Virtual TapeServer for NonStop Servers Configuration Guide HP Part Number: 737700-001 Published: September 2013 Edition: All J06 release version updates (RVUs), all H06 RVUs, and all G06 RVUs
© Copyright 2013 Hewlett-Packard Development Company, L.P. Legal Notice Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. The information contained herein is subject to change without notice.
Contents Preface ix About this guide ix Supported release version updates ix Audience ix Typographical conventions ix Related documentation x Support x 1 Introduction 1 The virtual environment 2 Overview of features 3 Accessing the VTS web interface 5 2 Overview of Tasks 7 3 Reconfiguring Vaults 9 Reviewing the vault layout 10 Changing vault storage 10 Adding vaults on external storage devices 15 Renaming vaults 19 4 Enabling Licensed Features 21 5 Configuring Ports 25
Exporting a virtual tape or pool 44 Importing data from a physical library or drive 46 8 Enabling and Performing Stacked Exports 49 Configuring the physical drive or library 50 Setting the backup management application password 52 Exporting virtual tapes 52 Importing data from a physical library or drive 54 9 Enabling and Configuring Data Replication 55 Configure data partitions on target servers 56 Configuring source and target settings 57 Replicating data to remote servers 61 Restori
Inserting virtual tapes into a VTL 99 Mounting and unmounting virtual tapes 99 Viewing mounts 102 Unmounting virtual tapes 103 Encrypting and decrypting virtual tapes 104 Encrypting virtual tapes 104 Decrypting virtual tapes 108 Exporting virtual tapes 111 Exporting data to physical tape using the web interface 111 Migrating a virtual tape to physical tape using the web interface 114 Automatically migrating virtual tapes to physical tapes using VTSPolicy 115 Restoring data 120 Erasin
Saving and restoring custom defaults 153 16 Configuring Web Interface Preferences 155 17 Managing the VTS Server 161 Backing up the VTS server 161 Managing certificates 162 Configuring system settings 163 Powering up and down 164 Maintaining the file system 165 Performing a file system check using fsck 165 Monitoring files and directories 166 18 Troubleshooting Diagnostic techniques 169 170 PuTTY (Telnet/SSH client) 170 Virtual Network Computing remote control software 170 HP healt
Log format 179 Message severity 180 Message IDs 180 Message text 181 Export log 194 Scan/Cleanup log files 195 Other log files 196 Logwatch reports 197 Remote logging of audit log records 197 EMS messages A Maintaining GFS for VTS 199 205 Powering hardware and starting a cluster 206 Shutting down GFS 207 Configuring GFS 208 Maintaining the file system 208 Adding a vault to a GFS cluster 210 Removing a VTS system from a GFS cluster 217 Troubleshooting 219 If VTS server fails
viii | Virtual TapeServer Configuration Guide
Preface Welcome to the Configuration Guide. VTS offers complete disaster recovery capabilities. As a primary repository for data center backups, VTS can also be used as secondary tiered storage for replicated data to meet disaster recovery requirements. About this guide The Configuration Guide is designed to help you configure VTS and then accomplish the necessary tasks for using virtual media to store and retrieve data. This guide provides procedures for all tasks you must perform to start using VTS.
Convention Description and arguments (syntax), code, and command-line text. Monospace Italic Represents variables within command syntax, code, or command-line text. Blue Text Used for cross-references. This icon notes the user who is responsible for performing the procedure that follows. Related documentation The following documentation is provided for VTS: l Quick Start Guide, which provides instructions for installing the hardware and configuring VTS on the network.
You may also consider gathering the output of the getVTS_dbginfo utility, which is provided on the VTS server, or you can generate a troubleshooting package from the web interface. The utility and troubleshooting package collects log files and system information. Refer to "Troubleshooting" on page 169 for more information.
xii | Virtual TapeServer Configuration Guide
Introduction 1 Tape remains the most practical solution for removable storage, and it is often required by regulatory agencies to be archived and stored offsite. However, as the cost of commodity disk storage has decreased, many enterprises view disk-based backup solutions as a feasible alternative to tape-based backup.
For every host connection to VTS, the host system “sees” one or more tape drives; the virtual tape drive emulates the type of tape drive specified during the initial installation and setup process. Virtual tape drives behave just like real tape drives without the problems generally associated with real tape drives. VTS delivers reliable, scalable, and high performance virtual tape for backup, restore, Transaction Management Facility (TMF), archive, and data recovery operations.
Note The VTS web interface refers to virtual tapes as “cartridges.” Note that these terms are synonymous in VTS. Virtual tape drives respond to mount, write, rewind, read, and unload commands from standard backup management applications. Virtual tape drives require virtual tape media, and VTS enables you to create an unlimited number of virtual tapes. A virtual tape is the logical equivalent to a physical tape.
convert the data to LTO-4 format, you could mount each virtual tapes in a VTD that emulates an IBM TD4 drive and restore them to a host. l Scan/Cleanup, which enables VTS to scan pools and virtual tapes to identify virtual tapes that are past their retention period. Scan/Cleanup can erase old virtual tapes to recover disk space. You can also schedule virtual tape erasures when the overall disk space falls below a specified threshold.
valuable data; Data Encryption provides a robust encryption solution that deploys on existing hardware. Industry-standard 256-bit AES symmetric key encryption is used. Accessing the VTS web interface VTS is managed through a standard web browser interface. To access the web interface, launch a supported web browser that is on the same internal network as VTS and then enter the following URL: https://ip_address where ip_address is the management network interface address.
6 | Virtual TapeServer Configuration Guide
Overview of Tasks 2 After completing the procedures provided in the Virtual TapeServer Quick Start Guide, you can continue the initial configuration of the Virtual TapeServer (VTS) server. Then, you can use VTS to manage your virtual media. The following outlines the general tasks that you must complete to configure VTS and perform dayto-day tasks to maintain VTS. Many of these procedures for the tasks are now provided in the online help. To configure the VTS server 1.
9. If licensed, configure Data Encryption, which enables VTS to encrypt data that is stored on virtual tape. See "Enabling and Configuring Data Encryption" on page 83. 10. Enable and configure Scan/Cleanup, which erases old virtual tapes to recover disk space. See "Enabling and Configuring Scan/Cleanup" on page 129 for more information. 11. Configure access control to grant or limit access to specific VTS functions. See "Configuring User Accounts" on page 135. 12.
Reconfiguring Vaults 3 By default, vault storage is preconfigured on the Virtual TapeServer (VTS) server. Prior to using this storage, you may want to review and change the configuration. For example, you may want to define additional vaults, which provide a convenient way to separate data for different applications or users. You may want to reconfigure vault storage before creating virtual tape drives (VTDs) or using VTS, though you can use VTS without reconfiguring vaults.
Reviewing the vault layout You must use a Linux partition editor, such as fdisk, parted, druid, or the HP Array Configuration Utility, to view the current configuration. (The HP Array Configuration Utility is available as part of HP SmartStart, but using HP SmartStart requires that you reboot VTS.) The following steps use parted to view the current partition layout: 1. Log in to the VTS server as the root user. 2.
system memory that is above and beyond the memory used for the operating system and kernel. Example for EXT3 file systems: Checking is done using bitmaps, three for blocks, and up to six for inodes.
To modify the configuration Note You can perform this procedure multiple times, if necessary. 1. Identify the partition to modify. This example will modify VAULT01 (c0d1p1). 2. Unmount the file system. umount /VAULT01 3. Create partitions on the disk. If the disk partition is less than 2TB in size, complete these steps: a. Starting with the first recognized disk after the system disk, create the partition by entering the following command: fdisk /dev/cciss/c0d1 The fdisk command displays a : prompt. b.
i. Write the settings to a file by entering the following command: w This exits the fdisk utility and displays the # prompt. j. Check the settings by entering the following command: fdisk /dev/cciss/c0d1 k. Print the settings by entering the following command: p l. To exit the fdisk utility, enter the following: q m. Repeat these steps for each of the partitions. If the disk partition is greater than 2TB in size, complete these steps: a.
Sector size (logical/physical): 512B/512B Partition Table: gpt Number Start End Size File system Name 1 17.4kB 1250GB 1250GB ext3 primary 2 1250GB 2500GB 1250GB primary Flags g. Quit parted. quit 4. Create file systems on the newly created partitions. Format the disk partition by entering the following command: mke2fs -j -L /VAULT01 /dev/cciss/c0d1p1 When specifying a vault name, use the following format: VAULTnn, where nn indicates a number.
Adding vaults on external storage devices If an external storage device is connected to VTS, you can use it to configure additional vaults. Up to 100 vaults are supported per VTS server. Note If GFS is used in your VTS environment, see "Maintaining GFS for VTS" on page 205 for instructions to create vaults. Before configuring the vault, consider the following recommendations: l The minimum partition size is 1TB.
This file system requires approximately 1.25GB of free memory to run the gfs_fsck command. Note that if the block size was 1K, running the gfs_fsck command would require four times the memory, or 5GB. l All data on a partition that is resized will be lost. Keep in mind that performance and system operations will be slow when vaults are at maximum capacity. To add a vault to VTS 1. If necessary, connect the external storage device to VTS.
Disk /dev/sdb: 524.2 GB, 524289048064 bytes 255 heads, 63 sectors/track, 63741 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id /dev/sdb1 1 63741 511999551 System 83 Linux Disk /dev/sdc: 524.2 GB, 524286222336 bytes 255 heads, 63 sectors/track, 63740 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes d.
f. Write the settings to a file by entering the following command: w This exits the fdisk utility and displays the # prompt. g. Check the settings by entering the following command: fdisk /dev/sdc h. Print the settings by entering the following command: p i. To exit the fdisk utility, enter the following: q j. Repeat these steps for each of the partitions. 5. If the disk partition is greater than 2TB in size, complete these steps to configure the disk partition: a.
6. Format the disk partition by entering the following command: mke2fs -j -L /VAULT01 /dev/sdc1 When specifying a vault name, use the following format: VAULTnn, where nn indicates a number. Repeat this command, incrementing nn for each new vault. Replace /dev/sdc1 with each new partition name and so on, as in these examples: mke2fs -j -L /VAULT02 /dev/sdc2 mke2fs -j -L /VAULT03 /dev/sdc3 7. Create the mount directories by using the mkdir command for each of the vaults that were created above.
To rename a vault 1. Click Administration > System Tasks on the navigation pane and then click Stop TapeServer. 2. Log in to the server as root. 3. Review the existing vault layout and identify the device to rename. Use the df command to view the current disk utilization: df –h Here is an example of the output: Filesystem Size Used Avail Use% Mounted on /dev/cciss/c0d0p2 19G 6.
Enabling Licensed Features 4 Before you can use Virtual TapeServer (VTS), you must enable licensing.
To add a license key Requires Administration group membership 1. Click Configuration > System on the navigation pane. 2. Click Manage System Licenses. The following page is displayed: 3. To enable VTS to store data (managed capacity), including VTLs and VTDs, type or paste the license key in the Capacity Key field and then click SUBMIT. On the pop-up dialog, click OK to confirm that you want to add the key.
generates keys; you can now add a key database backup host. If a key is not valid, an error message is displayed and the key is not accepted. After licensing is initially enabled for one or more features, you can update a license key. For example, you can add to or subtract capacity. You can also remove a licensed feature. Refer to the online help for instructions. If necessary, obtain the license key from your Sales representative.
