Professional Documents
Culture Documents
Universal storage repository for all types of content High security with Enhanced Tamper Protection Support for multiple access methods
Bertrand Dufrasne Frank Boerner Andreas Feldner Roland Hoppe Kai Nunnemann Daniel Wendler Rene Wuellenweber
ibm.com/redbooks
International Technical Support Organization IBM Information Archive: Architecture and Deployment August 2010
SG24-7843-00
Note: Before using this information and the product it supports, read the information in Notices on page ix.
First Edition (August 2010) This edition applies to the IBM Information Archive V1.2 (program number 5608-IAF).
Copyright International Business Machines Corporation 2010. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .x Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi The team who wrote this book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Now you can become a published author, too! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Comments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Stay connected to IBM Redbooks publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Chapter 1. Introduction to archiving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1 The business need for archiving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 IBM Smart Archive Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3 Introducing IBM Information Archive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3.1 Information Archive key objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3.2 Information Archive key features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3.3 Information Archive value proposition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.4 Archiving reference architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 3 4 5 5 6 7
Chapter 2. IBM Information Archive overview and components . . . . . . . . . . . . . . . . . . 9 2.1 Information Archive overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.1.1 Information Archive archiving concepts and features . . . . . . . . . . . . . . . . . . . . . . 10 2.1.2 Information Archive security and data retention compliance features. . . . . . . . . . 11 2.1.3 Information Archive hardware and software overview . . . . . . . . . . . . . . . . . . . . . 12 2.2 Hardware components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.2.1 Rack and intelligent power distribution unit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.2.2 Cluster nodes (2231-S2M) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.2.3 Information Archive Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.2.4 RSM server for Information Archive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.2.5 Information Archive Storage Controller (2231-D1A) and expansion drawer (2231-D1B) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.2.6 Information Archive SAN switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.2.7 Information Archive Ethernet switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 2.2.8 Console kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 2.3 Software components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 2.3.1 IBM Tivoli Storage Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 2.3.2 IBM System Storage Archive Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 2.3.3 General Parallel File System (GPFS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.3.4 Remote Support Manager for Information Archive . . . . . . . . . . . . . . . . . . . . . . . . 25 2.3.5 DS Storage Manager for Information Archive . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.3.6 IBM Systems Director . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.3.7 Integrated Solutions Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.4 Storage configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 2.4.1 Storage controller configuration and management . . . . . . . . . . . . . . . . . . . . . . . . 27 2.4.2 Storage configuration and partitioning for Storage Controller . . . . . . . . . . . . . . . . 29 2.4.3 Enhanced Remote Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 2.5 Cabling / SAN zoning / TCP/IP addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 2.5.1 KVM cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 2.5.2 SAN cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 2.5.3 Ethernet connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Copyright IBM Corp. 2010. All rights reserved.
iii
2.5.4 TCP/IP addresses assigned . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Chapter 3. Planning and installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.1 Determining how many collections you need . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2 Hardware configuration planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2.1 Planning for Information Archive cluster nodes. . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2.2 Disk storage and capacity planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2.3 Planning the network connection type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2.4 Planning tape attachment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2.5 High availability with additional cluster nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2.6 Planning Enhanced Remote Mirroring configuration. . . . . . . . . . . . . . . . . . . . . . . 3.3 Integration planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3.1 Before creating any collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3.2 Document protection levels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3.3 System Storage Archive Manager Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3.4 Enhanced Tamper Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3.5 LDAP considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3.6 Time server requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3.7 Backing up the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4 Preparing for installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.1 General planning considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.2 Initial configuration worksheet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.3 Alerting and monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.4 Enhanced Remote Mirroring configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.5 Physical installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.5.1 Hardware installation (performed by IBM service representative) . . . . . . . . . . . . 3.5.2 Running the Initial Configuration Wizard (ICW) . . . . . . . . . . . . . . . . . . . . . . . . . . 3.5.3 Assigning administrative user roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.5.4 Changing RSM server passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.5.5 Configuring the call home feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.5.6 Activating SAN switch ports 8 through 15 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.5.7 Attaching tape drives and tape libraries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.5.8 Configuring the Enhanced Remote Mirroring feature . . . . . . . . . . . . . . . . . . . . . . 43 44 44 45 45 47 47 49 49 50 50 50 51 51 52 52 53 53 53 54 55 56 56 57 58 67 68 68 69 69 70
Chapter 4. System administration and operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 4.1 Information Archive administration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 4.1.1 User and group management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 4.1.2 Changing the passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 4.1.3 Software updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 4.1.4 System monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 4.1.5 RSM management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 4.1.6 DS Storage Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 4.2 Operations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 4.2.1 Accessing the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 4.2.2 Shutting down the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 4.2.3 Starting up the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 4.2.4 Rebooting the servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 4.2.5 Maintenance mode for cluster node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 4.2.6 Suspending a collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 4.2.7 Resuming a collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 4.2.8 Retrieving error logs and traces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 4.3 Information Archive Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 4.3.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
iv
4.3.2 Accessing the Information Archive CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 4.3.3 CLI command categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 4.3.4 Using the Information Archive CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 Chapter 5. System Storage Archive Manager Collections . . . . . . . . . . . . . . . . . . . . . 5.1 System Storage Archive Manager Collection overview. . . . . . . . . . . . . . . . . . . . . . . . 5.2 IBM System Storage Archive Manager overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2.1 IBM System Storage Archive Manager architecture overview . . . . . . . . . . . . . . 5.2.2 IBM System Storage Archive Manager basic concepts . . . . . . . . . . . . . . . . . . . 5.3 IBM System Storage Archive Manager features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.1 Access control and authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.2 Archive copy group retention parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.3 Chronological archive retention. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.4 Event-based retention policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.5 Deletion hold and release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.6 Data retention protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.7 Expiration processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.8 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.9 Data shredding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.10 Data deduplication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.11 Archive process of a System Storage Archive Manager Collection . . . . . . . . . 5.4 Creating and maintaining a System Storage Archive Manager Collection . . . . . . . . . 5.4.1 Creating a System Storage Archive Manager Collection . . . . . . . . . . . . . . . . . . 5.4.2 What is preconfigured with System Storage Archive Manager Collection . . . . . 5.4.3 System Storage Archive Manager collection administration . . . . . . . . . . . . . . . . 5.4.4 Granting client nodes access to a System Storage Archive Manager Collection 5.5 Supported archive applications for System Storage Archive Manager Collections. . . 5.6 Differences between System Storage Archive Manager Collections and File Archive Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chapter 6. File Archive Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.1 File Archive Collections overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.2 Network File System (NFS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.2.1 Archive process with File Archive Collections (NFS) . . . . . . . . . . . . . . . . . . . . . 6.2.2 Policy-based document retention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.2.3 Metafiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.2.4 Initial disk storage and secondary disk storage category . . . . . . . . . . . . . . . . . . 6.2.5 Additional considerations for File Archive Collections. . . . . . . . . . . . . . . . . . . . . 6.3 Hypertext Transfer Protocol (HTTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.4 Creating and maintaining a File Archive Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . 6.4.1 Creating a File Archive Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.4.2 What is preconfigured with the File Archive Collections . . . . . . . . . . . . . . . . . . . 6.4.3 File Archive Collection administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.4.4 Sharing directories and granting client nodes access. . . . . . . . . . . . . . . . . . . . . 6.4.5 Using the data share and the metafile share of a File Archive Collection. . . . . . 6.5 Archive applications supporting File Archive Collections . . . . . . . . . . . . . . . . . . . . . . Chapter 7. LDAP environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.1 Introduction to directories and LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.1.1 Directory components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.1.2 Directory and directory services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2 LDAP usage within Information Archive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2.1 LDAP servers used in our scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2.2 Names used in our scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents
115 116 117 119 127 132 132 133 135 135 137 137 138 139 140 141 142 143 144 148 161 165 166 166 167 168 169 169 174 175 178 181 182 182 183 192 204 211 218 226 227 228 228 228 229 229 229 v
7.3 Configuring Information Archive with IBM Tivoli Directory Server. . . . . . . . . . . . . . . . 7.3.1 Configuring the server instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.3.2 Configuring the LDAP objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.3.3 Using the ITDS LDAP server from Information Archive . . . . . . . . . . . . . . . . . . . 7.4 Tivoli Directory Services in IBM i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.4.1 Basic configuration for IBM Tivoli Directory Server on IBM i. . . . . . . . . . . . . . . . 7.4.2 Starting and stopping the Tivoli Directory Server . . . . . . . . . . . . . . . . . . . . . . . . 7.4.3 Populating the LDAP directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.4.4 Using the IBM Tivoli Directory Server on IBM i with Information Archive . . . . . . 7.5 Configuring Information Archive with OpenLDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.5.1 Configuring the LDAP objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.5.2 Using the OpenLDAP server from Information Archive. . . . . . . . . . . . . . . . . . . . 7.6 Configuring Information Archive with Microsoft Active Directory. . . . . . . . . . . . . . . . . 7.6.1 Preparing Microsoft Active Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.6.2 Configuring the LDAP objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.6.3 Using the Active Directory server from Information Archive . . . . . . . . . . . . . . . .
230 231 234 241 242 242 246 246 248 249 249 252 253 253 255 259
Chapter 8. Integrating IBM Information Archive with archiving applications . . . . . . 261 8.1 IBM Enterprise Content Management portfolio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262 8.1.1 IBM Content Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 8.1.2 IBM Content Manager OnDemand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264 8.1.3 IBM FileNet P8 Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265 8.2 System Storage Archive Manager-based Integration with Information Archive . . . . . 266 8.2.1 Integrating IBM Tivoli Storage Manager backup-archive client with a System Storage Archive Manager Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 8.2.2 Integrating IBM Tivoli Storage Manager API with a System Storage Archive Manager Collection (using dapismp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 8.2.3 Integrating Content Manager with Information Archive System Storage Archive Manager Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 8.2.4 Integrating Content Manager OnDemand with System Storage Archive Manager Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 8.2.5 Integrating IBM FileNet P8 with a System Storage Archive Manager Collection 322 8.3 File archiving-based integration in Information Archive. . . . . . . . . . . . . . . . . . . . . . . . 342 8.3.1 Integrating IBM i with an Information Archive File Archive Collection . . . . . . . . . 342 8.3.2 Granting access to the File Archive Collection in Information Archive . . . . . . . . 343 Chapter 9. Monitoring and call home . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.1 Status monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.1.1 Health Monitor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.1.2 Event notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.2 Tivoli Storage Manager Health Monitor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.2.1 Configuring the Tivoli Storage Manager Health Monitor . . . . . . . . . . . . . . . . . . . 9.2.2 Detailed health information for a server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.3 Using IBM Systems Director in Information Archive . . . . . . . . . . . . . . . . . . . . . . . . . . 9.3.1 Configuring IBM Systems Director . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.3.2 Working with IBM Systems Director . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.4 RSM server for Information Archive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.4.1 Configuring the RSM server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.4.2 Working with the Information Archive RSM server . . . . . . . . . . . . . . . . . . . . . . . 9.5 Reporting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.5.1 Tivoli Common Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.5.2 Document status information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.5.3 IBM Tivoli Storage Manager reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 352 352 355 361 362 363 365 365 370 381 381 389 393 393 396 398
vi
9.5.4 IBM Tivoli Storage Productivity Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.6 Logging and tracing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.6.1 Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.6.2 Tracing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chapter 10. Tape attachment with IBM Information Archive. . . . . . . . . . . . . . . . . . . . 10.1 Information Archive tape attachment overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.2 Tape device support for Information Archive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.3 Using tape for Information Archive data migration . . . . . . . . . . . . . . . . . . . . . . . . . . 10.4 Using tape for Information Archive data backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.4.1 System Storage Archive Manager Collections backup . . . . . . . . . . . . . . . . . . . 10.4.2 File Archive Collections backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.5 Planning for tape attachment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.5.1 IBM System Storage Archive Manager and Information Archive Tivoli Storage Manager tape pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.5.2 Database backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.6 Configuring tape libraries and drives for use with Information Archive . . . . . . . . . . . 10.6.1 Attaching IBM TS3500 library to the internal SAN switches . . . . . . . . . . . . . . . 10.6.2 Device driver and device attachment verification . . . . . . . . . . . . . . . . . . . . . . . 10.6.3 Defining LTO4 tape drives and TS3500 library in the System Storage Archive Manager server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.6.4 Integrating LTO4 drives and TS3500 library into the storage hierarchy . . . . . . 10.6.5 Modifying tape migration thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.7 Tape drive encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.7.1 Tape drive encryption methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.7.2 Encryption method setup for TS3500 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.7.3 Drive encryption setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.8 Persistent naming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.8.1 Linux device manager udev . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.8.2 Defining udev rules for tape devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.8.3 Defining udev rules for medium changer commands . . . . . . . . . . . . . . . . . . . . Chapter 11. Information Archive data backup and restore . . . . . . . . . . . . . . . . . . . . . 11.1 System Storage Archive Manager Collections backup and restore . . . . . . . . . . . . . 11.1.1 Backing up System Storage Archive Manager Collections . . . . . . . . . . . . . . . . 11.1.2 Restoring a System Storage Archive Manager Collection . . . . . . . . . . . . . . . . 11.1.3 Verifying data integrity of storage pool volumes . . . . . . . . . . . . . . . . . . . . . . . . 11.2 File Archive Collection backup and restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.2.1 File Archive Collection backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.2.2 Restoring File Archive Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chapter 12. Enhanced Remote Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12.1 Enhanced Remote Mirroring overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12.1.1 Data replication process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12.1.2 Primary and secondary logical drives setup . . . . . . . . . . . . . . . . . . . . . . . . . . . 12.1.3 Mirror repository logical drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12.1.4 Mirror relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12.2 Enhanced Remote Mirroring configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12.2.1 Enhanced Remote Mirroring requirements and feature codes . . . . . . . . . . . . . 12.2.2 Connecting the Fibre Channel cables for Enhanced Remote Mirroring . . . . . . 12.2.3 Establishing SSH-tunnel connection between the mirrored appliances . . . . . . 12.2.4 Defining an Information Archive to be the secondary appliance for Enhanced Remote Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12.2.5 Synchronizing data between the primary and secondary appliances . . . . . . . .
Contents
398 398 399 400 403 404 406 406 407 407 408 409 409 410 411 411 412 414 420 431 433 433 434 435 435 437 438 439 441 442 442 447 451 452 453 456 461 462 463 464 464 464 464 465 465 467 468 470 vii
12.3 Using tape drives in an Enhanced Remote Mirroring environment . . . . . . . . . . . . . . 472 12.4 Site failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473 12.4.1 Running a planned site failover or failback . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473 12.4.2 IBM Information Archive disaster recovery with Enhanced Remote Mirroring . 476 12.4.3 Failing components in one of the IBM Information Archives with Enhanced Remote Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478 12.4.4 Connection issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478 12.5 Administrative tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479 12.5.1 Suspending the data mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479 12.5.2 Resuming the data mirroring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481 12.5.3 Removing the mirroring relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482 12.5.4 Restoring a removed mirrored relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483 12.6 Tips for synchronizing appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484 12.6.1 Changing synchronization priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484 12.6.2 Test the mirror communication in the DS Storage Manager . . . . . . . . . . . . . . . 485 12.6.3 Checking the Enhanced Remote Mirroring status. . . . . . . . . . . . . . . . . . . . . . . 487 Chapter 13. DR550 migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.1 Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.1.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.1.2 Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.1.3 Sizing and duration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.1.4 Verifying the data after migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IBM Redbooks publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Other publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Online resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How to get Redbooks publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Help from IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489 490 490 491 492 492 493 493 493 493 494 494
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
viii
Notices
This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing, IBM Corporation, North Castle Drive, Armonk, NY 10504-1785 U.S.A. The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those websites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs.
ix
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. These and other IBM trademarked terms are marked on their first occurrence in this information with the appropriate symbol ( or ), indicating US registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at http://www.ibm.com/legal/copytrade.shtml The following terms are trademarks of the International Business Machines Corporation in the United States, other countries, or both:
AIX DB2 Domino DS4000 Electronic Service Agent FileNet GPFS i5/OS IBM Systems Director Active Energy Manager IBM InfoSphere Lotus Notes Lotus Notes OmniFind Optim Redbooks Redpaper Redbooks (logo) System i System Storage System Storage DS System x System z Tivoli Enterprise Console Tivoli TotalStorage WebSphere z/OS
The following terms are trademarks of other companies: FileNet, and the FileNet logo are registered trademarks of FileNet Corporation in the United States, other countries or both. SnapLock, NetApp, and the NetApp logo are trademarks or registered trademarks of NetApp, Inc. in the U.S. and other countries. Novell, SUSE, the Novell logo, and the N logo are registered trademarks of Novell, Inc. in the United States and other countries. QLogic, and the QLogic logo are registered trademarks of QLogic Corporation. SANblade is a registered trademark in the United States. SAP R/3, SAP, and SAP logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries. Java, and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft, Windows, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Intel Xeon, Intel, Intel logo, Intel Inside logo, and Intel Centrino logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others.
Preface
This IBM Redbooks publication can help you understand, configure, monitor, and use IBM Information Archive. As you address your information retention needs, whether keeping valuable content for long periods of time, meeting industry retention regulations, or addressing corporate governance, you need an archiving solution that is secure, scalable, but also cost-effective. IBM Information Archive is the next-generation information retention solution designed as a universal archiving repository for all types of content to help midsize and enterprise clients reduce cost, manage risk, and address clients complete information retention needs: business, legal, or regulatory. This highly versatile, smart business system can be a useful tool for clients in their efforts to support regulatory compliance by providing a storage repository with robust security features designed to prevent the alteration or deletion of the storage repository in which information is stored until their business-designated retention period has elapsed. This book is a comprehensive document intended for customers and field personnel who want to understand, deploy, use, and monitor IBM Information Archive.
Andreas Feldner is an accredited Product Support Professional and region specialist for DR550 and SAN products and is located in Frankfurt, Germany. He works for IBM Global Technology Services and has more than 16 years experience in product support. His areas of expertise include implementation and maintenance of DR550, IBM System p servers, disk subsystems, and tape storage solutions.
xi
Roland Hoppe is a Product Service Professional in Germany. He has 20 years of experience as a customer engineer and support specialist. He works in the Archive Solution Competence Center in Leipzig and provides worldwide support for DR550 and IBM Information Archive.
Kai Nunnemann is a Senior Consultant and Category Leader for Information Management at becom - A Divison of Computacenter, in Germany. He has 14 years of experience with IBM hardware and software. His areas of expertise include IBM Tivoli Software, IBM Content Management software, and related storage hardware. He holds a degree in Mechanical Engineering. Kai is one of becoms IBM Certified Deployment Professionals Tivoli Storage Manager, and an IBM Certified Solution Advisor Tivoli Storage. Daniel Wendler is an IT Specialist within the IBM MTS Group in Germany. After studying computer science and graduating at the University of applied science Wiesbaden, Daniel joined IBM in 2005. He wrote his final thesis in the eRMM Software Development department at IBM about automated policy-based management of removable storage media. Since then, Daniel is working in the European Storage Competence Center as a product field engineer for RMSS products. He provides post-sales support for enterprise tape libraries, Open System virtualization engines and enterprise tape encryption solutions. Rene Wuellenweber is an accredited Product Service Professional working for IBM in Germany. He has 12 years of experience as a customer engineer, supporting DASD Midrange products and working as solution support specialist. Rene works in the Archive Solution Competence Center in Leipzig and provides worldwide support for DR550 and IBM Information Archive.
Thanks to the following people for their contributions to this project: BJ Klingenberg, Bonnie Pulver, Mike Griese, Neeta Garimella, Erick Kissel, Greg McBride, Bryan Jen, Braynt Lee, Jason Auvenshine, Linda Benhase, Tony Ciaravella, Chris Zukowski, Roger Wofford, Michael Griese, Jim Saunders, Manuel Avalos Vega, Carlos Sandoval, Don A Hantzsche, Brian Ashmore, Kelly Axup, Matthias Jung, Nils Haustein, Stefan Roth, Stefan Bender, Alexander Safonov and Harald Uebele.
xii
Comments welcome
Your comments are important to us! We want our books to be as helpful as possible. Send us your comments about this book or other IBM Redbooks publications in one of the following ways: Use the online Contact us review Redbooks form found at: ibm.com/redbooks Send your comments in an email to: redbooks@us.ibm.com Mail your comments to: IBM Corporation, International Technical Support Organization Dept. HYTD Mail Station P099 2455 South Road Poughkeepsie, NY 12601-5400
Preface
xiii
xiv
Chapter 1.
Introduction to archiving
In this chapter we introduce the concept of archiving and its business requirements. We explain the need for retention managed data and briefly present the IBM Smart Archive Strategy. This strategy can help you realize the business value of your information while driving down costs and risks as well as ensuring that critical business content is properly retained and protected. As an element of the IBM Smart Archive Strategy, we highlight the features of the IBM Information Archive (Information Archive) and position them in this context.
The IBM Smart Archive Strategy offers the following capabilities: Optimized and unified ingestion: Enables a deeper understanding of what information to archive through discovery-based and analytics-based assessment technologies. Eliminates point solution complexity and cost by unifying data and content archiving through common collection (ingest) and classification technologies. The following examples from the IBM Product portfolio fit that category: IBM InfoSphere Content Assessment software IBM InfoSphere Content Collector family of offerings, including integration with IBM Optim Data Growth Solution software
IBM InfoSphere Classification Module software IBM InfoSphere Discovery with Optim Data Growth Solution software Flexible and secure infrastructure: Enables cost-optimized retention with unified, flexible, secure and policy-aware infrastructure. Speeds time to value through modular, integrated solutions including choice of management and delivery models based on a common information lifespan and policies. These solutions and services include traditional on-premise software, preconfigured appliance, software-as-a-service, cloud-ready and hybrid options. The following examples from the IBM product portfolio fit that category: IBM Enterprise Content Management (ECM) repositories IBM Information Archive solution (the focus of this book) IBM Managed Information Archive Cloud Services IBM Global Technology Services Storage and Archive Services Integrated Compliance, Records Management, Analytics, and eDiscovery: Reduce risk, respond more quickly to legal inquiries, establish trust and leverage information using integrated compliance, analytics, records management, and eDiscovery software. The following examples from the IBM product portfolio fit that category: IBM InfoSphere Enterprise Records software IBM InfoSphere Discovery Manager and Discovery Analyzer software
You can manage archived information from a single, simple to use graphical user interface (GUI). Information Archive scales in capacity by adding more disk storage to the collections and scales in performance by adding more file system nodes. Using hierarchical storage management techniques, Information Archive helps move archived information across a hierarchy of lower cost storage devices, including tape. This can help you to match the value of your archived information to the cost of the infrastructure on which it is stored. Information Archive is designed to provide a quick time-to-value so you can begin to realize its benefits very soon after.
Enforces data retention polices that maintain data as non-erasable and non-rewritable (NENR) until deletion is permitted by retention policy. Enables users to archive and retrieve directly from or to their workstations as well as enterprise content management applications. Offers Enhanced Disaster Recovery based on advanced copy services to increase the availability of archived documents and to prevent data loss in the event of a disaster. Implements Enhanced Tamper Protection, a patent-pending feature that prevents root access to the appliance to avoid modification or deletion of archived data. Supports data deduplication, which helps to store a single instance of data on disk and reduces the file size of documents in the archive collections. Data deduplication can reduce the effective data size on disk by 20 to 80%. Provides Hierarchical Storage Management, which automatically distributes and manages data on disk, tape, or both, with the objectives of minimizing access time to data and maximizing available media capacity.
Applications Layer 1
` ` `
LAN
Layer 2
Layer 3
Archive Appliance
Chapter 2.
Applications
NFS NAS
Disk Disk Collection 1
NFS NAS
Disk Disk Disk Collection 2
NAS SSAM
Disk Disk Collection 3
Collection 1
Collection 2
Collection 3
Clustered
Clustered
10
The Information Archive GUI lets you administrate, operate, and monitor the Information Archive appliance, and generate reports. The system offers the option to migrate and back up data to tape. Although optional, tape attachment is highly desirable.
Document retention
The Information Archive appliance provides a number of ways to specify how long documents are retained.You can configure document retention policies, which provide both time-based and event-based retention options.
Access protection
Authentication is required for access to archived documents and the Information Archive GUI. For File Archive Collections, user accounts for administrators and archive users can be managed using an external Lightweight Directory Access Protocol (LDAP) server. Access for users, user groups, or host systems must be granted through the Information Archive administrative interface. Also see Chapter 7, LDAP environments on page 227. Two predefined user accounts are provided with the appliance: iaadmin and iscadmin. These user accounts have limited authority, and are intended to be used for a specific set of tasks. You must change the default passwords for these user accounts during the initial configuration of the appliance.
Compliance features
Information Archive provides a number of features to enable you meet your legal, regulatory, or policy compliance requirements for data archiving.
11
The Information Archive appliance includes Fibre Channel (FC) ports for external tape attachment but does not include cables or tape drives or tape libraries. You must acquire and attach tape drives to be able to back up your configuration and collection data (see Chapter 10, Tape attachment with IBM Information Archive on page 403). The backup and restore process is described in detail in Chapter 11, Information Archive data backup and restore on page 441. The software bundle includes Information Archive Version 1.2, the IBM Tivoli Storage Manager 6.x, the IBM System Storage Archive Manager Version 6.x, Information Archive Cluster Version, the IBM System Director Version 6.1.0, and DS Storage Manager for Information Archive, customized for additional protection.
12
RSM Server
Expansion Drawers
Management Console Managem ent Node Cluster Node 1 Cluster Node 2 Cluster Node 3 Expansion Drawers Storage Controller
1
KVM Switch
SAN Switches Ethernet Switches
Front View
Rear View
13
The base frame 2231-IA3 can be complemented with one expansion frame 2231-IS3 (shown in Figure 2-4) to provide storage for up to two additional collections. The optional Information Archive 2231-IS3 Expansion frame consists of the following components: One 2231-IS3 rack (7014 T00 rack - 36U) Up to two 2231-D1A Storage Controllers (IBM System Storage DS4200) Up to ten Expansion Drawers 2231-D1B (IBM System Storage EXP420)
Disk Expansion 2.5 Disk Expansion 1.5 Disk Expansion 2.4 Disk Expansion 1.4 Disk Expansion 2.3 Disk Expansion 1.3 Disk Expansion 2.2 Disk Expansion 1.2 Disk Expansion 2.1 Disk Expansion 1.1 Disk Controller 2 Disk Controller 1
1 2009 IBM Corporation
Rack specifications
The Information Archive rack is a 7014-T00 rack that stacks all the components vertically. The rack comes with doors in the front and back, and includes the Rack Security Kit to secure physical access to any of the Information Archive appliance components. The Information Archive 2231-IA3 (base frame) and the Information Archive 2231-IS3 rack (expansion frame) have a height of 36U and each contains two iPDUs. The servers and (optional) SAN and Ethernet switches are placed in the middle of the rack. The storage units start from the bottom, populating toward the top as the storage capacity installed increases (also see Figure 2-3 and Figure 2-4. The hardware specifications provide detailed information for the rack, including dimensions, electrical, power, temperature, environment, and service clearances. For more information, see: http://publib.boulder.ibm.com/infocenter/powersys/v3r1m5/index.jsp?topic=/iphad/f7 014t00rack.htm
14
Figure 2-5 The iPDU - Power distribution unit with Ethernet ports
All the cabling from the iPDUs to the various Information Archive components is done by manufacturing.
15
Cluster nodes: The Information Archive Model 2231-IA3 must contain at least one cluster node with a maximum of up to three cluster nodes.
The minimum configuration supports a single collection with one cluster node 2231-S2M, but this does not allow a cluster node failover. The maximum configuration consists of three cluster nodes and supports three collections. In this configuration, all collections support cluster node failover, but there will be a performance degradation when more than one collection runs on a single cluster node. Each collection needs a dedicated Storage Controller 2231-D1A (DS4200). Consequently, for more than one collection, the configuration requires the 2231-IS3 expansion frame to mount the second and third 2231-D1A storage controllers. 16
IBM Information Archive: Architecture and Deployment
17
2.2.5 Information Archive Storage Controller (2231-D1A) and expansion drawer (2231-D1B)
The Storage Controller (2231-D1A) used in Information Archive is the IBM System Storage DS4200. Additional storage capacity is increased by adding Information Archive expansion drawers (2231-D1B). The Information Archive expansion drawer is an IBM System Storage EXP420. Each Storage Controller and expansion drawer used with the Information Archive includes eight or sixteen 1 TB or 2 TB Serial ATA (SATA) disk drives. The Information Archive base frame (2231-IA3) can consist of one Information Archive Storage Controller (2231-D1A) and up to six Information Archive expansion drawers (2231-D1B). In the expansion frame (2231-IS3) there is space for two optional storage controllers and five optional expansion drawers for each of these storage controllers (a maximum of ten expansion drawers). Each Storage Controller has two 4 GB FC ports by default that are used to attach the Information Archive cluster node servers. Another, optional, two 4 GB FC ports for remote mirroring can be included. The Information Archive Storage Controller supports online controller firmware upgrades to help provide better performance and functionality. For further information about the IBM DS4200 Storage Controller, see: http://www.ibm.com/servers/storage/disk/ds4000/ds4200/index.html References: The foregoing link is only meant for general DS4200 related documentation. For Information Archive specific software and firmware downloads, you must strictly refer to the Information Archive support web page: http://www-03.ibm.com/systems/storage/disk/archive/index.html
18
The storage units are equipped with Serial Advanced Technology Attachment (SATA) disk drives. With Information Archive, users get the advanced features of the Storage Controller with the cost-effective advantage of SATA disks that are well-suited for fixed content, sparingly accessed storage applications. Figure 2-10 shows the front view of the Information Archive Storage Controller (2231-D1A). The 2231-D1B (EXP 420) looks identical from the front except for the label on the front bezel.
Figure 2-11 shows the rear view of the Information Archive Storage Controller.
