HP Integrated Archive Platform Administrator Guide Version 2.
Legal and notice information © Copyright 2004-2008 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
Contents About this guide . . . . . . . . . . . . . . . . . . . . . . . . . Intended audience . . . . . . . . Related documentation . . . . . . Document conventions and symbols HP technical support . . . . . . . Subscription service . . . . . . . Other web sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . Platform Settings . . . . . . . . . . . Domain Configuration . . . . . . Platform Settings . . . . . . . . . Firewall Settings . . . . . . . . . . . SSL Configuration . . . . . . . . . . Available certificate signing requests API port configuration . . . . . . Creating a certificate signing request Deleting a certificate signing request Installing and generating a certificate Installing and generating a certificate Software Version . . . .
Database Replication . . . . . . . . . . . . . . . (Re-)Initializing db2 replication . . . . . . . . . Replication Status . . . . . . . . . . . . . . . . Data Replication Flow . . . . . . . . . . . . . . Cloning . . . . . . . . . . . . . . . . . . . . . . Cloning view features . . . . . . . . . . . . . . Cloning smart cells (copying data) . . . . . . . . . Reprocessing . . . . . . . . . . . . . . . . . . . . Rescheduling all reprocessing schedules . . . . . . . Editing reprocessing schedules . . . . . . . .
11 Audit Log . . . . . . . . . . . . . . . . . . . . . . . . . . . Enabling the Audit Log feature . . . . . . . . Granting user access to the Audit Log repository Monitoring status . . . . . . . . . . . . . Setting Audit Log repository retention periods . 12 Backup system administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Figures 1 PCC user interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2 Performance Graph: Store Rate . . . . . . . . . . . . . . . . . . . . . . . . . . 31 3 Performance Graph: Free Memory . . . . . . . . . . . . . . . . . . . . . . . . 31 4 Domain Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 5 New LDAP connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 6 Create DAS job . . . . . . . . . . . . . . . . . . . . . . .
Tables 1 Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2 Applications for users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3 Applications for administrators . . . . . . . . . . . . . . . . . . . . . . . . . . 15 4 Views for common system administration tasks . . . . . . . . . . . . . . . . . . . 19 5 Views accessible from left menu . . . . . . . . . . . . . . . . . . . . . . . . . . 20 6 Smart cell life cycle states . . . . . . . . . . .
36 Replication Service General Status . . . . . . . . . . . . . . . . . . . . . . . . 63 37 Data Replication Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 38 Link to Cloning view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 39 Cloning view features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 40 Link to Reprocessing view . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 41 Link to Retention view . . . . . . . . . . . . . . . .
About this guide This guide provides information about administering the HP Integrated Archive Platform (IAP). For information on administering HP Email Archiving Software (EAs) for Exchange or Domino, see the respective administration guide included on the documentation CD in those products. Intended audience This guide is intended for HP Integrated Archive Platform administrators. Related documentation HP provides the following related documentation.
Document conventions and symbols Table 1 Document conventions Convention Element Medium blue text: Related documentation Cross-reference links and email addresses Medium blue, underlined text (http://www.hp.
• • • • • • Technical support registration number (if applicable) Product serial numbers Product model names and numbers Applicable error messages Operating system type and revision level Detailed, specific questions For continuous quality improvement, calls may be recorded or monitored. Subscription service HP strongly recommends that customers register online using the Subscriber’s choice web site: http://www.hp.com/go/e-updates.
About this guide
1 IAP overview This chapter describes key concepts involving the HP Integrated Archive Platform. IAP is a fault-tolerant, secure system of hardware and software that archives files and email messages for your organization, and lets you search for archived documents. IAP provides the following main functions: • Automatic, active data archiving (email and specific document types) that helps your organization meet regulatory requirements.
Power off To turn off the IAP, from PCC enter: # /opt/bin/stop # /opt/bin/shutdown Wait a few minutes until the PCC console shutdown is complete before removing power from the IAP systems. Power on To power on the IAP: 1. Make sure the IAP switch(es) are powered up. Once power is restored, the switch(es) should automatically come up. 2. Power on the kickstart server. Wait five minutes. 3. Power on everything else. Order is insignificant, unless there has been a power failure (see below).
2 Introduction to Platform Control Center (PCC) This chapter introduces the Platform Control Center (PCC) administration tool for monitoring and troubleshooting the IAP and user accounts.