24 | Virtual TapeServer Configuration Guide
Configuring Ports 5 After cabling the host server(s) and external devices to the VTS server, you must configure the ports to enable VTS to communicate properly with each device (target or initiator). Or, if you attach a physical tape drive or storage device to the server after initial configuration, you must define the port as physical. Ports connected to host servers must be defined as virtual. To configure ports Requires the View/Manage Configuration access right 1.
4. Configure each port that is used to attach VTS to an external storage device (tape drive, library, or disk array). From the drop-down list for the port attached to the device, select physical. 5. Click Submit. 6. When prompted, click OK to confirm that you want to reboot the server. 7. On the Reboot The System - Confirmation page, click REBOOT. If problems arise: l Make sure there are no bus conflicts with a physical drive or library on a virtual port or with a host server on a virtual port.
Creating and Managing VTLs and VTDs 6 After Virtual TapeServer is deployed, you can create virtual tape libraries (VTLs). A VTL emulates the functionality of a tape library, which contains one or more tape drives, magazines that hold tape cartridges, a barcode reader to identify tape cartridges, and a media changer for loading and unloading tape cartridges.
A naming convention is used when the components of the VTL are created. The VTL name is specified by the user. All other names are automatically assigned by VTS.
To create a virtual tape library 1. If necessary, log in to the web interface. 2. Click Configuration > Virtual Devices on the navigation pane. The following page is displayed: 3. Click Add Virtual Tape Library in the VIRTUAL TAPE LIBRARIES section of the page.
4. Select the Type option that corresponds to the connection type of the port (Fibre Channel or SCSI) to which the host is connected. Note VTS assigns ID 6 to the SCSI cards because VTS acts as a SCSI target for virtual devices. Using ID 6 instead of 7, which is the industry standard, avoids SCSI ID conflicts with SCSI hosts. You may need to modify settings on the host server or attached physical devices accordingly. 5. In the Name field, specify a name for the VTL.
After creating a VTL, you should l create pools, which organize and set properties on all tapes in a pool l add virtual tapes to the pools l insert virtual tapes into the VTL See "Managing virtual tapes" on page 96 for more information.
To view the contents of VTLs 1. Click Administration > Virtual Tapes on the navigation pane. 2. From the Show Cartridges In list, select an option: l To view virtual tapes on the shelf only, select Shelf from the Show Cartridges In dropdown list. l To view virtual tapes in a VTL, select the VTL name from the Show Cartridges In dropdown list. VTL details are displayed at the top of the page and its virtual tapes are listed in the table.
Property Description Presented to Host? Target ID The SCSI ID on which the VTD responds. This ID is not presented to the host if the connection is over Fibre Channel. Yes, for SCSI only Logical unit number (LUN) The sub-ID on the port. This ID is used by the host for SCSI and Fibre Channel connections. Yes Serial number The serial number or other string describing the VTD. Only alphanumeric characters should be used.
2. Click Configuration > Virtual Devices on the navigation pane. The following page is displayed: 3. Click Add Virtual Tape Drive in the VIRTUAL TAPE DRIVES section of the Configure Virtual Devices page. The following is displayed: 4. Select the connection type: FC, SCSI, or SAS. Note VTS assigns ID 6 to the SCSI cards because VTS acts as a SCSI target for virtual devices. Using ID 6 instead of 7, which is the industry standard, avoids SCSI ID conflicts with SCSI hosts.
6. Select the drive type from the Tape Type drop-down list. This property defines the type of tape drive that the VTD emulates. 7. From the Port drop-down list, select the ID of the port to which the host server is connected. This ID is not presented directly to the host; the host will see this port numbered according to its own numbering scheme. If the connection is over Fibre Channel, the port ID is associated with a port WWN that is used by the host to identify the VTS server.
l Windows Server 2008 Values 0-15 are acceptable. 2. From the Lun drop-down list, select the logical unit number. This number identifies the sub-ID on the port, and this ID typically ranges from 0-255. For SCSI connections, this ID is typically 0. Note SCSI devices use target-based addressing. Fibre Channel devices use LUN-based addressing. For Fibre Channel devices, the LUN determines the unique address of the device on the port, so you cannot assign a LUN value more than once per port.
After creating a VTD, you should l create virtual tapes l create pools, which organize and set properties on the tapes l mount a virtual tape in the VTD See "Managing virtual tapes" on page 96 for more information. Viewing standalone VTDs To view standalone VTDs on the server Click Configuration > Virtual Devices on the navigation pane. A list of VTDs is provided in the VIRTUAL TAPE DRIVES section of the page. Here is an explanation of the columns: l VTD - The name of the VTD.
Configuring the NonStop BladeSystem Cluster I/O Module If the NonStop BladeSystem is used as the host server and the Cluster I/O Module (CLIM) will be used, you must configure the virtual tape drives on the NonStop. Complete the following steps to do so: 1. Verify that the serial number specified for each virtual tape drive (in VTS) is unique. 2. Verify that the CLIM is connected to the VTS server using a Fibre Channel cable. 3.
Validating access to VTDs from the NonStop server To validate that the NonStop server can back up to configured VTDs in VTS, you must configure the NonStop server to add the VTD. Then, you can start the virtual tape drive from the NonStop server. Issue the following command on Integrity series servers to configure the virtual tape drive: SCF ADD TAPE $VTD, SENDTO STORAGE, LOCATION (x,y,z), LUN #, SAC #, PORTNAME WWN#, COMPRESSION OFF where $VTD — The virtual tape drive name, such as $TAPE00.
Total Errors = 0 Total Warnings = 0 If unsuccessful, messages similar to the following are displayed: SCF - T9082G02 - (06JAN06) (31OCT05) - 01/19/2007 09:09:06 System \DEV3 (C) 1986 Tandem (C) 2006 Hewlett Packard Development Company, L.P. STORAGE E00002 START TAPE \DEV3.$TAPE30 rejected, file system error: 190STOPPED: 0,63 CPU time: 0:00:00.
7 Enabling and Performing Tape-to-tape Exports You can export data on a virtual tape to a physical tape in an external tape drive or library. This provides a one-to-one mapping of virtual to physical tape. When creating the tape-to-tape export job, you can choose whether the data remains in virtual tape format or host format. This allows application-aware exports because you have the ability to name the virtual tapes such that they are the same as a pool of physical tape cartridges.
Considerations l If the VTS server is rebooted while a tape-to-tape export job is in progress, the job will fail. l To encrypt data that is exported: l Enable Data Encryption and select an encrypted virtual tape for tape-to-tape export (in virtual tape format). The tape is exported as-is if the target library supports encryption on all of its drives. l Enable drive-level encryption and export an unencrypted virtual tape using virtual tape format.
3. Click Physical Devices to expand this area of the page. 4. To specify a user-friendly name or short description of the drive or library, type a name in a drive or library's Friendly Name column. This name will be used when selecting a drive or library on other pages in the web interface. 5. Click Apply. To dedicate a physical library or drive for use by tape-to-tape or stacked export jobs 1. Click Configuration > System on the navigation pane. 2. Click Edit System Settings. 3.
Exporting a virtual tape or pool You can export one virtual tape to one physical tape using a tape-to-tape export job, and you can choose whether the data remains in virtual tape format or host format. You can perform this procedure if a capacity license is enabled on the server. To export a virtual tape or pool Requires the Virtual Tape Import and Export, Vault Access, and Access to all Vaults access rights 1. Click Administration > Virtual Tapes on the navigation pane. 2.
6. Specify a job name in the Job Name field. Include only alphanumeric characters in a job name; spaces and special characters are not allowed. 7. Select a drive or library from the Destination drop-down list. Note Disconnected tape drives or libraries can be selected, though the job will fail if the drive or library remains disconnected when the job runs. 8. Select an Export Format option: l If you choose Virtual Tape Format, the tape is exported as-is and cannot be read by the host server.
start date and time. l Monthly — Runs on a specific date each month. Select a date and start time. If you specify a date that does not exist in a month, the job will run on the last day of the month. e. Click Save. After the job runs, you can return to the Managed Schedules page for its status. If a problem occurred, the Last Run column will display “Failed”.
7. If importing from a pre-existing tape, select the virtual tape where the imported data will be stored from drop-down list in the Source Vault/Pool column. 8. Select Import from the drop-down list above the table on the right side of the page. 9. When prompted, confirm that you want to import the tape(s). A library import job is created and run immediately.
48 | Virtual TapeServer Configuration Guide
8 Enabling and Performing Stacked Exports Through integration with a backup management application server, you can read and write files to and from Virtual TapeServer (VTS). You can then create stacked export jobs on VTS to export, or “migrate”, virtual tapes to physical tapes using an attached external tape device. Note Stacked export jobs are available if a capacity license is enabled on the server. Stacked exports allow for better use of the disk space on the storage array.
6. If using a standalone drive for a stacked export job, be sure to insert a labeled tape in the drive before running the job. 7. Export virtual tapes by creating stacked export jobs using the web interface as described in this chapter. If necessary, you can also import exported tapes. Or, you can configure the VTSPolicy command on the VTS server to automatically export tapes.
3. Click Physical Devices to expand this area of the page. 4. To specify a user-friendly name or short description of the drive or library, type a name in a drive or library's Friendly Name column. This name will be used when selecting a drive or library on other pages in the web interface. 5. Click Apply. To dedicate a physical library or drive for use by tape-to-tape or stacked export jobs 1. Click Configuration > System on the navigation pane. 2. Click Edit System Settings. 3.
Setting the backup management application password You can configure a system account for use by backup management applications (for stacked exports). To configure a system user account 1. Click Security > Passwords on the navigation pane of the VTS web interface. A page similar to the following is displayed: 2. Select hsm from the drop-down list. 3. Type the username and password that is required to log in to the backup management application and then click Update.
3. Choose one or more virtual tapes to export. (In a later step, you can also choose virtual tapes in VTLs or pools.) 4. Select Stacked Export from the Actions drop-down list (above the table, on the right side of the page). The following is displayed: 5. On the pop-up dialog, select the Create New Job option. 6. Specify a job name in the Job Name field. Include only alphanumeric characters in a job name; spaces and special characters are not allowed.
13. To schedule the stacked export job, you must create a schedule that is associated with the job. a. Click Administration > Jobs on the navigation pane. b. On the Manage Jobs page, click Schedules page is displayed. next to the job you want to schedule. The Manage c. Click Add Schedule. d. In the Create Schedule area, select how often you want the job to occur: l One time — Runs the job once. You must select a start date and time. l Weekly/Daily — Runs on the days you select.
9 Enabling and Configuring Data Replication You can configure VTS to export virtual tapes to a remote VTS server. This feature is implemented as replicate jobs, for redundancy or disaster recovery purposes, and remote export jobs, for high availability and role swapping purposes: l Use replicate jobs to replicate data as part of your disaster recovery solution or to enable multiple VTS servers to back up virtual tapes to a single remote server.
Steps to enable, configure, and use replicate jobs 1. Enable Data Replication licensing using the VTS web interface as described in Enabling Licensed Features. Note Multiple license keys are available for this feature, based on the desired transfer speed (WAN Acceleration). If the licensed transfer speeds do not match on the source and target systems, the lowest speed is used during replication. 2.
a. Unmount the file system: umount /VAULT04 b. Copy the /etc/fstab file to a backup file: cp /etc/fstab /etc/fstab.backup c. Relabel the device, using the file system name: e2label /dev/sdc2 /DATA04 d. Edit /etc/fstab and replace the old “VAULTnn” name with the new “DATAnn” name. e. Rename the mount point: mv /VAULT04 /DATA04 f. Mount the file system and set permissions: mount /DATA04 chown bill.replicators /DATA04 chmod 750 /DATA04 3. Repeat these steps for each partition you wish to rename.