Ctrl A
21
1 2
19
The 2231-D1B (EXP 420) has two hot-swappable Environmental Service Modules (ESMs), two power supplies, and two fan units that provide for sufficient redundancy and availability. The 2231-D1A and the 2231-D1B also have hot-swappable drives. The hot-swap drive bays are preinstalled in drive trays. This drive and carrier assembly, called a customer replaceable unit (CRU), includes the drive tray, SATA drive, and hard disk drive interposer card; they are installed in the 16 drive bays on the front of the unit. Each of these can be replaced as a unit. Figure 2-11 shows the rear view of Information Archive 2231-D1B.
Reserved SFP interface connectors Serial Port
Dv e Ch a n n e l r i 2 B 2 A Dr e Ch a n n e l v i 1 A
1 B
2 DDi I / a g
G/ s b 4
Gb / s 1 2
DC 1
OK
OK
ESM A
AC
AC
ESM B OK DDi I / a g DC 1 4 2 Gb / s 1 4 2 4 G/ s b 2
OK
1 A 1 B Dv e Ch a n n e l r i
2 A 2 B Dv e Ch a n n e l r i
SFP interface connectors ESM indicator lights Reserved connectors for future use
The minimum capacity in the Information Archive appliance is 8 TB of raw disk space that is built with eight (half a drawer) 1 TB disks in the Information Archive Storage Controller (2231-D1A) enclosure. The storage is configured as RAID 6, whereby a half drawer, if it is the only storage drawer, is formatted 5+2 with a global spare; Otherwise it is formatted as 5+2P and 6+2P with one or two global spares (depending on how many expansion drawers are used, there is an additional global spare defined starting with the third expansion drawer). Information Archive comes in configurations with 1 TB or 2 TB disks. When equipped with 1 TB disks, the raw capacity varies in increments of 8 TB up to 112 TB for the first collection, and from 8 TB up to 96 TB for the second and third collections. When using 2 TB disks, the capacity varies in 16 TB increments up to 224 TB for the first collection and from 16 TB up to 192 TB from the second and third collections.
20
Figure 2-13 shows the location of the storage within the Information Archive appliance.
2231 IA3
36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 R SM S e rv e r (F C 5 6 0 1 ) D 1 B D is k E xp # 1 -6 ( o p tio n a l) 6 +2 P ; 6 +2 P D 1 B D is k E xp # 1 -5 ( o p tio n a l) 6 +2 P ; 6 +2 P D 1 B D is k E xp # 1 -4 ( o p tio n a l) 6 +2 P ; 6 +2 P D 1 B D is k E xp # 1 -3 ( o p tio n a l) 5+2P ; S ; 6+2P M a n d a to r y O p t io n a l 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
2231 IS3
D 1 B D is k E xp # 2 -5 ( o p tio n a l) 6+2P; 6 + 2 P D 1 B D is k E xp # 1 -5 ( o p tio n a l) 6+2P; 6 + 2 P D 1 B D is k E xp # 2 -4 ( o p tio n a l) 6+2P; 6 + 2 P D 1 B D is k E xp # 1 -4 ( o p tio n a l) 6+2P; 6 + 2 P D 1 B D is k E xp # 2 -3 ( o p tio n a l) 5 + 2 P; S ; 6 + 2 P D 1 B D is k E xp # 1 -3 ( o p tio n a l) 5 + 2 P; S ; 6 + 2 P D 1 B D is k E xp # 2 -2 ( o p tio n a l) 6+2P; 6 + 2 P D 1 B D is k E xp # 1 -2 ( o p tio n a l) 6+2P; 6 + 2 P D 1 B D is k E xp # 2 -1 ( o p tio n a l) 6+2P; 6 + 2 P D 1 B D is k E xp # 1 -1 ( o p tio n a l) 6+2P; 6 + 2 P D 1 A D is k C tr lr # 2 ( o p ti o na l ) 5 + 2 P; S ; 6 + 2 P D 1 A D is k C tr lr # 1 5 + 2 P; S ; 6 + 2 P
1 9 2 T B R a w (1 T B H D D s ) 1 4 0 T B U s e r (R A ID 6 )
O p t io n a l
O p t io n a l
O p t io n a l
O p t io n a l
O p t io n a l
O p t io n a l
O p t io n a l
O p t io n a l
K e y b d , M o n ito r , KV M
T wo 24 por t B roc a de S A N 24 B 4 F C s witc hes (o ption al b ut pai red )
M a n d a to r y O p t io n a l O p t io n a l M a n d a to r y M a n d a to r y M a n d a to r y M a n d a to r y O p t io n a l
O p t io n a l
M g m t S e rv e r ( F C 5 6 0 0 )
T wo S M C 812 6L 2 26 p or t E th er net 1 0/100 /1G S w ( 46M 217 5)
O p t io n a l
S 2 M S e rv e r
O p t io n a l
iP D U
iP DU
iP D U
O p t io n a l O p t io n a l
iP D U
S 2 M S e rv e r (opt 1)
O p t io n a l
O p t io n a l
O p t io n a l
O p t io n a l
M a n d a to r y
M a n d a to ry
M a n d a to r y
M a n d a to ry
21
Each SAN switch is a 24-port high performance auto-sensing Fibre Channel switch. With next generation switch technology, these switches are designed to provide improved availability capabilities, fully non-blocking performance, and advanced intelligence features. The Information Archive SAN Switch provides 1, 2, or 4 Gbps link speed. The port speeds can be set to any of these values or can be set to auto-negotiate the highest speed that the attaching devices support. In Information Archive, the cluster nodes and the Storage Controller ports operate at 4 Gbps. Figure 2-14 shows the SAN switch.
USB port
AC Receptacle
Ethernet port
Figure 2-14 Information Archive SAN switch (IBM System Storage SAN Switch 2498-B24)
The required Fibre Channel cabling between the cluster nodes and the storage controllers is done by manufacturing for the 2231-IA3 frame. If you ordered an optional 2231-IS3 frame with additional storage controllers, your IBM Support representative will perform the required interconnection cabling. The customer does not have to perform any reconfiguration at installation time. In addition, the zoning definitions are also done at manufacturing time. Security: Although technically possible, it is best not to share the Information Archive fabric or fabrics with other fabrics for attaching non-IA components, such as external servers or storage devices. Doing so compromises the security of the Information Archive appliance and can have implications on third-party compliance certifications.
22
Status LEDs
Console port
SFP slots
The Information Archive Ethernet switch is an intelligent layer 2 switch with 26 10/100/1000 BASE-T port. Ports 21 up to 23 are available twice (combo ports). It is possible to plug in Small Form Factor Pluggables (SFPs) to the bottom rightmost four ports, so that you can use GB Ethernet fibre for long distance. The SFP slots are shared with four of the RJ-45 ports (ports 21 to 23). If an SFP transceiver is present in a slot and has an active link, the corresponding RJ-45 port is disabled and cannot be used.
23
24
25
Generally speaking, DS Storage Manager enables administrators to quickly configure and monitor their Information Archive Storage Controller from either a command line interface or a Java-based graphical user interface. It is designed to enable storage administrators to customize and change settings, configure new volumes, define mappings, handle routine maintenance, and dynamically add new enclosures and capacity to existing volumes without interrupting user access to data. It is also used to configure, monitor, and maintain Enhanced Remote Mirroring. Failover drivers, performance-tuning routines, and cluster support are also standard features of the DS Storage Manager. Important: Do not upgrade the Storage Controller firmware manually. In the Information Archive appliance, such an upgrade must be done as part of the overall Information Archive software upgrade.
26
A standards-based architecture
Integrated Solutions Console provides a standards-based architecture for web administration. Each Integrated Solutions Console module consists of one or more web applications that have access to services within the Java 2 Enterprise Edition (J2EE) environment provided by IBM WebSphere Application Server. The help interface is implemented using the Eclipse open standard. Console modules are developed using the Java Portlet Specification.
27
There are two possibilities to start the SMclient graphical user interface: The interface can be started directly local at the Management Console. Connect the flat panel monitor to the Management Console by pressing the Print Screen key (alternatively, by pressing Ctrl twice) on the keyboard and selecting the appropriate entry from the window. Log in to Management Console as iaadmin. Then open a terminal window (xterm) and enter sudo SMclient. The other way is to start the SMclient remote. For this, you need an X-Server at your remote computer, then open an ssh client such as putty to make a connection to the Management Console as shown in Figure 2-17. Enter sudo SMclient to start the DS Storage Manager. For detailed information, also see 4.2.1, Accessing the system on page 95.
After a few seconds, the DS Storage Manager main window (Figure 2-18) is displayed. To open the subsystem management window, left-click a subsystem in the navigation panel on the left (for example, Storage Subsystem iastorage1a), right-click, and select Manage Device from the menu (or just double-click the Storage Controller name).
28
Hot-spare drive
Hot-spare drives provide additional protection that might be essential in case of a disk drive fault. A hot-spare drive is similar to a standby replacement drive. The data from the failed disk drive is automatically rebuilt by the controller to the hot-spare drive, and the spare takes the place of the failed one. When the failed drive is eventually replaced with a new one, the data from the hot-spare drive is copied back to the new drive, and the hot-spare drive goes back to its role as a replacement drive. It is important to note that the DS4000 series (such as the DS4200 used in the Information Archive appliance) uses global hot-spares, meaning that they can take over for any failed drive regardless of its enclosure. For Information Archive, there is one global hot-spare defined in the first array of each storage controller, and the first array of any additional third expansion drawer. Upgrades: At the time of writing, there is no possibility for field capacity upgrades. Any specific capacity configuration must be ordered as such from manufacturing.
29
Figure 2-19 shows the possible 1 TB disk configurations in Information Archive (remember that each collection, with a maximum of three, must have its dedicated storage controller). Mixing 1 TB and 2 TB drives within one enclosure is not supported. If you have any 2 TB drives in your system, you can only add 2 TB drives in the future.
First Collection Disks D1A w 8 drives D1A w 16 drives D1B #1 w 8 drives D1B #1 w 16 drives D1B #2 w 8 drives D1B #2 w 16 drives D1B #3 w 8 drives D1B #3 w 16 drives D1B #4 w 8 drives D1B #4 w 16 drives D1B #5 w 8 drives D1B #5 w 16 drives D1B #6 w 8 drives D1B #6 w 16 drives
1
Figure 2-20 shows the possible disk configuration and capacities with 2 TB disks.
First Collection Disks D1A w 8 drives D1A w 16 drives D1B #1 w 8 drives D1B #1 w 16 drives D1B #2 w 8 drives D1B #2 w 16 drives D1B #3 w 8 drives D1B #3 w 16 drives D1B #4 w 8 drives D1B #4 w 16 drives D1B #5 w 8 drives D1B #5 w 16 drives D1B #6 w 8 drives
1 D1B
Second and third collection Disks 9 21 33 35 57 69 79 91 103 115 127 139 151 163 TB
2009 IBM Corporation
Usable capacity 16 32 48 64 80 96 112 128 144 160 176 192 208 224
Usable capacity 16 32 48 64 80 96 112 128 144 160 176 192 10 22 34 46 58 70 80 92 104 116 128 140 TB
#6 w 16 drives
30
Volume mapping
As you can see from the DS Storage Manager for Information Archive mappings view in Figure 2-21, all volumes (LUNs) are mapped to the host group iagroup. This means that all logical drives created on the arrays are available to all cluster nodes attached to the Storage Controller (2231-D1A). The LUN utilfs is used to store the configuration and log data. The LUNs iadata 85_1 and iadata 85_2 are used for (user) archive data, and are configured as a GPFS file system. Depending on your configuration (number of storage servers and expansion, there can be additional iadata_85_x LUNs). The LUN iarecovery (30 MB) is used to bootstrap GPFS in a Disaster Recovery / Enhanced Remote Mirroring configuration.
Preferred path: The Storage Controller (2231-D1A) has two disk controllers (A and B) for redundancy. All logical drives created on the Information Archive Storage Controller are accessible from either of the two controllers, as installed. Each FC HBA has one or more paths to Controller A of the Information Archive Storage Controller. Similarly, the other FC HBA has one or more paths to Controller B. In case of a path failure, meaning either a FC HBA failure, switch failure, SFP, fiber link failure, or even a Storage Controller failure, the logical drives are accessible on the remaining paths. For performance reasons, the preferred paths are distributed between the controllers automatically.
31
The settings and cabling done by manufacturing depend on the exact configuration ordered (storage capacity, number of cluster nodes, optional SAN switches, Enhanced Remote Mirroring, and so on). The following sections show the most typical configurations. Important: Cabling diagrams are shown here for information only. Customers must not change any of the cabling or other settings done by manufacturing.
SM E3 E4
U1 U2
RSM Server
KVM Switch
P S S = W VID
CF
U1 U2 K M M 1 3 5 7
ACI
2 4 6 8
Slot 1
SM E3 E4
U1 U2
Management Console
Slot 1
2 2
1 1
2 2
1 1
Cluster Node #1
Slot 2
P
SM E3 E4 U1 U2
Cluster Node #2
Slot 1 Slot 2
2 2
1 1
2 2
1 1
P
SM E3 E4 U1 U2
Cluster Node #3
Slot 1 Slot 2
2 2
1 1
2 2
1 1
P
SM E3 E4 U1 U2
Figure 2-22 IBM 2231-IA3 - cabling the KVM switch with cluster nodes
32
System diagrams
Figure 2-23 shows the cabling from the cluster nodes to the SAN switches.
SAN Switch # 2
SAN Switch # 1
Mgmt Eth
Slot 1 Slot 2
2 2
1 1
2 2
1 1
Cluster Node #1
P P
SM E3 E4
U1 U2
Slot 1 Slot 2
2 2
1 1
2 2
1 1
Cluster Node #2
P P
SM E3 E4
U1 U2
Slot 1 Slot 2
2 2
1 1
2 2
1 1
Cluster Node #3
P P
SM E3 E4
U1 U2
Figure 2-23 Cabling from the cluster nodes to the SAN switches for disk
33
Port 1 from the FC HBA in slot 2 of each cluster node is connected to SAN switch #2, while port 1 from the second FC HBA in slot 3 of each cluster node is connected to SAN switch #1. This provides a redundant path to the storage controllers from any single cluster node. Figure 2-24 shows the cabling from the SAN switches to the disk controllers. As previously mentioned, all the cabling is done by manufacturing.
SAN Cabling - Disk Side
SAN Switch # 2
Mgmt Eth
SAN Switch # 1
Mgmt Eth
2 1
2 1
CtrlA
1 2
CtrlB
DS4200 #2
1 2
2 1
2 1
2 1
2 1
CtrlA
1 2
CtrlB
CtrlA
1 2
CtrlB
DS4200 #1
1 2
DS4200 #1
1 2
IA3 Rack
IS3 Rack
Figure 2-24 Cabling from the SAN switches to the storage controller
Figure 2-25 shows FC cabling for tape, between cluster nodes and SAN switches. Port 2 from the FC HBA in slot 2 of each cluster node is connected to SAN switch #2, while port 2 from the second FC HBA in slot 3 of each cluster node is connected to SAN switch #1. This provides a redundant path to optional tape devices from any single cluster node Note that for tape, cabling to switch is NOT mandatory. Direct connection to customer tape or external switch is permitted.
34
SAN Switch # 1
Mgmt Eth
Slot 1 Slot 2
2 2
1 1
2 2
1 1
Cluster Node #1
P P
SM E3 E4
U1 U2
Slot 1 Slot 2
2 2
1 1
2 2
1 1
Cluster Node #2
P P
SM E3 E4
U1 U2
Slot 1 Slot 2
2 2
1 1
2 2
1 1
Cluster Node #3
P P
SM E3 E4
U1 U2
Figure 2-26 shows SAN ports reserved on the switches for attachment of tape devices, or for a DR configuration (Enhanced Remote Mirroring).
S witch ports 12: to rem ote mirror s witch ports 1 2 S witch ports 9 and 1 1: to ex terna l ta pe drives & libra ries
X3 X5
S w# 2 IA3 E IA 20 X1 X4 S w #1 IA3 EI A 19 X2 X6
35
For more information, see Chapter 10, Tape attachment with IBM Information Archive on page 403.
Zoning
Zoning for the SAN switches in Information Archive is preconfigured as shown in Figure 2-27 for the server to disk configurations.
Fibre Switch Zones
Zone Name Server Port (cable)
Use
S1L
Sw #2 (port 0)
S1R
Sw #1 (port 0)
S2L
Sw #2 (port 1)
S2R
Sw #1 (port 1)
S3L
Sw #2 (port 2)
S3R
Sw #1 (port 2)
IS3 D1A#1 Left H1 (C3) IS3 D1A#2 Left H1 (C5) IA3 D1A#1 Right H1 (C2) IS3 D1A#1 Right H1 (C4) IS3 D1A#2 Right H1 (C6) IA3 D1A#1 Left H1 (C1) IS3 D1A#1 Left H1 (C3) IS3 D1A#2 Left H1 (C5) IA3 D1A#1 Right H1 (C2) IS3 D1A#1 Right H1 (C4) IS3 D1A#2 Right H1 (C6) IA3 D1A#1 Left H1 (C1) IS3 D1A#1 Left H1 (C3) IS3 D1A#2 Left H1 (C5) IA3 D1A#1 Right H1 (C2) IS3 D1A#1 Right H1 (C4) IS3 D1A#2 Right H1 (C6)
Ports 0, 4, 5, 6 Sw#2
Ports 0, 4, 5, 6 Sw#1
Ports 1, 4, 5, 6 Sw#2
Ports 1, 4, 5, 6 Sw#1
Ports 2, 4, 5, 6 Sw#2
Ports 2, 4, 5, 6 Sw#1
36
Slot 1
SM E3 E4
U1 U2
Slot 1
SM E3 E4
U1 U2
Ethernet Switch # 2
1 2
3 4
25 26 Console 21 22 23 24
Ethernet Switch # 1
1 2
3 4
25 26 Console 21 22 23 24
Slot 1 Slot 2
2 2
1 1
2 2
1 1
Cluster Node #1
P P
SM E3 E4
U1 U2
Slot 1 Slot 2
2 2
1 1
2 2
1 1
Cluster Node #2
P P
SM E3 E4
U1 U2
Slot 1 Slot 2
2 2
1 1
2 2
1 1
Cluster Node #3
P P
SM E3 E4
U1 U2
Figure 2-28 Ethernet connectivity - 3 node cluster, RSM server, and Management Console
37
The Ethernet connections to each of the storage controllers (Ctrl A and Ctrl B) are depicted in Figure 2-29 for an Information Archive configuration with three storage controllers (one in the base frame, the other two in the expansion frame.
Ethernet Switch # 1
1 2
3 4
25 26 Console 21 22 23 24
2 1
2 1
CtrlA
1 2
CtrlB
DS4200 #2
1 2
2 1
2 1
CtrlA
1 2
CtrlB
2 1
2 1
CtrlA
1 2
CtrlB
DS4200 #1
1 2
DS4200 #1
1 2
IA3 Rack
Figure 2-29 Ethernet connectivity to storage controllers
IS3 Rack
38
The internal Ethernet network is also use for power control of the various components. The connections as well as the ports used on the internal Ethernet switches are shown in Figure 2-30.
Slot 1
SM E3 E4
U1 U2
Slot 1
SM E3 E4
U1 U2
Ethernet Switch # 2
1 2
3 4
25 26 Console 21 22 23 24
Ethernet Switch # 1
1 2
3 4
25 26 Console 21 22 23 24
Slot 1 Slot 2
2 2
1 1
2 2
1 1
Cluster Node #1
P P
SM E3 E4
U1 U2
Slot 1 Slot 2
2 2
1 1
2 2
1 1
Cluster Node #2
P P
SM E3 E4
U1 U2
Slot 1 Slot 2
2 2
1 1
2 2
1 1
Cluster Node #3
P P
SM E3 E4
U1 U2
Figure 2-30 Ethernet network for components power control (iPDUs not shown)
39
Adapters used for Ethernet connectivity to the external network for archiving applications to communicate with the cluster nodes, or for remote Information Archive administration (RSM server and Management Console) are depicted in Figure 2-31.
2 1 Slot 1 SM E3 E4 RSA
E1 E2
RSM server
Ey3 (copper)
2 1 Slot 1 SM E3 E4 RSA
E1 E2 Video
2 1 Slot 2 U1 U2 Serial
Management Console
E3 E4
IA Node
Ex1
Ex2
You have a choice between copper connection or fiber connection, as indicated: If you need fiber attachment, you must order a separate Host Fibre Ethernet Adapter, which is an optional feature. Such an adapter is required for all cluster nodes, the management node, and the RSM server. If you want to use copper-based cables, with the RJ45 interface, the onboard Ethernet connectors of the servers will be used and no additional hardware is required. The customer must provide the Ethernet cables required to connect the appliance to their network. You can use standard 10/100/1000 copper Ethernet cables (Cat 5e or higher) or fiber Ethernet cables. The number of cables required depends on the number of cluster node servers in the appliance: One cluster node server: six cables Two cluster node servers: eight cables Three cluster node servers: ten cables Additional network cables are required to configure the remote replication feature and to connect an optional storage-expansion rack, or tape library.
40
41
Primary 172.31.0.41 172.31.0.50 172.31.0.51 172.31.0.52 172.31.0.53 172.31.3.101 172.31.3.102 172.31.1.102 172.31.1.103 172.31.1.104 172.31.1.10N 10.0.0.100
Secondary 172.30.0.41 172.30.0.50 172.30.0.51 172.30.0.52 172.30.0.53 172.30.3.101 172.30.3.102 172.30.1.102 172.30.1.103 172.30.1.104 172.30.1.10N 10.0.0.200
Description Ethernet Switch 2 IPDU Frame 1left IPDU Frame 1 right IPDU Frame 2 left IPDU Frame 2 right IMM-iarsm1 IMM-iamconsole1 IMM-ianode1 IMM-ianode2 IMM-ianode3 IMM-ianodeN tcp/ip addresses on MCs for ERM ssh tunnel
42
Chapter 3.
43
2231-IS3 Expansion frame (optional): The expansion frame holds the following components: 2231-D1A Disk controller (one or two) 2231-D1B Disk expansion drawer (zero to ten) The 2231-IS3 expansion frame is required if you want to have more than one document collection in your IA. The number of collections required also impacts the number of cluster nodes and storage controllers required. For more information about hardware components, see Chapter 2, IBM Information Archive overview and components on page 9 At the time of writing, field upgrades are not possible for an Information Archive appliance that is already deployed. Contact your IBM sales representative for the latest information.
45
Disk storage
The minimum storage configuration for a collection consists of a 2231-D1A storage controller that contains eight disk drives. A pack of eight disk drives can be added to the 2231-D1A controller for a total of 16 disk drives. You can add additional disk drives to the collection in eight drive packs. However, for every 16 drives added to the configuration, you must add a 2231-D1B expansion drawer, which, like a controller, can be half-populated with eight disk drives or fully filled with 16 disk drives. You can add multiple expansion drawers to the controller for a maximum of six 2231-D1B expansion drawers in a IA3 frame, or a maximum of five expansion drawers for each storage controller installed in an 2231-IS3 frame. See 2.4, Storage configuration on page 27 for details. The base 2231-IA3 appliance frame supports only one storage controller and therefore only one collection. An expansion frame (2233-IS3) must be attached to the base frame to support two more collections. The expansion frame can host a maximum of two storage controllers (fully or half populated) and a maximum of 10 expansion drawers. The expansion drawers must be evenly distributed between the two controllers allowing for a maximum of five expansion drawers per collection. Each of the expansion drawers can also be half-populated (8 disks) or fully populated (16 disks).
Capacity planning
Determine space requirements for your collection(s). You can find valuable information to calculate the required space in the section, Estimating space requirements in the IBM Archive Introduction and Planning Guide, SC27-2324. Tip: Carefully consider your future storage requirements when ordering an Information Archive appliance. If you need to modify the configuration later, it might be necessary to shut down the appliance while the change is being made. For example, the appliance must be taken offline to upgrade hardware components, add storage, or to enable support for some optional features. The disks operate in a Redundant Array of Independent Disks, RAID 6 configuration to maintain data integrity even in the event of a disk failure. A RAID 6 array can recover from single and dual disk drive failures. Because of the RAID 6 configuration, two of every eight drives are reserved for parity. Also a spare drive is set aside in the first and seventh of eight drives. Therefore, the usable capacity is reduced by the space which is required for parity disks and hot spare disks. The remaining usable capacity can vary from 50% up to 70% of the physical capacity, depending on the hardware configuration. For details, and a comparison between raw and usable capacity, see Figure 2-19 and Figure 2-20 on page 30. The Information Archive V1.1 was delivered with 1 TB disk drives. With Information Archive V1.2, the disk subsystems are equipped with 2 TB disk drives by default. A collection with 2 TB disk drives cannot be expanded with 1 TB disk drives.
46
Attention: You cannot use tape drives to back up file document collections. The only supported method to back up objects in File Archive Collections is to use an external IBM Tivoli Storage Manager server.
47
Tape zoning: In an Enhanced Remote Mirroring configuration, Information Archive provides predefined tape zoning between primary and secondary sites. These zones enable the usage of tape drives across the sites.
Tape encryption
Consider your security requirements for data copied or moved to tape. If tapes will be moved to off-site locations, use encrypted tapes for security and compliance. This requires tape drive hardware that is encryption capable. For details about tape attachment and other tape related information, see Chapter 10, Tape attachment with IBM Information Archive on page 403.
48
Remote replication is enabled by purchasing the Enhanced Remote Mirroring feature key. The feature must be installed on each of the 2231-D1A storage subsystem in the appliance.
49
Therefore, if one storage subsystem is mirrored, all of the other storage subsystems in the Information Archive appliance must be mirrored too. If you order this optional upgrade, several additional components are included in both the primary and secondary appliances. These components include shortwave or longwave SFP transceivers in the SAN switches and additional Fibre Channel cables. You must determine which SFP type (SW or LW) is required in your environment. You have to purchase the Enhanced Remote Mirroring enablement for the disk subsystems and the Ports on Demand feature to enable eight additional ports in the Fibre Channel switch. Hardware: The hardware, including disk subsystems and cluster nodes for the primary and secondary appliance, must be configured identically.
50
be reduced. Select a document protection level that is appropriate for your regulatory compliance and legal discovery requirements. The level of protection affects all documents and policies that are contained within the collection. The protection levels are as follows: Base: You can delete documents before their retention period has expired and you can change the document retention period at any time. Intermediate: Documents cannot be deleted until after their retention period has expired, but you can change the document retention period. Maximum: You cannot delete documents until after their retention period has expired and the document retention period cannot be reduced. Maximum protection: All System Storage Archive Manager Collections use the maximum level of document protection. You cannot select another document protection level for those collections.
API client
Information Archive Version 1.2 supports the use of IBM Tivoli Storage Manager API client versions 5.5 and 6.1.
Security
In order to make the archived data more secure, the System Storage Archive Manager API client implements an encryption function, which allows you to encrypt data before it is sent to the Information Archive System Storage Archive Manager Collection. Consider this option if your security rules require an encrypted data transfer between clients and Information Archive. You can find more information about System Storage Archive Manager encryption in 5.3.8, Encryption on page 139.
51
Consider which level of security is really needed for your environment. Enable Enhanced Tamper Protection if your policy, local, or regulatory compliance requirements call for a level of data protection that includes root access prevention. You can enable the Enhanced Tamper Protection feature during initial configuration of the appliance, using the Initial Configuration Wizard (ICW). Important: After being enabled, Enhanced Tamper Protection cannot be disabled. If you do not enable Enhanced Tamper Protection, you must use other methods to prevent tampering and you must securely manage the root passwords on all servers in the appliance. Tip: If you are planning to test the appliance before using it in a production environment, consider enabling Enhanced Tamper Protection after you have completed testing. This can make it easier to remove test data from the appliance and to resolve problems that you might encounter during testing. If there is a need to gain root authority and Enhanced Tamper Protection is enabled, you have to call your local IBM support representative.
52
53
Check the section Delivery Requirements in Chapter 2 of the Introduction and Planning Guide, SC27-2324. Installation requirements: Ensure that your planned installation location meets space and floor load requirements. You can find rack measurements and information about service clearance in the section Installation Requirements in Chapter 2 of the Introduction and Planning Guide, SC27-2324. Power requirements: Determine the correct power outlet requirements, input voltage requirements, power connector requirements and power consumption for the Information Archive appliance. Each Information Archive rack requires two power connectors. The plug type of the power cable depends on the local power standards and requirements. For details, refer also to the Power Requirements section in Chapter 2 of the Introduction and Planning Guide, SC27-2324. Network cable requirements: Obtain the Ethernet cables required to connect the appliance to your network. These cables are not included with the appliance. You can use standard 10/100/1000 copper Ethernet cables (Cat 5e or higher) or fiber Ethernet cables, depending on your order. The number of cables required depends on the number of cluster node servers in the appliance: Two cables for the RSM server Two cables for the Management Console Two cables for each cluster node Example: One cluster node server: Six cables Two cluster node servers: Eight cables Three cluster node servers: Ten cables TCP/IP addresses requirements: All of the TCP/IP addresses must be on the same network or virtual LAN. You will need one TCP/IP address for each server and, in addition, a service IP address for each collection. For example, for a two cluster node configuration with two collections, you need: RSM Server Management Console Two cluster nodes Two collections In summary = = = = = 1 1 2 2 6 IP IP IP IP IP address address addresses addresses addresses are required.
TCP/IP addresses for RSM server, Management Console and cluster nodes TCP/IP addresses for collections Netmask Gateway address DNS server LDAP settings (required for File Archive Collections) Email notification settings SNMP notification settings You can find the Initial Configuration work sheet in Appendix B in the Introduction and Planning Guide, SC27-2324.
55
22 SSH 80 HTTP 443 HTTPS To use SSH for remote support, it might also be necessary to configure port mapping between the external firewall and the IP address and inbound port of the RSM server. If a user name and password are required to authenticate to the firewall, these credentials must be provided to IBM.
