Windows Backup Query
Hi TSM Server v5.4.0 Windows TSM Clients - various Having a strange problem here. Every few days, the backups on the TSM server run a lot longer than usual (often 30 backups overrun), but looking at the stats afterwards, backup no more data than usual. Have looked at a typical client and on a backup that normally takes max 2 hrs, inspecting c450,000 files. it has been running for 9 hrs - have got the schedlog open and i see this: 03/28/2008 00:16:33 Successful incremental backup of '\\nodename\d$' 03/28/2008 04:32:24 ANS1898I * Processed 4,000 files * 03/28/2008 04:32:25 ANS1898I * Processed 5,000 files * 03/28/2008 04:32:26 ANS1898I * Processed 5,500 files * So it finished the 'D' drive at 00:16, but more than 4 hours later the usual ANS1898I messages for the 'E' drive appear. These usually appear shortly after the 'D' drive message. Typically: 03/24/2008 00:29:07 Successful incremental backup of '\\nodename\d$' 03/24/2008 00:40:59 ANS1898I * Processed 4,000 files * 03/24/2008 00:41:00 ANS1898I * Processed 5,000 files * 03/24/2008 00:41:02 ANS1898I * Processed 6,500 files * So where is the delay likely to be, should i be looking close at the network, the TSM server or the client where the backup is running? I am seeing some of these messages in the windows event logs ANR0918E Inventory Query Backup for node nodename terminated - lock conflict. And occasionally these (but not last night) TSM Server Diagnostic: ANRD: pkshmem.c(669): Error detected while freeing memory; free was called from csevent.c(2254). Have searched the web for similar, but not a great deal of information available. Thanks Jeff Woolworths plc Registered Office: 242 Marylebone Road, London NW1 6JL Registered in England, Number 104206 This e-mail is only intended for the person(s) to whom it is addressed and may contain confidential information. Unless stated to the contrary, any opinions or comments are personal to the writer and do not represent the official view of the company. If you have received this e-mail in error, please notify us immediately by reply e-mail and then delete this message from your system Please do not copy it or use it for any purposes, or disclose its contents to any other person. Thank you for your co-operation. Email scanned for viruses and unwanted content by emailsystems Information regarding this service can be found at www.emailsystems.com
Tape Library Emulation Software
Hello, We need to Tape Library Emulation software to use TSM 5.x Server for test and education purposes. We should do checkin/out libvol and move drmedia commands with this virtual library software by using server's disks. Is anyone know a free or evaulation software on windows? Alper Dilektasli Dikkat: Bu elektronik posta mesaji kisisel ve ozeldir. Eger size gonderilmediyse lutfen gondericiyi bilgilendirip mesaji siliniz.Firmamiza gelen ve giden mesajlar virus taramasindan gecirilmekte, guvenlik nedeni ile kontrol edilerek saklanmaktadir.Mesajdaki gorusler gondericiye ait olup HAVELSAN A.S. resmi gorusu olmak zorunda degildir. Attention: This e-mail message is private and privileged.If you are not the recipient for whom this e-mail message is intended, please notify the sender immediately and delete this e-mail message from your system.All sent and received e-mail messages go through a virus scan in our company, and because of security reasons, they are stored after being controlled.Any opinions presented in this e-mail message are solely those of the author and do not necessarily represent HAVELSAN A.S.`s formal and authorized views.