To add a target server Requires Administration group membership Complete these steps using the source server's web interface: 1. Click Configuration > System on the navigation pane. 2. Click Edit System Settings. 3. Click Replication to expand this area of the page. 4. Click the Add Target Host button. The following is displayed: 5. If the local (source) server was replaced, you need to notify the target server so that it can update its source server information: a. Select the Replace System checkbox. b.
7. In the Target Host field, type the fully qualified hostname or IP address of the target server. Note It is recommended that you provide a hostname, if DNS is configured on your network. If you provide an IP address instead of a hostname and then the IP address of the source or target server changes, you must delete the target server and then complete all configuration procedures again. 8. In the Http Port field, type the port number used for accessing the web interface on the target system.
6. Select the Enabled checkbox to enable the source server, thereby allowing it to use the local (target) system as a replication target. (You cannot select this checkbox if the Authorized checkbox is not selected.) 7. In the Friendly Name field, type a name for the source server. 8. Using the Map To lists, map mount points (data volumes) on the local (target) server to the source server. This determines where replicated tapes are stored on the local server when sent from this source server.
Replicating data to remote servers To replicate data to remote servers, you must create and run a replicate job. To create and run a replicate job Requires the Virtual Tape Import and Export, Vault Access, and Access to all Vaults access rights 1. Click Administration > Virtual Tapes on the navigation pane. 2. Select All, Shelf, or a VTL name from the Show Cartridges In drop-down list. 3. Choose one or more virtual tapes to replicate. (In a later step, you can also choose virtual tapes in VTLs or pools.
9. Select the Stop on Error option if you want to stop the job if an error occurs. Otherwise, the job will continue until VTS has attempted to export all virtual tapes. 10. Select the Run Immediately option to run the job immediately after it is created. 11. Select Trigger Policy If Enabled if you want to initiate actions defined in policies associated with the selected virtual tapes.
To restore replicated tapes 1. Click Administration > External Data on the navigation pane. 2. Select a remote host from the Select Destination drop-down list. 3. To name the restore job, enter a name in the Job Name field. Include only alphanumeric characters in a job name; spaces and special characters are not allowed. 4. If you wish to stop the restore operation if an error occurs, select Stop on Error (above the table). If an error occurs, the restore job fails.
64 | Virtual TapeServer Configuration Guide
10 Enabling and Configuring Role Swapping To enable “role swapping” of primary and secondary Virtual TapeServer (VTS) servers in your environment, or to ensure high availability of data across sites, you can use remote export jobs to export data to remote servers. To use remote export jobs, you must license the Data Replication feature. Note This feature is also implemented as replicate jobs, for redundancy or disaster recovery purposes. For role swapping, you will use remote export jobs only.
last modified a virtual tape. l Ownership of virtual tapes is not stored, so there is no way to inform the administrator of either system of the originator of the virtual tape. l Remote export jobs push virtual tapes from one system to another. It is your responsibility to disable the remote export jobs on current primary server (at the production site) and enable them on the current secondary server when swapping roles. If you do not disable all jobs on the production site, data may be overwritten.
3. Configure Server A to export data to Server B: a. Enable Data Replication licensing using the VTS web interface as described in "Enabling Licensed Features" on page 21. b. Configure the rep_ parameters in the configuration file as described in "Configuring settings for remote export jobs" on page 72. c. Export virtual tapes to Server B by creating and running remote export jobs. This is described in "Replicating a virtual tape using a remote export job" on page 73.
c. Enable jobs on Server B. d. If Data Encryption is used in the environment and Server A was the key generator, you do not need to perform additional steps to continue to use Data Encryption after swapping roles. However, if Server A is not available, you can restore a backup of Server A’s key database from a remote host. Then, you can configure Server B to be the key generator. See the Managing Data Encryption help topics in the online help for details. e.
The following steps use two sites as an example of enabling Data Replication between two sites, Boston and Los Angeles, connected by a wide area network (WAN): To configure network settings 1. Verify that the hostname, IP address, and gateway are configured on each VTS server in the environment. Refer to the Quick Start Guide for more information. 2.
3. Test connectivity by pinging the network connections. At the prompt, enter ping hostname. For example, to ping the Boston server, enter ping boston. Output similar to the following is displayed: 64 bytes from boston (10.10.2.145): icmp_seq=0 ttl=64 time=0.053 ms 64 bytes from boston (10.10.2.145): icmp_seq=1 ttl=64 time=0.053 ms 64 bytes from boston (10.10.2.145): icmp_seq=2 ttl=64 time=0.053 ms 64 bytes from boston (10.10.2.145): icmp_seq=3 ttl=64 time=0.053 ms Press CTRL-C to stop the ping process.
5. If you configured SSH and access to the bill account is restricted on the VTS servers, you must grant SSH access to the bill user for each VTS server. To do this, become root (enter su root) and then edit /etc/ssh/sshd_config to add this line: AllowUsers vtsa bill@source_svr where source_svr is the IP address or hostname of the VTS server where the AutoCopy operation is originating.
Configuring settings for remote export jobs Note A default configuration file is defined for each VTS server. To override the default settings, you must define settings as described below. To modify the configuration file to configure remote export jobs Requires the Edit Configuration File access right 1. Enable Data Replication licensing as described in "Enabling Licensed Features" on page 21. 2. On the primary (originating) server, complete these steps: a.
Parameter Description Values parameter is required if rep_streams is target set to a value greater than 1. server’s name Example vts.conf entries: rep_destination_hosts='vts11, vts21' rep_streams='1' rep_source_tmp='/VAULT10/.TMP' rep_destination_tmp='vts11:/VAULT01/TMP, vts21:/VAULT00' d. Click SAVE. e. Restart the TapeServer process on the Manage System Tasks page. 3. On the secondary (target) servers, add the rep_source_hosts parameter to the configuration file, as follows: a.
4. Select Remote Export from the Actions drop-down list (above the table, on the right side of the page). The following is displayed: 5. Select a remote server from the Destination Host drop-down list. 6. Click Fetch destination details. A list of virtual tapes to be exported is then listed on the Manage Virtual Tapes page. 7. If necessary, exclude virtual tapes from the remote export job.
11 Configuring EMS Communication To automate the process of mounting and dismounting virtual tapes on a NonStop host server, you must configure the Event Management System (EMS) on VTS. The EMS service for host servers starts the EMS distributor on the host server by issuing a Tandem Advanced Command Language (TACL) command. The distributor notifies the VTS EMS service when an EMS message is posted on the host server.
d. To enable EMS, select the Enable EMS checkbox. e. To configure VTS to generate EMS messages for notifications, set the following: l To enable VTS to send notification messages back to the host from EMS messages, select Enable Host Notifications. l If you enabled notifications, set the notification level from the Notification Level drop-down list. This enables EMS to acknowledge certain EMS messages and generate completion status (success or failure) messages.
c. In the Host Name or IP field, specify a hostname or IP address of the host server for which a Telnet or SSH session will be established. d. Select the protocol to use for the session from the Protocol drop-down list. e. In the Host Port field, specify the target Telnet or SSH port on the host server. By default, SSH runs on port 22. To identify the SSH port on the host server, refer to the PORT parameter in the SCF IN file that defines the SSH process. f.
XYGATE: logon %username% SAFEGUARD: logon %username% l In the Login Password Prompt field, specify the password prompt that will be returned by the host server in response to the Telnet or SSH connection. Examples: TACL: /Password:\s*$/i TACLS: /Password:\s*$/i XYGATE: /Password:\s*$/i SAFEGUARD: /Password:\s*$/i l In the Login Password Answer field, specify the password response that will be shown during the login process.
j. In the Response Timeout field, specify the timeout value (in seconds) used to wait for each response during the EMS login process. k. In the Host and Virtual Devices section of the page, add the tape devices that are configured on the host server and connected to VTS. Each host device corresponds to a virtual device, which defines the virtual tape drive known to the host server for the host device. You must define at least one host device. Click New and specify a name in the Host Device field.
4. Set the username and password for each EMS host: a. Click Security > Passwords on the navigation pane. The following page is displayed: b. Configure a password for each EMS host defined in the configuration file. Click Help for complete instructions. 5. If you configured EMS to use SSH, you must log in to each host server to verify and accept the fingerprint. When the fingerprint is accepted, the host server’s key is stored in /home/bill/.
d. Enter yes to accept the fingerprint. e. Exit by pressing CTRL+C. If a mismatch occurs after accepting the fingerprint, you can edit the /home/bill/.ssh/known_ hosts file to remove lines for host server whose key has changed. Then, after the obsolete key has been removed, repeat this step to accept the new key. 6. Click Stop EMS Service and then click Start EMS Service on the Manage System Tasks page to restart the EMS service.
c. Add the following parameters at the bottom of the file that is displayed: Parameter Description Values cleanup_threshold_ Indicates the threshold after which a Integer percent cleanup is initiated, if Scan/Cleanup is enabled. When the VTS file system reaches this threshold (a percentage), virtual tapes can be scheduled for erasure if this parameter is set. This parameter also instructs VTS to send a notification to the NonStop server.
12 Enabling and Configuring Data Encryption Data Encryption is an optional Virtual TapeServer (VTS) licensed feature that enables VTS to encrypt data that is stored on virtual tape. Note that Data Encryption protects data at rest. It does not protect or secure the VTS server. Here is how Data Encryption affects tape operations: l When an encrypted tape is mounted, the data that is written to the tape is encrypted.
Overview of Data Encryption When Data Encryption is enabled on a VTS server, the embedded key server can be configured to generate keys for encrypting virtual tapes. VTS uses symmetric key encryption to secure data written to tape. This encryption is based on Advanced Encryption Standard-Cipher Block Chaining (AES-CBC) and uses 256-bit keys provided by a random number generator. When a key is generated, its key ID is stored with the encrypted virtual tape.
l Migrating a virtual tape (stacked export) An encrypted virtual tape is migrated as-is; that is, the data remains encrypted when it is migrated to physical tape. l Compressing data If enabled, data compression occurs before encryption. l Updating metadata, timestamps, and file sizes Every virtual tape stores header information called metadata, which is used by VTS to retain an audit trail of information about the tape. When a tape is encrypted, the metadata is not encrypted.
encrypt the tape is not configured on the server where the encrypted tape resides, the tape operation will fail and an error message will be displayed indicating that the operation failed. See "Data Encryption and failed tape operations" on page 177 for an explanation of the possible failures. l Upgraded installations Beware of using Data Encryption in an environment where some VTS servers are upgraded and others are not. It is highly recommended that you do not use Data Encryption in a mixed environment.
If you choose to designate another server (server C in this example) as the key generator after server A has generated keys, you must perform these steps to reconfigure the Data Encryption environment: 1. Add server C as a key generator on servers A, B, and C. 2. Reconfigure server A as a non-key generator on servers A, B, and C. To reconfigure a key generator as a non-key generator, you must remove the server entry and re-add it, clearing the Key Generator option. 3.
key generator. If a key generator is reconfigured to no longer generate keys, it is then referred to as a “non-key generator”. The key database remains on the non-key generator but that server no longer creates keys. When a virtual tape needs to be decrypted, VTS retrieves the encryption key from the key server that generated the key. If the key generator was reconfigured as a non-key generator, VTS must still have access to that key server.