56
2. Run the Initial Configuration Wizard. 3. Assign administrative user roles. 4. Change RSM server passwords. 5. Configure call home feature. 6. Configure Enhanced Remote Mirroring feature, if ordered. 7. Attach tape devices, if applicable. 8. Define management classes for System Storage Archive Manager Collections.
iaadmin@IA-Primary:~> sudo /opt/tivoli/tiam/bin/verify_wellness Performing Verification of Wellness! Checking for SAN switch 1 Checking for SAN switch 2 Checking for ethernet switch 1 Checking for ethernet switch 2 Checking for ipdu 1 Checking for ipdu 2 Checking for ipdu 3 Checking for ipdu 4 Checking for DS4200 1 Checking for DS4200 2 Checking for DS4200 3 ... ... ... Performing software verification check. =============================== INFO: The output from this script has been captured in the /opt/tivoli/tiam/log/setupcheck.Jan_19_10_110844.log file =============================== The system has passed the wellness verification!
57
The output from this script has been captured in the /opt/tivoli/tiam/log/verify_wellness.Jan_19_10_110749 file Tip: An extended services engagement is also available, which can include migrating data from an IBM System Storage DR550 to the Information Archive appliance, as well as other configuration tasks.
3. After login, the Firefox web browser opens. The IBM Integrated Solution Console (ISC) logon window is displayed. 4. Log on to the ISC with userid iscadmin and password iscadmin as shown in Figure 3-2.
5. In the navigation tree on the left side of the ISC main window, select Information Archive Management Getting Started. An Information Archive administrative interface page, shown in Figure 3-3, opens with a message indicating that the system must be configured.
6. This step is only required, if you want to configure secure LDAP connections. If you do not want to use this feature, proceed with the next step. If you have copied the certificate file from the client LDAP server to a USB flash drive, complete the following steps to mount the drive: a. Insert the flash drive into an open USB port on the Management Console server. b. Go to the desktop of the Management Console server and open a terminal window. c. At the Management Console server prompt, enter the following command to obtain the device name of the USB flash drive: ls /dev/sd*. d. Enter the following command to mount the device: sudo mount_usb.py -d /dev/device_name. e. The USB flash drive is mounted as a read-only device at /media/usb.
59
Tip: To unmount the device after you complete the Initial Configuration Wizard, use the following command: sudo umount_usb.py -d /dev/sdb1. 7. Click Configure System (see Figure 3-4) to start the Initial Configuration Wizard.
8. On the welcome page for the Initial Configuration Wizard (Figure 3-5), click Next to continue.
9. Select the radio button I accept to accept the license terms that are displayed for the Information Archive software, and click Next to continue.
60
10.In the General dialog window, enter the appliance name, the time server name, or IP address, and your local time zone. Use the values from the Initial Configuration Planning Worksheet (Figure 3-6).
At the bottom of the same General dialog, select the appropriate check boxes for the document collection types (file collection or System Storage Archive Manager Collection) to be enabled. You must select one collection type, at minimum (Figure 3-6). Click Next when finished.
11.Now the Enhanced Tamper Protection page is displayed. Select the radio button on or off according to your planning worksheet and click Next to continue (Figure 3-8). You can find a detailed description of Enhanced Tamper Protection in 3.3.4, Enhanced Tamper Protection on page 51.
61
Tip: Keep Enhanced Tamper Protection off at this time. You can turn on after you have completed all implementation and test tasks and before placing Information Archive into production.
12.In the Security panel that is displayed (Figure 3-9), change the default passwords for the user iaadmin and iscadmin. Enter the new passwords and click Next to continue.
62
13.Enter the IP settings for Information Archive on the panel shown in Figure 3-10. All IP addresses must be in the same subnet. You can enter a starting address and click Assign. Then the system will number all nodes and document collections sequentially beginning with the specified starting IP address. You can also enter the IP addresses individually. On the right side you must enter domain name, subnet mask, gateway address and primary DNS server. A secondary DNS server is optional. Click Next, after you have filled out this panel.
14.If you have enabled File Archive Collections in step 10, you now see an LDAP settings window, as displayed in Figure 3-11, Initial Configuration Wizard - select LDAP. Select the appropriate radio button for your LDAP server type and enter the LDAP server IP address and choose the protocol, LDAP or LDAPS. If you choose LDAPS, you have to upload the certificate. The certificate file is on the USB flash drive that is already mounted. Enter /media/usb/<filename of certificate_file> in the input field and click Upload, Now, you have to enter the search distinguished base, the bind distinguished name and the bind password. The format of the input depends on the selected LDAP server type.
63
Figure 3-12 and Figure 3-13 provide illustrations of possible alternative implementations: Figure 3-12, LDAP Settings Active Directory shows a sample configuration for Microsoft Active Directory Service.
64
Figure 3-13, LDAP Settings Open LDAP shows a sample for the open LDAP configuration.
For further information about preparing LDAP servers for use with Information Archive, see Chapter 7, LDAP environments on page 227. Attention: If you have selected None (Use Static UID and GID Assignment), you need to administrate locally and manually on the shared file system, users, and groups that need access. Click Next, after you have completed your input. 15.In the next ICW dialog window, you can enter the notification method used to monitor Information Archive. You can activate these notification methods in any combination: Select the check box Send events by email, if you want email notification. Then enter the TCP/IP address and the port address of your mail (SMTP) server and define the mail addresses of the recipients, as illustrated in Figure 3-14.
65
Select the check box Send events by SNMP if you want to receive SNMP traps. Enter the SNMP listener address, the TCP port number and the community name in the appropriate input fields. See Figure 3-15. The values must match your SNMP server definitions. Mark the check box Send a test notification to immediately send a test message to the configured destinations, if desired. Click Next to continue.
16.On the summary window, compare all parameters with your planning worksheet and, if correct, click Finish to complete the Initial Configuration Wizard, or click Back if you want to correct your input. All settings are applied immediately. A reboot is not required. At this point, you will be able to also access the Information Archive graphical user interface remotely through an Ethernet network connection. To do so, enter the following web location in a web browser at a remote workstation: https://<IP_of_management_node>/ibm/console/logon.jsp
66
Creating a user
To create administrative users and define their roles, perform the following steps: 1. Log on to the administrative interface with userid iscadmin 2. Expand Users and Groups in the navigation tree and click Manage Users. 3. Select Create and enter a user name and define a password. You can also create user groups at this time. See 4.1.1, User and group management on page 72 to get more information about users and groups.
67
See 4.1.1, User and group management on page 72 for an overview of all user roles and their permissions. The administrative user roles that are assigned to a user or group determine which navigation items are displayed in the administrative interface.
Changing passwords: The passwd commands change the passwords that are used to log on to the RSM for Storage server command line. The rsm-passwd commands change the passwords that are used to log on to the RSM for Storage browser interface.
68
69
The following types of attachment are possible: Direct attachment: To connect the tape device directly to the cluster nodes, plug in the cables according to the following steps (Figure 3-16): a. Connect a Fibre Channel cable from Slot 2, Port 2 of the cluster node to the Fibre Channel port on your tape device. b. Connect a Fibre Channel cable from Slot 3, Port 2 of the cluster node to the Fibre Channel port on your tape device. Internal attachment: To connect the tape device to the internal Fibre Channel switch, plug in the cables according to the following steps (Figure 3-16): a. Connect tape devices at Port 9 and 11 of SAN switch 2 (upper SAN switch). b. Connect tape devices at Port 9 and 11 of SAN switch 1 (lower SAN switch). External attachment: To connect the tape device to an external Fibre Channel switch, plug in the cables according to the following steps: a. Connect a Fibre Channel cable from Slot 2, Port 2 of the cluster node to your external Fibre Channel switch. b. Connect a Fibre Channel cable from Slot 3, Port 2 of the cluster node to your external Fibre Channel switch.
70
Chapter 4.
71
72
Managing users
To create administrative users locally at the Information Archive, logon (as iscadmin) to the Management Console and complete the following steps: 1. Expand Users and Groups in the navigation tree. 2. If you want to create local user accounts, click Manage Users (see Figure 4-1) and click Create to add one or more administrative users. The Create a User dialog is displayed (Figure 4-2). If you are using LDAP, you can skip this step and proceed with Assigning administrative user roles on page 74.
3. Enter appropriate data in the corresponding field as illustrated in Figure 4-2, then click Create. Users can also be part of a user group. Use the Group Membership button to assign a user group. For more details about user group membership, see Managing groups on page 77.
73
Users and groups can be assigned multiple administrative user roles. Use the Ctrl and Shift keys to select multiple roles. The following roles are available: Administrator Operator Configurator Monitor Deployer
74
adminsecuritymanager iscadmins suppressmonitor tsmAdministrator tsmUser reportAdministrator reportViewer IA Auditor IA Operator IA Archive Administrator IA System Administrator For a description of the various user roles, click the HELP button in the upper right corner on the administrative interface. Tip: Consider assigning the suppressmonitor role to all users. Assigning this role reduces the number of navigation items shown in the Information Archive GUI that are not directly related to managing the Information Archive appliance. The user roles that are assigned to a user or group determine which navigation items are displayed in the administrative interface. For example, the collection overview panel is visible only to users having the Information Archive Administrator or Information Archive Operator roles. Administrative user roles also determine which commands can be issued through the Information Archive command line interface. The roles also determine which tasks administrators are authorized to perform. It is good practice to use various administrative user accounts to separate administrative tasks in Information Archive. Mostly, you will need four separate user roles (IA Archive Administrator, IA System Administrator, IA Auditor, and IA Operator), as defined next. The IA Archive Administrator can perform general collection-related management operations and health reporting actions that include the following tasks: Configure metadata fields Configure, modify, and monitor collection properties, migration, and System Storage Archive Manager collections Create and delete retention policies Delete and manually commit documents Grant access permissions Grant audit log access to other users Monitor documents in expired, retention hold, uncommitted, and ingestion failure states Access the health monitor to view status for overall appliance, collections, and clusters The IA System Administrator can perform system and storage management operations that include the following tasks: Configure user access to the Tivoli Storage Manager and System Storage Archive Manager servers and storage pools Configure event notification conditions and actions Configure logging and tracing, the call home feature, external IP addresses, virtual IP address ranges, the LDAP server, cluster node password, and the NTP server Stop and restart cluster nodes
Chapter 4. System administration and operations
75
Put cluster nodes into maintenance mode Download component logs Monitor collection resources Monitor storage capacity, cluster nodes, and network interface servers Monitor the overall status of collections, cluster nodes, interfaces, and storage Suspend collections for maintenance The IA Auditor is authorized to perform the following tasks: Download audit logs The IA Operator can access all pages in the administrative interface (in read-only mode) that are accessible to the archive administrator and system administrator roles to perform the following tasks: Monitor collection resources and properties Monitor documents in expired, retention hold, uncommitted, and ingestion failure states Monitor the general and specific status of collections, clusters, storage, and interfaces Monitor storage capacity, cluster nodes, and network interface servers In the illustrations shown in Figure 4-4 and Figure 4-5, you can compare the task views presented by the Information Archive GUI for an administrative account and an auditor account, respectively. The window left pane displays only those tasks that apply to the current user role.
Figure 4-4 Information Archive GUI welcome panel for Information Archive administrator
For example, the Administrator Account has the Tivoli Storage Manager, the User Management and the Information Archive Management tasks available. The task list for the Information Archive Operator shows only the Information Archive Management task.
76
Figure 4-5 Information Archive GUI welcome panel for Information Archive auditor
To modify assigned administrative user roles, log on to the administrative interface with a user account that has the adminsecuritymanager role assigned, and complete the following steps: 1. Expand Users and Groups in the navigation tree. 2. Click Administrative User Roles. 3. In the table, click the user name to modify. 4. Enter changes into the form, and click OK.
Managing groups
You can also define access rights at the user group level. The advantage of doing so is that the access rights will apply to all members of that group. You can work with user groups configured in LDAP (using File Archive Collections) or locally configured user groups (when using System Storage Archive Manager). To create groups locally on Information Archive, log on to the administrative interface (Information Archive GUI) and complete the following steps: 1. Expand Users and Groups in the navigation tree. 2. If you have only enabled support for System Storage Archive Manager collections, click Manage Groups (see Figure 4-6) and click Create to add one or more administrative user groups.
77
3. The Manage Groups dialog is displayed (see Figure 4-7). If you have only enabled support for File Archive Collections, continue with Administrative group roles on page 79. 4. Enter appropriate data in the corresponding field as illustrated in Figure 4-2, then click Create.
78
4. Select the administrative roles for the specific user group. User groups can be assigned multiple administrative user roles. Use the CTRL and SHIFT keys to select the roles. The roles available and configurable are listed in Assigning administrative user roles on page 74.
79
5. After a user group is configured, you can add users to the group, or you can select a group while configuring a user: a. Expand Users and Groups in the navigation tree. b. Click Manage Users. c. In the table, click the user name to modify. The user properties window will be displayed as shown Figure 4-9. d. Click Groups in the upper right corner to open the User Group Window.
80
f. Specify the search criteria to find the groups to which you want to assign that user (Figure 4-11).
g. Select the user group or groups to which you want the user to belong. h. Click Add to confirm the selection. If successful. you get the message shown in Figure 4-12.
After administrative user groups are defined, you can modify and update the roles. Log on to the administrative interface with a user account that has the adminsecuritymanager role assigned, and complete the following steps: 1. Expand Users and Groups in the navigation tree. 2. Click Administrative Group Roles. 3. In the table, click the user group to modify. 4. Enter changes into the form, and click OK.
81
Tip: A password change for the default account iaadmin in IBM Systems Director is not required because the password change for iaadmin in the Information Archive GUI is propagated to IBM Director automatically. See Changing the iaadmin password on page 82.
Select No to continue to the DS Storage Manager Enterprise Window. Because the DS Storage Manager was customized for compliance, it will prevent deletion or modifications by the user anyway. Therefore it is not required, and actually it is better not to set a password.
83
Important: Do not set a password in the DS Storage Manager. The RSM server and Management Console will run certain SMcli commands to collect information from the storage controllers. A password can block various queries from these nodes.
84
Important: Only the packages that are made available specifically for Information Archive can be used to upgrade the appliance. Do not apply any other hardware or software updates to any components in the appliance, unless you are directed to do so by an IBM service representative. Upgrade packages are published on the Information Archive support website: http://www.ibm.com/systems/support/storage/disk/InformationArchive The Management Console has no Internet access. Because of internal firewall rules, you cannot download an upgrade package directly to the server. You have to download the upgrade package to another computer and use SCP, a DVD, or USB flash drive to transfer the package to the Management Console server. Physical access to the appliance is sometimes required to complete an upgrade. Tip: You can subscribe to the support website to receive an email notification when new upgrade packages are available. The subscription feature is called My notifications. Use the following link to access the My notification page. https://www.ibm.com/systems/support/myview/subscription/css.wss/folders?methodName =listMyFolders You can add all products to which you want to subscribe, and you are informed by email. The frequency of those emails can be configured on the My notifications page shown in Figure 4-14.
Each upgrade package includes cumulative fixes for one or more appliance components.
85
Important: All of the collections in Information Archive must be suspended during an upgrade; documents cannot be archived and retrieved until the upgrade is complete. A typical upgrade takes less than six hours. Tip: If you have Enhanced Remote Mirroring, always run the upgrade first on the secondary appliance. You do not need to suspend the collection and put the nodes in maintenance mode (this is not possible on a secondary appliance). Just reboot the Management Console server at the secondary Information Archive and run the upgrade script.
86
87
Important: Do not download the RSM server software from the RSM web page. Information Archive uses a special version of RSM for compliance. See Accessing the RSM server on page 97 for information about how to access the RSM. There are four management areas and one log section on the RSM main page: System Configuration Reporting and Alerts Internal Firewall Remote Access Statistics and Logs These management areas and log section are shown in Figure 4-16,
System configuration
The System Configuration page shown in Figure 4-17 allows you to specify the following information: Company name and address One or more contact people that IBM Service must call or email when responding to a problem report Connection information about the RSM for Storage system Storage controllers to be monitored by the RSM system Other SAN devices System activation There are three validation checks made for the configuration information. The first check occurs when you click the Update Configuration button on each configuration page. This verifies the format and content of each configuration field. Any problem will be indicated with a Configuration Incomplete status. When all configuration Incomplete problems have been fixed, an option will be available at the bottom on the System Configuration page to run a Configuration Test. This test checks that the RSM for Storage system has TCP/IP connectivity to all configured storage devices, with the attached external modem if configured, and that each of the storage controllers can be contacted. Problems detected during the test are indicated with a Configuration Problem status.
88
Error correction: The RSM server software will not process any events until all configuration errors are corrected and the System Activation step has been completed. For Information Archive, this is normally already done by manufacturing. A third configuration check occurs each day when each storage controller is contacted to verify connectivity. This check will detect the following situations: If a new version of controller firmware has been installed: This condition will require an update to RSM for compatibility. In Information Archive, this situation is not expected to occur, because normally you have to update the whole appliance, including necessary firmware updates. If any new expansion drawers have been added to the storage controller: When a new enclosure (drawer) is detected, the configuration status for the storage controller in RSM changes to Incomplete and you need to add the IBM Machine Type and Serial number for the enclosure to the RSM configuration. A typical System Configuration page is shown in Figure 4-17.
89
IBM will respond to the alert by connecting to the RSM system, at which time they will either acknowledge or close all of the alerts for the storage controller. Alerts are acknowledged to indicate that they have been seen by IBM Service but work on the problem has not been completed. Closing all of the alerts for a storage controller indicates that service is complete. When all alerts for a storage controller are closed, the RSM software will consider the next event from that storage controller to be a new problem and an alert will be sent to IBM Service. The Reporting and Alerts page will show the number of alerts sent, acknowledge, and pending for each storage controller that has active alerts. Pending alerts are ones that are candidates to be sent to IBM Service, but are being held at the RSM system for one of three reasons: Holding, Queued, or Waiting. Holding: Another alert has already been sent to IBM Service for the storage controller. Queued: The RSM for Storage software attempted to send the alert, but received an error. The most likely cause is a network problem that prevents the RSM for Storage software from reaching the SMTP server. The RSM for Storage software will attempt to re-send the alert every few minutes. Waiting: IBM Service was remotely connected to the RSM system when the alert occurred. If all other alerts have been closed and the remote user disconnects without acknowledging this alert, it will then be sent to IBM Service as a new problem.
Internal firewall
The firewall page shown in Figure 4-19 provides status for the RSM server internal firewall. The purpose of the internal firewall is to limit the scope of access that local and remote users of the system have to your network. The normal state for the firewall is Enabled:Closed which means that the firewall is operational and configured to allow SNMP traps to be received and emails to be sent. However, access to other devices on your network is not allowed. The Enabled:Custom state indicates that one or more custom rules have been added to /etc/rsm/rsmfirewall.conf. These rules will be active any time the firewall is enabled.
90
The Enabled:Open state means that access to one or more other devices has been enabled. The firewall allows access to any storage controller that has an active alert, and also storage controllers that have been placed in Service Access mode. Disabling the firewall allows unrestricted access from the RSM for Storage system to your network. To maintain the security of your network, disabling the firewall will also disable remote access. Likewise, enabling Remote Access will automatically enable the firewall.
91
The Activity Log contains time stamped entries for actions performed by the RSM
software. The Security Log contains time stamped entries for actions performed by the RSM for software that affect the security of the system. The System Log contains time stamped entries for actions performed by the Operating System were the RSM software is running.
92
93
Recovery Guru: The Recovery Guru is a component of the Management Window that diagnoses storage controller problems and describes recovery procedures to fix the problems. To display Recovery Guru, select the Recovery Guru toolbar button in the Subsystem Management Window. Event log: Use the Event Log Viewer to display a detailed list of events that occur in a storage controller. The Event Log is stored on reserved areas on the storage controller disks and records configuration events and storage controller component failures. The Event Log stores approximately 8,000 events before replacing them. Use the following procedure to display events: From the Subsystem Management Window, select Advanced Troubleshooting View Event Log.
94
Specify or type the number of events to retrieve in the Retrieve most recent events spinner box. When View only critical events is selected, the box is labeled Retrieve most recent critical events. To view details about a selected event, select View details. Click Update to retrieve new events from the storage subsystem for display.
4.2 Operations
In this section, we describe how to start and stop Information Archive and how to access the system components. The Information Archive appliance components must be started and stopped in a specific order. Cluster nodes can be stopped, restarted, or put into maintenance mode. Maintenance mode prevents the cluster management software from trying to restart the node if it is stopped or if an error occurs. Cluster nodes must be put into maintenance mode before a software upgrade on the Information Archive appliance.
95
96
97
98
4. As shown in Figure 4-27, you have to select the Category Session from the left menu. Then do the following steps: a. Enter the Management Console server TCP/IP address in the Host Name section b. Select the SSH Protocol and the Port 22 c. Click Open to start the SSH session
99
5. Log on to the Management Console using the iaadmin user account. 6. Run the command sudo SMclient to start the DS Storage Manager interface on your remote computer. This is shown in Example 4-1.
Example 4-1 Starting the SMclient
login as: iaadmin Using keyboard-interactive authentication. Password: Last login: Fri Feb 19 17:30:07 2010 iaadmin@IA-Primary:~> sudo SMclient If the configurations settings are correct, you get a window as shown in Figure 4-28.
100
Logging on to the IBM Systems Director using the Information Archive GUI
Log on to the IBM Systems Director as follows: 1. Log on to the Information Archive GUI. 2. Expand Information Archive Management in the navigation tree. 3. Click Service Tools. From the Service Tools window shown in Figure 4-24, select Open IBM Systems Director on Local Appliance locally. 4. Log on using the iaadmin user account and password. You get the Welcome to IBM Systems Director window as shown in Figure 4-29.
For details about the IBM Systems Director, see 9.3, Using IBM Systems Director in Information Archive on page 365.
101
102
iaadmin@IA-Secondary:~> ia_powercontrol -d ianode3 Node attached to power control hardware at 'ianode3' powered down.
103
104
Powering on the cluster node server from the Information Archive GUI
Log on to the Information Archive GUI and complete the following steps: 1. Expand Information Archive Management in the navigation tree. 2. Click System Management. 3. In the Cluster Nodes section, complete the following steps: a. Click the start icon button next to the cluster node as shown in Figure 4-32. If the cluster node was shut down using the Information Archive GUI, it starts in maintenance mode. b. Click the maintenance mode button next to the cluster node to bring it out of maintenance. A typical maintenance button is shown in Figure 4-30.
105
3. Click System Management. 4. In the Cluster Node section, click the stop icon next to the first cluster node as shown in Figure 4-33.
106
4. In the next window, click Put Node into Maintenance Mode, as shown in Figure 4-36.
107
4. Confirm that you really want to suspend the collection. Click Yes or No.
Tip: You might have to scroll up the web browser window to see the Yes or No button.
108
4. In the Logging and Tracing section, click Download logs. When the logs are ready, a dialogue box appears. Specify where to save the compressed file and the file is downloaded. If you use the keyboard video mouse console to download the logs, they are saved in the /home/iaadmin directory on the Management Console.
109
4.3.1 Definitions
This section explains some terms and concepts often used in the context of the Information Archive CLI: wsadmin The wsadmin tool is used to manage WebSphere Application Server as well as the configuration, application deployment, and server run-time operations. The Information Archive CLI only supports the Jython scripting languages. The wsadmin launcher makes several scripting objects available: AdminConfig, AdminControl, AdminApp, AdminTask, and Help. Scripts use these objects for application management, configuration, operational control, and for communication with MBeans that run in WebSphere Application Server processes. jython Jython, successor of JPython is a pure Java implementation of the Python programming language that allows you to run Python programs on any Java platform. iacli.sh The iacli.sh is a script, available on the Information Archive Management Console to run Information Archive CLI commands. The script will check Information Archive appliance prerequisites before the wsadmin tool is opened. Information Archive CLI commands are case-sensitive. Enter all commands using lowercase characters.
110
iaadmin@IA-Primary:~> iacli.sh IA Username: iscadmin IA Password: CTJIC0151I The IBM Information Archive command line is ready for use. IACLI> showsystemstatus
111
----Cluster Node Status---Cluster Node Name: Cluster Node IP: Collections Hosted: State: ianode1 172.31.1.1 NFS1, SSAM1 running
----Storage Subsystem Status---Controller Name: Hosted Collection: Capacity: Cache Hit Ratio: Throughput: I/O Rate: Remote Replication Status: iastorage1a NFS1 9.95 TB 1.0% 2.9 MB/sec 59.3 KB/sec Synchronized
Controller Name: Hosted Collection: Capacity: Cache Hit Ratio: Throughput: I/O Rate: Remote Replication Status: ----Tape Library Status---Library Name: Library Name: Drive 1: Drive 2: IBM IBM IBM IBM
00L4U78F6723_LL1 3573-TL /dev/IBMchanger0 00L4U78F6723_LL0 3573-TL /dev/IBMchanger1 1310127710 ULT3580-TD4 /dev/IBMtape0 1310125225 ULT3580-TD4 /dev/IBMtape1
IACLI>quit iaadmin@IA-Primary:~> Tip: For information about using the Information Archive command line interface, enter help. To view a full list of available commands, enter help -listcommands yes.
112
Login as iaadmin. iaadmin@IA-Primary:~> /opt/tivoli/tsm/AC/ISCW61/bin/wsadmin.sh -user administrator -password password -lang jython -c "print AdminTask.showsystemsettings('')" WASX7209I: Connected to process "tsmServer" on node tsmNode using SOAP connector; The type of process is: UnManagedProcess ----General Appliance----
Name: Time Server: Enhanced Tamper Protection: File Archive Collections: System Storage Archive Manager collections: ----File Sharing---Protocol Web Sharing (HTTP) Network File Sharing (NFS) ----LDAP Settings---Status RUNNING RUNNING Port 80 2049
LDAP Server: 9.153.1.100 LDAP Port Number: 389 LDAP Type: ITDS Search Base: dc=ArchiveSolutionCompetenceCenter,dc=Leipzig,dc=local Bind Distinguish Name: cn=Administrator,dc=ArchiveSolutionCompetenceCenter,dc=Leipzig,dc=local SSL Enabled: no SSL Certificate: n/a
113
# # This script will display IA system settings # print AdminTask.showsystemsettings('') print AdminTask.listcollection('-format detailed') print AdminTask.shownotification('') 3. Save the Jython script with a .py file extension on the Management Console. 4. At the Management Console prompt, issue the following command to run the Jython script: /opt/tivoli/tsm/AC/ISCW61/bin/wsadmin_cli.sh -user ia_user -password ia_password -lang jython -f path_to_jython_script Where ia_user is an administrative user account with the authority to run the scripted commands, ia_password is the password for the administrative user, and path_to_jython_script is the location of the Jython script on the Management Console server. For example: /opt/tivoli/tsm/AC/ISCW61/bin/wsadmin_cli.sh -user administrator -password password -lang jython -f /home/iaadmin/query_system_setting.py Attention: Created scripts are not backed up automatically. It is a user responsibility.
114
Chapter 5.
115
Web-browser
Each System Storage Archive Manager Collection is hosted by a dedicated IBM System Storage Archive Manager server. The System Storage Archive Manager server is running on a Linux operating system on one of up to three cluster nodes, depending on how many cluster nodes are available in the configuration. Each System Storage Archive Manager Collection is using its own, dedicated disk storage subsystem. The IBM System Storage Archive Manager is an integrated component of the PID 5608-IAF Information Archive software. Because the IBM System Storage Archive Manager is the core component of the System Storage Archive Manager Collection where all retention policies and data are managed, we explain the functions and features in detail in the following topics. The underlying file system is the IBM General Parallel File System (GPFS), where the System Storage Archive Manager server stores its own IBM DB2 database and the archived data. The System Storage Archive Manager DB2 database is used to maintain management information such as retention policies and access credentials. The archived data is not held in the database, hence it is stored by System Storage Archive Manager storage pools directly into GPFS. The System Storage Archive Manager server makes use of GPFS functionality by a certain setup within the Information Archive appliance. For instance, System Storage Archive Manager uses file device classes instead of random access file device classes. With that setup, the appliance can store and manage multiple billions of documents over its deployment lifetime.
116
The System Storage Archive Manager Collections are created and administrated through the IA GUI running on the Management Console. The graphical user interface (Information Archive GUI) on the Management Console can be accessed through a HTTP web browser. The Information Archive GUI works with various user roles and shows various panels and results depending on those roles. Each administrative user has to log on to the Information Archive GUI with its own user account and password. Optionally you can attach tape devices to the Information Archive appliance. Tape attachment is already preconfigured in Information Archive and therefore very easy to configure. With tape attachment, you can automatically migrate data from disk to tape. Thresholds and migration delays are used to control the migration process and guarantee the availability and performance for your data. With tape attachment, you can also back up and restore the System Storage Archive Manager environment and help prepare for disaster protection. To use the System Storage Archive Manager Collection, you must follow four basic steps: 1. Create a System Storage Archive Manager Collection from the Information Archive GUI within the Information Archive Management Console. The Create Collection Wizard will guide you through the entire process. Tip: Before you create a System Storage Archive Manager Collection, you must enable support for this collection type. If support was not enabled during initial configuration, you can use the appliance properties notebook to enable the support. 2. Configure the retention policy for the new collection by creating a System Storage Archive Manager policy domain or configuring the default System Storage Archive Manager policy domain that is created during the creation of the collection. System Storage Archive Manager is also administrated at the administrative interface in the Management Console, you can use the Information Archive GUI or command line (Information Archive CLI). 3. Register a client node in System Storage Archive Manager so you can create an account on the Information Archive server for client applications (archive applications). 4. Configure an external archive appliance, such as the one corresponding to a System Storage Archive Manager client node registered in step 3, to use Information Archive as storage device. The external archive appliance is not part of the Information Archive appliance. If you are using document management systems or other archive applications that cannot connect to the Information Archive by the System Storage Archive Manager interfaces, you might consider using the open standard interfaces of Information Archive. These interfaces are not covered in this chapter, however, we describe them in Chapter 6, File Archive Collections on page 167.