DSMJ and Authorized User
Hello the list, I'm trying to configure dsmj to be used by an authorized user. Apparently the BA Manuel lakes of information about this. Has one manage to make it work properly and how ? I've figured that applying setuid on dsmagent allows dsmj to authenticate via password generate. But it's only half the way.. Indeed I don't manage to see other user's file in the restore or retrieve panels - I see neverthless all the directories. Regards, Marc REYNES
Re: DSMJ and Authorized User
In making TSM modules Setuid, you are rendering your TSM configuration unsupported, and risking security problems in messing with the product architecture. Your posting doesn't say what your environment is or exactly what it is you are trying to accomplish. If Unix, the sudo command is available to empower users in limited ways; and the dsmc Set Access command is the way in TSM to give access to files beyond those owned by the invoker. Richard Sims
AIX/Linux Lpar, Vio Server and Lanfree
Hello, We want to create several partitions controller by AIX/Linux Vio Server. I am interesting in run lanfree backups and I am looking info about that. Questions: If I want to run lan free backup over a Lpar controlled by Vio Server, need I to define a dedicated HBA for this LPar ? Can I share a Hba for two Lpars and run lanfree, is it supported ? Could anybody tell me where can I find docs about AIX/Linux/Lpar/Vio and TSM lanfree ? Regards, Fran __ Enviado desde Correo Yahoo! Disfruta de una bandeja de entrada más inteligente. http://es.docs.yahoo.com/mail/overview/index.html
Re: DSMJ and Authorized User
Thanks Richard for your reply - it's true my first post was incomplete. Here's what i'm trying to achieve : having a tsm ba client installation with no root-involved process on a linux x86_64 install my setup is : -r-s--- authorized_user authorized_user [...] dsmc -rwx-- authorized_user authorized_user [...] dsmtca changing permissions on dsmtca is OK in this case as it is not used to log in authorized user. dsm.sys set password generate and an adhoc passworddir. This configuration is (I hope) supported as it is described in the BA client manual. My backup are run with dsmc schedule launched as authorized_user - everything works fine. ACL are set for authorized_user having read permissions on everything we have to backup. I want restore operation to be done with dsmj. Here is where my problems begin.. A. The Authentification part Apparently there's no more documented way to set dsmj for authorized user. Setting setuid on dsmj doesn't work (splash screen stops at 90%). We find the following messages in the dsmerror.log : Unable to locate valid trusted communication agent. tcpPath is /opt/tivoli/tsm/client/ba/bin/./dsmtca. rc is 138 ANS1501E Trusted agent executino/owner permissions are invalid I figured out that setting setuid on dsmagent solve this problem - thus we have this final configuration : -r-s--- authorized_user authorized_user [...] dsmc -rwx-- authorized_user authorized_user [...] dsmtca -r-s-- authorized_user authorized_user [...] dsmagent -r-x-- authorized_user authorized_user [...] dsmj B. The Restore/Retrieve part once we have managed to launch the dsmj, we want now to restore backup data with our authorized user. Again, we observe that dsmj doesn't support the authorized user configuration. In the restore window, dsmj shows us all directory stored but it hides the files our authorized user doesn't owned. We meet the same problem in the restore window for archived data. Thus my question are : 1. Has one manage to set dsmj properly for use by a non authorized user ? 2. In general, do you consider that this kind of configuration is suitable for backup needs ? Isn't it a good idea to go back to my customers and prove them running tsm without accepting root daemon (dsmc schedule) and granting root access (via sudo indeed) to operators is silly, risky and on a maintainability point of view a hell (ACLs set everywhere, risk of unsupported configuration, upgrade difficulties, mess in the product architecture, etc..). In this case, what is your approach and your arguments to convince your customers. Thanks for your reply and any ideas on my case :o) Regards, Marc REYNES Richard Sims a écrit : In making TSM modules Setuid, you are rendering your TSM configuration unsupported, and risking security problems in messing with the product architecture. Your posting doesn't say what your environment is or exactly what it is you are trying to accomplish. If Unix, the sudo command is available to empower users in limited ways; and the dsmc Set Access command is the way in TSM to give access to files beyond those owned by the invoker. Richard Sims
Re: DSMJ and Authorized User