Figure 1 PCC user interface User interface orientation tips To orient yourself, pay attention to the different ways a view is characterized. • Link text: A navigation link leading to a view is a general description of the view. Most links to a view are from the left menu. • HTML name: Each PCC view has a descriptive HTML name, which is displayed in the browser.
Views for common tasks Table 4 Views for common system administration tasks Task View Check overall system health and performance “Overview” on page 23 Check smart cell health and performance “Platform Statistics” on page 25 Monitor system status and RAID support “System Status” on page 27 Start, stop, and restart system servers “Platform Control” on page 29 Check the platform configuration “Platform Settings” on page 35 Display firewalled ports enabled in the system “Firewall Settings” on page
Table 5 Views accessible from left menu Left menu item Description “Overview” on page 23 View summary of system health, storage status, smart cell performance by domain, and system alerts and warnings. “Storage Status” on page 26 View summary, by domain, of document storage rates and used/free disk space. “System Status” on page 27 View summary, by server, of system capacity and performance. “Platform Control” on page 29 Start, stop, or restart one or more servers on the system.
Left menu item Description “Email Reporter” on page 79 Configure system monitoring reports to be sent to email recipients. “LogFile Sender” on page 80 Send output and error log file reports, by machine type, to email recipients. Monitoring and reporting PCC monitors the system and reports on its health and activity. PCC provides reports on: • system health • system performance • smart cell states Hosts in the system (and their services) are organized into groups of the same type, called host groups.
Life cycle state Definition Importance BACKING_UP The cell is available for document search and retrieval. If backup is enabled, the cell is backing up all its indexes and new data that has not yet been backed up. maintenance The cell is available for document search and retrieval. maintenance The cell is a target for data restoration from another smart cell. The cell is not available for document storage, search, or retrieval.
3 System Status This chapter discusses the information that is found in the system status views. It includes the following topics: • • • • • • Overview, page 23 Storage Status, page 26 System Status, page 27 Platform Control, page 29 Performance Graph, page 30 API Configuration and Statistics, page 32 Overview The Overview provides a high-level look at system health. It displays the following information: • • • • • • • Critical events that are occurring in a system service or application.
Events features Table 8 Events features Feature Description Event Information describing the event or error, including the service or application name. Machine The name of the server on which the event is occurring. IP The IP address of the server on which the event is occurring. Date The date of the event. Level The status of the event. In Events, the only status shown is critical.
NOTE: If the number of documents shown is –1, the values cannot be read. Platform Statistics The Platform Statistics area provides status, health, and storage information about the IAP smart cells. You can click a tab to view information about smart cells in all domains or smart cells in a particular domain. The Platform Statistics area also shows the IP addresses of free smart cells in the system. Each smart cell’s life cycle state is color-coded. • A green table row indicates a smart cell is ASSIGNED.
Platform Statistics features Table 9 Platform Statistics features Feature Description Platform The platform name, IP address, and document storage rate. Domain The name of the domain. Group Name A smart-cell group identifier generated automatically by IAP. This number is unique across all systems. Smartcell IP The IP address of the smart cell. Smartcell Role A smart cell can be Primary, Secondary, Replica-1, or Replica-2. State The current life cycle state of the smart cell.
Table 10 Storage Status view features Feature Description The number of objects and store rate per domain, and the allocated space on the system for storage and replication. The dark area on the right side of the example storage bar graph below shows the point at which storage space is 90 percent full. Platform Store NOTE: The storage bar graph shows only assigned and allocated smart cells for all active domains. The IAP might have free, unallocated hardware that is not represented in the bar graph.
Table 12 System Status view features Feature Description The icon in front of the host name displays the status of the host machine. • Status A green check icon indicates the server is started and healthy. • A gray icon indicates that JBoss and the IAP applications on the server have stopped. • A yellow icon indicates that JBoss is running, but one or more IAP applications on the server are unhealthy.
Table 13 Link to System Status view Origin Link left menu System Status Platform Control Use the Platform Control view to start, stop, or restart one or more servers on the system. This view is useful to show the start, stop, and pending status of a server. However, you should use it only when necessary — for example, when you are upgrading a host or before a planned power outage. The Platform Control view should be used only by system administrators or HP service representatives.
Starting, stopping, and restarting servers on the system 1. In the Action drop-down list, select the action to perform: • Start: Start a single machine, start all machines, or start all machines in a selected server group. • Stop: Stop a single machine, stop all machines, or stop all machines in a selected server group. • Restart: Stop and immediately start a single machine, or stop and immediately start all machines or all machines in a selected server group.