8. Type the password of the specified user in the Password field. 9. Click SUBMIT. After you add a key generator and a key database backup host (other than localhost), allow five minutes for the key generator to create the first set of keys and key IDs. Key IDs may not be available until after this initial time period. Adding a key database backup host By default, each VTS server is configured as its own backup host. You must configure at least one other backup host on the key generator.
4. In the Host/IP Address field, type the hostname or IP address of a server that VTS will use as a backup host for the key database. 5. In the Username field, type the username of a user account that can access the SCP program on the specified server. 6. Type the password of the user account in the Password field. 7. Select a protocol from the Protocol drop-down list. 8. In the Destination field, type a path and file name to the file that will store the key database.
13 Creating and Managing Virtual Media VTS organizes data in vaults, which are defined for you. Vaults contain pools, and pools contain virtual tapes. You can create, modify, and delete pools.
Before beginning l Verify that a vault is available for storing data. Customer data should not be stored on VAULT00, which provides a small amount of space needed for system maintenance. If VAULT00 is the only vault available, it is recommended that you attach an external storage device for use in storing data. See the Quick Start Guide for cabling instructions and then refer to "Reconfiguring Vaults" on page 9. To create a pool Requires Administration, Operations, or Supervisor group membership 1.
6. If you want to set a limit to how long the virtual tapes in the pool are stored, type a value in the Retention field and then select a unit of time from the drop-down list. This retention period governs when the virtual tape can be erased to reclaim space in a vault (using the Scan/Cleanup feature). 7. Select the Autoloading checkbox to enable the pool to automatically load and unload virtual tapes as they are used, from the first to the last virtual tape in the pool.
Keep the following in mind when creating policies: l Each policy is applied to one or more pools, so the policy action is performed on all virtual tapes within the pools associated with the policy (after the specified event completes successfully). l You must set the Trigger Policy If Enabled option when configuring jobs; jobs are responsible for performing policy actions.
l import from a tape device l import from a replication target Before beginning l Create one or more pools to which the policy can be applied. To create a policy Requires Administration, Operations, or Supervisor group membership 1. Click Configuration > Policies on the navigation pane. The Configure Policies page is displayed. 2. Click Add Policy. 3. From the On Success Of drop-down list, select the event that must complete successfully to trigger the policy action. 4.
l If you chose Replicate (import),select the remote server from which the tape will be imported. l If you chose Mount, select the standalone VTD where the tape will be mounted and whether the tape will be mounted as read-only. l If you chose VTL-Insert, select the target VTL. Be careful when defining attributes if multiple policies trigger the same action for the same pool. Attributes for existing policies are overwritten (for policies that trigger the same action for the same pool.) 7.
l If and when the virtual tape was exported, imported, migrated, or restored l How long the virtual tape has been retained l The ID of the key used to encrypt the tape, if Data Encryption is enabled and the tape is encrypted Before beginning l Verify the name(s) of the tape(s) on the host server. It is recommended that you use consistent naming on the VTS and host servers. For example, specify $VTAPE1 on the VTS server if the tape is named $TAPE1 on the host server.
3. In the Virtual Tape Name/Prefix field, type the name for the virtual tape or, if creating multiple tapes, type a string that will be used as the base of the tape names. The name on the virtual tape should match the name used the host server if the tape will be used in a VTL. This is because VTS will use the tape name as the barcode. Virtual tape names can be up to 6 characters in length (total). Note The names applied to virtual tapes are not tape labels.
Inserting virtual tapes into a VTL You can move virtual tapes from the shelf, where they are placed after creation, to a VTL. (The shelf contains virtual tapes that are not associated with a VTL.) Before beginning l Make sure empty slots are available in the VTL. To add virtual tapes to a VTL 1. Click Administration > Virtual Tapes on the navigation pane. 2. From the Show Cartridges In drop-down list, select Shelf. 3. Choose the virtual tapes you want to add to the VTL by selecting them in the table. 4.
To mount a virtual tape Requires the Mount Cartridges, Vault Access, and Access to all Vaults access rights Use this procedure if a capacity license is enabled on the server. 1. Click Administration > Virtual Tapes on the navigation pane. 2. From the Show Cartridges In drop-down list, select All or Shelf. 3. Choose the virtual tape that you want to mount. 4. Select Mount from the Actions drop-down list (above the table, on the right side of the page). The following is displayed: 5.
4. Select the virtual tape to mount. In the following snapshot, the DF0000 virtual tape will be mounted on the VF40500 host device: 5. Click Mount. The following dialog box is displayed. Note If the Mount button is not displayed, see "Configuring Web Interface Preferences" on page 155 for information about displaying this button. Also, if you cannot click the Mount button, maximize your browser; this should display an arrow cursor and enable you to click the button.
7. After the backup begins, you can monitor the progress from the Virtual Media - Operation page. In the kb/sec and size(MB) columns, you can see the megabytes that have been backed up and the backup rate. After the backup completes, you can verify that the size of the virtual tape has changed. You can also monitor progress from the System Status page, which shows the current transfer rate (if enabled). When the backup is finished, VTS unloads the virtual tape.
To view mounts Requires the Virtual Tape Mounts and Locks access right Click Administration > Mounts and Locks on the navigation pane. The top of the page shows the recent mount requests. Only mount requests that can be handled by the server are displayed. You can also restart the EMS messaging service from this page by clicking the RESTART button. Unmounting virtual tapes You can unmount a virtual tape from a standalone VTD only. VTDs in VTLs are controlled by initiating hosts only.
3. Select the host device where the virtual tape is mounted. 4. Click Unmount. Encrypting and decrypting virtual tapes You can encrypt virtual tapes individually or you can encrypt a pool, which instructs VTS to automatically encrypt virtual tapes when they are added to the pool.If you encrypt a pool, all virtual tapes in the pool are encrypted when they are created. If virtual tapes exist in the pool when the pool is configured for encryption, you can specify whether they should also be encrypted.
4. Select Encrypt from the Actions drop-down list (above the table, on the right side of the page). The following is displayed: 5. On the pop-up dialog, select the Create New Job option. 6. Specify a job name in the Job Name field. Include only alphanumeric characters in a job name; spaces and special characters are not allowed. If you leave this field blank, a name is generated for you. 7.
c. Click Add Schedule. d. In the Create Schedule area, select how often you want the job to occur: l One time — Runs the job once. You must select a start date and time. l Weekly/Daily — Runs on the days you select. You must select the days and a start date and time. l Monthly — Runs on a specific date each month. Select a date and start time. If you specify a date that does not exist in a month, the job will run on the last day of the month. e. Click Save.
To encrypt all virtual tapes in a pool Requires Administration, Operations, or Supervisor group membership If a pool contains virtual tapes and then you edit the pool to encrypt tapes in the pool, VTS creates a job to encrypt the existing tapes. 1. Click Configuration > Tapes and Pools on the navigation pane. 2. Click next to the pool you want to encrypt. The following is displayed: 3. Select the Encryption checkbox.
Decrypting virtual tapes To decrypt one or more virtual tapes Requires Administration group membership 1. Click Administration > Virtual Tapes on the navigation pane. 2. From the Show Cartridges In drop-down list, select Shelf. 3. Choose the virtual tapes you want to decrypt by selecting them in the table. 4. Select Decrypt from the Actions drop-down list (above the table, on the right side of the page). The following is displayed: 5. On the pop-up dialog, select the Create New Job option. 6.
9. Select the Run Immediately? option to run the job immediately after it is created. Do not select this option if you want to create a schedule for the job. 10. Select Trigger Policy If Enabled if you want to initiate actions defined in policies associated with the selected virtual tapes. Policies apply to pools, so this option triggers policies that are defined for pools in which the selected virtual tapes reside. 11. Click submit. 12.
To decrypt all virtual tapes in a pool Requires Administration, Operations, or Supervisor group membership If a pool contains virtual tapes and then you edit the pool to disable encryption, VTS creates a job to decrypt the existing tapes. 1. Click Configuration > Tapes and Pools on the navigation pane. 2. Click next to the pool you want to decrypt. The following is displayed: 3. Select the Encryption checkbox to remove the checkmark. 4. Click Save .
Exporting virtual tapes If a capacity license is enabled on the server, you can export data in the following ways: l Export to a physical library or tape drive using a tape-to-tape export job to an external tape library or standalone drive (your license type determines how you perform this procedure using the web interface). . l Export a virtual tape to one or more physical tapes using a stacked export job. See "Enabling and Performing Stacked Exports" on page 49 for details.
To export a virtual tape or pool Requires the Virtual Tape Import and Export, Vault Access, and Access to all Vaults access rights 1. Click Administration > Virtual Tapes on the navigation pane. 2. Click the Advanced Media Actions link in the upper right corner of the page. The Configure Tapes and Pools page is displayed. 3. Expand a pool in the pool column and select a virtual tape in the cartridge column.
4. Click Import/Export. Or, if Data Encryption is enabled and the tape is encrypted, click Import/Decrypt&Export. The Virtual Media - Import/Export page is displayed. If one or more physical tape drives are connected to VTS, they are detected automatically. (If a physical tape drive is not listed, such as if it was connected after VTS was booted, you may need to rescan the SCSI controllers. See "Common issues" on page 171 for more information.
4 — Could not open physical tape drive 5 — Could not load and rewind tape before copy 6 — Could not rewind tape after copy 7 — Could not issue SCSI write command 8 — SCSI write command failed Migrating a virtual tape to physical tape using the web interface If a VTD license is enabled on the server, you can export a pool, which exports all virtual tapes in the pool, or you can export a single virtual tape. This is also referred to as “migration”.
3. Select a pool to migrate by clicking on the name of a pool in the pool column. Or, expand a pool and select a virtual tape in the cartridge column. Note VTS locks all virtual tapes that are selected for migration, until the operation is complete. If you select a pool to migrate, all virtual tapes in the pool are locked. Thus, to migrate a pool, there must be no locks on the pool or any of its virtual tapes. 4. Click the Migrate button at the top of the page. 5. When prompted, confirm the action.
/VAULTxx/pool/cartridge — Specifies the pool and cartridge on which to operate. If you want to migrate an entire pool, specify /VAULTxx/pool only. keyword=value — Specifies a valid combination of keywords and their values. Supported keywords include the following: l source or s — Specifies the fully-qualified hostname of the VTS system on which the specified pool resides. In a VTS cluster, this keyword specifies the VTS server that will execute the command. This keyword is required in a VTS cluster.
keyword=value — Specifies a valid combination of keywords and their values. Supported keywords include the following: l source or s — Specifies the fully-qualified hostname of the VTS system on which the specified pool resides. In a VTS cluster, this keyword specifies the VTS server that will execute the command. This keyword is required in a VTS cluster. l erase — Enables VTS to erase the virtual tape after migration is completed successfully. Set this keyword to YES or NO.
where /VAULTxx/pool/cartridge — Specifies the pool and cartridge on which to operate. If you want to migrate an entire pool, specify /VAULTxx/pool only. keyword=value — Specifies valid keywords and their values, as follows: l source or s — Specifies the fully-qualified hostname of the VTS system on which the specified pool resides. In a VTS cluster, this keyword specifies the VTS server that will execute the command. This keyword is required in a VTS cluster.
To use a TACL macro in obey script On the NonStop server, you can create an obey script that includes a TACL macro that communicates with the VTS server through EMS. In the script file, add the commands specified below. To initiate the script, run the script using the obey command, add the lines to the end of an existing script, or schedule the script to run from Batchcom.