What about using sudo? The authorized users could have access only to the dsm executables ( and they would run as user root ). Root can see all the files. We do that here with either the gui or command line. Bill Evans Research Computing Support FRED HUTCHINSON CANCER RESEARCH CENTER -Original Message- From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] On Behalf Of Marc REYNES Sent: Friday, March 28, 2008 8:16 AM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] DSMJ and Authorized User Thanks Richard for your reply - it's true my first post was incomplete. Here's what i'm trying to achieve : having a tsm ba client installation with no root-involved process on a linux x86_64 install my setup is : -r-s--- authorized_user authorized_user [...] dsmc -rwx-- authorized_user authorized_user [...] dsmtca changing permissions on dsmtca is OK in this case as it is not used to log in authorized user. dsm.sys set password generate and an adhoc passworddir. This configuration is (I hope) supported as it is described in the BA client manual. My backup are run with dsmc schedule launched as authorized_user - everything works fine. ACL are set for authorized_user having read permissions on everything we have to backup. I want restore operation to be done with dsmj. Here is where my problems begin.. A. The Authentification part Apparently there's no more documented way to set dsmj for authorized user. Setting setuid on dsmj doesn't work (splash screen stops at 90%). We find the following messages in the dsmerror.log : Unable to locate valid trusted communication agent. tcpPath is /opt/tivoli/tsm/client/ba/bin/./dsmtca. rc is 138 ANS1501E Trusted agent executino/owner permissions are invalid I figured out that setting setuid on dsmagent solve this problem - thus we have this final configuration : -r-s--- authorized_user authorized_user [...] dsmc -rwx-- authorized_user authorized_user [...] dsmtca -r-s-- authorized_user authorized_user [...] dsmagent -r-x-- authorized_user authorized_user [...] dsmj B. The Restore/Retrieve part once we have managed to launch the dsmj, we want now to restore backup data with our authorized user. Again, we observe that dsmj doesn't support the authorized user configuration. In the restore window, dsmj shows us all directory stored but it hides the files our authorized user doesn't owned. We meet the same problem in the restore window for archived data. Thus my question are : 1. Has one manage to set dsmj properly for use by a non authorized user ? 2. In general, do you consider that this kind of configuration is suitable for backup needs ? Isn't it a good idea to go back to my customers and prove them running tsm without accepting root daemon (dsmc schedule) and granting root access (via sudo indeed) to operators is silly, risky and on a maintainability point of view a hell (ACLs set everywhere, risk of unsupported configuration, upgrade difficulties, mess in the product architecture, etc..). In this case, what is your approach and your arguments to convince your customers. Thanks for your reply and any ideas on my case :o) Regards, Marc REYNES Richard Sims a écrit : In making TSM modules Setuid, you are rendering your TSM configuration unsupported, and risking security problems in messing with the product architecture. Your posting doesn't say what your environment is or exactly what it is you are trying to accomplish. If Unix, the sudo command is available to empower users in limited ways; and the dsmc Set Access command is the way in TSM to give access to files beyond those owned by the invoker. Richard Sims
Re: DSMJ and Authorized User
Marc - Thanks for the details on the objectives. Before expending effort on making dsmj accomplish all that you want, is the overall approach really viable? In the client manual, review the table of Root and authorized user tasks, particularly for the Restore task. The show-stopper for the use of the Authorized User approach would be the inability to restore the files to their original ownership - if that user can indeed write to that location. Carefully consider all the ramifications. In your rigged execution of dsmj, you may not be seeing into directories because of basic ownership issues. In a standard TSM set- up, with a backup performed by root, an ordinary user likewise cannot see into TSM-stored directories because of ownership/permissions issues. If the Authorized User had performed the backup of the objects under the directory, then I should think the AU should be able to see them via dsmj - but likely not if the backup had been done by root. As Andy advises, try the command line client as a comparator: do a thorough 'dsmc query backup' on the area, and see if contents are revealed in that. Note that where a GUI like dsmj is not tenable, the compromise approach of 'dsmc -pick' may be acceptable. In your objections to sudo, you talk of ACLs set everywhere. Sudo does not necessarily grant root access: with -u invocation, it operates as a single non-root user, as can be used in restoring just their files. Personally, I would approach this by having root-run TSM scheduled backups, and use sudo -u for individual user restores, which keeps the operator away from dangerous root stuff. Others will likely have good suggestions based upon their experiences. Richard Sims