117
Tip: IBM Tivoli Storage Manager and IBM System Storage Archive Manager share the same source code for executables but are intended for other usage. These two products have unique licenses. However, only the System Storage Archive Manager server shows the unique name, whereas all accompanying components for that server are still named with IBM Tivoli Storage Manager. System Storage Archive Manager provides storage management services that permit users to archive files from their workstations or file servers to archive retention protected storage. Archived copies of files can be retrieved to local workstations. System Storage Archive Manager also includes an application program interface (API) client program that you can use to enhance a content-management application with storage management services. When an application is registered with a server as a client node, the application can archive and retrieve objects from archive retention-protected storage. We refer to all those applications in general as archive applications. System Storage Archive Manager uses chronological and event-based retention policies. Chronological retention is a calendar-based policy in which the final expiration countdown begins when an object is sent to System Storage Archive Manager storage. Event-based retention requires a predefined activation event to occur before the final expiration countdown starts. System Storage Archive Manager provides the ability to override prescribed retention policies using the deletion hold and release events. System Storage Archive Manager offers rich functionality and features giving you a powerful and comprehensive archive retention solution, hence they can all be found in the Information Archive appliance: System Storage Archive Manager runs on vendor neutral storage technology, giving you the ability to utilize hundreds of types of disk, tape, optical, and DVD media on which to retain your data. In case of Information Archive, the internal disk storage subsystem can be extended over the time and can also be replaced when necessary. Substitution of the disk storage subsystem is accompanied by System Storage Archive Manager with data migration services and validation methods for data integrity. Hierarchical storage capabilities allow you to create policies so data is stored on the type of media that best meets data longevity, access speed, and cost needs. For instance, with Information Archive, you can attach tape devices to back up all data. Migration automates moving data from one type of media to another as media needs change, and as new types of media become available in the market. Archive Manager's expiration policies expire the data when it is no longer needed, thus freeing up the WORM protected disk storage media and saving you money. With Information Archive, the expired data in the disk storage subsystem will be erased and the space will be used again to store new data. If needed, data shredding can be configured to erase the data in an even more secure way. Off-site protection of the data is standard in the System Storage Archive Manager. Off-site copies can be created onto any of the hundreds of types of media supported, and like the primary copy, is policy-managed to allow for expiration. WORM tape devices are a good choice for that kind of protection. It is beyond the scope of this book to explain System Storage Archive Manager in detail. This book focuses on the System Storage Archive Manager fundamentals necessary to understand the Information Archive appliance and explores what customizing has already been done to the System Storage Archive Manager server provided in Information Archive.
118
Tip: For a detailed overview of System Storage Archive Manager V6.1 and its complementary products, see the IBM Tivoli Storage Manager Version 6.1 information center at the following location: http://publib.boulder.ibm.com/infocenter/tsminfo/v6/index.jsp
S erver E nvironment
Integrated S olutions Console Administration Center
TS Administrative Client M
S erver
TS Backup-Archive Client M
- Lapt op, Desktop - Workstat ion - File Server - Server (Print , Proxy, ) F F lat ile Web Browser DB LOG Disk
File S erver
-F S ile erver Flat File
TSM for HS M
Tape
SS S AM erver
S torage Repository
Application Server
- Database Server - E-Mail Server - ER Server P - Port al Server - File Server Legacy D a at
TS API M
The System Storage Archive Manager server is running in the Information Archive appliance while various clients are based upon any archiving application connected to the System Storage Archive Manager server through TCP/IP networks. The core product of the entire System Storage Archive Manager environment is the System Storage Archive Manager server with its relational database and storage repository. The server basically provides data management, retention policies, and storage. The System Storage Archive Manager server can be administrated from any available Tivoli Storage Manager administrative client, which is represented by executable files, and a command line interface, which is connected to the System Storage Archive Manager server or to another administrative server called the Integrated Solutions Console (ISC). The ISC can be reached with any web browser in the enterprise. The ISC is a generic IBM administration interface where various applications can be embedded through plug-ins. The plug-ins are called the IBM Tivoli Storage Manager Administration Center (Administration Center) and in the case of a System Storage Archive Manager server, you first log in to the ISC and then can administrate the System Storage Archive Manager server with the embedded Administration Center. Both components (ISC and Administration Center) are available with Information Archive.
119
From a System Storage Archive Manager perspective, the System Storage Archive Manager clients are systems that exchange data with the System Storage Archive Manager server through TCP/IP networks. There are two types of System Storage Archive Manager clients: The first type of client, the IBM Tivoli Storage Manager backup-archive client, is able to use System Storage Archive Manager directly as a storage repository for archive data. Because the System Storage Archive Manager server is intended to help with regulatory retention, the IBM Tivoli Storage Manager backup-archive client is not able to use its backup functions with the System Storage Archive Manager server. They are disabled. The second type of client uses the IBM Tivoli Storage Manager Application Program Interface (API). Products that use the API with System Storage Archive Manager are typically document content management systems, enterprise content management systems, and so on. Tivoli Storage Manager for HSM for Windows is also a product that uses the API to do hierarchical storage management for NTFS file systems on Microsoft Windows. Although various types of System Storage Archive Manager clients can use a storage area network (SAN) for their normal business, like LAN-free backup and restore, they are not able to do so with System Storage Archive Manager in Information Archive. Due to the necessity to share the back-end storage devices between the server and the client in case of SAN services, Information Archive avoids that for compliance reasons. Attention: Archive applications (System Storage Archive Manager clients) can only communicate over TCP/IP when archiving to an Information Archive System Storage Archive Manager Collection.
120
DBDirectory
ACTIVELOGDirectory
S0000011.LOG S0000012.LOG
Database MIRRORLOGDirectory
S0000011.LOG S0000012.LOG
ARCHLOGDirectory
S0000000.LOG S0000001.LOG
ARCHFAILOVERLOGDirectory S0000006.LOG
Figure 5-3 System Storage Archive Manager database, database log files, and database backup files
The active log is used to store current in-flight transactions for the server. For example, if the server has 10 archive client sessions performing archiving or retrieving, the transactions used by those sessions will be represented in the active log and used to track changes to the server database such as the insert, delete, or update to records for tables within the server database. The archive log contains copies of closed log files that were in the active log at an earlier time. The archive log is not needed for normal processing, but is typically needed for recovery of the database. To provide roll-forward recovery of the database to the current point in time, all logs since the last database backup must be available for the restore operation. For the System Storage Archive Manager server, the archive log is included in database backups, so that it can be used for roll-forward recovery of the database. The pruning of the archive log files is based on full database backups. Backups can be written to attached storage devices like disk storage subsystems or tape devices. System Storage Archive Manager can designate a secondary archive log location, also called an archive failover log directory. The archive failover directory is used by the server if the archive log directory runs out of space. Specifying an archive failover directory is optional, but can prevent problems that occur if the archive log runs out of space. With Information Archive, thanks to GPFS and the overall storage capacity, it is very unusual for the archive log directory to run out of space. Hence, there is no secondary archive log location with Information Archive. When the active log contains log files that are full, the log files are closed by DB2 and get copied to the archive log directory, transactions might still be active when the file gets archived. The server continues to copy full log files to the archive log directory until the directory becomes full, then copies will go to the failover archive log directory. If even the failover archive log directory fills up, for example, because of unexpected workload, the active logs will retain in the active log directory. This can result in an out of log space condition and a server halt if the active log directory fills up, too. Information Archive health monitoring as well as its reporting and monitoring features help you become aware of that situation in advance.
121
Storage repository
A System Storage Archive Manager server can write data to more than 400 types of devices, including hard disk drives, disk arrays, and subsystems, stand-alone tape drives, tape libraries, and other forms of random and sequential-access storage. The media that the server uses are grouped into storage pools, and various device classes support the various technologies. For the Information Archive appliance, the storage pools are implemented through a private SAN attachment to the 2231-D1A disk controllers. The disk subsystem is configured as a Redundant Array of Independent Disks (RAID) 6 to maintain data integrity even in the event of two disk failures. The filesystem is build upon the IBM General Parallel File System (GPFS) and System Storage Archive Manager leverages that file system with its database and recovery log as well as with all archived data. The base 2231-IA3 appliance frame supports only one Storage Controller and therefore only one collection. An expansion frame (2231-IS3) can be attached to the base frame to support two more storage controllers and so also two more collections, if needed. Multiple System Storage Archive Manager collections are typically needed for very large environments to balance the work load, and for compliance reasons to divide systems physically. Optional tape attachment with Information Archive can expand the storage repository to migrate data and to use backup and restore as well as disaster protection. Tip: Although optional, it is highly desirable to use the tape attachment feature for Information Archive. Tapes extend the Information Archive storage capacity by allowing migration from the default appliance disk media. Moreover, you can also make backups of your archived data and other elements of your Information Archive appliance, enabling Enhanced Remote Mirroring protection.
Client nodes
A client node, in the context of the Information Archive System Storage Archive Manager Collection, is an application that communicates and transfer data objects for archiving to the System Storage Archive Manager server. Therefore, the client often is referred to as archiving application. A client node is registered in a policy domain and bound to the policies of that domain on the server. There are three types of client nodes that can be used directly with the System Storage Archive Manager server: IBM Tivoli Storage Manager API IBM Tivoli Storage Manager backup-archive client IBM Tivoli Storage Manager for HSM for Microsoft Windows
122
Alternatively, some vendor applications exploit the API by integrating it into their software product to implement new data management functions or to provide archival functionality on additional system platforms. Some examples are IBM Content Manager, IBM Content Manager OnDemand, IBM CommonStore for SAP R/3, IBM InfoSphere Content Collector, IBM Optim, and IBM Filenet. The API is published to enable customers or vendors to implement their own solutions following their special needs, including full documentation available on the Internet. For more information, see IBM Tivoli Storage Manager: Using the Application Programming Interface, SC23-9793, available at: http://publib.boulder.ibm.com/infocenter/tsminfo/v6/topic/com.ibm.itsm.client.deve lop.doc/b_api_using.pdf
123
Tip: An IBM Tivoli Storage Manager for HSM for Windows client can migrate and recall data with System Storage Archive Manager, whereas an IBM Tivoli Storage Manager for Space Management client cannot. Therefore, do not plan to migrate files from UNIX and Linux into Information Archive through the IBM Tivoli Storage Manager HSM client.
Administrative interfaces
The administrative interfaces allow administrators to control and monitor server activities, define management policies for clients, and set up schedules to provide services to clients and the server at regular intervals. Administrative interfaces available include a command-line administrative client (dsmadmc) and a web browser interface called the Administration Center. The Administration Center is embedded in the Integrated Solutions Console (ISC) and allows you to manage and control multiple servers from a single interface that runs in a web browser. Information Archive supports both types of administration, that is, you can use the command-line administrative client as well as the Administration Center within the ISC. Also, depending on how many document collections you are using, there are several System Storage Archive Manager or IBM Tivoli Storage Manager servers reachable from only that one Administration Center.
iaadmin@IA-Primary:~> dsmadmc -server=SSAM1 IBM Tivoli Storage Manager Command Line Administrative Interface - Version 6, Release 1, Level 3.3 (c) Copyright by IBM Corporation and other(s) 1990, 2009. All Rights Reserved. Enter your user account: Enter your password: Session established with server SSAM1: Linux/x86_64 Server Version 6, Release 1, Level 2.2 Server date/time: 02/22/2010 17:29:03 Last access: 02/18/2010 21:53:38 tsm: SSAM1> itsoadmin
124
Administration Center
For the central administration of one or more System Storage Archive Manager instances, as well as the whole data management environment, System Storage Archive Manager provides a Java-based graphical administration interface called the Administration Center, which is installed as an Integrated Solution Console (ISC) component. The Administration Center and the ISC are preinstalled and started automatically at the Information Archive appliance. The IBM Tivoli Storage Manager Administration Center enables administrators to control and monitor server activities, define management policies for clients, and set up schedules to provide services to clients at regular intervals. Figure 5-4 shows the Integrated Solutions Console as you find it in the Information Archive appliance. The IBM Tivoli Storage Manager Administration Center is provided as a Tivoli Storage Manager headline and tree structure on the left.
Figure 5-4 Integrated Solutions Console and Tivoli Storage Manager Administration Center
Working with ISC and IBM Tivoli Storage Manager Administration Center
In this section we give you a short introduction on how to start and configure the IBM Tivoli Storage Manager Administration Center on the Information Archive appliance. A user account with the administrative role of a tsmAdministrator is needed for this kind of login. Follow these steps: 1. To connect to the IBM Tivoli Storage Manager Administration Center web interface, start a web browser and start an https session (Secure HTTP) to the TCP/IP address of the node or workstation where the IBM Tivoli Storage Manager Administration Center and the ISC are installed, using the port number specified when installing the ISC: https://ip_of_management_station:9043/ibm/console
125
2. Log in at ISC with the appropriate user account. 3. Expand the Tivoli Storage Manager tree in the left pane of the panel and navigate to the most convenient topic (Figure 5-5).
Now you can select various functions to administrate your Information Archive System Storage Archive Manager Server. For example, in Figure 5-5, we use the Manage Servers topic to see all configured System Storage Archive Manager and IBM Tivoli Storage Manager servers within our Information Archive. 4. Use the Manager Servers, select the System Storage Archive Manager server you want to connect to, and then Select Action to use the command line.
Figure 5-6 Tivoli Storage Manager Administration Center - Use Command Line
After that, you can use various commands on the command line to administrate your Information Archive System Storage Archive Manager Server.
126
Automation
The System Storage Archive Manager server includes a central scheduler that runs on the System Storage Archive Manager server and provides services for use by the server (administrative schedules) and clients (client schedules). You can schedule administrative commands to tune server operations and to start functions that require significant server or system resources during times of low usage. You can also schedule a client action, but that is unusual for a data retention-enabled client. Each scheduled command (administrative or client) is called an event. The server tracks and records each scheduled event in the database and produces output within its activity log. There are preconfigured administrative schedules in Information Archive, that can be analyzed with the query schedule t=a command. There are no preconfigured client schedules with Information Archive.
127
Figure 5-7 shows the IBM System Storage Archive Manager storage hierarchy.
Archive Application
LAN, WAN
Data Object
D evice Class DISK
Device classes
A logical entity called a device class is used to describe how System Storage Archive Manager can access physical volumes to place the data objects on them. Each storage pool is bound to a single device class. The storage devices used with System Storage Archive Manager vary mainly in their technology and total cost. To understand this concept, you can imagine the storage as a pyramid (or triangle), with high-performance storage in the top (typically disk), normal performance storage in the middle (typically optical disk or cheaper disk), and low-performance, but high-capacity, storage at the bottom (typically tape). Figure 5-7 illustrates this idea, as well as Figure 5-2 on page 119. Disk storage devices are random access media, making them better candidates for storing frequently accessed data. With Tivoli Storage Manager and System Storage Archive Manager disk storage devices can also be used as sequential access media, but that is done with certain enhancements. For example, although the access mode is sequential, you have parallel input and output on the volume available. Tape, however, is a high-capacity sequential access media, which can easily be transported off-site for disaster recovery purposes. Access time is much slower for tape due to the amount of time needed to load a tape in a tape drive and locate the data. However, for many applications, that access time is still acceptable. With Tivoli Storage Manager/System Storage Archive Manager, tape volumes, located in a tape library, are accessed by the application that is retrieving data from them transparently. Tapes no longer in the library are off-line, requiring manual intervention.
128
Device types
Each device defined to System Storage Archive Manager is associated with one device class. Each device class specifies a device type. A device type identifies a device as a member of a group of devices that share similar media characteristics. For example, the 3592 device type applies to IBM System Storage Enterprise Tape Drive 3592 or IBM System Storage TS1120 and TS1130. The LTO device class applies to the Linear Tape Open standard of tape drives, for example, the IBM System Storage Ultrium LTO-4 tape drive. The device type also specifies management information, such as how the server gains access to the physical volumes, recording format, estimated capacity, and labeling prefixes. Device types include DISK, FILE, and a variety of removable media types. Note that a device class for a tape or optical drive must also specify a library.
Tape devices
System Storage Archive Manager supports a wide variety of enterprise class tape drives and libraries. The following link connects you to the product support website where you will find a link to the currently supported devices list: http://www-01.ibm.com/software/sysmgmt/products/support/IBM_TSM_Supported_Devices_ for_Linux.html Important: With Information Archive, the usage of IBM 3494 Tape Libraries as well as ACSLS managed tape libraries is not supported. Keep this in mind when reading the foregoing support list. Use tape devices for the purpose of backing up your primary storage pools to copy storage pools and backing up the System Storage Archive Manager database. Tape devices are well-suited for this, because the media can be transported off-site for disaster recovery purposes. A tape drive or tape library is not included in the Information Archive appliance; however, any system is tape-ready and you can attach tape devices that are supported by System Storage Archive Manager/Tivoli Storage Manager on the Linux platform (see information above) and that best suit your data retention requirements. We suggest that you use the IBM System Storage TS1130 Tape Drive or the IBM Ultrium 4 LTO drives in combination with rewritable and WORM media. We discuss attaching tape in Chapter 10, Tape attachment with IBM Information Archive on page 403.
129
Clients
Policy domain Policy set Management class #1 Copy group Rules Copy group Rules Copy group Rules Data Data Data
Management class #2
Management class #3
130
Policy domain
This feature enables an administrator to group client nodes by the policies that govern their files and by the administrators who manage their policies. A policy domain contains one or more policy sets, but only one policy set (named ACTIVE) can be active at a time. The server uses only the ACTIVE policy set to manage files for client nodes assigned to a policy domain. You can use policy domains to perform the following tasks: Group client nodes with similar file management requirements Provide unique default policies for various groups of clients Direct files from various groups of clients to other storage hierarchies based on need (unique file destinations with various storage characteristics) Restrict the number of management classes to which clients have access Figure 5-9 summarizes the relationships among the physical device environment, System Storage Archive Manager storage and policy objects, and clients: 1. When clients are registered, they are associated with a policy domain. Within the policy domain are the policy set, management class, and copy groups. 2. When a client archives an object, the object is bound to a management class. A management class and the archive copy group within it specify where files are stored first (destination), and how they are managed when they are archived. 3. Storage pools are the destinations for all stored data. An archive copy group specifies a destination storage pool for archived files. Storage pools are mapped to device classes, which represent devices. The storage pool contains volumes of the type indicated by the associated device class. For example, the storage pool filepool on Information Archive, which uses the device class FILECLASS, stores all data in a sequential file pool on disk. Data stored in disk storage pools can be migrated to tape or optical disk storage pools and can be backed up to copy storage pools.
Policy Domain
Policy Set Active
Mgmt. Class A
Archive copy Group AA
Policy Domain
Group client nodes by policies. Specifies retention grace period
Mgmt. Class B
Archive copy Group BB
Policy set
Contains mgmt classes. At least one default mgmt class. Multiple policy sets per domain Only one is active.
Primary Pool 1
Primary Pool 2
Mgmt Class
Associates files with one archive copy group. Multiple mgmt. classes per policy set, One default STANDARD - all files not bound to mgmt. class are assigned to default class.
volume1
NextPool
Copy Pool
volume2
disk1
disk2
131
Policy set
The policy set specifies the management classes that are available to groups of users. Policy sets contain one or more management classes. Only one policy set, the ACTIVE policy set, controls policies in a policy domain.
Management class
The management class associates client files with archive copy groups. A management class can contain one backup or archive copy group, both a backup and an archive copy group, or no copy groups. Users can bind (that is, associate) their files to a management class through the include-exclude list. You must identify one management class as the default management class. If objects are not explicitly bound to a certain management class, they are automatically bound to the default management class. Attention: With the System Storage Archive Manager Collection, management classes can only contain archive copy groups, because backups are not possible on a System Storage Archive Manager server.
Different user roles and explicit user credentials are the basis for System Storage Archive Manager access control. A Tivoli Storage Manager/System Storage Archive Manager administrator manages resources on the server, such as storage pools, devices, and data management policies. An administrator or operator might also be responsible for backup and restore of archived data. The number of administrators and their level of privileges will vary according to environment. Within Information Archive, you can grant administrative roles to user accounts within the Information Archive GUI. All user accounts with the administrative role tsmAdministrator are propagated to the System Storage Archive Manager server automatically. Even password changes later on in the Information Archive GUI or in LDAP, if you use an centralized user management, are propagated automatically to the System Storage Archive Manager Collection. This user is propagated with passexp=0 and system privileges. Beside this automated propagation of user accounts, there are two ways to create a Tivoli Storage Manager/System Storage Archive Manager administrator account manually, using the register node and register admin commands. The register admin command is used to explicitly create an administrator account with certain defined privileges. The register node command automatically creates an administrator account with the same name as the node and owner access privilege to the node. Privileges are granted to an administrator through the grant authority command. You need system privileges to issue this command. You can check the privileges of your user with the command query admin f=d. In the case of the Information Archive appliance, System Storage Archive Manager user roles and credentials can be created like described above, with the IBM Tivoli Storage Manager Administration Center at the Integrated Solutions Console, and with the Information Archive GUI (that is, when you create Information Archive users with the privilege of tsmAdministrator). Authentication for a System Storage Archive Manager collection ensures that only the designated client nodes (register node) can read and commit documents and only the designated administrators (register admin) can manage the administrative interface. Beside the roles, there are several additional features to control the access, security, and integrity of the environment: Password expiration period Limitation for invalid password attempts Tamper proof internal code processing (deletion protection) Activity log Password and data encryption
133
134
RETMIN (retain minimum): Possible values are RETMIN=0 to 30,000 days. The retain minimum (RETMIN) parameter applies only to event-based archive retention policy and specifies the minimum number of days to retain an archive object regardless of the value of RETVER. The default value is 365. Possible values are 0 to 30,000 days. We provide the following examples to give you insight into archive copy groups and defining policy.
Archive copy groups using the chronological retention policy satisfy many archive retention requirements.
135
The expiration date that System Storage Archive Manager assigns is whichever comes later, either: The date the object was archived, plus the number of days specified in the RETMIN parameter. The date the event was signaled, plus the number of days specified in the RETVER parameter. After reaching this expiration date, the data is eligible for expiration. When the time for expiration occurs, all references to that data are deleted from the System Storage Archive Manager database, making the data irretrievable from System Storage Archive Manager storage volumes. This kind of archive retention is referred to as event-based retention. Retention: Use event-based archive retention if the archive application you are using (such as Content Manager together with Record Manager, IBM FileNet P8 and so on) uses the API function calls to activate the retention period of the archived data objects.
Table 5-1 shows the information gathered from two archive queries that run after archiving a file, one using creation-based archive policy and one using event-based archive policy. Event-based retention: When an object is archived using event-based retention, System Storage Archive Manager manages that object as though the RETVER parameter were set to NOLIMIT until an event initiates the retention period (see Table 5-1).
Table 5-1 Status of files archived with creation-based and event-based retention Object attributes in System Storage Archive Manager/ Tivoli Storage Manager database Insert date Expiration date Mgmt class Retention initiated Object Held RETINIT=CREATION RETINIT=EVENT
136
Notice that the status of the Retention-Initiated attribute is STARTED for the management class CREATION, and PENDING for the management class EVENT. Also, compare the expiration dates.
137
Table 5-2 shows the relationship between the various parameters and their use within certain retention policies.
Table 5-2 Archive copy group parameters Archive copy group parameters RETINIT Defines when to initiate the retention period defined in the RETVER attribute. RETVER Number of days to retain the archive object after retention is initiated. RETMIN Minimum number of days to retain archive object. Earliest date when the object can become eligible for expiration after retention has been initiated. Chronological retention RETINIT=CREATION The expiration date is based on the date the object was archived plus RETVER. RETVER=0 to 30,000 days or NOLIMIT. Event-based retention RETINIT=EVENT The expiration date is based on the date of the retention initiation event plus RETVER. RETVER=0 to 30,000 days.
Not applicable.
RETMIN=days. Based on date object was archived. (Date retention was initiated through Event) + RETVER or (date object archived) + RETMIN, whichever is longer.
Deletion protection: The following operations cannot delete archived data on an Information Archive System Storage Archive Manager server: Requests from the application client to delete an archive object prematurely DELETE FILESPACE (from either a client or administrative command) DELETE VOLUME DISCARDDATA=YES AUDIT VOLUME FIX=YES
138
5.3.8 Encryption
In order to make the archived data more secure, the IBM Tivoli Storage Manager backup-archive client, as well as the IBM Tivoli Storage Manager API, implement an encryption function, which allows you to encrypt data before it is sent to the Information Archive System Storage Archive Manager server. This helps secure archived-data during transmission, and it means that the data stored in the System Storage Archive Manager Collection is encrypted and thus is unreadable even by the administrator. The encryption processing is the last task performed on the client system before the data is sent to the server; other client operations such as compression (if enabled) happen before encryption is done.
API encryption
You can use either a 56-bit DES or 128 AES (Advanced Encryption Standard). The default, 56-bit DES, can be overridden by setting the parameter ENCRYPTIONTYPE AES128 in the dsm.opt (Windows) or dsm.sys (UNIX or Linux). The encryption function enables you to choose which files are subject to encryption using an include/exclude list. Set the include.encrypt parameter in the option file (dsm.opt or dsm.sys) for the objects to encrypt (the default is NO encryption) and the exclude.encrypt for the objects that you do not want to encrypt. For example, to encrypt all data, set: include.encrypt /.../* (AIX) or include.encrypt *\...\* (Windows) To encrypt the object /FS1/DB2/FULL, set: include.encrypt /FS1/DB2/FULL For client applications using the API, there are two methods to handle encryption: Application-managed encryption Transparent encryption These two methods are exclusive. In other words, choose only one method for any given application client node. For both methods, an encryption password is used to generate the real encryption key. The encryption password can be up to 63 characters in length, but the key generated from it is always 8 bytes for 56 DES and 16 bytes for 128 AES. Application-managed encryption means that the client application (archiving application) is responsible for managing the keys (actually encryption passwords used by System Storage Archive Manager to generate the encryption keys). In addition, the client application code might have to be changed to communicate the password to the API on each archive or retrieve operation. On the other hand, transparent encryption provides encryption of application data without requiring any changes to the client application and delegates all key management operations (generation, storage, and retrieval) to the Information Archive System Storage Archive Manager server.
139
Important: Because transparent encryption requires no changes in the archive application, it is more convenient to use the transparent encryption rather then the application-managed encryption.
Transparent encryption
Transparent encryption is the simplest and safest method to implement data encryption. One random encryption key is generated per session (every time a client initiates a session with the Information Archive System Storage Archive Manager server for archiving). The key is generated with a random number generator on the client side. For each archived object, the generated encryption key is sent to and stored in the Information Archive System Storage Archive Manager server database. However, before it is sent to the Information Archive System Storage Archive Manager server along with the encrypted archived object, the key is encrypted using DES 56 encryption. After the server receives the structure containing the encrypted encryption key, it decrypts the key, re-encrypts the key using a specific server-based encryption mechanism, and stores it in the database along with the corresponding object_ID. Do not encrypt backups: If the encryption key is not available, data cannot be retrieved under any circumstances. Be sure that you back up your System Storage Archive Manager server database frequently to prevent data loss. Do not store the database backup on encrypted media. During a retrieval, the server uses the server-based mechanism to decrypt the key, re-encrypts, and sends the re-encrypted key to the client along with the encrypted object. In turn, the client (API) extracts the key and decrypts it. Finally, the decrypted key is used to decrypt the data. To enable transparent encryption, specify - ENABLECLIENTENCRYPTKEY YES in the system option file dsm.opt (Windows) or dsm.sys (UNIX or Linux).
140
Important: There is no default configuration for data shredding on Information Archive. Because data shredding is only working on random access disk storage pools, but the predefined FILEPOOL storage pool is a sequential access type, you need to configure a new storage pool when data shredding is needed. The new storage pool must use the random access device type and data shredding must be enabled for this pool. There are two shredding methods available: automatic and manual. You can see the default method for your system with the System Storage Archive Manager query option command. You can set the method on your system with the setopt shredding manual or setopt shredding automatic command. The advantage of automatic shredding is that it is performed without administrator intervention whenever deletion of data occurs. This limits the time that sensitive data might be compromised. Automatic shredding also limits the time that the space used by deleted data is occupied. Shredding performance is affected by the amount of data to be shredded, the number of times that data is to be overwritten, and the speed of the disk and server hardware. You can specify that the data is to be overwritten up to 10 times. The greater the number of times, the greater the security, but also the greater the impact on server performance. The advantage of manual shredding is that it can be performed when it will not interfere with other server operations. Manual shredding is possible only if automatic shredding is disabled. If you have specified manual shredding with the SHREDDING server option, you can start the shredding process by issuing the shred data command. Note that to guarantee that all shreds are written to the disk, disk caching needs to be disabled while the shred is being run. Therefore, do shredding when archiving of data is at a minimum. If you do most of the archiving during the day, shredding can be scheduled to run during the night.
141
Transaction dsmBindMC
Y Bind-MC? N
dsmEndTxn dsmBeginTxn dsmEndTxn dsmEndSendObj dsmRetentionEvent Implicitly set to Subsequent send event or hold/release WORM
Store
Commit
Send Event
The dsmBeginTxn function call begins one or more System Storage Manager transactions that begin a complete action; either all the actions succeed or none succeed. An action can be either a single call or a series of calls. For example, a dsmSendObj call that is followed by a number of dsmSendData calls can be considered a single action. The dsmEndTxn function call ends a System Storage Archive Manager transaction. The dsmEndTxn function call is paired with dsmBeginTxn to identify the call or set of calls that are considered a transaction. The external archive application can specify on the dsmEndTxn call whether or not the transaction must be committed or ended. When objects are stored by the external archive application, the IBM Tivoli Storage Manager API function dsmSendObj is used. The function call starts a request to send a single object to storage. Multiple dsmSendObj calls and associated dsmSendData calls can be made within the bounds of a transaction for performance reasons. The dsmSendObj call processes the data for the object as a byte stream passed in memory buffers. Alternatively, the application client can specify only the attributes through the dsmSendObj call and specify the object data through one or more calls to dsmSendData. The dsmSendData function call sends a byte stream of data to the System Storage Archive Manager through a buffer. The external archiving application can pass any type of data for storage on the server. Usually, these data are file data, but are not limited to such. The archiving application can call dsmSendData several times, if the byte stream of data that you want to send is large. For certain object types, byte stream data might not be associated with the data; for example, a directory entry with no extended attributes. Before dsmSendObj is called, a preceding dsmBindMC call must be made to properly bind a management class to the object that you want to archive. The API keeps this binding so that it can associate the proper management class with the object when it is sent to the server. The dsmBindMC function call associates, or binds, a management class to the passed object. If the application does not bind the object to a specific management class, the default management class of the policy domain and the policy set, respectively, is used.