Restoring data You can restore data in the following ways (if a capacity license is enabled on the server): l Import from a physical library; this is the reverse of a tape-to-tape export job to an external tape library and can be performed from the Manage External Data page of the web interface. or Import from a physical tape drive; this is the reverse of a tape-to-tape export to a standalone drive and can be performed from the Manage External Data page.
Manually erasing a virtual tape using the web interface Before beginning l Remove the virtual tape from the VTL, if necessary. Or, unmount the virtual tape, if it is mounted. To erase a virtual tape To erase an unencrypted virtual tape: Requires the Erase Cartridges, Vault Access, and Access to all Vaults access rights; also, requires Administration group membership if erasing an encrypted tape 1. Click Administration > Virtual Tapes on the navigation pane. 2.
Manually deleting a virtual tape using the web interface Before beginning l If the virtual tape resides in a VTL, you must remove it from the VTL before you can delete it. To delete a virtual tape To delete an unencrypted virtual tape: Requires the Delete Cartridges, Vault Access, and Access to all Vaults access rights; also, requires Administration group membership if deleting an encrypted tape 1. Click Administration > Virtual Tapes on the navigation pane. 2.
Automatically erasing a virtual tape using Scan/Cleanup After you enable and configure Scan/Cleanup as described in "Enabling and Configuring Scan/Cleanup" on page 129, you can display the web interface for this feature by clicking Configuration > Scan Cleanup on the navigation pane. Click the Show/Hide ‘No’ button to display the cartridges: To view the Status table This table lists all virtual tapes on the system and their Scan/Cleanup status.
not past retention,” which means the virtual tape is not scheduled for erasure because it is not past the retention time. Pool :: Cartridge Erased Written Retention Migrated Erase TEST :: X00001 13Feb05 15:43 17Feb05 14:49 2 weeks not by VTS no, not past retention In the following example, there are two virtual tapes, N00014 and N00015, which were erased on 13Feb05 15:43 and last written on 17Feb05 14:49. Their retention time is 2 weeks and they never have been migrated by VTS.
stored with the virtual tape but is not part of the data itself.
You can issue a simple FUP call to copy the contents of a text file to the $0 process. Create a text file on the NonStop server that contains the VTSPolicy command. Then, from Batchcom or within an existing backup script, run the following command: FUP COPY filename, $0 This sends the contents of the file to the EMS collector. Or, you can create a TACL macro to issue the command. On the NonStop server, create an obey script that includes a TACL macro that communicates with the VTS server through EMS.
ZEMS^TKN^TEXT [#charcount evt_text] [evt_text]] #SET evt_error [#SSPUT evt_buf ZEMS^TKN^EMPHASIS [ZSPI^VAL^TRUE]] #SET evt_error [#SSPUT evt_buf ZEMS^TKN^ACTION^NEEDED [ZSPI^VAL^TRUE]] #APPENDV req_prompt evt_buf Managing locks on virtual tapes Pools are locked when VTS needs uninterrupted access to any of the cartridges in a pool. The Virtual Media - Mounts and Locks page enables you to view current locks on pools and virtual tapes.
To remove a lock 1. Click Administration > Mounts and Locks on the navigation pane. 2. Select the pool or virtual tape to unlock at the bottom of the page. 3. Click REMOVE LOCK.
14 Enabling and Configuring Scan/Cleanup Scan/Cleanup is a Virtual TapeServer (VTS) feature that is designed to help you maintain VTS. It scans pools and virtual tapes to identify virtual tapes that are past their retention period. Scan/Cleanup can erase old virtual tapes to recover disk space. You can also schedule virtual tape erasures when the overall disk space falls below a specified threshold. Scan/Cleanup can be used to erase tapes after they are exported to physical tape using stacked export jobs.
l You can force an erasure or block an erasure by using the checkboxes on the Scan/Cleanup page. However, when an erase process completes (either auto-erase or erase-now), these overrides are removed. l When Scan/Cleanup erases a virtual tape, the header information (metadata) remains stored on VTS. l Scan/Cleanup does not affect a virtual tape's encryption setting.
Parameter Description Values Scan/Cleanup is disabled and the Scan/Cleanup page displays the erasure cleaning status of each virtual tape but no virtual tapes are erased without further configuration. Default value: NO If you want to automate virtual tape erasures, set this parameter to YES and set the cleanup_scan_at and cleanup_interval parameters. Once enabled, the start time and interval are used to determine how many times per day the erasure process runs.
Parameter Description Values Default value: 0 cleanup_nonMigrated Indicates to erase virtual tapes that have YES or NO not been migrated. Migration is used to move data from VTS to permanent storage. Default value: NO cleanup_show_erase_ Displays Scan/Cleanup files that are used to control_files implement the Scan/Cleanup erasure YES or NO process. This is typically set to NO and may be enabled to help diagnose a system problem, if indicated.
Parameter Description Values virtual tapes will not be scheduled for erasure. To make the display smaller and simpler, the NO rows are suppressed. When this parameter is set to NO, a small button is shown that permits the user to temporarily override this parameter and show the NO rows. Default value: NO cleanup_show_erase_ Shows or hides the Erase meta data column column in the Status Table. The date of the last YES or NO erasure may not be important to a particular installation of VTS.
cleanup_show_erase_control_files='NO' cleanup_show_erase_column='YES' cleanup_minimum_size_GB='8' cleanup_show_size_column='NO' meta_control_panel='NO' 4. Click SAVE to save all changes.
15 Configuring User Accounts This chapter describes how to manage and use the operating system and web interface accounts on the VTS server. Managing operating system accounts By default, the following user accounts are provided for the VTS operating system (Linux): l root l bill l vtsa The first time you log in to the VTS operating system using one of these usernames, you are prompted to change the password.
Note the following about the vtsa account: l Accessible by SSH l Runs in a restricted shell l Can “su” to other accounts l Through “sudo”, can issue the following commands: l /sbin/tune2fs -l /* l /bin/cat l /usr/bin/passwd l /sbin/chkconfig l /bin/ping l /usr/bin/clear l /bin/ps l /usr/bin/crontab l /sbin/reboot (runs as root) l /usr/local/tape/bin/getVTS_ dbginfo (runs as root) l /bin/bash/usr/local/tape/bin/getVTS_dbginfo (runs as root) l /usr/bin/updatedb (runs as root) l
Adding accounts You can create additional accounts in the vtsmaint group, and the new user will have the same privileges as the vtsa user. To create an account 1. Log in to the VTS server. 2. Become the root user: su 3. Enter the following command to create the user account: useradd -n username 4.
Expiring passwords By default, account passwords expire in 90 days (this does not apply to the bill or root accounts). To change account expiration 1. Log in to the VTS server. 2. Enter the following command: chage -M days user_acct where days specifies the number of days after which the password expires, and user_acct specifies the user account.
Managing web interface accounts Here is a list of the default user accounts provided for accessing the VTS web interface: Username Default Password Group Privileges operator tapelabs Operations Can view system status, including vaults. tapelabs tapelabs Supervisor Can perform all VTS functions but cannot administer access control, edit the VTS configuration file, restore the Linux configuration, or view and manage configurations.
Enabling a closed system using default users and groups You can enable a closed system to require authentication. The user can access only the resources assigned to a particular group. You can enable or disable individual rights to resources. To enable a closed system Requires the System Access Controls access right 1. Click Security > Access Control on the navigation pane. 2. If prompted, log in. After logging in, the Manage Access Control page is displayed. 3.
Rights Administra- Operations Supervisor tion Group Group Group Supervisory Functions X X Access Administration X System Access Controls X User Access Controls X Block and Unblock TapeServer X X Database Download X X Database Upload X Edit Configuration File X Halt and Reboot TapeServer X X Manage Scheduled Jobs X X Server Certificate Maintenance X X System Maintenance Functions X X System Upgrade/Update X X Turn Compression On or Off X X Upload Encryption Keys X
Rights Administra- Operations Supervisor tion Group Group Group Virtual Tape Operations X X X Scan and Cleanup Control Panel X X Virtual Tape Cartridge X X Delete Cartridges X X Virtual Tape Import and Export X X Virtual Tape Instant DR X X Virtual Tape Mounts and Locks X X Virtual Tape Pool Maintenance X X Erase Cartridges X X HSM Migration X X Mount Cartridges X X Unmount Cartridges X X View System Status X Change Refresh Rate X Stop and Start TapeServer X
Enabling closed access and restricting access to virtual tapes If you want to create an account that does not have access to virtual tapes, complete this procedure. To restrict access to virtual tapes 1. Log in using the admin account. 2. Enable a closed system as described in "Enabling a closed system using default users and groups" on page 140. 3. Add a user as described in "Creating a user" on page 144. 4. Add a group: a. Click + to expand Users and Groups. b. Click ADD next to Groups. c.
Creating a user To create a user Requires the System Access Controls access right 1. Click Security > Access Control on the navigation pane. 2. If prompted, log in. After logging in, the Manage Access Control page is displayed. 3. Click + to expand Users and Groups.
4. Click ADD next to Users. The name and password fields are displayed. 5. Type a username in the name field. Usernames cannot contain spaces and cannot duplicate existing usernames, group names, or reserved names. Also, they must be alphanumeric, though they can include an _ (underscore) character. 6. Type a password in the password field. 7. Click APPLY. The user is added and additional buttons are displayed. 8. To assign the user to a group, click CHANGE GROUP. The Group drop-down list is displayed.
Changing any user’s password It is highly recommended that you change the passwords of the default users. To change a user’s password Requires the System Access Controls access right to change any user’s password 1. Click Security > Access Control on the navigation pane. 2. If prompted, log in. After logging in, the Manage Access Control page is displayed.
3. Click + to expand Users and Groups. 4. Select the user from the Users drop-down list. 5. Click SET PASSWORD. The Password field is displayed. 6. Type a new password in the field. 7. Click APPLY.
Configuring groups Groups define the access rights that are assigned to users. Three groups are provided: l Administration l Operations l Supervisor For a list of the default rights assigned to these groups, see 140. You can modify the access rights that are assigned to these groups. You can also save your changes as a set of custom defaults, which can be restored later if necessary.
3. Click + to expand Rights. 4. To modify access rights assigned to the Administration group, select the checkbox next to each access right in the Administration column. Note The rights are organized in categories. If you grant access to a category, all rights in the subcategories are granted by default, though you can remove individual rights in the subcategories.
Right Description Access Administration Grants access to the Manage Access Control page System Access Controls Enables the user to administer groups and rights within Access Control User Access Controls Enables the user to change his or her password only within Access Control Block and Unblock TapeServer Displays the Block/Unblock TapeServer Startup link on Manage System Tasks page, which enables the user to block and unblock VTS functions Database Download Enables the user to create a system res
Right Description Turn Compression On or Off Enables the user to enable or disable compression from the Manage System Configuration page Upload Encryption Keys Obsolete; do not assign this access right Upload VPD Enables the user to upload the VPD file Configuration Backup Obsolete; do not assign this access right Configuration Restore Obsolete; do not assign this access right View log files Enables the user to view log files from the Logs page View/Manage Configuration Grants access to the C
Right Description Virtual Tape Pool Maintenance Grants access to the Virtual Media - Pool Maintenance page Erase Cartridges Enables the user to erase virtual tapes from the Configure Tapes and Pools and Virtual Media Cartridge Maintenance pages HSM Migration Enables the user to migrate virtual tapes using the Migrate button on the Configure Tapes and Pools page Mount Cartridges Enables the user to manually mount virtual tapes using the Mount button on the Configure Tapes and Pools page Unmount Car
Saving and restoring custom defaults After configuring users and group rights, you can save all settings as a custom configuration. Later, you can restore these settings by simply clicking the Restore CUSTOM Defaults button in the Defaults and Undo section of the page. This button becomes available after you save a custom configuration. To save custom default settings These procedures require the System Access Controls access right 1. Click the Save as CUSTOM button above the access rights table. 2.