Celerra tape device names for NDMP
I'm setting up NDMP backups for a Celerra; the TSM server to which it will be backed up is the library controller, and the library is an EMC VTL, emulating an IBM 3584. I've presented four tape drives to the Celerra from the VTL - one HBA on the Celerra is zoned to two HBA's on the VTL, and two drives are presented down each path. In order to correctly set up the paths on the TSM server, I need to know which device name on the Celerra corresponds to which drive in the VTL. The device names on the Celerra look like this: c128t0l0 c128t0l1 c144t0l0 c144t0l1 Now, I know that the last two characters refer to the LUN numbers, and since I know which drives are presented with which LUN numbers, this gives me a 50-50 chance of getting it right if I just guess. The c### part seems to be a chain or scsi controller number. Interestingly, all of the chain numbers I've seen from the Celerra were divisible by 16. Does anyone know how to find a connection between the chain numbers in the Celerra and the port ID's or WWN's on the VTL? Or am I reduced to making a guess, and if it doesn't work, trying it the other way around? If it helps, here are the WWN's and port ID's (in hex and decimal) and adapter numbers over which the drives are presented from the VTL: 21-03-00-0d-77-fe-61-08 61.18.13 97.24.19 Adapter 1 21-03-00-0d-77-be-61-08 61.14.13 97.20.19 Adapter 3 Any help is appreciated! Robben Leaf U.S. BANCORP made the following annotations - Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation. -
Re: ***SPAM*** [ADSM-L] AIX/Linux Lpar, Vio Server and Lanfree
Francisco Molero wrote: Hello, We want to create several partitions controller by AIX/Linux Vio Server. I am interesting in run lanfree backups and I am looking info about that. Questions: If I want to run lan free backup over a Lpar controlled by Vio Server, need I to define a dedicated HBA for this LPar ? Can I share a Hba for two Lpars and run lanfree, is it supported ? as far as I know, not. VIO servers can only emulate/share disks, not tapedevices. so you'll need dedicated HBAs for the LPARs that require tape access. Could anybody tell me where can I find docs about AIX/Linux/Lpar/Vio and TSM lanfree ? Regards, Fran __ Enviado desde Correo Yahoo! Disfruta de una bandeja de entrada más inteligente. http://es.docs.yahoo.com/mail/overview/index.html -- Met vriendelijke groeten, Remco Post
$5 if you provide answer to prob with Tivoli Continuous Data Protection for Files
Trying to use this with an IOMEGA Home Network Hard Drive When the software tries to sync, get error The current operation is denied by the operating system due to permission This occurs even with blank password (no permission requirement) on the target. Fix this and I'll send you $5. Regards, Orin
Re: $5 if you provide answer to prob with Tivoli Continuous Data Protection for Files
Orin Rehorst wrote: Trying to use this with an IOMEGA Home Network Hard Drive When the software tries to sync, get error The current operation is denied by the operating system due to permission cdp runs with local system privs, which do'n carry acros the network, I guess. This occurs even with blank password (no permission requirement) on the target. Fix this and I'll send you $5. Hmmm, that's only about €3... I'll settle for a beer next symposium. Regards, Orin -- Met vriendelijke groeten, Remco Post
Re: $5 if you provide answer to prob with Tivoli Continuous Data Protection for Files
Thanks for the info. Yep, $5 is about 3 Euros. Please don't rub it in. So, for a remote target, it has to provide domain authentication. Is that what you're saying? Regards, Orin -Original Message- From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] On Behalf Of Remco Post Sent: Friday, March 28, 2008 12:38 PM To: ADSM-L@VM.MARIST.EDU Subject: Re: $5 if you provide answer to prob with Tivoli Continuous Data Protection for Files Orin Rehorst wrote: Trying to use this with an IOMEGA Home Network Hard Drive When the software tries to sync, get error The current operation is denied by the operating system due to permission cdp runs with local system privs, which do'n carry acros the network, I guess. This occurs even with blank password (no permission requirement) on the target. Fix this and I'll send you $5. Hmmm, that's only about €3... I'll settle for a beer next symposium. Regards, Orin -- Met vriendelijke groeten, Remco Post