142
The dsmEndTxn call closes the transaction and all transmitted objects are committed. From that point of time they cannot be deleted or modified unless they are eligible. Depending on the retention policy, that is if chronological retention or event-based retention is configured, there are two additional calls possible. In case of the event-based retention the external archive application can send an event through the dsmRetentionEvent call. The dsmRetentionEvent function call sends a list of object IDs to the server, with a retention event operation to be performed on these objects. The function call is used within dsmBeginTxn and dsmEndTxn calls and therefore it is another transaction taking place. Only an owner of an object can send an event on that object. The following events are possible: eventRetentionActivate This event can be issued only for objects that are bound to an event based management class. Sending this event activates the event for this object, and the state of the retention for this object changes from DSM_ARCH_RETINIT_PENDING to DSM_ARCH_RETINIT_STARTED. eventHoldObj This event issues a retention or deletion hold on the object so that, until a release is issued, the object is not expired and cannot be deleted. eventReleaseObj This event can only be issued for an object that has a value of DSM_ARCH_HELD_TRUE in the objectHeld field and removes the hold on the object resuming the original retention policy. Tip: More information about the IBM Tivoli Storage Manager API can be found in the IBM publication, Using the Application Programming Interface, SC23-9793-00, available at the following Web site: http://publib.boulder.ibm.com/infocenter/tsminfo/v6/topic/com.ibm.itsm.client.develop.doc/b _api_using.pdf
143
3. On the main entry panel, click Create Collection. Depending on the already created collections in your system, the panel also shows some other information. At the end of this Create Collection Wizard session, the newly created collection must be displayed here. If there is no disk subsystem available, the creation of a new collection is not possible. The wizard reports an error and rejects the creation (Figure 5-15).
144
4. On the Welcome page, which is displayed if the creation of a new collection is possible, read the additional information about collections. Use the Online Help if you need further assistance. Click Next to proceed. 5. On the General page (Figure 5-16), select Create a System Storage Archive Manager collection and provide a collection name. Collection names can contain a maximum of 30 characters (only characters 'A-Z', 'a-z', '0-9' and '-' are allowed), and each collection must have a unique name. You can also fill in a description for the collection. It is optional, but good practice to complete the description field.
In our example, we use the collection name SSAM1, because this is our first System Storage Archive Manager Collection. We also fill the description field with a rough description. Provide any meaningful description, particularly if the collection name itself does not suggest the concrete usage or that this is a System Storage Archive Manager Collection. 6. On the Disk Storage Subsystem page (Figure 5-17), select the disk system on which the System Storage Archive Manager Collection is planned to run.
Chapter 5. System Storage Archive Manager Collections
145
Figure 5-17 Create A System Storage Archive Manager Collection - Select Disk Storage Subsystem
In our example, we select iastorage1, which is one of two available disk storage subsystems in our environment. The wizard shows all predefined and available disk subsystems that can be used to create new collections. The wizard will not show any unavailable disk storage systems. For example, if there is only one disk storage subsystem available, the wizard will not ask for this input anyway. Furthermore, keep in mind that there is a difference in the capacities of the two systems in our example. We have to choose the one that is planned for our System Storage Archive Manager Collection. The second disk storage subsystem here, that is, iastorage2, can be used to create another System Storage Archive Manager Collection or another document collection like a File Archive Collection. 7. On the Summary page (Figure 5-18), read through the given information and write down the main values, such as the name and the TCP/IP address of the collection.
146
Consider the facts that the collection can never be deleted after its creation and that Enhanced Tamper Protection is not enabled automatically. The latter is helpful in an initial set up, because without Enhanced Tamper Protection, you can analyze and reconfigure more items in the system. Important: For a production environment, and this is even more true for a compliance environment, it is definitely best to turn Enhanced Tamper Protection on. If everything seems in order, click Next to proceed. 8. Observe the progress on the panel (Figure 5-19) as the Create Collection Wizard starts creating the System Storage Archive Manager Collection.
Figure 5-19 Create A System Storage Archive Manager Collection - Creating Collection
Wait until 100% is reached and the Create Collection Wizard signals the end of the process. If any errors occur, the wizard shows that too. Only proceed to the next step, when no errors were reported in the creation process. Also, on this page you already see the hint, that you need to configure the actual retention policies and other document settings in the IBM Tivoli Storage Manager Administration Center. We show those tasks and the related procedures later in this chapter. 9. Click Finish. After you click Finish, the Create Collection Wizard ends and overview statistics are collected from the system. As long as the statistics are being collected, you see warning messages for the collection (Figure 5-20).
147
Finally, the messages disappear and the statistics overview is displayed (Figure 5-21).
That brings you to a collection overview, where you can create another collection or where you can set the properties of already created collections. We will use that later to do the further configuration and we set up archive policies and register a client node.
148
DBDirectory
/tiam/SSAM1/tsm/db
ACTIVELOGDirectory
/tiam/SSAM1/tsm/activelog
S0000011.LOG S0000012.LOG
Database MIRRORLOGDirectory
/tiam/SSAM1/tsm/mirrorlog
S0000011.LOG S0000012.LOG
DBBACKUPDirectory
/tiam/SSAM1/tsm/fileclass/
ARCHLOGDirectory
/tiam/SSAM1/tsm/archlog
S0000000.LOG S0000001.LOG
67894321.DBV 67894322.DBV
ARCHFAILOVERLOGDirectory
n/a
Figure 5-22 Preconfigured System Storage Archive Manager database and database log files for first System Storage Archive Manager Collection
The results in Figure 5-23 from System Storage Archive Manager queries (query db, query dbspace) show the preconfigured System Storage Archive Manager database characteristics. Database Name: Total Size of File System (MB): Space Used by Database(MB): Free Space Available (MB): Full Device Class Name: Last Complete Backup Date/Time: Location: Total Size of File System (MB): Space Used on File System (MB): Free Space Available (MB): TSMDB1 9,390,152 448 9,304,063 FILECLASS /tiam/SSAM1/tsm/db 9,390,152.00 86,024.25 9,304,063.75
The System Storage Archive Manager server can use all the space that is available to the drives or file systems where the database directories are located. In Figure 5-23, the database finds 8.95 GB (9,390,152 MB) on the disk storage subsystem named iastorage1, that is where we created our System Storage Archive Manager Collection.
149
The disk storage subsystem iastorage1 delivers 9.85 TB overall (Figure 5-24). At this time (with System Storage Archive Manager V6.1) the maximum supported size of the System Storage Archive Manager database is 1 TB.
Figure 5-24 Disk Storage Controller capacity for System Storage Archive Manager Collection
The results in Figure 5-25 from a System Storage Archive Manager query (query log f=d) show the preconfigured log files of the System Storage Archive Manager database log files.
tsm: SSAM1>q log f=d
Total Used Free Active Log Mirror Log Space(MB) Space(MB) Space(MB) Directory Directory --------- --------- --------- ---------------- ---------------40,960 4.21 40,795.78 /tiam/SSAM1/tsm- /tiam/SSAM1/tsm/activelog /mirrorlog Archive Failover Archive Log Log Directory Directory ---------------- ---------------/tiam/SSAM1/tsm/archlog
Figure 5-25 Preconfigured System Storage Archive Manager database log files
These outputs depend on the physical configuration of Information Archive and the input during the Create Collection Wizard process. For example, the location of the System Storage Archive Manager database depends on the name chosen for the System Storage Archive Manager Collection. If there are multiple System Storage Archive Manager Collections, obviously there are unique collection names. Also, if you choose a storage subsystem with another size, the information will differ from our example.
Default configuration script for System Storage Archive Manager Collection setup
During the Information Archive GUI Create Collection Wizard, the wizard uses a script template named tiam_tsm_setup.script to configure the System Storage Archive Manager Collection (Figure 5-26). During the wizard processing, all necessary System Storage Archive Manager commands, including retention policies, storage pools, and schedules are added to the script, and this final script is used to create the System Storage Archive Manager Collection.
150
set actlogretention 30 SET TAPEALERTMSG on register license file=*.lic define devclass fileclass devtype=file dir=./fileclass delete stg backuppool delete stg archivepool delete stg spacemgpool define stgpool filepool fileclass maxscr=100000000 dataformat=nonblock crcdata=yes reclaim=10 reclaimprocess=2 collocate=no upd MGmtclass STANDARD STANDARD standard SPACEMGTECHnique=SELective MIGREQUIRESBkup=No MIGDESTination=filepool upd copygroup standard standard standard type=backup destination=filepool upd copygroup standard standard standard type=archive destination=filepool validate policyset standard standard activate policyset standard standard register admin adminconsole DfUo79iL passexp=0 grant auth adminconsole class=sys set servername SSAM1 set serverhla 172.31.4.3 set serverlla 1502 define domain ia_reserved DESC="Policy domain created by IBM Information Archive. Do not modify or delete." define policyset ia_reserved ia_reserved DESC="Policy set created by IBM Information Archive. Do not modify or delete." define mgmtclass ia_reserved ia_reserved ia_reserved MIGDESTination=filepool DESC="Management class created by IBM Information Archive. Do not modify or delete." define copygroup ia_reserved ia_reserved ia_reserved type=backup destination=filepool define copygroup ia_reserved ia_reserved ia_reserved type=archive destination=filepool retinit=event assign defmgmtclass ia_reserved ia_reserved ia_reserved validate policyset ia_reserved ia_reserved activate policyset ia_reserved ia_reserved register node ia_reserved SSAM1 domain=ia_reserved forcepwreset=yes maxnummp=999 VALIdateprotocol=all compression=client remove admin ia_reserved set archiveretentionprotection on SET DBRECOVERY fileclass define schedule daily_maint type=administrative cmd="run daily_maint" active=yes description="IA daily maintenance" starttime=06:00 period=1 define script daily_maint file=/opt/tivoli/tiam/bin/ia_tsm_daily_maint.script description="IA daily maintenance including DB backup" Figure 5-26 Configuration script for System Storage Archive Manager Collection setup (/tiam/SSAM1/tsm/tiam_tsm_setup.script)
151
Another script named ia_tsm_daily_maint.script is invoked during the initial configuration of the System Storage Archive Manager Collection environment (Figure 5-27). backup delete delete delete delete backup backup db type=full devclass=fileclass wait=yes volhistory todate=today-3 type=dbb volhistory todate=today-30 type=stgnew volhistory todate=today-30 type=stgreuse volhistory todate=today-30 type=stgdelete volhistory devconfig
The created collection is ready to use by archive applications, after each archive application is registered as a client node in the policy domain. If the predefined settings for the default policy domain are inline with your requirements, you can start using Information Archive immediately after registering a client node. Otherwise, there are two other options to proceed: Update or enhance the predefined configuration with appropriate System Storage Archive Manager commands. Create a new policy domain with all necessary follow-on configurations.
-----DRIVE
152
When the volume is written the first time, space in the maximum capacity is allocated on the disk storage subsystem. The volumes then fill up until they reach their maximum capacity. To check the storage pool, issue the commands query stg and query vol in the System Storage Archive Manager. To make this process more transparent, we show typical output from the query volume command (Example 5-2) after objects are archived to the collection.
Example 5-2 Output of query vol (excerpt) Volume Name -----------------------/tiam/SSAM1/tsm/fileclass/0000000A.BFS /tiam/SSAM1/tsm/fileclass/0000000B.BFS /tiam/SSAM1/tsm/fileclass/0000000C.BFS Storage Pool Name ----------FILEPOOL FILEPOOL FILEPOOL Device Class Name ---------FILECLASS FILECLASS FILECLASS Estimated Capacity --------2.0 G 2.0 G 2.0 G Pct Util ----100.0 100.0 100.0 Volume Status -------Full Full Filling
Name: DAILY_MAINT Line Number: 1 Command: backup db type=full devclass=fileclass wait=yes Line Number: 6 Command: delete volhistory todate=today-3 type=dbb Line Number: 11 Command: delete volhistory todate=today-30 type=stgnew Line Number: 16 Command: delete volhistory todate=today-30 type=stgreuse Line Number: 21 Command: delete volhistory todate=today-30 type=stgdelete Line Number: 26 Command: backup volhistory Line Number: 31 Command: backup devconfig Figure 5-29 Administrative script DAILY_MAINT (excerpt)
The first command (Line Number: 1) produces a full database backup of the System Storage Archive Manager database using the device class FILECLASS. The resulting backup volumes are created in the /tiam/<SSAM_collection_name>/tsm/fileclass/ directory. Example 5-3 shows the output of a query volhist t=dbb command. Use this command to verify how many and what backup volumes are created by this or other database backup commands.
153
Date/Time: Volume Type: Backup Series: Backup Operation: Volume Seq: Device Class: Volume Name: Volume Location: Command: Database Backup ID High: Database Backup ID LOW: Database Backup Home Position: Database Backup HLA: Database Backup LLA: Database Backup Total Data Bytes (MB) : Database Backup total Log Bytes (MB) : Database Backup Block Num High: Database Backup Block Num Low: Date/Time: Volume Type: Backup Series: Backup Operation: Volume Seq: Device Class: Volume Name: Volume Location: Command: Database Backup ID High: Database Backup ID LOW: Database Backup Home Position: Database Backup HLA: Database Backup LLA: Database Backup Total Data Bytes (MB) : Database Backup total Log Bytes (MB) : Database Backup Block Num High: Database Backup Block Num Low:
0 30,741 0 /NODE0000/ FULL_BACKUP.20100301060012.1 25.12 21.79 -1 -1 03/01/2010 06:00:12 BACKUPFULL 72 0 2 FILECLASS /tiam/SSAM1/tsm/fileclass/67423281.DBV
In Example 5-3 you can see one full System Storage Archive Manager database backup that consists of two backup volumes. The device class FILECLASS creates volumes with a size of 2 GB each. The full database backup command creates as many volumes as needed by the full backup. In our example, we need two volumes to store an entire full backup. The next four commands in the script DAILY_MAINT (Line Number: 6, 11, 16, 21) clean the volume history file. The volume history file stores information about all volumes that System Storage Archive Manager uses, that is database backups (dbb) and storage pool volumes (stg). The volume history keeps three versions of database backups and it tracks all storage pool volume actions such as the creation, reuse, and deletion of volumes over the last 30 days (Example 5-4). Depending on the retention policy, there are new storage volumes created over the time, but also expired volumes are deleted. You will need that information when you plan restores of your data.
154
Tip: The predefined schedule deletes old System Storage Archive Manager database backups and keeps three versions of database backups on hard disk. If this does not fit your requirements, reconfigure the schedule and the maintenance scripts, respectively.
Example 5-4 Output of query volhist (excerpt)
Date/Time: 02/01/2010 17:50:07 Volume Type: STGNEW Backup Series: Backup Operation: Volume Seq: Device Class: FILECLASS Volume Name: /tiam/SSAM1/tsm/fileclass/0000011F.BFS The script DAILY_MAINT (Line Number: 26) dumps the volume history file as a backup copy to a specified directory. The System Storage Archive Manager command is backup volhistory and the backup is written to the /tiam/<SSAM_collection_name>/tsm/volumehistory file. With the last command in the DAILY_MAINT script (Line Number: 31), the device configuration is dumped out of the database into a plain file. The System Storage Archive Manager command is backup devconfig and the backup is written to the /tiam/<SSAM_collection_name>/tsm/devconfig file. Tip: The preconfigured administrative schedule and the administrative script provide appropriate protection for the System Storage Archive Manager Collection. However, they can be customized to better fit your requirements. For example, if the full database backup at 6:00 interferes with a heavy archiving workload, the start time can be modified to another time that fits better into the workload profile. Note that you can also use additional commands within the script to generate more workload. The specific numbering of the used lines even leaves space for inserting commands between already delivered ones. When a specific schedule runs, the scheduled action is represented by an event. Hence, every schedule, every day, produces its own event. You can check out those administrative events with the System Storage Archive Manager command q event t=a * to see the most currents events, or q event t=a begind=+1 to see forthcoming events. The latter command is useful, if you create new schedules and you want to check when they are running next time. In Example 5-5 we show the specific event that is result of the predefined administrative schedule DAILY_MAINT. You can see the planned start time compared to the actual start and the status.
Example 5-5 Output of query event * t=a
tsm: SSAM1>q event * t=a Scheduled Start -------------------03/01/2010 06:00:00 Actual Start -------------------03/01/2010 06:00:12 Schedule Name ------------DAILY_MAINT Status --------Completed
155
156
IA_RESERVED: The policy domain IA_RESERVED is predefined on the Information Archive System Storage Archive Manager server for internal processing. Figure 5-31 shows the default settings for the policy domain IA_RESERVED. tsm: SSAM1>q dom IA_RESERVED f=d Policy Domain Name: Activated Policy Set: Activation Date/Time: Days Since Activation: Activated Default Mgmt Class: Number of Registered Nodes: Description: IA_RESERVED IA_RESERVED 03/04/2010 12:30:14 <1 IA_RESERVED 1 Policy domain created by IBM Information Archive. Do not modify or delete. 30 365 SERVER_CONSOLE 03/04/2010 12:30:14
Backup Retention (Grace Period): Archive Retention (Grace Period): Last Update by (administrator): Last Update Date/Time: Managing profile: Changes Pending: No Active Data Pool List:
Important: The policy domain IA_RESERVED is not intended to be used. This policy domain is for internal archive processing only, that is to secure the Information Archive System Storage Archive Manager server by storing archive objects into this domain. Only use the policy domain STANDARD or create your own policy domain for your archive data.
Figure 5-32 Default settings for the active policy set STANDARD
157
Figure 5-33 shows the active policy set in the IA_RESERVED domain. tsm: SSAM1>q policyset ia_reserved active f=d IA_RESERVED ACTIVE IA_RESERVED Policy set created by IBM Information Archive. Do not modify or delete. Last Update by (administrator): SERVER_CONSOLE Last Update Date/Time: 03/04/2010 12:30:14 Managing profile: Changes Pending: No
Figure 5-33 Default settings for the active policy set IA_RESERVED
Policy Domain Name: Policy Set Name: Default Mgmt Class Name: Description:
tsm: SSAM1>q mgmt Policy Domain Name --------IA_RESERVED Policy Set Name --------ACTIVE Mgmt Class Name --------IA_RESERVED Default Mgmt Class ? --------Yes Description
IA_RESERVED
IA_RESERVED
IA_RESERVED
Yes
STANDARD STANDARD
ACTIVE STANDARD
STANDARD STANDARD
Yes Yes
-----------------------Management class created by IBM Information Archive. Do not modify or delete. Management class created by IBM Information Archive. Do not modify or delete. Installed default management class. Installed default management class.
Defining additional management classes pointing to appropriate archive copy groups with unique retention rules is the preferred way to separate objects with various retention requirements within the System Storage Archive Manager server. The management class is the distinguishing attribute used by a document management application to feed objects into the System Storage Archive Manager server. If the document management system does not specify a management class at the delivery of an object to the System Storage Archive Manager server, the default management class STANDARD and IA_RESERVED will be used to store the object. Tip: Use a new management class for your own purposes instead of updating one of the predefined management classes. As best practice, configure an entirely new policy domain as shown later in this chapter.
158
Default copy group for policy domain STANDARD: In the default archive copy group for the management class STANDARD, the retention initiation (RETINIT) is set to CREATION, therefore the retain minimum (RETMIN) parameter is not set, and the retain version (RETVER) parameter is set to 365 days. The archive destination is set to FILEPOOL, so that all files in this archive copy group are stored in that storage pool. Files archived using this copy group are held for 365 days. At the end of the retention time the files are eligible for expiration. Deletion: A deletion hold can still be applied during the 365 day period, which prevents that object from being deleted from storage until a deletion release is applied for that same object. If the release is sent within the 365 days period, the file is kept. If you want to change the parameters for the default copy group, you can use the update copygroup command. Take care to update a copy group that uses chronological retention and that you can only increase the retention time but never decrease it. Instead of updating the existing archive copy group, create a new management class and a new archive copy group. Default copy group for policy domain IA_RESERVED: In the default archive copy group for the management class IA_RESERVED, the retention initiation (RETINIT) is set to EVENT, the retain minimum (RETMIN) parameter is set to 365 days, and the retain version (RETVER) parameter is also set to 365 days. The archive destination is set to FILEPOOL, so that all files in this archive copy group are stored in that storage pool. Files archived using this copy group are never expired until an event is sent to the Information Archive System Storage Archive Manager environment. When the event is sent, then the objects are held for 365 days minimum before they are eligible for deletion.
159
You can see all archived objects within the archive copy groups with an SQL select statement in the System Storage Archive Manager Collection (Figure 5-36). tsm: SSAM1>select * from archives where node_name='IA_RESERVED' NODE_NAME: FILESPACE_NAME: FILESPACE_ID: TYPE: HL_NAME: LL_NAME: OBJECT_ID: ARCHIVE_DATE: OWNER: DESCRIPTION: CLASS_NAME: NODE_NAME: FILESPACE_NAME: FILESPACE_ID: TYPE: HL_NAME: LL_NAME: OBJECT_ID: ARCHIVE_DATE: OWNER: DESCRIPTION: CLASS_NAME: IA_RESERVED /tiam/SSAM1 1 DIR / utility 1025 2010-03-04 12:30:59.000000 root Archive Date: 03/04/10 IA_RESERVED IA_RESERVED /tiam/SSAM1 1 DIR /utility/ config 1026 2010-03-04 12:30:59.000000 root Archive Date: 03/04/10 IA_RESERVED
Figure 5-36 System Storage Archive Manager archive objects from initial setup
Attention: The policy domain IA_RESERVED is not intended to be used by a customer. This policy domain is for internal archive processing only, that is, to secure the System Storage Archive Manager server by storing archive objects into this domain.
------------------------IA_RESERVED
-------Linux86
------No
The 24 hour interval starts with the start of the System Storage Archive Manager server, so depending on particular start times, the actual start time in your environment can vary. Automatic expiration can be reconfigured, whenever you need more static starting times or if you recognize impact on your running environment that is caused by the expiration process. For example, if you have billions of files and the expiration process takes very long, you might want to run the process in small portions or in other more detailed configurations. Tip: See the IBM Tivoli Storage Manager documentation to reconfigure the expiration process, if applicable. Keep in mind that the expiration process is directly related to the overall retention of your data.
Managing data shredding Media lifecycle management to move data Cyclic redundancy checking With Information Archive, the tasks to configure or use those options can be done using the IBM Tivoli Storage Manager Administration Center and the wizards within this center, or it can be done using the IBM Tivoli Storage Manager administrative command-line client (dsmadmc). Because the wizards do not offer all System Storage Archive Manager and IBM Tivoli Storage Manager commands, we prefer to use the dsmadmc command for configuration. The examples in the following sections are all created with the administrative command-line client.
161
2. Create volumes within primary disk storage pool (random access devices only): define volume <pool_name> <volume_name> formatsize=<megabytes> The <volume_name> for a System Storage Archive Manager collection must always include the full path and volume name like /tiam/SSAM1/tsm/fileclass/<concrete_volume_name> for the first System Storage Archive Manager collection.
162
Example 5-6 Storage pool report for FILEPOOL, Overwrite parameter (excerpt)
tsm: SSAM1>q stg f=d Storage Pool Name: Storage Pool Type: Device Class Name: Access: Maximum Scratch Volumes Allowed: Number of Scratch Volumes Used: Delay Period for Volume Reuse: Storage Pool Data Format: Copy Storage Pool(s): Overwrite Data when Deleted: FILEPOOL Primary FILECLASS Read/Write 100,000,000 0 0 Day(s) Native without Block Headers
Perform the following steps to set up your shredding configuration in the Information Archive appliance: 1. Specify that you want data to be shredded either automatically after it is deleted or manually by an administrator. You can specify how shredding is to be done by setting the SHREDDING server option. You can also set the shredding option dynamically by using the setopt command. We advise to run with the manual shredding, therefore use the following command: setopt shredding manual 2. Set up one or more random access disk storage pool hierarchies that will enforce shredding and specify how many times the data is to be overwritten after deletion. For example, define a storage pool with a shredding of 5 times with the following command: define stgpool <pool_name> disk shred=5 crcdata=yes 3. Define volumes to the pool, and specify disks for which write caching can be disabled. For example, if your System Storage Archive Manager Collection is named SSAM1, then type the following command: define volume <pool_name> /tiam/SSAM1/tsm/fileclass/vol01.dsm formatsize=2048 4. Create policy domain: define domain <domain_name> description=Policy Domain archretention=<days> 5. Create policy set: define policyset <domain_name> <policy_set_name> description=Policy Set 6. Create management class:
163
9. Validate policy set: validate <domain_name> <policy_name> Ignore warnings about the missing backup copygroup. 10.Activate policy set: activate policyset <domain_name> <policy_name> Ignore warnings about the missing backup copygroup. 11.Register node in policy domain: register node <node_name> <password> domain=<domain_name> 12.Start the shredding process manually with the command: shred data
tsm: SSAM1>q stg f=d Storage Pool Name: Storage Pool Type: Device Class Name: Access: Maximum Scratch Volumes Allowed: Number of Scratch Volumes Used: Delay Period for Volume Reuse: Storage Pool Data Format: Copy Storage Pool(s): CRC Data: FILEPOOL Primary FILECLASS Read/Write 100,000,000 0 0 Day(s) Native without Block Headers Yes
For new System Storage Archive Manager storage pools, you can use the define stgpool or update stgpool commands to enable data validation for these storage pools. Tip: Enable data validation for all System Storage Archive Manager storage pools in your Information Archive appliance, independent from your actual plan to use it or not. The CRC value calculation and the storing of these values does not impact the system, and you are thus prepared for unplanned storage pool audits. The server validates the data when it audits the volume, by generating a cyclic redundancy check and comparing this value with the CRC value stored with the data. If the CRC values do not match, then the server processes the volume in the same manner as a standard audit volume operation.
164
Use the audit volume command to validate the data of a storage pool volume. The command allows you to specify an audit for data written to volumes within a range of days, or to run an audit for a given storage pool. The audit volume command marks a file as damaged if a read error is detected for the file. If an undamaged copy is in an onsite copy storage pool volume, it is used to provide client access to the file. Reset the damaged status of files if the error that caused the change to damaged status was temporary. You can use the audit volume command to correct situations when files are marked damaged due to a temporary hardware problem, such as a dirty tape head. The server resets the damaged status of files if the volume in which the files are stored is audited and no read errors are detected. Furthermore, if a primary file copy is marked as damaged and a usable copy exists in a copy storage pool or an active-data pool volume, the primary file can be corrected using the restore volume command or restore stgpool command. While fixing the problems or restoring data, the System Storage Archive Manager server will not delete archive files that are on deletion hold, also it will not delete archive files whose retention period has not expired. We assume, that you will involve IBM System Storage Archive Manager experts in the process of restoring volumes and storage pools. Hence, we do not elaborate the concrete procedures here. Using the CRC option in conjunction with scheduling audit volume processing continually ensures the integrity of data stored in your storage hierarchy. Audit process: While an audit process is active, clients cannot retrieve data from the specified volume or store new data to that volume.
5.4.4 Granting client nodes access to a System Storage Archive Manager Collection
Before an archive application can use the System Storage Archive Manager Collection, you have to grant the application access. Register the application as a client node so it can store and retrieve files to the System Storage Archive Manager Collection. The role required for this task is IA Archive Administrator. Tip: Creating a client node using this procedure is equivalent to the register node command in the IBM System Storage Archive Manager command line interface. Log on to the IBM Tivoli Storage Manager Administrative interface and complete these steps: 1. Expand Tivoli Storage Manager in the navigation tree. 2. Click Client Nodes and Backup sets. 3. From the All Client Nodes tab, click Select Action Create a Client Node. 4. Click Select a Server and select the collection you are granting access to. 5. Click Select an item and select the policy domain associated with the collection. Important: In the next step, do not use the node named IA_RESERVED because that node name was created to run internal archive operations. 6. Complete the remaining fields on the page to set the password that the client node uses to authenticate with the archive. 7. After you complete these steps, click OK or Add Another in the properties notebook to commit any changes.
Chapter 5. System Storage Archive Manager Collections
165
To connect an archive application to the System Storage Archive Manager Collection, you can get the connection information in the TSAM Administrative interface of the Information Archive GUI, you need the administrative role of IA Archive Administrator for this procedure. Log on to the IBM Tivoli Storage Manager Administrative interface and complete these steps: 1. 2. 3. 4. Expand Information Archive Management in the navigation tree. Click Collections. Click Properties in the applicable System Storage Archive Manager Collection. View the TCP/IP address and port number for the collection.
5.5 Supported archive applications for System Storage Archive Manager Collections
External archive applications must be configured to use the System Storage Archive Manager Collection as a storage device. For instance, you can use the IBM Tivoli Storage Manager backup-archive client with its archive functions as an archive appliance. Furthermore, you can use every archive appliance that leverages the IBM Tivoli Storage Manager API with the special archive functions. For details about how major archive applications are integrated with Information Archive, see Chapter 8, Integrating IBM Information Archive with archiving applications on page 261. Tip: For archive applications that are ready to use Information Archive, see the Tivoli Open Process Automation Library (OPAL) web page (you can list them by Information Archive): http://www-01.ibm.com/software/brandcatalog/portal/opal At the time of writing, Information Archive is running System Storage Archive Manager V6.1 and therefore supports the use of IBM Tivoli Storage Manager API client and backup-archive client versions 5.5 and 6.1. When the System Storage Archive Manager installation in Information Archive changes to a newer version, you must check the supported IBM Tivoli Storage Manager API and backup-archive client version again. IBM Tivoli Storage Manager V6.2 is already announced. Electronic availability is 19 March 2010, and media is available 16 April 2010. If Information Archive changes to System Storage Archive Manager server V6.2 or IBM Tivoli Storage Manager server V6.2, the server/client compatibility says that V5.5, V6.1, and V6.2 clients (API and backup-archive) are still supported with the V6.2 server.