To restore the custom default settings Click the Restore CUSTOM Defaults button to restore the custom configuration and discard changes made since the custom defaults were last saved.
16 Configuring Web Interface Preferences This chapter describes how to configure web interface preferences by setting parameters in the configuration file and how to set the refresh rate of the System Status page. You can set a number of parameters in the VTS configuration file to specify the following: l Whether and how often to display status messages at the top of the page. l Whether and when to display a notification regarding low vault space.
Parameter Description Values Media - Operation page. Default value: YES opwin_Erase Displays the Erase button on the Virtual YES or NO Media - Operation page. Default value: YES opwin_Delete Displays the Delete button on the Virtual YES or NO Media - Operation page. Default value: YES opwin_ImportExport Displays the Import/Export button on the YES or NO Virtual Media - Operation page. Default value: YES opwin_Migrate Displays the Migrate button on the Virtual YES or NO Media - Operation page.
Parameter Description Values tape is loaded in a VTD, the column indicates “ro” for read-only or “rw” for read-write. Otherwise, the read-only flag column is blank for all virtual tapes in every pool. Default value: NO opwin_ShowCompression Displays the compression ratio (c/ratio) YES or NO column on the Virtual Media - Operation page. Default value: YES opwin_ShowLastWritten Displays the last written column on the YES or NO Virtual Media - Operation page.
Parameter Description Values Default value: YES lowspace_notify_keep Specifies whether to continue to display YES or NO the low vault space notification until it is no longer valid. Default value: NO free_space_status Specifies whether to display the Free YES or NO Space information (for each vault) on the System Status page. Default value: YES status_ChangeRate Specifies whether to display the CHANGE YES or NO RATE button on the System Status page.
status_ChangeRate="YES" status_StopStart="YES" 4. Click the SAVE button.
160 | Virtual TapeServer Configuration Guide
17 Managing the VTS Server This chapter describes several tasks that are performed from time-to-time as needed. For more information about system tasks, refer to the online help. Backing up the VTS server It is recommended that you back up the VTS server before and after any major operation, such as an upgrade.
c. Select the Include virtual tape names option if you want to back up virtual tape names (including vault and pool locations); data on the tapes is not backed up. d. Click APPLY. e. When prompted, choose to save the .tgz file. It is recommended that you save a copy of the system restore image (.tgz file) to a remote system, for safe keeping. 3. If Data Encryption is enabled, back up the most current backup of the key database by completing these steps: a. Log in to the VTS server. b.
To create and manage certificates 1. Click Security > Certificates. The following page is displayed: 2. Create a certificate as described in the online help. To view help, click Help at the top of the page.
Powering up and down To power up 1. Press the power button located on the front panel of the VTS server module. The power button on the front panel changes from yellow to green, and the server module self-boots. Allow the VTS server to completely boot before proceeding. The console will display a login prompt when it is ready to proceed. 2. Power up the VTS SCSI converter using the power switch on the rear panel, if necessary. (This step is not necessary is connected over Fibre Channel.) 3.
\DEV5 (C) 1986 Tandem (C) 2006 Hewlett Packard Development Company, L.P. STORAGE - Status TAPE \DEV5.$VTAPE01 LDev State PID 289 STOPPED Total Errors = 0 Primary Backup DeviceStatus PID 0,312 1,1069 NOT READY Total Warnings = 0 2. Power down the SCSI converter using the power switch on the rear panel, if necessary. (This step is not necessary is connected over Fibre Channel.) 3.
To review fsck status 1. Click Administration > System Tasks on the navigation pane of the VTS web interface. 2. Click View File System Check Information. The FSCK Information page is displayed: For more information, see the online help. To view help, click the Help button at the top of the page. Monitoring files and directories The following files and directories should be monitored. Remove old data as needed.
The system facility, which is called logrotate, is used to rotate log files on a daily basis. The configuration files for logrotate are located in /etc/logrotate.d. You can tune the settings in this file to rotate and overwrite files as needed. Several scripts are available that clean up after files that were created and abandoned due to system or application errors. These include the following: l rmoldpipes l rmoldbylist l rmoldsync l rmoldfilelist.
168 | Virtual TapeServer Configuration Guide
Troubleshooting 18 This chapter provides information to assist you in addressing problems you may encounter while installing and using VTS.
Diagnostic techniques For diagnosing problems, the following tools may be helpful. PuTTY (Telnet/SSH client) This is a GUI-based application to issue Telnet, SSH, and other connection commands to a host server. You can download PuTTY from http://www.chiark.greenend.org.uk/~sgtatham/putty/. Virtual Network Computing remote control software VNC software enables you to remotely access the console of a UNIX server. VNC must be configured on the host server before you can use it from a client.
HP Integrated Lights-Out, Integrated Lights-Out 2, Integrated Lights-Out Advanced Pack, and Lights-Out 100 Models VT5900-H and VT5900-L support HP Integrated Lights-Out (iLO), HP Integrated Lights-Out 2, and HP Integrated Lights-Out Advanced Pack, which are collectively referred to here at “iLO”. Model VT5900-K supports HP ProLiant Lights-Out 100. These remote control services enable you to log in to the VTS server using the iLO virtual serial port or Mgmt port.
If error 224 occurs on the SCF, perform the following: l Verify that the virtual tape is using the 519X or 5257 definition. l Verify that the WWPN, SAC, and Module are correctly listed in SCF for the tape device. If an “end of media” message is displayed on the host, erase expired virtual tapes to clear disk space. If a tape drive stops responding from SCF, perform the following: l Check the system log for parity errors or other SCSI-related failures. l Check power indicators on the SCSI converter.
If necessary, reseat the PCI cards. Halt VTS from the web interface, power down the server, unplug the power cord, and then remove cables and reseat the PCI cards. Hard drives Verify the following: l Are the hard drives seated properly? l What is the color of the drive LED? A green LED indicates normal operation; amber indicates failure. You can also remove all hard drives and reseat them individually. Be sure to properly shut down VTS before performing this operation.
grep filename — Searches for a string in a file man — Displays help for a program more filename — Lists a file reset — Resets the current terminal Following a hard (unclean) shutdown of VTS (such as a system crash or loss of power), the system may be left in an inconsistent state. Many services running on the server use PID files to tell the system that a service is running. When a service is started, the PID file is created. When a service is shutdown, the PID file is deleted.
l Are all four ports in use? l Is normal communication occurring while SCF is running? Be sure to stop the tape drive in SCF on the host server and power off the SCSI converter before disconnecting cables. External storage or the SAN Verify the following: l Is the storage array powered on? l Are the lights on? l Are all of the cables secured tightly? l Are any cables broken? l Is the link LED on? What is the color of the LED? A green LED indicates normal operation; amber indicates failure.
l From the NonStop server, enter STATUS *, USER (username) to see if the EMSDIST process is active. l Check /usr/local/tape/log/ems.log. Go to the bottom of the log to look for problems. l View the Virtual Media - Mounts and Locks page. View the list of locked virtual tapes. If you are certain that a particular virtual tape is not in use but VTS indicates that it is locked, remove the lock here.
Data Encryption and failed tape operations If VTS attempts to perform an operation on an encrypted virtual tape, Data Encryption must be enabled and the key server that was used to encrypt the tape must be configured on the server where the tape resides. If not, the tape operation will fail and an error message is displayed indicating that the operation failed. This section provides an overview of the error messages that are displayed.
l Exporting an encrypted tape: A message similar to the following is displayed on the web interface: Thu 2008-01-17 09:49:31: SHARE:SH0000 Export data transfer failed, rc=3 l Erasing all virtual tapes in a pool on the Cartridge Maintenance page: A message similar to the following is displayed on the web interface: Erased 1 cartridge; Erasure of cartridge SH0002 in pool SHARE failed! l Setting the virtual tape size on the Pool Maintenance page: A message similar to the following is displayed on the web
Log format Each entry in the event log follows the same format, as shown in the following example: 2006-08-28 16:25:18|WARNING|440002|5900-E| 127.0.0.1|Tapeserver01|administrator||Access Control RESTORE OPEN defaults have been restored Messages are up to 255 characters in length; each message field has a character limit. The attributes that have a variable length are automatically compressed to the available space.
Message severity The severity attribute indicates the potential impact of the event or condition that the message reports. Note Though you can change the debug level on the Set Debug Level page, the debug level is reset to Error every time VTS is restarted. The following table lists the severity levels for log messages, starting from the lowest level of impact to the highest. Severity ID Severity Level Description 2 Info A normal operation.
ID Subsystem 33 Utilities 35 Services 40 Factory setup 51 Tape connections 52 Logical tapes 53 Virtual tapes 61 Access Control defaults 62 Access Control users 63 Access Control groups 64 Access Control rights 65 Secure password management 71 Erase by list 72 Delete by list 81 Crumb 91 System status Message text The following tables list the message IDs and corresponding message text that are generated for events in the system event message log.
Severity ID Subsystem ID Event ID Subsystem Message text 8 20 001 Manual mount Cartridge XXX mount failed, rc=RC 2 20 002 Manual unmount Cartridge XXX has been manually unmounted 6 20 002 Manual unmount Cartridge XXX unmount failed, rc=RC 2 20 003 EMS mount ems mount TAPE for HOST as ACCESS completed 8 20 003 EMS Mount ems mount TAPE for HOST failed rc=RC 2 20 004 EMS mount Read-Only ems telnet ems mount of TAPE by HOST as read-only 2 20 005 EMS unmount ems telnet ems
Severity ID Subsystem ID Event ID Subsystem Message text 2 20 031 EMS Policy IDR ems telnet IDR completes, rc=0 8 20 031 EMS Delete Cartridge PATH delete in Pool POOL failed, rc=RC 4 20 032 EMS Policy IDR ems telnet IDR completes, rc=RC 8 20 032 EMS Policy IDR vtape-operation-erase-PATHfailed-rc=RC 2 20 033 EMS Policy Migrate Cartridge PATH migrated 6 20 033 EMS Policy Migrate Cartridge PATH migrate failed, path in use, rc=RC 8 20 033 EMS Policy Migrate Cartridge PATH
Severity ID Subsystem ID Event ID Subsystem Message text Legato 2 20 071 EMS Policy Legato ems telnet LEG completes, rc=0 8 20 072 EMS Policy Legato ems telnet LEG completes, rc=RC 2 20 096 EMS Policy HSMPUT hsmput XXXXXX for HOST completed 8 20 096 EMS Policy HSMPUT hsmput XXXXXX for HOST failed, error MSG, rc=RC 2 20 097 EMS Policy HSMGET hsmget XXXXXX for HOST completed 8 20 097 EMS Policy HSMGET hsmget XXXXXX for HOST failed, error MSG, rc=RC 2 20 098 EMS Policy HSM
Severity ID Subsystem ID Event ID Subsystem Message text 8 20 204 EMS Policy Mount ems cancel TAPE for HOST failed parametric test 8 20 205 EMS Policy Mount ems reject TAPE for HOST virtual cartridge missing 8 20 2060 EMS Policy Mount ems reject TAPE for HOST tapeserver not running 6 20 207 EMS Policy Mount ems reject TAPE for HOST no host drives available 8 20 208 EMS Policy Mount ems reject check TAPE failed for HOST 8 20 209 EMS Policy Mount ems reject TAPE for HOST no v
Severity ID Subsystem ID Event ID Subsystem Message text 4 21 011 Cartridge deleted Cartridge TAPE not deleted in Pool POOL 6 21 011 Cartridge deleted Cartridge TAPE not deleted in Pool POOL because it is locked.