Figure 2 Performance Graph: Store Rate Example: System Monitoring graph An example of a system monitoring performance graph is shown below. This graph charts the free memory on the database server at hourly intervals over the past 24 hours. Figure 3 Performance Graph: Free Memory Creating performance graphs 1. Click the System Monitoring tab or the Platform Store and Indexing tab for the category of graph that you want to create. 2.
3. Select one of the following options: • Machine Type (System Monitoring graphs): Select the type of machine (for example, PCC Servers or Smart Cell Servers). • Assigned Smartcell/Domain (Platform Store and Indexing graphs): Select Entire Platform, Domain name, or Smart Cell IP address. 4. Select the time frame and reporting interval: • Time Frame: For a preselected time period, click Select Time Frame, and select a time frame from the drop-down list.
API Connections Information about the API connections is displayed in the lower portion of the API Configuration and Statistics view. The API Connections section shows the API portals and clients connected to them. The attributes are described in the following table: API Connections Attribute Value Domain The IAP domain identifier for the domain to which the client is connected. Username The API client user name used to establish the connection.
System Status
4 Configuration This chapter contains the following information: • • • • Platform Settings, page 35 Firewall Settings, page 36 SSL Configuration, page 37 Software Version, page 40 Platform Settings The Platform Settings view is an administrative tool that displays hardware and configuration information about the IAP. This view is divided into two parts: • Information about the services enabled in each domain is in the upper portion of the view.
Figure 4 Domain Configuration Platform Settings The lower portion of the Platform Settings view displays the setup details for the IAP. This information is taken from the BlackBoxConfig.bct file. Firewall Settings The Firewall Settings view shows the firewall status and settings for the PCC server and the IAP HTTP portals, and their virtual IP (VIP) addresses. It includes the following information: Table 20 Firewall ports Feature Description Virtual IP The virtual IP address. Port The port number.
Table 21 Link to Firewall Settings view Origin Link left menu General Configuration > Firewall Settings SSL Configuration SSL, or Secure Socket Layer, is a technology that allows web browsers and web servers to communicate over a secured connection. This means that the data being sent is encrypted by one side, transmitted, then decrypted by the other side before processing. It is a two-way process, meaning that both the server AND the browser encrypt all traffic before sending out data.
1. Complete the form at the bottom of the SSL Configuration view. You can create only two types of CSR files: one for access to the PCC, and one for access to the HTTP portal machines. 2. Click Generate CSR. To install a certificate on the PCC portal, see “Installing a third party certificate on the PCC portal” on page 38. To install a certificate on each HTTP portal, see “Installing a third party certificate on the HTTP portals” on page 39.
1. Create a certificate signing request (CSR) for the PCC: a. Log in to the PCC Web interface and go General Configuration > SSL Configuration. b. Complete the CSR generation form. c. Log out of the PCC Web interface. This generates two files on the PCC: • /opt/keys/pccCert.pem (the certificate request) • /opt/keys/pcckey.pem (the RSA private key) 2. Manually copy the certificate request file to your local machine: scp root@[external ip address of PCC]:/opt/keys/pccCert.pem 3.
5. Import the certificate into the Apache server on each HTTP portal: usr/local/bin/ssl_cert_update.pl -http -cert /opt/keys/httpCertSigned.pem -key /opt/keys/httpkey.pem 6. From the PCC console, restart all services on the HTTP portal by issuing the following command: /opt/bin/restarthttp You can also restart the services using Platform Control in the PCC Web interface. See “Platform Control” on page 29.
5 Account Synchronization Use this view to configure dynamic account synchronization (DAS), which automatically creates and updates email user accounts on the IAP, and imports groups and group memberships. You can define multiple configurations that track sets of users from one or more LDAP servers for specific IAP domains. This chapter contains a DAS example for EAs for Exchange. EAs for Domino administrators will find information on DAS in their EAs for Domino Administrator Guide.
2. Complete the form to create an LDAP service connection by entering the following information: Figure 5 New LDAP connection • Connection Name: Name used to identify the LDAP connection. • Hostname: IP address of the LDAP server. • Binder user: User in the LDAP directory tree that you want to bind to. At a minimum, the user must have read access to all users objects. For example: cn=Administrator,cn=Users,dc=hostname,dc=com. • Binder pswd: Password of the Binder user.
