog restart These commands stop local logging through the auditd process and force audit records to be logged through syslog. The syslog facility will send log messages to the remote system. Note that audit log messages will also be listed in /var/log/kern_messages. 5. Log out of the VTS server. 6. If necessary, enable the remote system to receive the log messages.
d. Restart the syslog daemon by entering this command: service syslog restart e. On the local system, verify that messages are being logged in the remote system. For example, use the logger utility: logger -p kern.info test message This should result in an entry such as “Jun 29 15:29:51 vtsdev24 bill: test message” appearing in the remote system's log file. Note The syslog.conf file on the remote system will determine if and where the message is logged.
Message Text Severity Recommended Action AUTOCOPY FAILED: Request by: $requestor ($retry_number) cannot create directory $target (rc=$rc) Critical No action is required. The task will be retried. AUTOCOPY FAILED: Request by: $requestor ($retry_number) cannot reach $target/$filename (rc=$rc) Critical No action is required. The task will be retried. AUTOCOPY FAILED: Requested by: $requestor ($retry_number) from $target/$filename(rc=$rc) Critical The autocopy task failed.
Message Text Severity Recommended Action Error: BEX command failure! Critical A syntax error occurred in the BEX command. Repair the request and resubmit. Error: can not determine the proper command for this request. Critical HSM restore for TSM was unable to determine the proper restore or retrieve command. Ensure that the backup request specifies archive or backup. Error: Can’t find any files with data to backup for $cart_request. Warning Error: Can’t get lock for $cart_ request.
Message Text Severity Recommended Action Error: Processing failed, no files processed for $cart_request Critical No files were successfully processed. See the HSM get or HSM put log files on the Logs page for details about the HSM request. Error: Success message not found in NetBackup job output for $cart_ request. Critical An HSM request failed to find or process the virtual tapes for the request. Error: there is no pool in the file path for $cart_request.
Message Text Severity Recommended Action Info: $host TSM2/TSM $policy Inform Info: $jobname ENDED to $backupSystem Inform Info: AUTOCOPY $requestor $source $target ($retry_number) Inform Info: AUTOCOPY Complete $requestor $source $target $retry Inform Info: autocopy from $source to $host:$destination Inform Info: cancel mount of $tape Inform Info: TMFcopy of $tape Inform Non-zero return-code ($rc) from NetBackup bprestore Warning Restored $count file(s) Inform Restored $count file(s), r
198 | Virtual TapeServerConfiguration Guide
Maintaining GFS for VTS A The Global File System (GFS) is an advanced feature that allows Linux servers to simultaneously read and write files on a single shared file system on a SAN. VTS is based on Linux, and GFS enables multiple VTS servers to access a shared set of pools and virtual tapes. The Event Management Service (EMS) can then automatically mount virtual tapes from the GFS pools as if they were separately mounted.
Powering hardware and starting a cluster If GFS is properly installed and configured, the VTS startup process automatically starts GFS. Note The following procedure assumes that the GFS cluster has been configured. To power all hardware and start GFS on all nodes in a cluster 1. Power on first VTS server. Wait for this server to boot completely. Fencing may power on subsequent VTS servers. 2. If fencing does not power on subsequent servers, power on the second VTS server.
Shutting down GFS If you need to remove one server from the cluster, use the following procedure. To shut down GFS on one server 1. Log in to the server. 2. Become root: su 3. Unmount GFS file systems: umount -a -t gfs 4. Stop the ricci configuration service: service ricci stop 5. Stop the GFS service: service gfs stop 6. Stop the clustered LVM service: service clvmd stop 7. Stop the cluster manager service: service cman stop 8. Reboot VTS.
Configuring GFS To configure GFS, contact your authorized service and support representative to request assistance. To configure VTS to use GFS, you must enable and configure intersystem communication. See the EMS online help for more information. An Ethernet connection is required between each Linux server (VTS servers and fencing resources). All servers must be connected by Fibre Channel to a disk array. The switch and network cables do not need to be Gigabit Ethernet.
file rgrp.c Jun 29 23:45:53 vts001 kernel: GFS: assertion: "x <= length" Jun 29 23:45:53 vts001 kernel: GFS: time = 1183153553 Jun 29 23:45:53 vts001 kernel: GFS: fsid=VTSC:VAULT10.3: RG = 191406391 Jun 29 23:45:53 vts001 kernel: Jun 30 01:21:46 vts001 syslogd 1.4.1: restart. The following procedure checks the file system and attempts to repair file issues found. This could take many hours to run depending on file system size.