Severity ID 2 Subsystem ID Event ID Subsystem Message text Autoloader PATH 22 011 Remove retention vtape_pool libApply remove retention PATH 2 23 001 Canceled lock ems cancel lock PATH 2 23 002 Canceled mounts/locks page ems cancel mount NNNN 6 23 002 Canceled mounts/locks page ems cancel mount NNNN failed 2 24 001 Job Started manually IDR start NNNN as MMM 2 24 002 Job Stopped manually IDR Job JOB stopped by operator 2 24 003 Job successful IDR job JOB done rc=0 8
Severity ID Subsystem ID Event ID Subsystem Message text 2 25 002 Job Successful AutoCopy of TAPE complete 8 25 003 Job Failed AutoCopy of TAPE failed 6 25 004 Job Retried AutoCopy (retry NN) of TAPE started 2 25 010 EMS AutoCopy ems telnet start autocopy of TAPE for HOST 8 25 011 EMS AutoCopy Invalid target path: $targetpath 4 26 001 Scan/Cleanup ScanCleanup cart TAPE in pool POOL is being scheduled for erasure 2 26 003 Scan/Cleanup erase by list submitted 2 26 007
System administration and configuration Severity ID Subsystem ID Event ID Subsystem Message text 2 33 000 Unblock TapeServer Startup perform UNBLOCK 4 33 001 Block TapeServer Startup perform BLOCK 4 33 002 Disable Compression perform COMPRESSION_OFF 2 33 003 Enable Compression perform COMPRESSION_ON 4 33 004 Edit VTS Configuration File edit vts.
Severity ID Subsystem ID Event ID Subsystem Message text 2 35 010 ICS Started perform VTSISC_START 4 35 011 ICS stopped perform VTSISC_STOP 2 35 015 TM Started perform TMSTART 4 35 016 TM stopped perform TMSTOP Severity ID Subsystem ID Event ID Subsystem Message text 4 40 001 Factory Setup accessed factory setting accessed 4 40 002 Factory Setup Access Control RESTORE OPEN defaults have been restored 4 40 003 Factory Setup Access Control RESTORE CLOSED defaults ha
Severity Subsystem ID Event ID Subsystem Message text 2 52 001 Add Logical tape LXXXX added 2 52 002 Edit Logical tape LXXXX edited 4 52 003 Delete Logical tape LXXXX deleted 2 53 001 Add Virtual tape VXXXX added 2 53 002 Edit Virtual tape VXXXX edited 4 53 003 Delete Virtual tape VXXXX deleted Subsystem ID Event ID Subsystem Message text 2 61 001 Access Control accessed Access Control Opened 4 61 002 Restore Open defaults Access Control RESTORE OPEN defaults
Severity ID Subsystem ID Event ID Subsystem Message text 4 62 002 Delete/Remove user Access Control REMOVE USER UUUU 2 62 003 Set user password Access Control SET PASSWORD for UUUU 2 62 005 Change user group Access Control CHANGE PASSWORD for UUUU 2 63 001 Add Group Access Control ADD GROUP GGGG 4 63 002 Remove Group Access Control REMOVE GROUP GGGG 2 64 001 Rights changed/altered Access Control Save Rights 2 64 002 Save rights as CUSTOM Access Control Save Custom Righ
Severity ID Subsystem ID Event ID Subsystem Message text 4 71 002 Erase by List erase-by-list-cron 8 71 003 Erase by List EraseByList command XXXX not recognized 6 71 004 Erase by List EraseByList vclear error on CART is RC 6 71 005 Erase by List EraseByList failed 2 72 000 Delete by List DeleteByList start 2 72 002 Delete by List DeleteByList complete 8 72 003 Delete by List DeleteByList command XXXX not recognized 6 72 004 Delete by List DeleteByList vclear erro
Severity ID Subsystem ID Event ID Subsystem Message text notify_percentage 8 91 004 System Status Warning: low space cleanup_ threshold_percentage Export log This log provides information about all export operations.
Return Code 6 Possible Cause(s) Could not rewind tape after copy Corrective Action(s) l Check cabling l Make sure tape drive is on and properly configured 7 8 254 l Check cabling l Use larger tape or less data l Verify configuration l Check cabling SCSI write command failed l Use larger tape or less data Too much data for physical tape l Verify configuration l Check cabling.
Other log files The following log files are generated and saved in various directories on the VTS server. Operating system logs: l /var/log/messages l /var/log/cron l /var/log/boot.log Apache web server logs: l /var/log/httpd/error_log l /var/log/httpd/access_log VTS function logs: l /usr/local/tape/log/ems.* (available from the VTS web interface) l /usr/local/tape/log/debug.* (available from the VTS web interface) l /usr/local/tape/log/mount.log l /usr/local/tape/log/export.
Logwatch reports Daily Logwatch reports enable you to view significant events that occurred on the system in the last 24 hours. The reports are generated by parsing events in the Linux log directory (/var/log) and VTS log directory (/usr/local/tape/log). A report is generated every day at 4AM before VTS log files are rotated. Each Logwatch reports is deleted after 120 days. These reports are generated by an implementation of the logwatch system monitoring system; see http://www.logwatch.org/index.
4. Run the following commands: chkconfig auditd off service auditd stop service syslog restart These commands stop local logging through the auditd process and force audit records to be logged through syslog. The syslog facility will send log messages to the remote system. Note that audit log messages will also be listed in /var/log/kern_messages. 5. Log out of the VTS server. 6. If necessary, enable the remote system to receive the log messages.
d. Restart the syslog daemon by entering this command: service syslog restart e. On the local system, verify that messages are being logged in the remote system. For example, use the logger utility: logger -p kern.info test message This should result in an entry such as “Jun 29 15:29:51 vtsdev24 bill: test message” appearing in the remote system's log file. Note The syslog.conf file on the remote system will determine if and where the message is logged.
Message Text Severity Recommended Action AUTOCOPY FAILED: Request by: $requestor ($retry_number) cannot create directory $target (rc=$rc) Critical No action is required. The task will be retried. AUTOCOPY FAILED: Request by: $requestor ($retry_number) cannot reach $target/$filename (rc=$rc) Critical No action is required. The task will be retried. AUTOCOPY FAILED: Requested by: $requestor ($retry_number) from $target/$filename(rc=$rc) Critical The autocopy task failed.
Message Text Severity Recommended Action Error: BEX command failure! Critical A syntax error occurred in the BEX command. Repair the request and resubmit. Error: can not determine the proper command for this request. Critical HSM restore for TSM was unable to determine the proper restore or retrieve command. Ensure that the backup request specifies archive or backup. Error: Can’t find any files with data to backup for $cart_request. Warning Error: Can’t get lock for $cart_ request.
Message Text Severity Recommended Action Error: Processing failed, no files processed for $cart_request Critical No files were successfully processed. See the HSM get or HSM put log files on the Logs page for details about the HSM request. Error: Success message not found in NetBackup job output for $cart_ request. Critical An HSM request failed to find or process the virtual tapes for the request. Error: there is no pool in the file path for $cart_request.
Message Text Severity Recommended Action Info: $host TSM2/TSM $policy Inform Info: $jobname ENDED to $backupSystem Inform Info: AUTOCOPY $requestor $source $target ($retry_number) Inform Info: AUTOCOPY Complete $requestor $source $target $retry Inform Info: autocopy from $source to $host:$destination Inform Info: cancel mount of $tape Inform Info: TMFcopy of $tape Inform Non-zero return-code ($rc) from NetBackup bprestore Warning Restored $count file(s) Inform Restored $count file(s), r
204 | Virtual TapeServer Configuration Guide
Maintaining GFS for VTS A The Global File System (GFS) is an advanced feature that allows Linux servers to simultaneously read and write files on a single shared file system on a SAN. VTS is based on Linux, and GFS enables multiple VTS servers to access a shared set of pools and virtual tapes. The Event Management Service (EMS) can then automatically mount virtual tapes from the GFS pools as if they were separately mounted.
Powering hardware and starting a cluster If GFS is properly installed and configured, the VTS startup process automatically starts GFS. Note The following procedure assumes that the GFS cluster has been configured. To power all hardware and start GFS on all nodes in a cluster 1. Power on first VTS server. Wait for this server to boot completely. Fencing may power on subsequent VTS servers. 2. If fencing does not power on subsequent servers, power on the second VTS server.
Shutting down GFS If you need to remove one server from the cluster, use the following procedure. To shut down GFS on one server 1. Log in to the server. 2. Become root: su 3. Unmount GFS file systems: umount -a -t gfs 4. Stop the ricci configuration service: service ricci stop 5. Stop the GFS service: service gfs stop 6. Stop the clustered LVM service: service clvmd stop 7. Stop the cluster manager service: service cman stop 8. Reboot VTS.
Configuring GFS To configure GFS, contact your authorized service and support representative to request assistance. To configure VTS to use GFS, you must enable and configure intersystem communication. See the EMS online help for more information. An Ethernet connection is required between each Linux server (VTS servers and fencing resources). All servers must be connected by Fibre Channel to a disk array. The switch and network cables do not need to be Gigabit Ethernet.
file rgrp.c Jun 29 23:45:53 vts001 kernel: GFS: assertion: "x <= length" Jun 29 23:45:53 vts001 kernel: GFS: time = 1183153553 Jun 29 23:45:53 vts001 kernel: GFS: fsid=VTSC:VAULT10.3: RG = 191406391 Jun 29 23:45:53 vts001 kernel: Jun 30 01:21:46 vts001 syslogd 1.4.1: restart. The following procedure checks the file system and attempts to repair file issues found. This could take many hours to run depending on file system size.
Adding a vault to a GFS cluster Note If path failover is configured in the environment, be sure to reference the multipathed mapper device instead of the sd device in the following procedure. For example, reference /dev/mapper/mpathX instead of /dev/sdX. Before configuring the vault, consider the following recommendations: l The minimum partition size is 1TB. l The maximum partition size is 5TB, which is determined by the amount of memory required to check a file system created on the partition.
This file system requires approximately 1.25GB of free memory to run the gfs_fsck command. Note that if the block size was 1K, running the gfs_fsck command would require four times the memory, or 5GB. l All data on a partition that is resized will be lost. Keep in mind that performance and system operations will be slow when vaults are at maximum capacity. To create a vault in a GFS cluster 1. Launch a command prompt on a VTS server in the cluster and log in. 2. Become root: su 3.
b. Enter n to add a new partition. c. Enter p to specify the primary partition. d. Enter 1 to specify the first partition. e. Press ENTER to accept the defaults. f. Enter w to save the configuration. To confirm the configuration, enter the following command: fdisk -l /dev/sdd Here is an example of the output: Disk /dev/sdd: 18.
c. Enter the following commands to stop the GFS service and restart the CLVMD service: service gfs stop service clvmd restart d. Create the logical volume by entering the following command. The -l 100%FREE argument creates a logical volume using the entire volume group. lvcreate -l 100%FREE -n lv1 gfsvg1 e. Enter the following command to confirm the physical volume: pvscan Here is an example of the output: PV /dev/sdd1 VG gfsvg1 lvm2 [17.14 GB / 0 free] Total: 1 [17.14 GB] / in use: 1 [17.