4. Click Next Step. Figure 7 Mapping information 5. Complete the form by entering the following: • LDAP Domain name: Domain to which the users belong. For example: ldaptest.com. • LDAP Starting Point: Root node where the user accounts are stored. Example: For Exchange, enter cn=Users,dc=ldaptest,dc=com for node Users in domain ldaptest.com. The value must specify the relative location in the LDAP tree, including parent nodes and domain name.
Figure 8 Advanced options 1. Complete the advanced options form by entering the following information: • Group Name: Not used at this time. • USNChanged: Active Directory’s unique sequence number (USN). Active Directory increments the USN for each change in any of its user accounts. When DAS finds a larger USN, it extracts new information. For initial setup, set USNChanged to 1 so DAS extracts all users. Thereafter, do not change this value. • Delete USNChanged: USN in deleted users directory.
1. Click Assign Job. Figure 9 Assign a job to a portal 2. Complete the form by entering the following information: • DAS server IP: IP of the DAS HTTP portal where DAS runs the configuration. • Configuration Enabled: Select Yes to enable. If not enabled, the job cannot be scheduled or started with this console. • Configuration running state: Do not change. • Period: Number of minutes between job runs. Enter 0 to run the job once. • DAS server running state: Do not change. 3. Click Save.
Managing available HTTP portals To start, stop, or restart the HTTP portals from the Account Synchronization view: 1. In the DAS Available Jobs area, click the name of the job. 2. Click Assign HTTP Server or Unassign HTTP for a particular server. Editing or deleting available LDAP connections To edit or delete an LDAP connection: 1. In the LDAP Server Connectors area, click the name of the connection you want to edit or delete. 2. To edit the connection, click Edit, complete the form, and click Save. 3.
6 Account Manager (AM) Use the Account Manager (AM) view to provision and update user accounts. This chapter contains the following topics: • • • • AM overview, page 47 Managing user accounts, page 49 Managing groups, page 54 Managing repositories, page 54 Table 27 Link to Account Manager view Origin Link left menu User Management > Account Manager Account Manager overview Use Account Manager (AM) to view and update user accounts and repositories for unusual circumstances on the IAP.
Figure 10 Account Manager view The total number of users and groups for the domain(s) is shown in the upper right corner of the view.
Account Manager view features Table 28 Account Manager view features Feature Description Search button Use the search feature to find users, groups, or repositories. The search function uses the “Like” SQL database capability. For example, in the User panel, you could enter jack to match users jackdoe or jacksmith. Entering %doe would match users jackdoe, janedoe, or maryjanedoe. Entering %ja% would match users jadams, jackdoe, janedoe, jacksmith, or maryjanedoe. Searches are not case sensitive.
Editing user information To edit user information: 1. Click the User radio button, then click the user name that you want to edit. See “Account Manager view features” on page 49 for information on searching for a user. 2. In the Integrated Archive Platform Account and LDAP Information form that appears, clear the check box labeled Deactivate this check box and then edit the user entries. Figure 11 Editing user account information 3. Edit the relevant user entries. 4. Click the Save Now! button.
Feature Description Username (Required.) The system login name for the selected user. Usernames must be unique, but they can be the same except for their domains. For example, johnkdoe@company.com could be an Active Directory user imported into the system through dynamic synchronization (DAS); at the same time, user johnkdoe could be created as a local user in the IAP. Local Password The password in the IAP for a selected user.
Feature Description All Repositories All repositories to which a user has access — either through direct access or through group membership. Proxies Displays the email addresses that will route to the user’s primary repository. Check boxes Active/Disabled Select or clear this check box to enable or disable the user account on the IAP. IAP Admin Select this check box to grant the user administrative privileges on the PCC. It’s best to create a new, local account for the administrator.
Granting “Delete Administration” privilege All IAP Admin users, with the exception of “root” users, can grant or revoke Delete Administration privilege. Only a remote user (a user existing in the Active Directory and imported by DAS) can be granted Delete Administration privilege. To grant a user with this privilege: 1. 2. 3. 4. 5. Log in to PCC as root. Open the PCC Account Management page and grant “IAP Admin” privilege to a user.
Current Limitations Current limitations of Administrative Delete: • In IAP 2.0, Administrative Delete only deletes emails; it doesn’t delete documents that were stored with the ObjectStoreAPI (BIBO) or the HP File Migration Agent (FMA), or delete the audit trail. • If email has been backed up with the IAP backup feature, the email can be deleted from RISS using Administrative Delete; however, the email and any related information on the tape will not be deleted.