Adding a vault to a GFS cluster Note If path failover is configured in the environment, be sure to reference the multipathed mapper device instead of the sd device in the following procedure. For example, reference /dev/mapper/mpathX instead of /dev/sdX. To create a vault in a GFS cluster 1. Launch a command prompt on a VTS server in the cluster and log in. 2. Become root: su 3. Choose the partition to use. You can view the /etc/fstab file to see the partitions that are already in use.
d. Enter 1 to specify the first partition. e. Press ENTER to accept the defaults. f. Enter w to save the configuration. To confirm the configuration, enter the following command: fdisk -l /dev/sdd Here is an example of the output: Disk /dev/sdd: 18.
d. Create the logical volume by entering the following command. The -l 100%FREE argument creates a logical volume using the entire volume group. lvcreate -l 100%FREE -n lv1 gfsvg1 e. Enter the following command to confirm the physical volume: pvscan Here is an example of the output: PV /dev/sdd1 VG gfsvg1 lvm2 [17.14 GB / 0 free] Total: 1 [17.14 GB] / in use: 1 [17.14 GB] / in no VG: 0 [0 ] f.
Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 17.14 GB PE Size 4.00 MB Total PE 4388 Alloc PE / Size 4388 / 17.14 GB Free 0 / 0 PE / Size VG UUID lm4cH7-4wgq-s1VR-VNwc-pFC6-i54u-h5tKxk i.
6. Enter the following command (for the example above) to create the GFS file system on the assembled pool and partition: gfs_mkfs -t TapeServer:pool3 -p lock_dlm -j 5 /dev/gfsvg1/lv1 where TapeServer is the name of the cluster and pool3 is any name that is unique. In this case, the pool is named after the third pool in the cluster. The -j 5 parameter specifies the number of journals to create (the number of nodes) plus two. The following is displayed: This will destroy any data on /dev/mapper/gfsvg1-lv1.
c. Create the vault directory on each VTS server: mkdir /VAULT13 d. Restart GFS on each VTS server: service gfs restart e. Change the owner of the new partition to the bill user on the VTS server: chown bill.root /VAULT13 chmod 750 /VAULT13 f. To confirm that the partition was successfully mounted and now available, enter the following command: df -H 9. Add GFS storage to the cluster: a. In left-hand column of the web interface, under the cluster name, click Resources. b. Click Add a resource. c.
To remove a cluster configuration 1. Log in to the first VTS server’s operating system and become root: su 2. On the VTS server, enter these commands to start luci and log in: service luci start luci_admin init When prompted, enter a new password. 3. Access the luci web interface by entering this address in the browser: https://hostname.domainname:8084 4. Login to luci. 5. Click the Cluster tab and note of the cluster name. You will need this name later. 6.
Troubleshooting The following topics describe common GFS problems and their solutions. If VTS server fails to join the cluster after reboot If a VTS server fails to join the GFS cluster after it reboots, complete these troubleshooting steps: 1. Check your SAN to make sure the port is enabled. Below is a MSA/Brocade example. Make sure that the port is checked “Enable.
2. Confirm the Fibre Channel port is available and confirm that the Linux operating system sees the LUN defined for the file system by the storage array. This command will list all SCSI devices.
If VTS server fails to fence Fencing is a term used to describe when a server is excluded from the GFS cluster. When a server is not available for updates and cannot vote in the GFS process, it may be fenced off from access to the file system. You must rejoin that server to the cluster. To verify if fencing is occurring, complete these steps: 1. Check the /var/log/messages file on the primary VTS server. You may see this message: “VTS unauthorized to join cluster. Fence failed.” 2.