5.6 Differences between System Storage Archive Manager Collections and File Archive Collections
A System Storage Archive Manager Collection operates differently than a File Archive Collection in the following ways: Documents stored in a System Storage Archive Manager Collection cannot be deleted before they expire, and retention periods cannot be reduced. It is not possible to configure less restrictive document protection levels. System Storage Archive Manager Collections cannot be deleted. Each System Storage Archive Manager Collection is accessed through one TCP/IP address.
166
Chapter 6.
167
Web-browser
Management
Web-browser
Retrieve/Analyse
NAS Client
Archive/Retrieve
Migration Mgr.
168
Information Archive supports three types of retention policies to provide more flexibility for archiving applications: Chronological retention (or time-based retention): After a document is committed in the Information Archive repository, it is retained for the duration specified by the retention period. At the end of the retention period, documents are expired and can be deleted. Event-based retention: A documents retention can be controlled using an event. The retention period starts after the event has been signaled. The document is expired depending on when the event occurs. Legal document hold protection: Retention holds prevent a document from being deleted even if the documents retention period ends. A document can only be deleted after the retention hold is released and its retention period has expired. Retention holds can be placed on a document whether it is assigned an event-based or chronological retention. Information Archive allows up to eight concurrent hold events per document. Depending on your archive application, you can choose between all three policies, or you are forced to enable only one. The most common interface we see in the market is the event-based retention policy.
169
Documents in the collection file system can be administrated or manipulated using the same commands that are used with any other directory on an NFS client. After documents are written to the collection file system, they must be committed to the archive to make them immutable and apply retention policies. Documents that have been saved to Information Archive but have not been committed are considered uncommitted. A document that has been committed cannot become uncommitted. Tip: A document that has been written to the mount point directory can still be deleted if it has not been committed. Document ingestion is the process of adding a document to a File Archive Collection after the document is committed. Documents are automatically ingested after they are committed to the collection file system. The retention policy that is applied to a document depends on the service class that the document is associated with. The service class determines how long documents remain in the archive. Retention policies can also be explicitly applied, using POSIX commands or through a document's metafile. For each document a MD5 checksum is calculated when it is ingested in Information Archive. Archiving applications can use this checksum to validate the integrity of the document. MD5 checksum can be obtained using the metafile interface. Tip: After the document is committed, it can take up to 10 minutes before the file is ingested. During this time, the document is protected from modification and deletion. There are three ways to commit documents in the Information Archive appliance and to set their retention period: metafile commit, explicit commit, and automatic commit. Metafile commit: When you mount a file directory and copy your data file to this directory, a metafile is created automatically in the meta directory for each document. We explain metafiles in detail in the section Metafiles on page 175. Now you can write an event commit tag in the document XML metafile and the file is committed when the metafile is saved. Writing the event commit tag makes the file eligible for ingestion during the next ingestion cycle. The metafile commit can be done manually, or by an archiving application. You can set the retention of a file by adding an event tag to its metafile (Figure 6-2). Retention determines how long a file is to remain accessible before expiration. Mount the meta directory of the applicable collection through the NFS interface and complete the following steps: a. Mount /meta/tiam/collection/meta where collection is the name of the collection, and open the metafile with the same name as the target data file. You can open the metafile with any XML-capable editor, application, or even a simple text editor. b. Write the following tag in the metafile anywhere between the <fields> </fields> tags: <_EVENT_setRetention_>duration</_EVENT_setRetention_> where duration is a numeric value in seconds. c. Write the following tag in the metafile anywhere between the <fields> </fields> tags: <_EVENT_commit_/>. No parameter is required. d. Save the metafile. After saving, the metadata component immediately parses and validates the metafile, completes the event, and removes the EVENT tag.
170
File-share
Meta-share
NAS
Disk File Archive Collection
Information Archive
Figure 6-2 File Archive Collection - metafile commit
Explicit commit: You can change the file permissions for a document to read-only by mounting the collection file system and issuing Portable Operating System Interface for Computing Environments (POSIX) commands (compatible with NetApp SnapLock). POSIX is a standard that enables applications portability across UNIX-based operating systems. The POSIX subsystem supports POSIX file structure, POSIX calls, and executables such as copy, ls, touch, and chmod. Changing the file permissions can be done manually, or by an archiving application. In Figure 6-3 you can see an example of the entire process.
Data-share
NAS
Disk
Information Archive
171
The archiving application (or the user) must set the last access time of the file to the expiration time, for example, with the touch -a -t timestamp <file_name> command. You must run this command before you commit the document. Issuing the chmod aw <file_name> command causes the document to be committed and signals Information Archive to ingest the document during its next ingestion cycle. The command chmod a-w <file_name> takes away the write permission of the file for all users. If you copy a read-only file into the data-share, you must enable write-access before issuing the touch command. To do this, enter chmod +w <file_name>. Retention: If the write access permissions for the file have been removed before setting the retention period, you cannot set the retention period using the touch command, and the retention period is determined by the service classes. Automatic commit: You can configure the appliance to periodically commit all documents that have not been committed (see Figure 6-4). When configuring automatic commit, you must specify an idle time. All the uncommitted files that have been on the archive longer than the idle time are then committed. The idle time delays the document commit so that the entirety of the document data can be saved to the archive before it is marked read-only. With that setting you guarantee the data consistency of your file. You can specify a delay of up to 30 days. The countdown of the idle time starts the moment the document is saved to the archive. The idle time period is not reset if you modify the document before it is committed. Archiving: Specify a time interval that allows your archiving applications to finish writing documents to avoid archiving documents that have not been fully transmitted. Depending on your retention policies, it might not be possible to delete partially-written documents from archival storage until they expire.
copy file
Data-share
11 10 9 8 7
12
1 2 3 4 5
NAS
Disk File Archive Collection
Information Archive
Figure 6-4 File Archive Collections - automatic commit
172
It is important to understand that after a document is committed, the document is ingested and its retention period is determined by evaluating all of the retention periods that were set prior to the ingest using explicit retention period methods. The retention period that is assigned after ingestion depends on the following factors: If the collection has the basic or intermediate level of document protection (Collection protection on page 180), a document retention period is determined using the settings in the policy-based retention. The retention period that is set by the explicit methods such as the touch command and metafile are overwritten by the policy-based retention period. Retention: After the document is ingested, you can extend the retention period using either a policy-based or explicit method of retention. If the collection has the maximum level of document protection, a document retention period is determined by evaluating the policy-based and explicit retention methods and selecting the longest retention period. You can view the number of documents that are uncommitted in the Collections section of the Information Archive GUI. The Collection Overview also shows the number of failed ingestions and other useful statistics for the File Archive Collection (see Figure 6-5).
At the end of the lifecycle, eligible documents marked as expired in the Collections Overview (see Figure 6-5), can be deleted automatically by Information Archive or by the archiving application. The automatic deletion for Information Archive is configured on a File Archive Collection basis. Therefore all eligible documents belonging to the same collection will be deleted according to the same policies. The policies are discussed in the section Policy-based document retention on page 174, where service classes and document rules are explained. The overall process of archiving with File Archive Collections is shown in Figure 6-6.
Internal processing automatically binds policies after commit, MD5 hashcode is calculated after ingest
Store
Auto?
Y
Ingest
Change ret.
After idle time: bind to service class and its retention period, commit automatically
Figure 6-6 Archiving process with File Archive Collection Chapter 6. File Archive Collections
173
Service classes
The service class determines how long documents remain in the archive. Service classes can be configured to retain a document for a set period or until a defined event occurs. Time-based retention (or chronological retention): Time-based retention retains a document until it is stored for a specified period. The document retention starts when the document is ingested into the archive. Event-based retention: Event-based retention retains a document from the time it is ingested until an event is signaled through the document metafile. Additional retention periods can be specified to continue retaining the document after the event is signaled. For example, you can use event-based retention to expire a set of financial documents after a mortgage is paid off. The retention period of a document is based on the combination of an event-based retention period and an optional minimum retention period. If you specify a value for both of these retention periods, the following rules apply: If an event occurs before the minimum retention period has passed, the expiration date that retains the document for the longest time is honored. If an event occurs after the minimum retention period has passed, the document expires after the event retention period ends. You can use a deletion hold (also called a retention hold or legal hold) to retain a file longer than the minimum retention period that it was originally assigned. A deletion hold, for example, can be used if a file needs to be saved for the duration of a legal or company-required audit. A deletion hold can be applied to an archived file at any time during its retention period. The file is retained until a deletion release is applied. If a deletion release is not applied, the object is retained indefinitely. A deletion hold can be placed on a file with either a chronological archive retention or an event-based retention policy. You can hold a file by using an archiving client to issue a retention event with the Hold parameter. When you no longer need to hold the document, use an archiving client to issue a retention event with the Release parameter. A file in a deletion hold cannot be deleted until you release it.
174
Document rules
A document rule is a list of one or more conditions that apply to an ingested document. If the document matches the conditions in the document rule, the document is assigned to the associated service class. The purpose of document rules, in combination with service classes, is to provide a way to automatically set the retention periods for newly ingested documents. A rule condition is created by combining parameters, comparisons, and values to form an expression that is documents are compare against. If, for example, you wanted a retention policy for all files created by John Smith (user account jsmith), you can create a rule with the condition User account is jsmith. Multiple conditions can be combined to further control a document. If, for example, you wanted a special retention policy for all large documents created by John Smith you can combine the condition User account is jsmith with the condition File Size greater than 100000. A document rule can be associated with only one service class. Similarly, each document can only belong to one service class. If there are multiple document rules, they are organized in a descending list that documents are evaluated against until one of the rules applies. Important: Documents that do not match any of the defined rules are automatically assigned to the default service class. The default service class IADefault is created during initial setup of the File Archive Collection by the Create Collection Wizard.
6.2.3 Metafiles
A metafile is automatically created for each document stored in the archive. A metafile is an XML file that contains a list of fields. Fields contain document-related metadata, such as service class associations, retention periods, and user specific information. All the metafiles for the documents in a collection are stored in the meta directory of the collection file system. Each metafile has the same name and extension as the document with which it is associated. A metafile contains no fields until after a document is committed (Example 6-1).
Example 6-1 Empty metafile
<?xml version="1.0" encoding="UTF-8" ?> <fields> </fields> The available fields in each metafile are determined by a collection metafile schema. The schema is a template that is used to create each document-specific metafile instance. Some metafile field values are filled automatically and cannot be modified, while other field values can be dynamically updated at any time to store additional information or to take action on a document.
175
You can add new metafile fields to the schema through the Information Archive GUI (Figure 6-7). We show the procedure in detail in Modifying the metafile schema on page 209.
There are three types of metafile fields: system, user, and event fields: System fields: System fields are created by the appliance, and only the appliance can update the values of these fields. System fields can include the following information about a document: Expiration date and time Event-based retention period Service class name Document integrity hash value (MD5 checksum) Commit date and time The names of any retention hold currently in place
System fields are read-only and users or applications must not attempt to modify their values. After a document has been ingested, several system fields are displayed in the metafile (Example 6-2).
Example 6-2 Metafile with all available system fields
<?xml version="1.0" encoding="UTF-8" ?> <fields> <_SYSTEM_minimumRetention_>Fri Mar 12 10:17:21 2010</_SYSTEM_minimumRetention_> <_SYSTEM_serviceClass_>IADefault</_SYSTEM_serviceClass_> <_SYSTEM_md5Checksum_>66a82015cbc5e83329acbb6869857ce8</_SYSTEM_md5Checksum_> <_SYSTEM_retained_>2010-03-10 10:17:21</_SYSTEM_retained_> <_SYSTEM_eventDuration_>900</_SYSTEM_eventDuration_> <_SYSTEM_currentHolds_>LOA</_SYSTEM_currentHolds_> </fields>
176
User fields: User fields are custom fields that you can add to the metafile schema. The values of these fields can be updated by users and archiving applications. Before adding user fields to a metafile, the user fields must first be defined in the Metafile Configuration panel of the Collection Properties in the Information Archive GUI. When you add a user field to the schema, you can specify whether the field value can be modified after it is initially set. User fields can be added to a metafile at any time (following document commit, after a non-modifiable field value is written, it cannot be updated). In the XML of the metafile, user field elements are contained within the fields element. The name of the user field element consists of the _USER_ prefix, followed by the field name, followed by an underscore. For example, for a custom metafile field with name Department, the corresponding user field element name is _USER_Department_. User field values must be specified between the element tag and its end tag (Example 6-3).
Example 6-3 Metafile with user field
<?xml version="1.0" encoding="UTF-8" ?> <fields> <_SYSTEM_minimumRetention_>Fri Mar 12 10:17:21 2010</_SYSTEM_minimumRetention_> <_SYSTEM_serviceClass_>IADefault</_SYSTEM_serviceClass_> <_SYSTEM_md5Checksum_>66a82015cbc5e83329acbb6869857ce8</_SYSTEM_md5Checksum_> <_SYSTEM_retained_>2010-03-10 10:17:21</_SYSTEM_retained_> <_USER_Department_>Human Resources</_USER_Department_> </fields> Attention: XML element attributes must not be used and will be ignored. After the user field has been added, the metafile is saved. When the metafile is viewed, the user field is displayed along with the system fields. User field values can be updated by opening the metafile on an NFS client, replacing the value, and writing the metafile. If the field is modifiable or the document has not yet been committed, the user field value is updated. Event fields: Event fields are predefined fields that can be used to trigger document actions. Events are triggered by writing a new tag in the metafile, which can be done by users and archiving applications. Several predefined events can be triggered using metafiles, including the following events: Committing a document Setting retention for a document Setting or triggering event-based expiration for a document Setting or releasing a retention hold on a document Specifying a service class for a document
After the metafile is written (see Example 6-4), the event fields are processed and the archive retention operations are performed on the document.
177
<?xml version="1.0" encoding="UTF-8" ?> <fields> <_SYSTEM_minimumRetention_>Fri Mar 12 10:17:21 2010</_SYSTEM_minimumRetention_> <_SYSTEM_serviceClass_>IADefault</_SYSTEM_serviceClass_> <_SYSTEM_md5Checksum_>66a82015cbc5e83329acbb6869857ce8</_SYSTEM_md5Checksum_> <_SYSTEM_retained_>2010-03-10 10:17:21</_SYSTEM_retained_> <_USER_Department_>Human Resources</_USER_Department_> <_EVENT_hold_>LOA</_EVENT_hold_> </fields> When the metafile is reopened for viewing, the previously written event fields are not displayed. However, the results of the operation might be reflected in one or more of the System fields (see Example 6-5).
Example 6-5 Metafile after event fields are processed
<?xml version="1.0" encoding="UTF-8" ?> <fields> <_SYSTEM_minimumRetention_>Fri Mar 12 10:17:21 2010</_SYSTEM_minimumRetention_> <_SYSTEM_serviceClass_>IADefault</_SYSTEM_serviceClass_> <_SYSTEM_md5Checksum_>66a82015cbc5e83329acbb6869857ce8</_SYSTEM_md5Checksum_> <_SYSTEM_retained_>2010-03-10 10:17:21</_SYSTEM_retained_> <_SYSTEM_currentHolds_>LOA</_SYSTEM_currentHolds_> <_USER_Department_>Human Resources</_USER_Department_> </fields> Events: When an event is triggered through a metafile, the event is processed immediately after the metafile is written. After processing, the corresponding EVENT tags or tag values are automatically removed from the metafile.
Migration environment
The migration is done by a migration manager environment, where a special version of IBM Tivoli Storage Manager server with enhanced security functions is used as the migration manager within the File Archive Collection. The storage used by this IBM Tivoli Storage Manager server is named secondary storage category in Information Archive. 178
IBM Information Archive: Architecture and Deployment
Within the primary storage category, a Tivoli Storage Manager Hierarchical Storage Manager (HSM) client is running and monitoring the file system. You can see the overall layout of the File Archive Collection in Figure 6-1 on page 168. Documents can be compressed and deduplicated when they are migrated to secondary storage to optimize the data storage capacity of the collection. Migration also optimizes the appliance performance by running the processor-intensive compression (if enabled) and deduplication procedures on older documents while new documents can be stored with less processing. With the migration of a file, a placeholder, or stub file, is created in place of the original file. The stub file is a small replacement file that makes it appear as though the original file is on the local file system. It contains required information to locate and recall a migrated file and to respond to specific operating system commands without recalling the file. For faster migration, the migration manager uses the premigration process to prepare the files for automatic migration. Premigrated files are copied from the primary storage to the secondary storage while the original files remain on the primary storage file system. Files are not migrated unless doing so saves space in the primary storage. The exact minimum file size is dependant upon the file system; however, in general, the migrated file must be larger than the replacement stub file. Important: The following types of files cannot be migrated from primary disk storage: Files with names larger than 255 bytes or path names larger than 1024 bytes Files with names that contain both single and double quotation marks These files are not compressed, deduplicated, or migrated to tape. The files are ingested and made immutable, but remain in primary disk storage for the duration of their retention periods. The high and low threshold percentages for your file system affect the migration process. A high threshold determines when migration starts. A low threshold determines when file migration stops. Specify a value of 0 through 100 percent. The default for a high threshold is 90 percent. The default for a low threshold is 80 percent. For example, if you allocate 10 GB for a file system, and you must maintain at least 1 GB of free space, set the high threshold to 90 percent. If space usage equals or exceeds 90 percent, files automatically begin migrating The migration starts with the first file that is listed in the current migration candidates list for your file system. See Creating and maintaining a File Archive Collection on page 182 for the procedure to set the migration thresholds for your File Archive Collection. File Archive Collections can also migrate documents to a tape-based storage category. In a File Archive Collection, tape is the third storage category. Tape migration is only an option if a tape library is attached and configured. The migration threshold for this category is configured using the IBM Tivoli Storage Manager server in the appliance. Tip: If you have configured an external IBM Tivoli Storage Manager server to back up documents, do not set a migration threshold so low that documents are migrated before the daily backup is run. The backup is slower when the documents have been migrated to secondary storage because each document has to be recalled before it is sent to the external Tivoli Storage Manager server.
179
Collection protection
The File Archive Collection protection is based on three types of security enhancements: Document protection Restricted host and HTTP user access Audit logs The document protection level determines whether documents can be deleted before the end of their retention period, and if retention periods can be reduced. Information Archive provides three levels of document protection with increasing levels of protection. These levels are: Basic, Intermediate, and Maximum. Basic document protection works as follows: Documents can be deleted before they expire. Retention periods can be increased and decreased. Documents with an extended retention because of a retention hold can be deleted. You can modify the document protection option to one of the other levels at any time. Intermediate document protection works as follows: Documents cannot be deleted until they expire. Retention periods can be increased and decreased. Documents with an extended retention due to a retention hold cannot be deleted. You can modify the document protection option to maximum at any time but cannot lower it to basic. The collection cannot be deleted. Maximum protection document works as follows: Documents cannot be deleted until the end of their retention period. Documents with an extended retention because of a retention hold cannot be deleted. Document retention periods can be increased, but not decreased. After it is enabled, you cannot modify the document protection option to another level. The collection cannot be deleted. Tips: Because the basic document protection permits you to delete files before they expire, this level might be the best to start with in initial setups, proof of concepts, application programming, or any other situation where the outcome is not guaranteed until testing. Before archiving production data, turn to intermediate or maximum document protection. For data retention compliance, it is better to use maximum document protection. Restricted host and HTTP user access mean, that NFS client access to the File Archive Collection is controlled by granting access to the NFS client allowed to mount the collection. You can specify whether the host is granted read-only or read-write access. HTTP access is granted on a user- or group-level basis. A user or group defined in LDAP that wants to access archived documents using HTTP must be first granted access to the collection. The access is granted through the Information Archive GUI. We show an example of the appropriate procedure in Sharing directories and granting client nodes access on page 211.
180
Each File Archive Collection maintains a set of tamper-proof audit logs, which provide an immutable and retention-protected provenance record for documents in the collection. Audit logs track document ownership and system lifecycle events including document creation and deletion, changes to retention policies, and system software upgrades. Audit logs can be downloaded directly from the administrative interface, or accessed remotely using the Network File System (NFS) protocol. Audit logs can only be downloaded by users with Information Archive auditors roles. Additionally, the collection administrator can optionally designate a user group at the time of creating a collection that will be used to manage access to the audit logs when using NFS client access.
Time settings
The Information Archive appliance requires a time server to enforce retention policies and to correctly apply time stamps for audit log events. Also, NFS relies on metadata timestamps to validate the local operating system cache. If the same directory is either NFS-exported from more than one node, or is accessed with both the NFS and GPFS mount point, it is critical that clocks on all nodes that access the file system (cluster nodes and NFS clients) be constantly synchronized using appropriate software (for example, NTP). Failure to do so might result in stale information seen on the NFS clients. The appliance includes a default time server, which runs on the Management Console server. During manufacturing, the system time is set and the appliance components are synchronized with the default time server. The TCP/IP address of the default time server is 172.31.3.2. You must also synchronize the archiving application with the internal NTP server. For the highest level of system clock protection, use the default time server for the appliance itself as well as any clients that connect to it. As an alternative, you can specify an external time server for the appliance. If you choose this option, consider using the same time server for any clients that connect to the appliance. Important: If you use an external time server, the appliance ignores any time change greater than 16 minutes. Make sure that the clocks of all cluster nodes are synchronized. If this is not the case, NFS access to the data, as well as other GPFS operations, might be disrupted. If a cluster node server that is used to access a collection meta directory is restarted or fails over to another cluster node, the collection file system must be remounted on the NFS client to continue accessing the meta directory. Until the file system is remounted, the NFS client will receive a stale NFS file handle error when trying to access the meta directory.
181
Tip: Make sure, that you recognize restarts and fail over situations within the cluster node environment, so that you can remount the NFS file system. Obviously, that is not applicable in a single node environment.
182
If you have already created other collections in your system, they are displayed in this Collection Overview panel. After we create our new collection, it will also show up here. If there is no disk subsystem still available, the creation of a new collection is not possible. The wizard reports an error and rejects the creation (see Figure 6-9).
183
4. On the Welcome page, which is displayed if the creation of a new collection is possible, read the additional information about collections. Use the Online Help if you need further assistance. Click Next to proceed. 5. On the General page (Figure 6-10), select Create a File Archive Collection (radio button) and provide a collection name. Collection names can contain a maximum of 30 characters (only characters 'A-Z', 'a-z', '0-9' and '-' are allowed), and each collection must have a unique name. You can also fill in a description for the collection. It is optional, but good practice to complete the description field.
In our example, we use the collection name NFS1, because this is our first File Archive Collection and it is based on the Network File System (NFS) protocol. 6. If the Disk Storage Subsystem page is shown, select the disk system where you want the File Archive Collection to reside. Keep in mind that there might be differences in the capacities of your available disk storage subsystems. Hence, choose the one that is most appropriate for your NFS collection. If the Disk Storage Subsystem page is not shown, it means that there is only one disk storage subsystem still available and it is automatically chosen by the Create Collection Wizard.
184
7. On the Document Protection page (Figure 6-11), select the appropriate level of protection from Basic, Intermediate, and Maximum and proceed with Next.
Because we can increase the level of protection from Basic to Maximum, but cannot decrease the level, we start with the most convenient level and that is Basic. Only use this level, if your legal or regulatory compliance requirements do allow it. Use Intermediate or Maximum with production data only. Click Next to proceed.
185
8. On the Document Retention page (Figure 6-12), choose between the chronological retention and event-based retention. This page allows the creation of retention rules. The settings specified here apply to the default service class IADefault and are valid for all documents in this service class. You can create more service classes (desirable) and other document retention settings later.
In our example (see Figure 6-12), we choose the chronological retention and we provide a very short time as retention period (2 days). We choose this retention time because we want to test some features in the File Archive Collection and do not want to wait too long for results. Tip: In real production environments, it is best not to use such short retention settings. Also, the use of additional service classes and document rules is highly preferred. Click Next to proceed. 9. On the Document Actions page (Figure 6-13),select one of two methods for committing documents into the File Archive Collection. Choose the automatic commitment or deny the automatic commitment. Also, decide whether automatic expiration needs to be provided. In our illustration, we configure the automatic commitment of documents after 5 minutes idle time. If using an archive application that provides the functionality to commit documents, the application can do so within that 5 minutes period. If the application does not have a commit function, Information Archive will automatically commit the file after 5 minutes. We do not select the automatic deletion of expired documents. With that setting, archiving applications with the functionality of deletion can find their documents and do not run into problems with non-existing documents. Attention: If you do not use the automatic deletion feature, you must take care of space allocation and maintenance of the allocated file system. That can be done outside of Information Archive, that is, by the archiving application or any file system analysis software.
186
Click Next to proceed. 10.On the Disk Migration page (Figure 6-14), set parameters for the document migration in your system. Also, choose if you want your documents to be compressed or deduplicated, or both after a migration.
187
11.On the Audit Logs page (Figure 6-15), choose the retention time for audit logs. To be able to remotely access the audit logs, you need to provide a LDAP user group or groups in the appropriate field.
To enable remote access to audit logs, you must specify an LDAP user group that can access them when using the Create Collection Wizard. User groups: You cannot add a user group or specify another one after the collection is created. We chose an audit log retention time that is equal to our document retention setting. Therefore, we can use the audit log for analysis during the entire document retention. Click Next. 12.For the root directory of the File Archive Collection, specify the ownership and internal access permissions. The root directory is the directory, where the collection data and meta data are stored - do not confuse this directory with the root directory of the operating system. The data directory and meta data directory are mounted later from any host that is granted access. In Figure 6-16 you see an example, where we grant access to the root directory of the File Archive Collection. The user with the User Identification Number (UID) 1023 and the Group Identification Number (GID) 10002 are defined as owner.
188
The directory permissions are also configured here. You can set read and write permission as well as execution permissions. In our example, we allow all possible commands for the user itself, whereas the group and therefore any user belonging to the same group of the directory owner, can read and write. All other users can only read in the root directory of the File Archive Collection. They cannot write or execute any file or program in this directory. If you are used to a UNIX-based or Linux file system, you can compare this configuration step with the setup of the ordinary UNIX and Linux file system permissions.
Click Next. 13.In the next panel, configure the external access to the root directory of the File Archive Collection (Figure 6-17). Depending on the appliance properties, you see various fields that can be used to grant directory access to users, groups, and host systems. User name - for HTTP (this field is only shown if LDAP support is enabled for the appliance) Use this option to grant a user read-only access to the directory. The user can access the directory using a web browser. Users: To add a user, the user name must already be defined on the external LDAP server that is used by the appliance. Group name - for HTTP (this field is only shown if LDAP support is enabled for the appliance) Use this option to grant the members of a user group read-only access to the directory. The users can access the directory using a web browser. User groups: To add a user group, the group name must already be defined on the external LDAP server that is used by the appliance. You must configure and manage group membership using the LDAP server.
189
Host - for Network File System (NFS) Use this option to allow the directory to be mounted on a host system that is running an NFS client. To specify multiple hosts, you can substitute parts of a host name with the asterisk or question mark wildcard characters (* or ?). For example, *.cs.foo.edu includes all of the hosts in the cs.foo.edu domain and any subdomains. As an alternative, you can specify a TCP/IP address and netmask pair. The netmask can be specified in dotted-decimal format, or as a contiguous mask length (for example, you can specify a range of 1024 TCP/IP addresses by appending either /255.255.252.0 or /22 to the network base address).
Host access level: Read and write - users are allowed to copy new files into the directory, modify or delete uncommitted documents, modify metafiles, and delete expired documents. Read-only - users are only allowed to read committed documents.
Furthermore, you can add, modify, of delete access to the File Archive Collections at any time after the initial setup. Hence, the configuration at this time does not need to include all users or systems. 14.On the Summary page (Figure 6-18), read through the given information and write down the important values like the name, TCP/IP address, and HTTP address of the collection.
190
Observe the fact that the collection can never be deleted after its creation and that Enhanced Tamper Protection is not enabled automatically. Not enabling Enhanced Tamper Protection is helpful in an initial set up, because without Enhanced Tamper Protection you can analyze and reconfigure more items in the system. For a production environment, and that is even more true for a compliance environment, it is advised to turn the Enhanced Tamper Protection on. Verify your settings and when OK, press Finish to start the actual configuration of the File Archive Collection. 15.Observe the progress on the panel (Figure 6-19) as the Create Collection Wizard starts creating the File Archive Collection.
Wait until the Create Collection Wizard signals the end of the process. The wizard will indicate if any error occurs. When finished, the Create Collection Wizard returns you automatically to the collection overview page. Short after the creation of a File Archive Collection, the internal IBM Tivoli Storage Manager server is restarted and that is visible for a short moment on the overview page (Figure 6-20).
Chapter 6. File Archive Collections
191
Figure 6-20 Collection Overview - IBM Tivoli Storage Manager server warning message
At the very end, all error messages must disappear and the statistics overview panel is displayed (see Figure 6-21).
Only proceed to the next step, that is, the administration of the File Archive Collection, if no errors were reported during the creation process.
Document rules cannot be associated with the default service class because again it is used to retain documents for which no other retention period is specified. Therefore, the default service class does not have any document rule. To retain documents with settings other than in the default service class, or to use document rules, you must create your own service class and at least one document rule. We show the appropriate procedure in Creating a service class and a document rule on page 204.