2. In the form that appears, clear the check box labeled Deactivate this check box and then edit the user entries. Figure 12 Editing repository information 3. Edit the relevant entries. 4. Click the Save Now! button.
Repository information Table 30 Repository information Feature Description Name (Required.) The name of the selected repository. Domain The IAP domain to which the selected repository belongs. Select the domain from the drop-down list; the selection limits the scope of the Search and A-to-Z filter buttons. Retention The amount of time that messages and documents are retained in the repository. The time period is shown in days. For example, 2556 days is 7 years.
7 Other user management features This chapter explains how to use the Manual Account Loader and Error Recovery user management features. The chapter contains the following topics: • Manual Account Loader, page 57 • Account Error Recovery, page 58 Manual Account Loader Manual Account Loader (MAL) is a batch tool used to load users into the IAP when the Exchange or mail server is not using LDAP. If the Exchange server is using LDAP, use dynamic account synchronization (DAS) instead.
6. To verify the results, open the Account Manager. Error Recovery The Account Error Recovery view displays account synchronization activities that have not been performed successfully.
Repairing synchronization errors To repair synchronization activity errors, identify the activities that you want to reattempt or delete. Click an entry to display more information about an activity, including its Java User Management Services (UMS) database entry (only shown if a UMS database entry matches the activity). You will need to decide the order in which to reattempt or delete the activities. To repair or delete synchronization errors: 1.
Other user management features
8 Data management This chapter discusses the following topics: • • • • • • • Replication, page 61 Cloning, page 63 Reprocessing, page 65 Retention, page 67 Database and data backup, page 70 Duplicate Manager, page 72 Folder Support, page 74 Replication NOTE: This view is available only if a replicated system is configured. Use the Replication view to monitor and to start or stop replication for a domain on a remote system. Replication status is updated after each polling cycle.
Database Replication IMPORTANT: When installing a replica IAP, finish db2 replication before starting JBoss on all other servers. If you do not some IAP applications will not be able to access db2 because db2 tables are locked by the db2 replication process. The top part of the Replication view describes the database replication. Table 35 Database Replication features Feature Description Local Server/Source Server The replication and primary systems if you are logged into the replicated system.
Replication Status The middle part of the Replication view displays the status of the replication. Table 36 Replication Service General Status Feature Description Domain The domain name and group ID of the domain being replicated. State Shows whether or not replication is in progress. File Batch Count The number of batches being replicated. Update Time The time of the last replication update. Next Retry Time The date and time of the next replication update.
Cloning a smart cell copies all its information to another smart cell that is in the FREE state to give the smart cell a new, viable mirror. Cloning operations can take a long time (as much as a day), depending on the amount of information cloned. To place a source smart cell in the free pool, contact HP support. When you access the Cloning view, PCC searches for ongoing cloning operations and loads the current data.
Cloning smart cells (copying data) To clone a smart cell: 1. Perform one of the following actions: • Select the smart cell from the Source field. • If the option is present, click Change Source to select a different smart cell for cloning. When the selection box appears, select the smart cell you want from the drop-down list, and click Select. 2. Click Clone Cell. This button is unavailable if there are no smart cells to clone. When cloning is successful a pop-up panel appears on the PCC. 3.
Editing reprocessing schedules To edit a domain’s reprocessing schedule: 1. In the Reprocessing view, click the edit link next to the domain you want to edit. Figure 13 Editing reprocessing schedules 2. Complete the form to set the status and schedule. 3. Click Save Schedule. 4. To ensure the schedule is enabled, verify that the corresponding Reprocessing Status check box is selected. If selected, the text Enabled appears next to the check box.
Figure 15 Reprocessing utility 1. Enter the following information in the text boxes: • The user email address • The user repository ID Users can only be reprocessed if their email address and repository are in the IAP. If so, they are listed in the Account Manager. 2. In the Domain Name drop-down list, select the domain in which the user repository resides. 3. Specify a date range, and click Add in Reprocessing Queue. The job is sent to the queue, and the reprocessing takes place 24 hours later.
Searching for and editing a repository retention period Changes to user repository retention periods are handled by the Account Manager. You can change the retention period in the Account Manager, or you can edit the same form from the Retention view. To search for a specific repository and change its retention period in the Retention view: 1. Enter all or part of the user name in the Edit User Repositories box and click Search. The search function uses the “Like” SQL database capability.