214 | Virtual TapeServerConfiguration Guide
Reinstalling and Restoring VTS B This appendix describes how to reinstall the operating system and VTS system, and it describes how to recover the VTS configuration and data. Finally, it provides an overview of the steps you must take to recover customer data, which is not restored by a system restore image. If you must reformat the vaults, refer to "Reconfiguring Vaults" on page 9 for instructions.
To reinstall a VTS server 1. Power off the VTS server. 2. If the VTS server is connected to a SCSI converter, power off the SCSI converter. 3. If VTS is connected to one or more host servers over SAS, disconnect the SAS cable(s) from the VTS server. 4. If necessary, disconnect any external storage devices that are connected to the VTS server. 5. Power on the VTS server. 6. Insert the Install/System Rescue DVD. 7. At the Linux prompt, enter reinstall. The installation process begins. 8.
the system restore image will exist on the system but attributes are lost and the policies are disabled. To recover the VTS server 1. If Data Encryption is enabled in your environment, you must protect your Data Encryption remote key databases. To do so, log in to all remote backup servers and make additional copies of the remote key database backup files. 2.
the system is in a CLOSED state, navigate to the Manage Access Control page and click Rights to display the list of privileges. Select the System Upgrade/Update Functions access right for each of the appropriate users. 9. If Data Encryption is licensed, complete the disaster recovery procedure that is provided in "Enabling and Configuring Data Encryption" on page 79. 10. Mount points on file systems other than /boot, /, and /VAULT00 are not recreated after the system image is restored.
new backup host, VTS immediately sends a copy of the local key database to the host, thereby overwriting the copy of the database on that host. 5. Readd the key server(s) as described in the help. This ensures that the key servers are created with the current server’s credentials. 6. Readd the key database backup host(s) as described in the help.
4. Update the file-system table to comment out the data partition. Using a text editor, insert a pound sign (#) in front of the following line of the /etc/fstab file: # LABEL=/DATA01 /DATA01 ext3 defaults 1 2 5. Mount the device on a /VAULT and set permissions. For this example, /dev/sdb1 is mounted on /VAULT01: mount /dev/sdb1 /VAULT01 chown bill.root /VAULT01 chmod 750 /VAULT01 6.
C Attaching External Devices after Initial Deployment You can attach an external tape device, such as a tape drive or robotic library, to VTS after initial deployment. You can then export to physical tapes loaded in the device if migration, stacked export, or tape-to-tape export is enabled. To add an external tape device to the VTS server Requires the View/Manage Configuration and Halt and Reboot TapeServer access rights 1.
/dev/sg5 6 0 0 4 5 /dev/scd4 /dev/sg6 6 0 0 5 5 /dev/scd5 /dev/sg7 6 0 0 6 5 /dev/scd6 Then, find the nst0 entry (tape drive) attached and then enter this command: sg_inq /dev/sgn where sgn is the number that matches the /dev/nstn device. For the output listed above, you would enter sg_inq /dev/sg0.
TCP/IP Ports and Protocols D This appendix describes the ports and protocols that are used by Virtual TapeServer (VTS). Note Not all ports are used on all VTS servers; port use varies according to the VTS configuration. Port Protocol Comment ICMP Type 8 Used by ping and tracert on Windows, for remote testing and VTS networking. 21 TCP, UDP, FTP This port and other ephemeral ports are used if the client is configured for passive (PASV) mode.
Port Protocol Comment 5432 TCP, UDP Used by the internal (Postgres) database 7295 TCP Used by TMS. 7297 TCP 8080 TCP 8888 TCP 9090 TCP 9999 TCP 11111 TCP Used by ricci service if GFS is installed in your environment. 14567 TCP Used by gndb service if GFS is installed in your environment. 16851 TCP Used by modclusterd service if GFS is installed in your environment. 21064 TCP Used by dim service if GFS is installed in your environment.