IBM Tivoli Storage Manager database, database logs, and database backups
Figure 6-22 illustrates results from Tivoli Storage Manager queries (query db, query dbspace) that show the preconfigured Tivoli Storage Manager database characteristics for File Archive Collections: Database Name: Total Size of File System (MB): Space Used by Database(MB): Free Space Available (MB): Full Device Class Name: Last Complete Backup Date/Time: Location: Total Size of File System (MB): Space Used on File System (MB): Free Space Available (MB): TSMDB1 4,718,592 448 4,632,583 FILECLASS /tiam/NFS1/tsm/db 4,718,592.00 85,945.00 4,632,583.00
The IBM Tivoli Storage Manager server can use all the space that is available on the drives or file systems where the database directories are located. In Figure 6-22, the database finds 4.5 GB (4,718,592 MB) on the disk storage subsystem named iastorage2, that is where we created our File Archive Collection. The disk storage subsystem iastorage2 has 4.95 TB overall (see Figure 6-23). At the time of writing (with IBM Tivoli Storage Manager V6.1), the maximum supported size of the IBM Tivoli Storage Manager database is 1 TB.
193
Figure 6-23 Disk storage subsystem capacity for File Archive Collection
Figure 6-24 shows results from an IBM Tivoli Storage Manager query (query log f=d) for the preconfigured log files of the IBM Tivoli Storage Manager database log files:
tsm: NFS1>q log f=d
Total Used Free Active Log Space(MB) Space(MB) Space(MB) Directory --------- --------- --------- --------------40,960 0.84 40,799.16 /tiam/NFS1/tsm/activelog Mirror Log Directory --------------/tiam/NFS1/tsm/mirrorlog Archive Failover Log Directory ---------------Archive Log Directory --------------/tiam/NFS1/tsm/archlog
Figure 6-24 Preconfigured IBM Tivoli Storage Manager database log files
These outputs depend on the physical configuration of the Information Archive appliance and your input during the Create Collection Wizard process. For example, the location of the IBM Tivoli Storage Manager database depends on the name chosen for the File Archive Collection. If there are multiple File Archive Collections, obviously there are unique collection names. Also, if you choose a storage subsystem with another size, the information will differ from our example. By default, full database backups scheduled with File Archive Collections and the appropriate IBM Tivoli Storage Manager server. The database backups can be seen with the IBM Tivoli Storage Manager command query volhist t=dbb. Example 6-6 shows one IBM Tivoli Storage Manager database backup consisting of two backup files.
Example 6-6 IBM Tivoli Storage Manager query volhist t=dbb (excerpt)
tsm: NFS1>query volhist t=dbb Date/Time: Volume Type: Backup Series: Backup Operation: Volume Seq: Device Class: Volume Name: Volume Location: Command: Database Backup ID High: Database Backup ID LOW: Database Backup Home Position: Database Backup HLA: Database Backup LLA: Database Backup Total Data Bytes (MB) : Database Backup total Log Bytes (MB) : Database Backup Block Num High: Database Backup Block Num Low: 03/07/10 06:00:15 BACKUPFULL 2 0 1 FILECLASS /tiam/NFS1/tsm/fileclass/67941616.DBV
194
Date/Time: Volume Type: Backup Series: Backup Operation: Volume Seq: Device Class: Volume Name: Volume Location: Command: Database Backup ID High: Database Backup ID LOW: Database Backup Home Position: Database Backup HLA: Database Backup LLA: Database Backup Total Data Bytes (MB) : Database Backup total Log Bytes (MB) : Database Backup Block Num High: Database Backup Block Num Low:
When you use the IBM Tivoli Storage Manager command select * from backups, you also see the IBM Tivoli Storage Manager database backups, as if they were backed up by a backup-archive client (see Example 6-7, where we show the same backup files as in Example 6-6). Because there is a special nodename $$_TSMDBMGR_$$ used for the backup of IBM Tivoli Storage Manager V6 databases, you cannot see the name in the output of the select statement.
Example 6-7 IBM Tivoli Storage Manager database backups within backup copy group (excerpt) tsm: NFS1>select * from backups NODE_NAME: FILESPACE_NAME: FILESPACE_ID: STATE: TYPE: HL_NAME: LL_NAME: OBJECT_ID: BACKUP_DATE: DEACTIVATE_DATE: OWNER: CLASS_NAME:
/TSMDB1 888 ACTIVE_VERSION FILE /NODE0000/ FULL_BACKUP.20100307060015.1 1029 2010-03-07 06:00:16.000000 u2 DEFAULT
NODE_NAME: FILESPACE_NAME: /TSMDB1 FILESPACE_ID: 888 STATE: ACTIVE_VERSION TYPE: FILE HL_NAME: /NODE0000/ LL_NAME: FULL_BACKUP.20100307060015.2 OBJECT_ID: 1030 BACKUP_DATE: 2010-03-07 06:00:41.000000 DEACTIVATE_DATE: OWNER: u2 CLASS_NAME: DEFAULT
195
Tip: IBM Tivoli Storage Manager database backups are managed in backup tables in the IBM Tivoli Storage Manager database. That is the only data in Information Archive that is managed in backup tables. You do not see any space managed data or archived data with the select * from backups command.
196
Another script named ia_tsm_daily_maint.script is invoked during the initial configuration of the IBM Tivoli Storage Manager server environment (Figure 6-26). backup delete delete delete delete backup backup db type=full devclass=fileclass wait=yes volhistory todate=today-3 type=dbb volhistory todate=today-30 type=stgnew volhistory todate=today-30 type=stgreuse volhistory todate=today-30 type=stgdelete volhistory devconfig
The environment created through the scripts, as such, is ready for use by the File Archive Collection. If the predefined settings for the default policy domain are also inline with your requirements, you can start using Information Archive immediately after mounting NFS shares. Otherwise there are two other options before you proceed: Update or enhance the predefined configuration with appropriate File Archive Collection commands. See File Archive Collection administration on page 204 for the appropriate procedures. Grant access to the NFS collection and archive and retrieve documents.
-----DRIVE
197
The FILEPOOL uses the device class type FILE with the device class FILECLASS, and the volumes are created during write processes (for file archive pools, that is, space management). Each volume is preconfigured in the device class to be 2.0 GB of size maximum (Est/Max Capacity). When the volume is written the first time, space in the maximum capacity is allocated on the disk storage subsystem. In the case of the Information Archive Tivoli Storage Manager server, there is already data archived during the initial setup. (See Example 6-9 for an illustration of automatically space managed data.) To check the storage pool, issue the commands query stg and query vol in IBM Tivoli Storage Manager. To make process this more transparent, we show an example of a typical output from the query volume command in Example 6-8 after the first objects were archived in the collection.
Example 6-8 Output of query vol (excerpt) Volume Name -----------------------/tiam/NFS1/tsm/fileclass/00000002.BFS Storage Pool Name ----------FILEPOOL Device Class Name ---------FILECLASS Estimated Capacity --------2.0 G Pct Util ----0.0 Volume Status -------Filling
Use the Tivoli Storage Manager command query content to see the files that are already in your environment. Example 6-9 shows an example of space managed Information Archive audit log directories, that are automatically stored within one storage pool volume.
Example 6-9 Automatically space managed data (excerpt)
tsm: NFS1>q content /tiam/NFS1/tsm/fileclass/00000002.BFS Node Name ----------IA_RESERVED IA_RESERVED IA_RESERVED Type ---SpMg SpMg SpMg Filespace Name ---------/tiam/NFS1 /tiam/NFS1 /tiam/NFS1 FSID ----1 1 1 Client's Name for File ---------------------/audit/2010/2010-03-05 /audit/2010/2010-03-06 /audit/2010/2010-03-07
In larger environments, it is more convenient to use an SQL select statement to query the contents of the IBM Tivoli Storage Manager environment. Use the Tivoli Storage Manager command select * from spacemgfiles and appropriate SQL options to query your system (see Example 6-10).
Example 6-10 IBM Tivoli Storage Manager data within space management
tsm: NFS1>select * from spacemgfiles NODE_NAME: FILESPACE_NAME: STATE: EXTOBJID: OBJECT_ID: FILE_NAME: INSERT_DATE: DELETE_DATE: CLASS_NAME: IA_RESERVED /tiam/NFS1 ACTIVE_VERSION 0101020C000000001FAC03010406206E0095EA7062571D35410E05E7 1025 /audit/2010/2010-03-05 2010-03-06 00:01:48.000000 DEFAULT
198
The IBM Tivoli Storage Manager server of a File Archive Collection does not manage any archiving data (Example 6-11). The data that you archive within the File Archive Collection through the NFS share is stored within the IBM Tivoli Storage Manager server as space managed data, but not as archived data. You can verify this with the IBM Tivoli Storage Manager select * from archives command.
Example 6-11 IBM Tivoli Storage Manager data within archive copy group
tsm: NFS1>select * from archives ANR2034E SELECT: No match found using this criteria. ANS8001I Return code 11.
db type=full devclass=fileclass wait=yes volhistory todate=today-3 type=dbb volhistory todate=today-30 type=stgnew volhistory todate=today-30 type=stgreuse volhistory todate=today-30 type=stgdelete volhistory devconfig
The first command (Line Number: 1) produces a full database backup of the IBM Tivoli Storage Manager database using the device class FILECLASS. The resulting backup volumes are created in the /tiam/<file_archive_collection_name>/tsm/fileclass/ directory. Example 6-6 on page 194 shows the output of a query volhist t=dbb command. Use this command to verify how many and what backup volumes are created by this or other database backup commands. The next four commands in the script DAILY_MAINT (Line Number: 6, 11, 16, 21) clean the volume history file. The volume history file stores information about all volumes that IBM Tivoli Storage Manager uses, that is database backups (dbb) and storage pool volumes (stg). The volume history keeps 3 versions of database backups and it tracks all storage pool volume actions like the creation, reuse, and deletion of volumes over the last 30 days (Example 6-12). Depending on the retention policies there are new storage volumes created over the time, but also expired volumes are deleted. You will need that information when you plan restores of your data.
199
Tip: The predefined schedule deletes old IBM Tivoli Storage Manager database backups and keeps three versions of database backups on hard disk. If this setting does not fit your requirements, reconfigure the schedule and the maintenance scripts, respectively.
Example 6-12 Output of query volhist (excerpt)
Date/Time: Volume Type: Backup Series: Backup Operation: Volume Seq: Device Class: Volume Name:
FILECLASS /tiam/NFS1/tsm/fileclass/0000010A.BFS
The script DAILY_MAINT (Line Number: 26) dumps the volume history file as a backup copy to a specified directory. The IBM Tivoli Storage Manager command is backup volhistory and the backup is written to the /tiam/<file_archive_collection_name>/tsm/volumehistory file. With the last command in the DAILY_MAINT script (Line Number: 31), the device configuration is dumped out of the database into a plain file. The IBM Tivoli Storage Manager command is backup devconfig and the backup is written to the /tiam/<file_archive_collection_name>/tsm/devconfig file. Tip: The preconfigured administrative schedule and the administrative script provide appropriate protection for the IBM Tivoli Storage Manager environment. However, they can be customized to better fit your requirements. For example, if the full database backup at 6:00 interferes with a heavy archiving workload, the start time can be modified to another time that fits better into the workload profile. Note that you can also use additional commands within the script to generate more workload. The specific numbering of the used lines even let space for inserting commands between already delivered ones. When a specific schedule runs, the scheduled action is represented by an event. Hence, every schedule produces every day its own event. You can check out those administrative events with the IBM Tivoli Storage Manager command q event t=a * to see the most currents events or q event t=a begind=+1 to see forthcoming events. The latter command is useful, if you create new schedules and you want to check when they are running next time. In Example 6-13, we show the specific event that is result of the predefined administrative schedule DAILY_MAINT. You can see the planned start time compared to the actual start and the status.
Example 6-13 Output of query event * t=a
tsm: NFS1>q event * t=a Scheduled Start -------------------03/06/2010 06:00:00 Actual Start -------------------03/06/2010 06:00:32 Schedule Name ------------DAILY_MAINT Status --------Completed
200
Installed default policy set: There is one default policy set STANDARD predefined within the policy domain STANDARD. Figure 6-30 shows the active policy set in the STANDARD domain. tsm: NFS1>q policyset standard active f=d Policy Domain Name: Policy Set Name: Default Mgmt Class Name: Description: Last Update by (administrator): Last Update Date/Time: Managing profile: Changes Pending: STANDARD ACTIVE STANDARD Installed default policy set. SERVER_CONSOLE 03/05/2010 09:33:32 No
Figure 6-30 Default settings for the active policy set STANDARD
201
Preconfigured management classes and default management classes: The management class STANDARD is the only management class predefined (Figure 6-31). Because this is the only management class in the policy domain, it is also the default management class. The management class STANDARD is configured for hierarchical storage management, also known as space management.
tsm: NFS1>q mgmt f=d Policy Domain Name: Policy Set Name: Mgmt Class Name: Default Mgmt Class ?: Description: Space Management Technique: Auto-Migrate on Non-Use: Migration Requires Backup?: Migration Destination: Last Update by (administrator): Last Update Date/Time: Managing profile: Changes Pending: STANDARD ACTIVE STANDARD Yes Installed default management class. Selective 0 No FILEPOOL SERVER_CONSOLE 03/05/2010 09:36:04 No
You can back up and migrate your files to the same IBM Tivoli Storage Manager server or to other IBM Tivoli Storage Manager servers. If you back up and migrate files to the same server, the HSM client can verify that current backup versions of your files exist before you migrate them. If you back up files to one server and migrate them to another server, the HSM client cannot verify that current backup versions of your files exist before it migrates them. Any management class that you assign to files must specify that current backup versions are not required prior to migration. Otherwise, you cannot migrate your files. Tip: If you set the attribute Migration Requires Backup? (migrequiresbkup) to Yes in the management class that you assigned to a file, Tivoli Storage Manager checks for a current backup version of the file on your migration server only. The migration server is the Information Archive IBM Tivoli Storage Manager server. If a current backup version does not exist on your migration server, the file is not migrated, even if a current backup version exists on another server.
202
Preconfigured copy groups: There are two IBM Tivoli Storage Manager copy groups predefined, one backup copy group (Figure 6-32) and one archive copy group (Figure 6-33). Both copy groups are named STANDARD, you can differentiate them by their copy group type only.
tsm: NFS1>q co t=b f=d Policy Domain Name: Policy Set Name: Mgmt Class Name: Copy Group Name: Copy Group Type: Versions Data Exists: Versions Data Deleted: Retain Extra Versions: Retain Only Version: Copy Mode: Copy Serialization: Copy Frequency: Copy Destination: Table of Contents (TOC) Destination: Last Update by (administrator): Last Update Date/Time: Managing profile: Changes Pending: STANDARD ACTIVE STANDARD STANDARD Backup 2 1 30 60 Modified Shared Static 0 FILEPOOL SERVER_CONSOLE 03/05/2010 09:36:04 No
tsm: NFS1>q co t=a f=d Policy Domain Name: Policy Set Name: Mgmt Class Name: Copy Group Name: Copy Group Type: Retain Version: Retention Initiation: Retain Minimum Days: Copy Serialization: Copy Frequency: Copy Mode: Copy Destination: Last Update by (administrator): Last Update Date/Time: Managing profile: Changes Pending: STANDARD ACTIVE STANDARD STANDARD Archive 365 Creation Shared Static CMD Absolute FILEPOOL SERVER_CONSOLE 03/05/2010 09:36:04 No
The archive copy group of any File Archive Collection is not intended to be used. Preconfigured IBM Tivoli Storage Manager client nodes: There is only one client node preconfigured (Figure 6-34). The node IA_RESERVED is for the purpose of generating the data, as previously mentioned, to protect the IBM Tivoli Storage Manager server from being disabled for retention protection. Furthermore, the client node IA_RESERVED is used for space management processes. This registered node is not intended to be used by the customer.
203
tsm: NFS1>q node Node Name Platform Policy Domain Name -------------IA_RESERVED Days Since Last Access ---------<1 Days Since Password Set ---------<1 Locked?
------------------------IA_RESERVED
-------Linux86
------No
Preconfigured file expiration: File expiration is automatically processed every 24 hours by default. You can see that with the IBM Tivoli Storage Manager command query option expinterval. The 24 hour interval starts with the start of the Information Archive Tivoli Storage Manager server, so the actual start time in your environment can vary. Automatic expiration can be reconfigured, whenever you need more static starting times or if you recognize impact on your running environment that is caused by the expiration process. For example, if you have billions of files and the expiration process takes very long, you might want to run the process in small portions or other more detailed configurations. Tip: See the IBM Tivoli Storage Manager documentation to reconfigure the expiration process, if applicable. Keep in mind that the expiration process is directly related to the overall retention of your data.
204
5. In the right pane of the Document Retention tab, for Service Classes, select the action Create Service Class from the scroll down menu (Figure 6-35).
Figure 6-35 Collection Properties - Document Retention - Service Classes - Create Service Class
6. In the Create Service Class window that is displayed, you must specify a name for the service class and a retention policy for the documents (Figure 6-36). Then click OK.
7. In the Collection Properties window, choose if you want to apply the settings to all documents, including those previously committed, by checking the appropriate box at the top of the window (Figure 6-37). By default, policy changes only apply to documents that have not yet been ingested. To save the newly created service class, click Apply or click OK.
205
Figure 6-37 Collection Properties - Document Retention - Save Service Class Settings
After you click Apply (if you want to create another service class) or OK (if you are done with creating service classes), the File Archive Collections is being updated and you can see the progress on the panel (Figure 6-38).
Figure 6-39 Collection Properties - Document Retention - Document Rules - Create Rule
206
6. On the Create Document Rule window (Figure 6-40), create the rule, specifying the service class that you created under Creating a service class on page 204. You can create one or more criteria within the document rule, to indicate which files the rule will apply to when the files are ingested. Here we illustrate two criteria.
7. In the scroll down menu of the Document Rule notepad (Figure 6-41), prioritize the newly created document rule with the Reorder Rules action This step is optional. Rules: Rules are applied to newly ingested documents in the order shown in the Document Rules table. A document is not tested against the newly created document rule if that document matches the conditions of a rule that has a higher priority.
In our example, we have document rules with unique criteria for the identification of files (in other words, we do not have more that any one rule that can apply to a given file).
Chapter 6. File Archive Collections
207
If you have various document rules and more than one rule can be true for a given file, then the order of the rules is extremely important. The order of the document rules can be changed by highlighting the appropriate rule and the usage of the arrow keys to shift the rule up or down in the order (Figure 6-42).
8. In the Collection Properties window (Figure 6-43), choose if you want to apply the settings to all documents, including those previously committed, by checking the appropriate box in the top of the window. By default, policy changes only apply to documents that have not yet been ingested.
Figure 6-43 Collection Properties - Document Retention - Save Document Rule Settings
Save the newly created document rules with the Apply button or click OK.
208
After you click Apply (if you want to create another document rule) or OK (if you want to finish your work in this area), the File Archive Collection is being updated and you can see the progress on the panel (Figure 6-44).
Figure 6-45 Collection Properties - Metafile Configuration - Select Action - Create Field
6. In the Create Metafile Field window (Figure 6-46), complete the form and click OK (if you are only adding one field) or Add Another (if you need to add more metafile fields).
209
After clicking OK, the newly created metafile fields are shown with the status of Pending in the Collection Properties window (Figure 6-47).
Figure 6-47 Pending changes from the creation of new metafile fields (excerpt)
7. In the Collection Properties notebook, click OK or Apply to commit any changes. The metafile configuration is updated and the update progress is shown (Figure 6-48).
The Field Status of the newly created metafile fields is changed to Created, which indicates that the fields were successfully added. The new fields are then shown in alphabetical order in line with the already existing metafile fields (see Figure 6-49).
Figure 6-49 Finished changes from the creation of new metafile fields (excerpt)
210
211
6. If you chose Create Directory in the previous dialog, in the Create Directory window, fill out the fields for the directory name, user identification number, and group identification number. Select appropriate directory permissions and proceed with the settings of remote access (see Figure 6-51). You can repeat this action several times to allow remote access for various host systems.
7. If you chose Share Unlisted Directory in the previous dialog, in the Share Unlisted Directory window, fill in the name of an already existing directory into the directory name field (see Figure 6-52) and click Import Directory Information.
212
a. If the directory name is valid and the Information Archive appliance can read the content and user rights, the appropriate fields for the user identification number (UID) and group identification number (GID) are filled out automatically. That is a good indication to proceed with the next step. b. If the directory name is not valid, the Information Archive appliance issues an error message. In this case, check that the directory name is correct. Do not proceed before the fields for the user identification number (UID) and group identification number (GID) are filled out automatically by the Information Archive appliance. c. The next step is to validate the UID and GID, because the Information Archive appliance might find some values, but they do not need to be correct in any case. If applicable, correct the predefined input and proceed with the next step, that is, to configure the necessary directory permissions. d. Finally, you configure the remote access for a host by selecting the action of grant access (see Figure 6-53). You can repeat this step several times to allow remote access for various host systems.
213
8. In the Grant Access window (Figure 6-54), configure the host system that is allowed to access the directory and decide on an access method for read and write actions. When finished, click OK to close the window.
9. Back in the Create Directory window or the Share Unlisted Directory window, check that every host that needs to have access is shown in the appropriate table and click OK to proceed (Figure 6-55).
10.Back in the Collection Properties window (Figure 6-56), check the overall settings of the newly created environment.
214
Click OK or Apply in the Collection Properties notebook to commit any changes. An update progress is displayed as shown in Figure 6-57.
Figure 6-57 Progress of the update of the document collection after granting access
Viewing the mount information and HTTP access for a File Archive Collection
This task requires an administrative user role of Archive Administrator. Log on to the administrative interface and complete the following steps: 1. Expand Information Archive Management in the navigation tree. 2. Click Collections. 3. Click Properties in the applicable collection. 4. Click the General tab in the Collection Properties notebook. 5. View the collection address for each connection type (NFS, HTTP) in the Access information field (see Figure 6-58).
Figure 6-58 Collection Properties - General - Access information for root directories
For all other directories, that is, for directories that are no root directories, you can find the access information with the following procedure: Log on to the administrative interface and complete the following steps: 1. Expand Information Archive Management in the navigation tree. 2. Click Collections. 3. Click Properties in the applicable collection. 4. Click the Directory Sharing tab in the Collection Properties notebook. 5. View the collection address for each directory and subdirectory (see Figure 6-59), when you click the appropriate highlighted path name in the Directory Sharing windows.
215
nunnemk@LDAP1:~> ping 9.153.1.49 PING 9.153.1.49 (9.153.1.49) 56(84) bytes of data. 64 bytes from 9.153.1.49: icmp_seq=1 ttl=64 time=0.136 ms 64 bytes from 9.153.1.49: icmp_seq=2 ttl=64 time=0.104 ms
216
Create a local mount point on your workstation to mount the remote NFS file system from Information Archive. On a UNIX and Linux workstation, for example, you can use the mkdir command to create appropriate directories. Also, you can change the access rights of those directories with the chmod command. In Example 6-15, we first want to see what the current directory is, therefore we use the Linux command pwd on our system. In the example, our home directory /home/nunnemk and the subdirectory data are taken as mount point in the next step.
Example 6-15 Output of print working directory (pwd) and list (ls) command on Linux workstation
nunnemk@LDAP1:~> pwd /home/nunnemk nunnemk@LDAP1:~> ls -la total 120 drwxr-xr-x 9 nunnemk users drwxr-xr-x 19 root root drwxr-xr-x 2 nunnemk users drwx------ 5 nunnemk root
. .. data meta
3. Mount the remote NFS file system from Information Archive over the local mount point. In Example 6-16 we mount the NFS file system over the formerly defined local file system. Because this is only possible with root access on our Linux system, we run the command sudo in front of our mount command. During the command processing we have to provide the local root password.
Example 6-16 Mount command on local Linux workstation to mount NFS share
nunnemk@LDAP1:~> sudo mount -t nfs 9.153.1.49:/tiam/NFS1/data /home/nunnemk/data root's password: 4. Create a local mount point on your workstation where to mount the remote metafile share from Information Archive. This is the same procedure used before for the NFS share. In Example 6-17, our home directory /home/nunnemk and the subdirectory meta are taken as mount point in the next step.
Example 6-17 Output of print working directory (pwd) and list (ls) command on Linux workstation
nunnemk@LDAP1:~> ls -la total 120 drwxr-xr-x 9 nunnemk users drwxr-xr-x 19 root root drwxr-xr-x 2 nunnemk users drwx------ 5 nunnemk root
. .. data meta
5. Mount the metafile share on the local workstation. In Example 6-18 we mount the remote Information Archive metafile share (/meta/tiam/NFS1/meta) by NFS protocol over our local mount point (/home/nunnemk/meta) so that we can access and use the metafiles from our workstation.
Example 6-18 Mount command on local Linux workstation to mount metafile share nunnemk@LDAP1:~> sudo mount -t nfs 9.153.1.49:/meta/tiam/NFS1/meta /home/nunnemk/meta root's password:
217
We validate the actual mount points on our local workstation (Example 6-19), and we see the data share and the metafile share mounted on our local home directory.
Example 6-19 Validate mount of data share and metafile share on local Linux workstation nunnemk@LDAP1:~> mount 9.153.1.49:/tiam/NFS1/data on /home/nunnemk/data type nfs (rw,addr=9.153.1.49) 9.153.1.49:/meta/tiam/NFS1/meta on /home/nunnemk/meta type nfs (rw,addr=9.153.1.49)
6. Create subdirectories, if necessary, within the mounted NFS file system of the File Archive Collections. Also, set the correct user rights and access rights for the file system or the creation of a file in the operating system. Use the regular operating system commands for this task, that is, use the mkdir command and the chmod command on UNIX and Linux workstations. See Example 6-20, where two subdirectories are created for use by the File Archive Collection owner only (rwxr-xr-x).
Example 6-20 Subdirectories in the NFS share
nunnemk@LDAP1:~/data> /home/nunnemk/data nunnemk@LDAP1:~/data> total 36 drwx------ 5 nunnemk drwxrwxrwx 10 nunnemk drwxr-xr-x 2 nunnemk drwxr-xr-x 2 nunnemk
pwd ls -la root users users users 8192 4096 8192 8192 2010-03-12 2010-03-23 2010-03-10 2010-03-22 13:53 13:43 11:02 19:28 . .. directory1 directory2
Directories: The creation of directories and subdirectories as shown here, outside of Information Archive, is fully supported and functional. You can import the appropriate information of such created directories later using the Directory Sharing panels in IA, so that you can manage future access and permissions within IA. You might want to consider this step right after the manual creation (see step 5 on page 211 for details).
6.4.5 Using the data share and the metafile share of a File Archive Collection
In this section we illustrate procedures that you can use to validate that the data share and the metafile share are successfully mounted and ready to use.
218
When copying the three files into the NFS share (/home/nunnemk/data/directory2), Information Archive creates automatically three metafiles, one for each of the files. Shortly after the creation, the metafiles are not filled with any information but that coming directly from the XML template (it is normal if you see an empty XML file). We use a HTTP web browser to analyze the creation and the content of the metafiles (see Figure 6-60).
Figure 6-60 Metafile short after archiving process and before auto commit or manual commit
After the files are committed, the metafile is filled with the appropriate information. In our configuration, the commitment takes place automatically after the file was idle for five minutes. In your environment, depending on your overall setting within the Document Actions, you might need to commit the files manually (see Archive process with File Archive Collections (NFS) on page 169). All system fields in the metafile are populated with the corresponding information as can be seen in Figure 6-61. Again, we use our HTTP web browser to access the metafile.
Figure 6-61 Metafile 1 after archiving process and after auto commit or manual commit
We also check the correct application of the retention policies by looking at the metafiles. Our retention policies (see Creating a service class and a document rule on page 204) specify to keep plain text files for one year and rich text files for three years. That is validated by Information Archive when committing the files, and the correct retention periods and service classes are represented in the metafile.
219
See Figure 6-62 for a metafile that represents the three year retention period within our service class SC_3Y_CR.
Figure 6-62 Metafile 2 after archiving process and after auto commit or manual commit
2. We validate the write process in the NFS file system with the Linux command ls (Example 6-22).
Example 6-22 List documents in NFS file system
nunnemk@LDAP1:/tmp> cd /home/nunnemk/data/directory2 nunnemk@LDAP1:~/data/directory2> ls -la total 192 drwxr-xr-x 2 nunnemk users 8192 2010-03-22 17:28 . drwx------ 5 nunnemk root 8192 2010-03-12 13:53 .. -r--r--r-- 1 nunnemk users 63801 2010-03-22 17:28 UPDATE-NOTES.en.html -r--r--r-- 1 nunnemk users 61413 2010-03-22 17:28 UPDATE-NOTES.en.rtf -r--r--r-- 1 nunnemk users 46674 2010-03-22 17:28 UPDATE-NOTES.en.txt 3. We log on to Information Archive and validate the write process in the Information Archive Tivoli Storage Manager server of this File Archive Collection. To validate the existence of the files in Information Archive, we first analyze the available storage pool volumes with the IBM Tivoli Storage Manager query volume command. In Example 6-23, we see one storage pool volume, so our files must reside on that volume. If you have more than one volume, the newest volume must contain the newest data. That is not always the case, but it is a good starting point to check for the existence of your files. Example 6-23 Query volume on IBM Tivoli Storage Manager server
tsm: NFS1>q vol Volume Name Storage Pool Name ------------------------ ----------/tiam/NFS1/tsm/fileclas- FILEPOOL s/00000002.BFS Device Class Name ---------FILECLASS Estimated Capacity --------2.0 G Pct Util ----0.1 Volume Status -------Filling
220
The next step is to query the content of the formerly identified storage pool volume. In Example 6-24 we use the IBM Tivoli Storage Manager query content command for that.
Example 6-24 Query content on the IBM Tivoli Storage Manager server (excerpt) tsm: NFS1>q content /tiam/NFS1/tsm/fileclass/00000002.BFS Node Name --------------IA_RESERVED IA_RESERVED IA_RESERVED IA_RESERVED IA_RESERVED IA_RESERVED Type ---SpMg SpMg SpMg SpMg SpMg SpMg Filespace Name ---------/tiam/NFS1 /tiam/NFS1 /tiam/NFS1 /tiam/NFS1 /tiam/NFS1 /tiam/NFS1 FSID ---1 1 1 1 1 1 Client's Name for File -------------------------------------/audit/2010/2010-03-19 /audit/2010/2010-03-20 /audit/2010/2010-03-21 /data/directory2/UPDATE-NOTES.en.html /data/directory2/UPDATE-NOTES.en.rtf /data/directory2/UPDATE-NOTES.en.txt
The output confirms the existence of our three archived files in the storage pool volume. Tip: In larger environments, it is more convenient to use SQL select statements to validate the existence of your files in the Information Archive Tivoli Storage Manager server. A direct access to the information is given when using the file name within the select statement (see Example 6-25). Obviously, for that command we have to know the name of the file that we want to trace.