6. Click Save Now!. NOTE: You can view user repositories on replica domains, but you cannot edit them. Retention periods and other fields cannot be edited and action buttons are unavailable when you select a domain that is a replica of another domain. Editing domain retention periods To view or edit a domain’s retention period: 1. In the Retention view, click Edit next to the domain you want to view or edit. 2.
Viewing retention history logs The Statistics and Logs area at the bottom of the Retention view shows the last data optimization runs for each configured domain. The log includes each domain group, when a domain was reprocessed last, and file activity. Setting the retention basis Documents can be retained based on either send date or archive date. The send date for an email represents the date when the email was sent by the email client.
kickstart machine (/install/db2backups). Database files are backed up once a day, and the local backups are kept for two days before they are deleted. • Master configuration files: There are three master configuration files: BlackBoxConfig.jcml, Domain.jcml, and the UserKeyStore file in the /install/configs/primary directory on the kickstart server.
the converter is run, the master configuration file is copied to the PCC server, and renamed to YYYY-MM-DD-hh.mm.ss_FileName. It is also backed up to tape, if application backup is enabled. To restore this directory from the tape backup, run the following command on the PCC server: /usr/local/tsmBackup/rotateMasterConfigBackup –restore Duplicate Manager The Duplicate Manager view allows the administrator to schedule duplicate merge jobs and view the status of duplicate merge jobs.
Duplicate Manager job schedules The Duplicate Manager Schedule shown on the top portion of the Duplicate Manager view shows each domain, domain portal IP address, days of the week that a duplicate merge job is scheduled, time for which it is scheduled, and whether the job status is enabled. Scheduling a job To schedule a duplicate merge job: 1. In the Duplicate Manager Schedule by Domain section, click the edit link next to the domain for which you want to schedule a job. 2.
The Duplicate Manager History Logs provides the following job history information.
9 Reporting This chapter includes information about the following topics: • • • • Event Viewer, page 75 SNMP Management, page 76 Email Reporter, page 79 LogFile Sender, page 80 Event Viewer The Event Viewer shows the critical and recovery events that have occurred in system services or applications. You can also use the Event Viewer to search for events by type. The following information is displayed in the Event Viewer.
2. In the Search Criteria text box, enter the criteria for the search. You must enter criteria for all searches except Show All Alerts. The search function uses the “Like” SQL database capability. For example, you could enter sc to match host names sc-s1-172-1.company.com or sc-s2-204-1.company.com. Entering %204% would match hosts sc-s2-204-1.company.com, or ms-s0-204-1.company.com. Searches are not case sensitive. 3. Click Submit.
NOTE: Always enter the IP address of the server; do not enter the hostname. Use of a server can be enabled or disabled by clicking the radio button in front of the server entry, then clicking Toggle Enabled/Disabled. A server can be deleted from the list by clicking the radio button in front of the server entry, then clicking Delete Server. NOTE: If you do not have a monitoring management server, you can receive SNMP event notifications via email. See “Receiving SNMP events by email” on page 78.
2. Select the traps to be activated, and click Set Traps. The following traps can be activated: • smartcell_dead: A smart cell has failed. This trap is generated when a smartcell in the IAP goes in the dead state. • reprocessing_trap: Reprocessing has failed. This trap is generated when the reprocessing service encounters a problem during execution. • retention_trap: Retention has failed. This trap is generated when the retention service encounters a problem during execution.
Setting SNMP Community An SNMP community string is a text string that acts as a password. It is used to authenticate messages that are sent between the management station (the SNMP manager) and the device (the SNMP agent). The community string is included in every packet that is transmitted between the SNMP manager and the SNMP agent. Email Reporter Use the Email Reporter to configure summary monitoring reports that are sent periodically to your chosen email recipients.
Creating and scheduling email reports 1. Select one of the following: • Default Selection to send all information listed in Features. NOTE: Always use the Default Selection when you are sending emails to HP technical support. • Custom Selection to pick specific information to send. 2. Enter one or more email addresses in the Recipient text box. When entering several email addresses in the box, separate them with a comma or semicolon. For example: recipient1@mycompany.com,recipient2@mycompany.com. 3.
10 External access The PCC left menu contains an Archive Gateway Management section. The Archive Gateway Management section has a link to an overview of the Archive Gateway status for each EAs for Exchange domain, and a link for VNC access to the Archive Gateway. Archive Gateway Management For information on the Overview Archive Gateway view, see “Overview Archive Gateway” on page 81.