Re: $5 if you provide answer to prob with Tivoli Continuous Data Protection for Files
Orin Rehorst wrote: Thanks for the info. Yep, $5 is about 3 Euros. Please don't rub it in. So, for a remote target, it has to provide domain authentication. Is that what you're saying? well, really, I wouldn't know, I'm more at home on Unix ;-) Maybe you could run cdp as some uid != system that does carry across the network. Maybe I'm just wrong ;-) -- Met vriendelijke groeten, Remco Post
Re: DSMJ and Authorized User
Hello, I think to an other way you could synchronize some os login with grant in TSM database. You could use role NODE for the logical node (a set of file tree) you want to delgate restoration task. So you use the http GUI for this usage. Selon Richard Sims [EMAIL PROTECTED]: Marc - Thanks for the details on the objectives. Before expending effort on making dsmj accomplish all that you want, is the overall approach really viable? In the client manual, review the table of Root and authorized user tasks, particularly for the Restore task. The show-stopper for the use of the Authorized User approach would be the inability to restore the files to their original ownership - if that user can indeed write to that location. Carefully consider all the ramifications. In your rigged execution of dsmj, you may not be seeing into directories because of basic ownership issues. In a standard TSM set- up, with a backup performed by root, an ordinary user likewise cannot see into TSM-stored directories because of ownership/permissions issues. If the Authorized User had performed the backup of the objects under the directory, then I should think the AU should be able to see them via dsmj - but likely not if the backup had been done by root. As Andy advises, try the command line client as a comparator: do a thorough 'dsmc query backup' on the area, and see if contents are revealed in that. Note that where a GUI like dsmj is not tenable, the compromise approach of 'dsmc -pick' may be acceptable. In your objections to sudo, you talk of ACLs set everywhere. Sudo does not necessarily grant root access: with -u invocation, it operates as a single non-root user, as can be used in restoring just their files. Personally, I would approach this by having root-run TSM scheduled backups, and use sudo -u for individual user restores, which keeps the operator away from dangerous root stuff. Others will likely have good suggestions based upon their experiences. Richard Sims
Re: Where can I find the downloadable TSM 5.5 documentation?
Apparently some of the manuals are on the quick start CD that comes when you order the media. It includes the various servers installation guides and the clients installation and user guides. It is missing the various Admin guides and references. Subject: Re: Where can I find the downloadable TSM 5.5 documentation? Not sure what eclipse plugins is, but you can get online versions from here http://publib.boulder.ibm.com/infocenter/tivihelp/v1r1/index.jsp
Re: ***SPAM*** [ADSM-L] AIX/Linux Lpar, Vio Server and Lanfree
Francisco, How about installing a small TSM Server on one of your LPARs. It would be a library management client to your main TSM server and back up itself and the other LPARs across the virtual ethernet. The only local disk you would need is the TSM DB and log, backups could go straight to tape just as if it was a storage agent.. HTH Steve Steve Harris TSM Admin Sydney Australia Remco Post [EMAIL PROTECTED] Sent by: ADSM:To Dist Stor ADSM-L@VM.MARIST.EDU Manager cc [EMAIL PROTECTED] .EDU Subject Re: [ADSM-L] ***SPAM*** [ADSM-L] AIX/Linux Lpar, Vio Server and 29/03/2008 04:15 Lanfree AM Please respond to ADSM: Dist Stor Manager [EMAIL PROTECTED] .EDU Francisco Molero wrote: Hello, We want to create several partitions controller by AIX/Linux Vio Server. I am interesting in run lanfree backups and I am looking info about that. Questions: If I want to run lan free backup over a Lpar controlled by Vio Server, need I to define a dedicated HBA for this LPar ? Can I share a Hba for two Lpars and run lanfree, is it supported ? as far as I know, not. VIO servers can only emulate/share disks, not tapedevices. so you'll need dedicated HBAs for the LPARs that require tape access. Could anybody tell me where can I find docs about AIX/Linux/Lpar/Vio and TSM lanfree ? Regards, Fran __ Enviado desde Correo Yahoo! Disfruta de una bandeja de entrada más inteligente. http://es.docs.yahoo.com/mail/overview/index.html -- Met vriendelijke groeten, Remco Post