l For the stat daemon: STATD_PORT=port_number TCP/IP Ports and Protocols | 225
226 | Virtual TapeServerConfiguration Guide
Index automation, using policy 89 2 256-bit AES-CBC encryption 80 B backing up 155 A access control backup management application integration 45 overview 131 saving and restoring custom defaults 149 C c/ratio column 153 access rights, See rights 144 cartridgesSee virtual tapes addingSee also creating certificates, managing 156 key database backup host 85 key server 83 physical tape drive 221 See also creating 25 vaults for external storage 14 to GFS cluster 204 administration tasks 155 assigning
Configure Virtual Devices page 23 virtual tape drives 30 configuring virtual tape library (VTL) 25 access control 131 virtual tapes 92 backup management application password 48 custom defaults, saving and restoring 149 data partitions on target replication servers 52 D EMS 71 EMS user accounts 76 GFS 202 groups 144 licensing 19 passwords 142 physical device for stacked export 40, 46 policy 89 ports 23 remote export settings 68 replication source and targets 53 role swapping 62 Scan/Cleanup 126 sys
Delete button on Operation page 152 messages 193 deletingSee also removing restarting service 77 diagnostic status 99 commands 167 troubleshooting 169 tools 164 user accounts 76 disable_delta_differencing parameter 62 disabling EMS 71 enabling auto-refresh of Operation page 152 autoloading 89 disaster recovery 220 closed system 136 displaying Data Encryption 82 c/ratio column on Operation page 153 EMS 71 Change Rate button 154 EMS usage alert 78 Delete button 152 file system usage alert
Integrated Lights-Out 165 F Systems Insight Manager (SIM) 164 FCSK Information page 160 file system I maintenance 159 iLO 165 troubleshooting 167 Import/Export button on Operation page 152 file system check (fsck) 159 free_space_status parameter 154 importing data and tapes 116 insertingSee adding G installing an interim release 7 getVTS_dbginfo 163 Instant DR configuring GFS SSH 66 adding vault to cluster 204 configuring 202 introduction 1 maintaining 199 overview 199 shutting down J job
VTD 19 migration VTLs 19 encryption 81 locks virtual tapes, manually 110 on virtual tapes 123 VTSPolicy 111 removing 124 modifying passwords 142 viewing 99 Mount button on Configure Tapes and Pools page 151 log files erasebylist.log 189 overview 172 Mount Delay 72 mounting automating 71 remote 191 encryption during 80 return codes 188 failures 170 Scan/Cleanup 189 SecureVTS.
opwin_ShowLastWritten parameter 153 opwin_ShowLimits parameter 152 opwin_ShowReadOnly parameter 152 opwin_Unmount parameter 151 overview of features 1 stacked exports 45 tape-to-tape exports 39 web interface 5 R recovering data 216 reinstalling 215 remote export jobs configuring settings 68 creating 69 disabling delta differencing 62 overview 61 parameters in configuration file 68 P remote logging 191 passwords, modifying 142 removingSee also deleting patching the server 7 locks 124 physical tape dr
restoring configuration settings 216 server module, troubleshooting 166 shutting down creating system restore image 155 GFS cluster 201 customer data 220 single server in GFS cluster 201 Data Encryption 218 SSH, configuring 66 replicated tapes from remote server 219 stacked export jobsSee jobs stacked exports system image 216 configuring physical device 40, 46 virtual tapes 58 importing 116 return codes export operations 188 for export 109 rights overview 45 Start Refreshing button on System
EMS 169 vaults external storage 169 adding for external storage 14 file system 167 definition 2 GFS 211 enabling, file system usage alerts 78, 153 hard drives 167 host server 166 NonStop server 165 overview 163 package 163 SCSI controllers 167 SCSI converter 168 server module 166 virtual tape operations 170 web interface 168 typographical conventions ix reconfiguring 9 renaming 17 reviewing layout 10 size 14 verifying availability of virtual tape 94 viewing mounts and locks 99 VTDs (standalone) 35
managing locks 123 manually migrating 110 metadata 92 mounting 95 operations, troubleshooting 170 removing locks 124 W web interface overview 5 preferences 151 troubleshooting 168 restoring 58 unmounting 99 verifying availability to the host server 94 viewing mounts 98 VTDs configuring the CLIM 36 creating 30 definition 2 licensing 19 viewing 35 VTLs creating 25 licensing 19 viewing 29 VTSPolicy erasing, deleting virtual tapes 121 migration 111 syntax for Backup Express 113 for CommVault Galaxy 114 for Le
236 | Virtual TapeServer Configuration Guide