Table 52 Overview Archive Gateway view features Feature Description Header The header shows the name of the archive gateway (for example, EM-S0-110-1), and the version of the Email Archiving software (for example, 1.05.0000). Statistics Collected The date and time that the statistics were collected (for example, 5/11/2006 2:10:17 PM). Sections Each section in the overview describes a major area inside the archive gateway, together with an overall health status for that area.
Table 54 Configured Tasks features Feature Description Task Name The name of the task. The following status types can be displayed: Status The task is enabled. • • The task is disabled. The Task Information summary displays the yellow icon if all configured tasks are disabled. Otherwise, the summary displays the green icon. Task Type The type of task, for example Selective Archiving or Journal Mining.
Feature Description Message Statistics • Processed: The number of messages that have been processed. Note that processed means different things depending on the context in which it is displayed. • Submitted: The number of messages that were submitted to the IAP for archiving. • Tombstoned: The number of messages that were replaced with “stubs” on the Exchange server. • Ignored: The number of messages that were ignored.
See “Journal Mining” on page 83 for information on these areas. Troubleshooting If a "DiskSpaceBuffer Threshold has been reached" error is reported during Selective Archiving and folder capture is enabled, the IAP is attempting to update folder information on messages that are in a smart cell that has run out of disk space. Messages impacted by the error cannot be processed by the HP EAs Exchange software. An example of a folder update is a user moving archived messages from one Outlook folder to another.
External access
11 Audit Log The Audit Log feature provides a surveillance system log for companies that are required to prove they are adhering to surveillance processes. This chapter describes how to enable the Audit Log feature, set retention periods, monitor status, and grant user access to the repository. For information on performing Audit Log repository queries, see the Audit Log section in the HP IAP User Guide.
8. Select the check box for the Audit Log repository, for example .userauditlog.repository. NOTE: The user’s personal repository must be in the same domain as the Audit Log repository. 9. Click Add The repository is added to the user’s direct repositories. 10. Click the Save Now! button. Monitoring status Use the PCC Platform Settings view (General Configuration > Platform Settings) to check whether the Audit Log feature (AuditLog Service) is enabled for a specific domain.
Figure 21 Accessing Audit Log repository To change the retention period: 1. Click the entry for the domain’s userauditlog repository. The retention period form appears. 2. Select the retention period from the drop-down list, and click Save Retention.
Audit Log
12 Backup system administration The optional IAP backup system is the final line of defense in the integrated IAP data-protection strategy. The IAP backup system uses Tivoli Storage Manager (TSM) to create backups of IAP data. This chapter describes the processes involved in accessing the IAP backup server, configuring TSM, and managing smart cells, and contains detailed procedures for maintaining and labeling backup files and media.
• Use a remote console program like VNC. (Use the PCC’s IP address.) • Use the command line shell from the Tivoli administrative console program (dsmadmc, with admin as the user name and admin as the password). The availability of these options depends on the access mode that is configured for your IAP. Discuss this with your HP service representative. Smart cell data backups After a IAP storage domain has been configured for backup, each smart cell group in that domain performs a backup every hour.
are first stored after they are backed up or archived. A copy group is used to define how many versions of a file are kept and how long client data is retained. The figure below shows how these categories are related. Figure 22 Policy domain structure How IAP configures TSM IAP’s implementation of TSM backup uses only a primary storage pool. No copy storage pools are created. All volumes in the primary storage pool must remain in the library at all times.
• A database volume of 1000 MB is allocated on the backup server, if one does not already exist under C:\WINNT\SYSTEM32\DB.2. 2. Initializing the library, storage paths, drives, device classes, and labeling of all of the media. The following steps represent an example configuration and can vary from system to system. • Libraries are defined. The name for the libraries is taken from the master configuration file (bct) and the string “LIB” is added as a prefix (for example, LIB.TAPE).
3. Select the library to which you want to add the media. (In the example, the library is LIB.TAPE.) A properties page appears, as shown in the figure below. Figure 23 Library properties NOTE: In the example, barcodes are available and used as labels. 4. Click the Volumes link to see a list of volumes that are assigned to that library. 5. In the Select Action list, select Add Volumes. 6. Select Not all of the volumes are labeled, and then click Next. 7.
8. Depending on whether or not your library has a barcode reader, select the appropriate option. (See the figure below.) Figure 24 Label and check in volumes In the example, the labels for the new media are specified manually. Also select the check box to overwrite any existing labels. 9. Verify that the volume status is Scratch, and then click Next. 10. Select the default of 60 minutes for mount requests, and then click Next. A search begins for new volumes in the library.