Here is an example of the output: --- Physical volume --PV Name /dev/sdd1 VG Name gfsvg1 PV Size 17.14 GB / not usable 3.37 MB Allocatable yes (but full) PE Size (KByte) 4096 Total PE 4388Free PE Allocated PE 4388 PV UUID tTHBFt-6pqc-ILIY-Uis5-L8Yn-bvBu-SCN3MV 0 h.
--- Logical volume --LV Name /dev/gfsvg1/lv1 VG Name gfsvg1 LV UUID VQUsmh-LI1E-rBIm-3tCe-9o6K-cjlp-ah8e4j LV Write Access read/write LV Status available# open LV Size 17.
6. Enter the following command (for the example above) to create the GFS file system on the assembled pool and partition: gfs_mkfs -t TapeServer:pool3 -p lock_dlm -j 5 /dev/gfsvg1/lv1 where TapeServer is the name of the cluster and pool3 is any name that is unique. In this case, the pool is named after the third pool in the cluster. The -j 5 parameter specifies the number of journals to create (the number of nodes) plus two. The following is displayed: This will destroy any data on /dev/mapper/gfsvg1-lv1.
c. Create the vault directory on each VTS server: mkdir /VAULT13 d. Restart GFS on each VTS server: service gfs restart e. Change the owner of the new partition to the bill user on the VTS server: chown bill.root /VAULT13 chmod 750 /VAULT13 f. To confirm that the partition was successfully mounted and now available, enter the following command: df -H 9. Add GFS storage to the cluster: a. In left-hand column of the web interface, under the cluster name, click Resources. b. Click Add a resource. c.
To remove a cluster configuration 1. Log in to the first VTS server’s operating system and become root: su 2. On the VTS server, enter these commands to start luci and log in: service luci start luci_admin init When prompted, enter a new password. 3. Access the luci web interface by entering this address in the browser: https://hostname.domainname:8084 4. Login to luci. 5. Click the Cluster tab and note of the cluster name. You will need this name later. 6.
Troubleshooting The following topics describe common GFS problems and their solutions. If VTS server fails to join the cluster after reboot If a VTS server fails to join the GFS cluster after it reboots, complete these troubleshooting steps: 1. Check your SAN to make sure the port is enabled. Below is a MSA/Brocade example. Make sure that the port is checked “Enable.
2. Confirm the Fibre Channel port is available and confirm that the Linux operating system sees the LUN defined for the file system by the storage array. This command will list all SCSI devices.
If VTS server fails to fence Fencing is a term used to describe when a server is excluded from the GFS cluster. When a server is not available for updates and cannot vote in the GFS process, it may be fenced off from access to the file system. You must rejoin that server to the cluster. To verify if fencing is occurring, complete these steps: 1. Check the /var/log/messages file on the primary VTS server. You may see this message: “VTS unauthorized to join cluster. Fence failed.” 2.
222 | Virtual TapeServer Configuration Guide
Reinstalling and Restoring VTS B This appendix describes how to reinstall the operating system and VTS system, and it describes how to recover the VTS configuration and data. Finally, it provides an overview of the steps you must take to recover customer data, which is not restored by a system restore image. If you must reformat the vaults, refer to "Reconfiguring Vaults" on page 9 for instructions.
To reinstall a VTS server 1. Power off the VTS server. 2. If the VTS server is connected to a SCSI converter, power off the SCSI converter. 3. If VTS is connected to one or more host servers over SAS, disconnect the SAS cable(s) from the VTS server. 4. If necessary, disconnect any external storage devices that are connected to the VTS server. 5. If reinstalling on a VT5900-K, VT5900-M, VT5900-O, or VT5900-Q, attach an external USB DVD drive to the appliance.
l Virtual tapes, if they were backed up (only the tape names are restored, data on the tapes was not backed up). l Policies, if the pool exists after the system is restored. Keep in mind that policy attributes are reset to those that were configured when the restore image was created, and deleted policies are restored if they were deleted after the restore image was created. Policies created after the system restore image will exist on the system but attributes are lost and the policies are disabled.
6. Select the Set hostname and machine ID from image (override current settings)? checkbox to set the hostname and machine ID according to those specified in the restore image. This overrides the current system settings. 7. If virtual tapes were backed up and included in the system restore image, you can select the Skip restoration of cartridges if vaults are missing? option to omit virtual tapes that should reside in a vault that does not exist on the current system.
Restoring Data Encryption The following provides an overview of the steps you must take if you are restoring Data Encryption as part of a disaster recovery operation. To complete these steps, one of the remote key database backup hosts must be available. Perform these steps after restoring the VTS database on the new server and refer to the online help for full details. 1. If necessary, upload and install the VPD file on the server.
Here is an example of this command's output. In this example, /dev/sdb1 is mounted on DATA01. /dev/sda2 on / type ext3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/sda1 on /boot type ext3 (rw) /dev/sda4 on /VAULT00 type ext3 (rw) tmpfs on /dev/shm type tmpfs (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) 192.168.60.
Recovering customer data If you re-install the VTS server and restore a system image, customer data stored on virtual tapes is not restored. If the data is intact on the storage area network (SAN), you can perform the following steps to re-instate customer data. Note If you have already re-installed the VTS server and restored the system image, you can begin this procedure at step 4. 1. Disconnect the VTS server from the SAN. 2. Reinstall VTS as described in "Reinstalling the VTS server" on page 223. 3.
230 | Virtual TapeServer Configuration Guide
C Attaching External Devices after Initial Deployment You can attach an external tape device, such as a tape drive or robotic library, to VTS after initial deployment. You can then export to physical tapes loaded in the device if migration, stacked export, or tape-to-tape export is enabled. To use an external disk drive for vault and pool storage, see "Adding vaults on external storage devices" on page 15.
/dev/sg3 6 0 0 2 5 /dev/scd2 /dev/sg4 6 0 0 3 5 /dev/scd3 /dev/sg5 6 0 0 4 5 /dev/scd4 /dev/sg6 6 0 0 5 5 /dev/scd5 /dev/sg7 6 0 0 6 5 /dev/scd6 Then, find the nst0 entry (tape drive) attached and then enter this command: sg_inq /dev/sgn where sgn is the number that matches the /dev/nstn device. For the output listed above, you would enter sg_inq /dev/sg0.
TCP/IP Ports and Protocols D This appendix describes the ports and protocols that are used by Virtual TapeServer (VTS). Note Not all ports are used on all VTS servers; port use varies according to the VTS configuration. Port Protocol Comment ICMP Type 8 Used by ping and tracert on Windows, for remote testing and VTS networking. 21 TCP, UDP, FTP This port and other ephemeral ports are used if the client is configured for passive (PASV) mode.
Port Protocol Comment 5432 TCP, UDP Used by the internal (Postgres) database 7295 TCP Used by TMS. 7297 TCP 8080 TCP 8888 TCP 9090 TCP 9999 TCP 11111 TCP Used by ricci service if GFS is installed in your environment. 14567 TCP Used by gndb service if GFS is installed in your environment. 16851 TCP Used by modclusterd service if GFS is installed in your environment. 21064 TCP Used by dim service if GFS is installed in your environment.
l For the stat daemon: STATD_PORT=port_number TCP/IP Ports and Protocols | 235
236 | Virtual TapeServer Configuration Guide
Index A C access control c/ratio column 157 overview 135 cartridgesSee virtual tapes saving and restoring custom defaults 153 certificates, managing 162 access rightsSee rights Change Rate button on System Status page 158 addingSee also creating cleanup_autoerase parameter 130 key database backup host 89 cleanup_enable parameter 130 key server 87 cleanup_interval parameter 131 physical tape drive 231 cleanup_minimum_size_GB parameter 132 vaults cleanup_minimum_size_MB parameter 132 for
data partitions on target replication servers 56 virtual tapes 96 custom defaults, saving and restoring 153 EMS settings 75 D user accounts 80 Data Encryption GFS 208 adding groups 148 backup host 89 licensing 21 key server 87 network settings for role swapping 68 decrypting virtual tapes 108 passwords 146 enabling 86 physical device for stacked export 42, 50 encrypting virtual tapes 104 policy 93 ports 25 remote export settings 72 replication source and targets 57 role swapping 66 Scan/Cl
tools 170 disable_delta_differencing parameter 66 user accounts 80 enabling disabling auto-refresh of Operation page 156 EMS 75 autoloading 93 disaster recovery 229 closed system 140 displaying Data Encryption 86 c/ratio column on Operation page 157 EMS 75 Change Rate button 158 EMS usage alert 82 Delete button 156 file system usage alert 82, 157 Erase button 156 policy 93 free space on System Status page 158 Scan/Cleanup 130 Import/Export button 156 encrypting last written column on O
free_space_status parameter 158 importing data and tapes 120 insertingSee adding G installing an interim release 7 getVTS_dbginfo 169 introduction 1 GFS adding vault to cluster 210 J configuring 208 jobs maintaining 205 policy 93 overview 205 shutting down cluster 207 single server 207 starting 206 K kb/sec column 156 Keep Alive Interval 76 key database backup host adding 89 support 4 troubleshooting 219 groups key generator 87 key servers adding 87 assigning rights 148 default rights 140 L
overview 178 mounting remote 197 automating 75 return codes 194 encryption during 84 Scan/Cleanup 195 failures 176 SecureVTS.
web interface 5 remote logging 197 removingSee also deleting P locks 128 passwords, modifying 146 patching the server 7 physical tape drive, adding 231 physical tapes, importing 120 policy configuring 93 enabling or disabling 93 pools creating 91 definition 2 encrypting 104 encrypting during creation 93 exporting 44, 112 ports renaming vaults 19 rep_destination_hosts parameter 72 rep_destination_tmp parameter 72 rep_source_hosts parameter 73 rep_source_tmp parameter 72 rep_streams parameter 72 replicat
for export 113 rights assigning to groups 148 descriptions 149 web interface 148 role swapping overview 49 Start Refreshing button on System Status page 158 starting GFS 206 status_ChangeRate parameter 158 status_StopStart parameter 158 configuring 66 Stop Refreshing button on System Status page 158 configuring network settings 68 system restore image creating a remote export job 73 creating 161 overview 65 restoring 224 restoring roles 68 system user account, configuring for backup application 5
SCSI converter 174 viewing server module 172 mounts and locks 103 virtual tape operations 176 VTDs (standalone) 37 web interface 174 VTLs 31 typographical conventions ix virtual cartridgesSee virtual tapes U Virtual Media - Mounts and Locks page 103, 127 Unmount button on Operation page 155 virtual tape drivesSee VTDs unmounting virtual tapes 103 virtual tape librariesSee VTLs upgrading and updating virtual tapes Data Encryption considerations 86 creating 96 server 7 decrypting 108 the
unmounting 103 verifying availability to the host server 98 viewing mounts 102 VTDs configuring the CLIM 38 creating 32 definition 2 licensing 21 viewing 37 VTLs creating 27 licensing 21 viewing 31 VTSPolicy erasing, deleting virtual tapes 125 migration 115 syntax for Backup Express 117 for CommVault Galaxy 118 for Legato 116 for NetBackup 117 for TSM 115 W web interface configuring 155 overview 5 preferences 155 troubleshooting 174 Index | 245
246 | Virtual TapeServer Configuration Guide