Figure 25 Server process list Adding and labeling new media (command line) The Add Volumes wizard mentioned in “Adding and labeling new media (Web interface)” on page 94 gathers information to build the necessary Tivoli command. The command can be issued on the command line manually (for example, if the Web interface is not available). The following command (which includes no line break) is equivalent to the procedure that was described in the previous section: LABEL libvol LIB.
checkin=SCRATCH More information about this topic is available at the Tivoli Online Information Center: http://publib.boulder.ibm.com/infocenter/tivihelp/v1r1/index.jsp?topic=/com.ibm.itsmcw.doc/ anrwgd55242.htm Restoring a smart cell To restore data on a failed smart cell, you need at least one free smart cell. If only one smart cell in a group failed, then clone a smart cell instead. See “Cloning” on page 63 for more information about cloning.
2. Locate the primary controller: a. Click one of the links in the MetaServer table. The Agent view appears. b. From the MBean list, click ProvisionerMBean. The MBean view appears. c. Verify that the ProvisionerMasterBackupStatus attribute is set to Master Provisioner. If the attribute is set to Backup Provisioner, return to the View Cell Space view, click the link to the other meta server, and repeat the previous steps. Figure 26 Provisioner status 3.
5. Verify that the restore process is running correctly or has completed: The smart cell should restore its data and indexes and then restart itself to open in the correct state. (It does not reboot.) During the restore, restore appears next to the cell state on the View Cell Space page. Afterward, assigned should appear next to both the primary and secondary cell. If the restore has failed, the BackupSystem MBean on that restore target will be listed as failed on the Overview page of the PCC. a.
2. Back up the volume history file: tsm: INTERNAL>backup volhistory 3. Back up the device configuration: tsm: INTERNAL>backup devconfig 4. Copy the following files off of the backup server: volhist.out, devcnfg.out, dsmserv,opt, dsmserv.dsk. These files are located under C:\Program Files\Tivoli\tsm\server1. Back up these files by copying them onto a USB key or scp them to the kickstart server. Recovering the backup server To restore the TSM database, contact HP support.
Backup system administration
Index Symbols IAP, definition, 15 A Account Error Recovery view, 58 Account Manager, 47 See also AM Account Manager Service, 24 account synchronization See DAS Account Synchronization view, 41 accounts, user, 49 administrative privileges, IAP, 52 AM, 47 See also Account Manager about AM, 47 Account Manager window, 47 adding repositories, 54 adding users, 49 definition, 47 group panel, 54 user accounts, 49 API Configuration and Statistics view, 32 Archive Gateway management logging in, 81 Archive Gateway
F failed indexed repository, 24 firewall settings, 36 FREE smart cell state, 22 H health checking system, 23 machine, 27 smart cell, 25 help, obtaining, 12 host groups definition, 21 types, 27, 29 host machines starting, stopping, or restarting, 29 status, 21, 27, 29 HP storage web site, 13 Subscriber’s choice web site, 13 technical support, 12 HP OpenView, 76 HTTP servers, starting, stopping, or restarting, 29 I IAP applications, 15 IAP administrator, 52 IAP Authorization User, 52, 61, 63 index rate,
PCC Cloning view, 63 about, 17 accessing, 17 Account Error Recovery view, 58 Account Manager view, 47 Account Synchronization view, 41 API Configuration and Statistics view, 32 Archive Gateway Management view, 81 Archive Gateway overview, 81 common administration tasks, 19 Database and data backup view, 70 description, 15 detailed email reports, 79 Email Reporter, 79 Event Viewer, 75 health, checking system, 23 left menu, 17, 19 log in, 17 Logfile Sender, 80 Manual Account Loader view, 57 monitoring tools,
SMTP Servers, starting, stopping, or restarting, 29 SNMP Management view, 76 SNMP traps notifications, 76, 78 selecting, 77 setting SNMP server, 76 Software Version view, 40 software versions, 26, 40 SSL Configuration view, 37 states definition, 21 types of, 21 stopping servers, 29 storage rate, 24, 26, 30 Storage Status view, 26 Subscriber’s choice, HP, 13 SUSPENDED smart cell state, 22 symbols in text, 12 SYNC_WAIT smart cell state, 22 synchronization, 41 synchronization errors, 24 repairing, 58 System St