Example 6-25 IBM Tivoli Storage Manager data within space management
tsm: NFS1> select * from spacemgfiles where file_name='/data/directory2/UPDATE-NOTES.en.txt' NODE_NAME: IA_RESERVED FILESPACE_NAME: /tiam/NFS1 STATE: ACTIVE_VERSION EXTOBJID: 0101020C000000001FAC0201AA16206E00BBC647CCE14E0A0F6BEBB6 OBJECT_ID: 5138 FILE_NAME: /data/directory2/UPDATE-NOTES.en.txt INSERT_DATE: 2010-03-22 16:42:07.000000 DELETE_DATE: CLASS_NAME: DEFAULT
nunnemk@LDAP1:~> cd /home/nunnemk/meta nunnemk@LDAP1:~/meta/directory2> ls -la total 18 drwxr-xr-x 2 nunnemk users 8192 2010-03-22 drwx------ 5 nunnemk root 8192 2010-03-12 -rw-r--r-- 1 nunnemk users 335 2010-03-22 -rw-r--r-- 1 nunnemk users 335 2010-03-22 -rw-r--r-- 1 nunnemk users 335 2010-03-22
221
2. We update one of our metafiles with an appropriate XML-compatible application or file editor, so that we have a user field and an event field beside the default system fields in our metafile. In Example 6-27 we introduce a previously configured user field (Department) and event (Hold) in the appropriate metafile (UPDATE-NOTES.en.txt) by editing the metafile with the Linux text editor, edit.
Example 6-27 Input to the metafile for addition of a user field and an Hold event
<?xml version="1.0" encoding="UTF-8" ?> <fields> <_SYSTEM_minimumRetention_>Tue Mar 22 16:42:06 2011</_SYSTEM_minimumRetention_> <_SYSTEM_serviceClass_>SC_1Y_CR</_SYSTEM_serviceClass_> <_SYSTEM_md5Checksum_>66a82015cbc5e83329acbb6869857ce8</_SYSTEM_md5Checksum_> <_SYSTEM_retained_>2010-03-22 16:42:06</_SYSTEM_retained_> <_USER_Department_>Human Resources</_USER_Department_> <_EVENT_hold_>LOA</_EVENT_hold_> </fields> The hold name can be any unique name that is no longer than 30 UTF-8 characters. In our example we choose to name the hold event LOA, which is the abbreviation for a Letter Of Acceptance. We also used the Visual Editor (vi) successfully with another metafile. Tip: Text editors that create additional files when saving changes cannot be used to edit metafiles in the meta directory. For example, the GNOME gedit text editor creates a hidden temporary file during save operations. To use one of these text editors, first copy the metafile to another directory. Then you can modify and save the file before copying it back to the meta directory. In our testing we were not able to insert metafile fields that were not previously defined in Information Archive. For example, we tried to insert a user field named UndefinedTag, but we were not able then to save the metafile (see Figure 6-63). This is the expected behavior. That is also true if you make a typing mistake during the update of the metafile.
Figure 6-63 Error from usage of not defined user fields with a metafile
222
3. To validate (verify) the update of the metafile with Information Archive, we use an HTTP web browser to access the updated metafile (see Figure 6-64). In our case, we see the user field and the result of our Hold event. The system has parsed the file already and the event tag is not in the file anymore. However a system tag has been created in response, indicating that the file is on hold with an event of LOA.
Figure 6-64 Metafile after manual update of the contents - Using metafile user fields
4. For a validation, the overall document statistics with Information Archive, we use the Information Archive Collection Overview notepad after we made changes to the data share and the metafile share. In Figure 6-65 you can see the retention hold on one of our documents: that corresponds to the previously created hold on the file UPDATE-NOTES.en.txt.
223
To validate that it is really the previously created hold on our newly ingested document, we click the On hold hyperlink to get more details (see Figure 6-66).
5. We update the metafile again, to send a Release event to Information Archive. This will override the former Hold event. Make sure that you apply the release to the appropriate hold event (indeed, you can have more than one hold event on the file), in our case named LOA (Example 6-28).
Example 6-28 Input to the metafile for addition of an Release event
<?xml version="1.0" encoding="UTF-8" ?> <fields> <_SYSTEM_minimumRetention_>Tue Mar 22 16:42:06 2011</_SYSTEM_minimumRetention_> <_SYSTEM_serviceClass_>SC_1Y_CR</_SYSTEM_serviceClass_> <_SYSTEM_md5Checksum_>66a82015cbc5e83329acbb6869857ce8</_SYSTEM_md5Checksum_> <_SYSTEM_retained_>2010-03-22 16:42:06</_SYSTEM_retained_> <_SYSTEM_currentHolds_>LOA</_SYSTEM_currentHolds_> <_USER_Department_>Human Resources</_USER_Department_> <_EVENT_release_>LOA</_EVENT_release_> </fields> 6. We validate the update of the metafile in the metafile share. In Linux, we use the less command to see the contents of the metafile directly after we saved our changes (Example 6-29).
Example 6-29 Metafile after manual update of the contents - Using event field with Release
<?xml version="1.0" encoding="UTF-8" ?> <fields> <_SYSTEM_minimumRetention_>Tue Mar 22 16:42:06 2011</_SYSTEM_minimumRetention_> <_SYSTEM_serviceClass_>SC_1Y_CR</_SYSTEM_serviceClass_> <_SYSTEM_md5Checksum_>66a82015cbc5e83329acbb6869857ce8</_SYSTEM_md5Checksum_> <_SYSTEM_retained_>2010-03-22 16:42:06</_SYSTEM_retained_> <_USER_Department_>Human Resources</_USER_Department_> </fields>
224
7. We use the Information Archive Collection Overview notepad to see the overall statistics of our File Archive Collections after the Release event. In Figure 6-67 you can see that no retention hold is in place anymore.
Although we found three expired documents in our environment, we only want to delete one of them. Hence, the following procedure shows only the deletion of that one file. 2. We access the NFS share from our local workstation. We issue the ls command to see the expired documents, if any (see Example 6-30). We see a plain text file named RELEASE-NOTES.en.txt, which we choose to delete.
Example 6-30 Expired files within the NFS share
nunnemk@LDAP1:~/meta/directory1> ls -la total 18 drwxr-xr-x 2 nunnemk users 8192 2010-03-10 drwx------ 5 nunnemk root 8192 2010-03-12 -rw-r--r-- 1 nunnemk users 336 2010-03-10 -rw-r--r-- 1 nunnemk users 336 2010-03-10 -rw-r--r-- 1 nunnemk users 336 2010-03-10
225
First, we also access the metafile share to validate the existence of corresponding metafiles for all our expired documents (Example 6-31).
Example 6-31 Metafiles for expired files within the metafile share
nunnemk@LDAP1:~/meta/directory1> ls -la total 18 drwxr-xr-x 2 nunnemk users 8192 2010-03-10 drwx------ 5 nunnemk root 8192 2010-03-12 -rw-r--r-- 1 nunnemk users 336 2010-03-10 -rw-r--r-- 1 nunnemk users 336 2010-03-10 -rw-r--r-- 1 nunnemk users 336 2010-03-10
3. We delete only one of the expired files manually with the appropriate operating system command. Here we use the Linux command rm (remove) for the removal (Example 6-32).
Example 6-32 Manual removal of expired files within NFS share
nunnemk@LDAP1:~/data/directory1> rm RELEASE-NOTES.en.txt rm: remove write-protected regular file `RELEASE-NOTES.en.txt'? yes nunnemk@LDAP1:~/data/directory1> 4. After the deletion of the document RELEASE-NOTES.en.txt in the NFS share, we change to the metafile share and validate the existence of the related metafile. Metafiles are named exactly like the original documents. In our example, the metafile is automatically deleted by Information Archive following the deletion of the document in the NFS share (Example 6-33).
Example 6-33 Metafile share after manual deletion of the document
nunnemk@LDAP1:~/meta/directory1> ls -la total 17 drwxr-xr-x 2 nunnemk users 8192 2010-03-23 drwx------ 5 nunnemk root 8192 2010-03-12 -rw-r--r-- 1 nunnemk users 336 2010-03-10 -rw-r--r-- 1 nunnemk users 336 2010-03-10
. .. RELEASE-NOTES.en.html RELEASE-NOTES.en.rtf
Deleting metafiles: Metafiles are deleted automatically with the deletion of an archived document. Archiving applications or users do not need to delete metafiles manually.
Chapter 7.
LDAP environments
In previous chapters we have mentioned the benefits of a centralized user management infrastructure for the IBM Information Archive (Information Archive): 3.5.2, Running the Initial Configuration Wizard (ICW) on page 58 4.1.1, User and group management on page 72 6.4.3, File Archive Collection administration on page 204 There are also more and more applications, such as Filenet P8, which can be used with Information Archive and which require or can take advantage of the Lightweight Directory Access Protocol (LDAP) infrastructure. Not using the LDAP approach means that you have to create the same user accounts (with the same configuration options such as uid, gid, password) and repeat it for all the various servers and clients. This can be a maintenance nightmare for large installations, especially if the security rules in your environment mandate changing passwords on a regular basis. In other words, local user management is probably acceptable and sustainable only for organizations with a very small number of users and servers. Medium size and larger organizations will want to use the LDAP for authentication in Information Archive, and this is especially important for File Archive Collections. In this chapter we illustrate, through practical scenarios, the configuration for three LDAP implementations that are supported for use with Information Archive: IBM Tivoli Directory Server configuration Open LDAP configuration, SLES 10 in our example Microsoft Active Directory configuration Attention: If you use File Archive Collections, you always have to configure the file system rights within the shares as explained in 6.4.4, Sharing directories and granting client nodes access on page 211, independently of the user management technique used. There is also the possibility to use certificates for an encrypted communication. If your company uses certificates for the communication already, the certificate administrator will provide the certificate files and help you with your specific configuration. This topic is, however, beyond the scope of this book.
227
LDAP
Directories in LDAP are accessed using the client/server model. An application that wants to read or write information in a directory does not access the directory directly, but uses a set of programs or APIs that cause a message to be sent from one process to another. The second process retrieves the information, on behalf of the first (client) application, and returns the requested information if the client has permission to see the information. The format and contents of the messages exchanged between client and server must adhere to an agreed-upon protocol (LDAP conforms to RFC2307). There various LDAP implementations available. The Information Archive appliance can use the IBM Tivoli Directory Server or the Open LDAP based on Linux.
228
229
Table 7-2 through Table 7-4 list the domain name, group name, and user names that we used in our scenario.
Table 7-2 Domain name used in our scenario Domain name ArchiveSolutionCompetenceCenter.Leipzig.local Table 7-3 Group names used in our scenario Group name ArchiveSolutionCompetenceCenter Table 7-4 User names used in our scenario User Frank Boerner Rene Wuellenweber Roland Hoppe Daniel Wendler Andreas Feldner Kai Nunnemann Administrator User name boernerf wuellenw hoppe wendler feldner nunnemk Administrator uid 1005 1006 1009 1021 1022 1023 Not needed gid 10002
In the following sections we show how to configure the various LDAP servers and explain the dependencies from an Information Archive perspective, especially for the distinguished names (DN). We do not explain the installation or basic setup of the LDAP servers.
230
IBM Tivoli Directory Server offers a trusted identity data infrastructure for authentication in the following ways: It provides identity management for companies that want to deploy a robust and scalable identity infrastructure. It uses LDAP identity infrastructure software and meets LDAP v3 industry compliance standards. It enhances proxy server capabilities with flow control for managing requests and paging search results for single and multiple partitions and a smart fail-back mechanism to restore server safely. It maintains high availability with master/subordinate and peer-to-peer replication capabilities as well as scheduled online or offline backup and remote restore. It supports virtual list views so that you can scroll forward or backward through entries in a large sorted data set and can record deleted entries. It supports leading platforms, including IBM AIX, IBM i5/OS, IBM z/OS, Sun Solaris, Microsoft Windows Server, HP-UX, and SUSE and Red Hat Linux distributions. We used SLES 10 as the operating system for our scenario.
To configure ITDS, you essentially need idsxinst, which is the ITDS Instance Administration Tool, and idsxcfg, which is the ITDS Configuration Tool. Complete the following steps: 1. Create at least one directory server instance in your environment. To create an instance, launch the IBM Tivoli Directory Server Instance Administration Tool (Figure 7-2) by issuing the ./idsxinst, command from the SLES10 command line (in the directory /opt/IBM/ldap/V6.2/sbin).
231
2. Click Create Instance. The Create new directory server dialog, shown in Figure 7-3 is displayed. Here we chose to create the default instance. Click Next.
232
3. Respond to the next dialog (Figure 7-4), which prompts you for various passwords (User password, Encryption seed, Administrator DN) as required by ITDS.
4. Verify your settings and click Next to launch the creation of the directory server instance. The Results panel shown in Figure 7-5 displays several messages indicating the progress of the creation process. Click Close when finished.
Figure 7-5 ITDS Administration Tool - Create new directory server instance
In SLES 10, the ITDS server instance will not start automatically after a reboot of the system.
Chapter 7. LDAP environments
233
5. Under the /etc/init.d directory, create the script idsldap (as listed in Figure 7-6) to automate the start of the server instance upon reboot. LDAP2-ITDS:/etc/init.d # cat idsldap #!/bin/bash # /etc/init.d/startLdap touch /var/lock/startLdap # carry out specific functions case "$1" in start) echo "Starting itds 6.2 ldap." /opt/ibm/ldap/V6.2/sbin/idsslapd -I dsrdbm01 ;; stop) echo "Stopping itds 6.2 ldap." /opt/ibm/ldap/V6.2/sbin/idsslapd -I dsrdbm01 -k ;; *) echo "Usage: /etc/init.d idsldap {start|stop}" exit 1 ;; esac exit 0 LDAP2-ITDS:/etc/init.d #
Figure 7-6 File /etc/init.d/idsldap
6. Enable the autostart of the ITDS instance after you have created the script. To enable autostart, change to the directory /etc/init.d and issue the command chkconfig idsldap. 7. Launch the ITDS Administration tool again, by issuing the ./idsxinst command from the /opt/IBM/ldap/V6.2/sbin directory. Now that the server instance is created, you can perform additional configuration as required, using the ITDS Administration tool.
234
2. Click the Manage button to configure the instance. The Configuration Tool window opens and displays the Overview tab as shown in Figure 7-8.
The left pane of the Configuration Tool window (Figure 7-8) contains a list of tasks.
235
The following actions are possible from the left pane of the Configuration Tool window: Change the administrator user or password. Perform database related tasks like backup and restore operations or tune the database performance settings. Import existing LDAP Data Interchange Format (LDIF) files (contain the Object entries of the LDAP tree). This Export/Import function can also be used to create a backup of critical LDAP information. For our example, we decided to import the users and other configuration objects from an LDIF file. In Figure 7-10, you can see a portion of the LDIF file we used. Before doing the LDIF import, we need to add the suffix for the Distinguished Name (DN) structure, under the Manage suffixes tab. For our scenario, we had to add the suffix c=local, which is the highest level in the Distinguished Name (DN) for our domain name, ou=ArchiveSolutionCompetenceCenter, o=Leipzig, c=local. Figure 7-9 shows the content for the Manage suffixes tab after we added the c=local suffix. Note that all other entries you see here are default and must not be deleted.
If you want to import an LDIF file as we did, it must have a format similar to that shown in Figure 7-10 (the values associated to the tags will of course have to correspond to the naming conventions adopted in your environment). Important: Be sure to add the objectlass groupOfNames for group objects and inetOrgPerson for user objects.
236
version: 1 dn: C=LOCAL objectclass: top objectclass: country description: top domain c: LOCAL dn: o=Leipzig,c=local objectClass: organization objectClass: top o: Leipzig dn: ou=ArchiveSolutionCompetenceCenter,o=Leipzig,c=local objectclass: top objectclass: organizationalUnit ou: ArchivesolutionCompetenceCenter dn: cn=users,ou=ArchiveSolutionCompetenceCenter,o=Leipzig,c=local objectclass: groupOfNames objectclass: top description: Users cn: users member: cn=boernerf,cn=users,ou=ArchiveSolutionCompetenceCenter,o=Leipzig,c=local .... (insert other users here as well) dn: cn=groups,ou=ArchiveSolutionCompetenceCenter,o=Leipzig,c=local objectclass: groupOfNames objectclass: top description: Leipzig Archive Solution Competence Center Team cn: groups dn: cn=boernerf,cn=users,ou=ArchiveSolutionCompetenceCenter,o=Leipzig, c=local objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: posixAccount objectClass: shadowAccount objectClass: top sn: boernerf cn: boernerf gidNumber: 10002 homeDirectory: /home/boernerf uid: boernerf uidNumber: 1005 userPassword: password
Figure 7-10 ASCC.ldif file
237
3. To import this LDIF file, go to the LDIF Tasks, Import LDIF data tab, select the file to import as shown in Figure 7-11, and click Import.
4. After the import has completed successfully, stop the administrative server and start the ITDS instance in the ITDS Administration Tool main window. 5. To verify graphically that all configuration objects are inserted, use the ITDS Web Administration Tool: a. In SLES 10, to start the Administration Tool, first start a web server by changing to the /opt/IBM/ldap/V6.2/idstools directory and entering ./deploy_IDSWebApp. b. After the web server is started, you can open an Internet browser and access the ITDS Web Administration Tool at: http://localhost:12100/IDSWebApp/IDSjsp/Login.jsp 6. On the login panel for the ITDS Web Administration Tool (Figure 7-12), enter the appropriate LDAP Server Name, User DN and Password. Be sure to prefix the user DN name with cn=<administrator_name> as appropriate.
238
If the login is successful, the main window seen in Figure 7-13 displays.
239
7. To verify the entries, select the Directory management tab. Then, as shown in Figure 7-14, you must see the same suffix entries as shown in Figure 7-9 on page 236.
8. Click the + sign to expand the directory tree, level by level, until you see the users displayed. An example of our structure and users can be seen in Figure 7-15.
9. On the panel shown in Figure 7-16, which show the details for one of the users, verify the settings and compare with the original LDIF file displayed in Figure 7-10 on page 237.
240
If all entries match, the LDAP server instance is now ready for use with Information Archive. You can proceed to the next section.
241
Bind distinguished name: cn=Administrator,cn=Users,dc=ArchiveSolutionsCompetenceCenter,dc=Leipzig,dc=loc al See 3.5.2, Running the Initial Configuration Wizard (ICW) on page 58 for details.
242
3. Mark the check box Delete current directory services configuration. Very important: Be aware that the steps that follow WILL COMPLETELY WIPE OUT your existing directory server configuration. Click Next. 4. Mark the check boxes Directory server configuration and Directory server contents (as shown in Figure 7-18). Click Next.
5. In the Specify Settings window shown in Figure 7-19, select No and click Next.
Figure 7-19 Specify Settings - Not default settings for LDAP configuration
6. In the next dialog, leave the defaults for library and log settings, and click Next. 7. In the next dialog, leave the default for disk pool, and click Next.
243
8. In the Specify Administrator dialog, uncheck the System generated box and enter a Password for the Administrator DN (Distinguished Name). Leave the default for the administrators distinguished name itself, that is, cn=administrator (see Figure 7-20). Click Next.
Figure 7-20 Administrator Distinguished Name for Tivoli Directory Server Administrator
The system generates a suffix based on the systems name and TCP/IP domain. 9. To remove that suffix, select the suffix, then click Remove. Add a new suffix that matches your LDAP structure, by typing the new suffix in the single entry line labeled Suffix (Figure 7-21), and click Add.
The newly added suffix is displayed in the list box. Click Next. 10.Leave the defaults for ports (unless you have a requirement to change them due to network issues). Click Next. 11.Leave the default to use all TCP/IP addresses (unless you have a requirement to change them due to network issues). Click Next.
244
12.To start the Tivoli Directory Server automatically after an IPL (when TCP/IP is started), select Yes in the appropriate window (see Figure 7-22) and proceed with Next.
13.Check your settings on the summary and click Finish. The configuration task will take a moment. 14.After the configuration is finished, click Properties of IBM Tivoli Directory Server in the System i Navigator main window. 15.In the Properties window, select the second tab, Database/Suffixes, and verify that your previously configured LDAP suffix is displayed correctly (see Figure 7-23).
245
246
4. On the Open LDAP/DSML Connection window, click OK. This will connect you to the Tivoli Directory Server on IBM i. When connected to the Tivoli Directory Server on IBM i, in the JXplorer window left pane, at the Explore tab, under World, you can see the expanded LDAP suffix that was created by the previous base configuration (Figure 7-25).
247
5. In the menu bar under Tools, use the Import File option to import an LDIF file. Note that the Tivoli Directory Server needs to be started for this work (contrary to the Import File option of System i Navigator). Attention: The import of the LDIF file with the JXplorer is an alternative method to the native LDIF import through the IBM Tivoli Directory Server for IBM i. Therefore, only import the file, if you have not already done it before.
7.4.4 Using the IBM Tivoli Directory Server on IBM i with Information Archive
Before you run the Initial Configuration Wizard to create a File Archive Collection on the Information Archive appliance, make sure that you have the IBM Tivoli Director server on IBM i and LDAP running. Verify that the LDAP server is available by using the ldapsearch command from the Information Archive Management Console. Following our previous setup, the correct command in our environment is: ldapsearch -x -h 9.153.1.30 -D cn=administrator -w password -b dc=stgt,dc=spc,dc=ihost,dc=com -vv. If this test was successful, you can run the Initial Configuration Wizard (ICW) on Information Archive. The correct values to be entered there for our scenario are as follows: Search base for users and groups (base distinguished name): dc=stgt,dc=spc,dc=ihost,dc=com Bind distinguished name: cn=administrator,dc=stgt,dc=spc,dc=ihost,dc=com See 3.5.3, Assigning administrative user roles on page 67 for details.
248
2. Click Group Management or User Management, The LDAP server logon dialog shown in Figure 7-27 is displayed. You have to log on as the LDAP server administrator account.
249
3. Click OK to get the User and Group Administration window shown in Figure 7-28. Here, you can add/change/delete users and groups. We selected Groups first and created a group that we use with Information Archive later on. Create additional groups if you need to.
250
4. Select the Users radio button after you are done creating your groups, to see all configured users there. Now you can add or change your users as required in the context of Information Archive. The Users view (for our scenario) is shown in Figure 7-29.
Click Edit to view the details for the selected users, as shown in Figure 7-30.
251
5. Select the Details tab (Figure 7-31). Note here the uid and make sure that the user belongs to the required group for Information Archive (under LDAP groups). You need at least one group that you have to use as default group for the user accounts.
We used the user account Administrator to create the connection from Information Archive to the LDAP server on SLES 10. You have to use the distinguished names in Information Archive exactly as displayed in Figure 7-27 on page 249, in our example, Administrator: cn=Adminstrator,dc=ArchiveSolutionCompetenceCenter,dc=Leipzig,dc=local
On the Windows Server 2003 Domain Controller, you need to install the Microsoft Windows
On a Windows Server 2003 R2 Domain Controller, enable Identity Management for UNIX by going to the Control Panel, and selecting Add/Remove Programs Add Windows Components Active Directory Service. Check Identity Management for UNIX, as shown in Figure 7-32. Note that this requires a reboot and Schema Admin privileges. It will add a UNIX Properties tab to each user account in AD Users and Computers that will allow you to control the user UID, primary group GID, NIS Server setting, and user shell settings (such as /bin/bash).
253
Figure 7-32 Windows Server 2003 R2 - install Identity Management for UNIX
254
If you do not have the role Identity Management for UNIX already installed, click Add Role. You have to select the role Identity Management for UNIX, which requires Schema Admin privileges. Click Finish to install the new filesets and add the UNIX Properties tab to each user account in Active Directory Users and Computers that will allow you to control the user UID, primary group GID, NIS Server setting, and user shell settings (such as /bin/bash).
255
256
Next we create a group for use with Information Archive (Figure 7-36). It is important when defining user and group accounts to always fill out the UNIX Attribute tab very carefully and write down the UIDs and GIDs specified.
Based on the domain name, you can see the NIS Domain name in the UNIX Attributes tab. Then, specify the GID, as shown in Figure 7-37.
257
Next you can create all the user accounts that you need for use with Information Archive (or you can just set the UNIX Attributes if you want to use existing users). Add a new user or double-click an existing one to open the user properties panel shown in Figure 7-38. Minimally, you must specify the values shown for the General tab in Figure 7-38; Account tab, in Figure 7-39; and UNIX attributes tab, in Figure 7-40.
258
We used the predefined user account Administrator to create the connection from Information Archive to the Microsoft Active Directory.
259
260
Chapter 8.
261
262
Because this chapter addresses the usage of the System Storage Archive Manager Server, in this section, we introduce the following IBM ECM products, which provide the core enterprise content repositories that interface with System Storage Archive Manager Server: IBM Content Manager IBM Content Manager OnDemand IBM FileNet Content Manager IBM FileNet Image Manager Active Edition In addition, we also introduce the IBM FileNet P8 family of products. More information about the IBM Enterprise Content Management portfolio of products is available at: http://www.ibm.com/software/data/cm/
TSM API
TSM API
263
Content that Content Manager supports includes HTML and XML web content, document images, electronic office documents, printed output, audio, and video. Content Manager provides the content infrastructure (acting as the back-end content repository) for solutions such as compliance in a regulated life sciences environment, records management, document life cycle management, IBM Lotus Notes email management, Exchange Server email management, and digital media and web content management.
TSM API
TSM API
Figure 8-2 Content Manager OnDemand Object Servers interfacing with Information Archive
264
TSM API
TSM API
Figure 8-3 FileNet Content Manager object stores interfacing with Tivoli Storage Manager
265
8.2.1 Integrating IBM Tivoli Storage Manager backup-archive client with a System Storage Archive Manager Collection
The System Storage Archive Manager/Tivoli Storage Manager backup-archive client component sends data to, and retrieves data from, a System Storage Archive Manager server. The System Storage Archive Manager/Tivoli Storage Manager client must be installed on every machine that will transfer data to server-managed storage. The Information Archive System Storage Archive Manager server uses a unique node name to identify each client instance. A password can be used to authenticate communications between the System Storage Archive Manager/Tivoli Storage Manager client and server. Data can be recovered from the same client machine that initially transferred it, or to another client with a compatible file system format. The backup-archive client basically consists of the software component and a customization file. This customization file, called the client options file (dsm.opt), specifies client/server communications parameters and other System Storage Archive Manager/Tivoli Storage Manager client settings. Client communications parameters must agree with those specified in the server options file. The client options file is located in the client directory and can be modified using a text editor. The backup-archive client allows archiving data to a System Storage Archive Manager. This will only be possible if you have enabled the client for archive retention protection in the dsm.opt file. If you do not, then the client rejects to archive or retrieve (Figure 8-4).
After being enabled for data retention, the backup-archive client can no longer be used for backups. You can only archive data (not backup) when connecting to an IBM System Storage Archive Manager.
266
Tip: You can use various stanzas in the dsm.opt file together with appropriate environment variables, corresponding dsm.sys files, or start commands to enable a backup-archive client to communicate with various IBM System Storage Archive Manager and IBM Tivoli Storage Manager servers. Therefore, the same backup-archive client can be used with Information Archive, IBM DR550, and additional IBM Tivoli Storage Manager servers. In the sections that follow, we explain how to install, configure, and use the backup-archive client for archive retention and protection. The example applies to Microsoft Windows environments.
Installing and configuring IBM Tivoli Storage Manager Backup-Archive Client V6 for Data Retention
Use the following procedure to download and configure the backup-archive client: 1. Download the IBM Tivoli Storage Manager Client V6.1 or later version. You can retrieve the current maintenance levels of the software from the IBM Support Portal at: http://www.ibm.com/support/entry/portal/ Download the self-extracting executable client code. See the readme file (6.1.3.0-TIV-TSMBAC-WinX32-README.FTP) in the same directory; for example, the code to download might be a file named 6.1.3.0-TIV-TSMBAC-WinX32.exe. 2. Start the installation by extracting the client code in 6.1.3.0-TIV-TSMBAC-WinX32.exe. 3. In the first window (Location to Save Files), choose a folder where the client software can be unpacked. In our case, it is done in c:\tsm_images\TSM_BA_CLIENT. Click Next. The install wizard extracts all the files into the specified directory. 4. After the install wizard has completed the extraction, the setup wizard starts executing. In the Choose Setup Language window, choose your language, such as English (United States), and click OK. 5. In the Welcome to the Install Wizard window, click Next. 6. In the Destination Folder window, select the installation folder, such as C:\Program Files\Tivoli\tsm\, and then click Next. 7. In the Setup Type window, leave the default setting as Typical and click Next. 8. In the Ready to Install the Program window, click Install. The InstallShield Wizard starts installing the software. 9. When the InstallShield Wizard Completed window opens, check that the installation is successful, and click Finish. If the install failed, correct the problem and repeat the installation. 10.If there is no dsm.opt file in the backup-archive client installation folder, copy the dsm.smp file from the C:\Program Files\Tivoli\tsm\config directory to the backup-archive client installation folder and rename the sample option file from dsm.smp to dsm.opt. 11.Edit the dsm.opt file within the backup-archive client installation folder (Figure 8-5). Set the following parameters: tcpserveraddress <tcpip_server_address> (TCP/IP Address of the System Storage Archive Manager server) commethod tcpip tcpport <port_number> (TCP/IP port number of System Storage Archive Manager server, that is, 1501)
267
If you configure wrong TCP/IP settings, or the connection to Information Archive is interrupted, then the backup-archive client will reject the session with an appropriate error message (Figure 8-6). In this case, check the correct settings and also the connection to your Information Archive. You can use the ping command for that purpose.
Figure 8-6 Errors from wrong IBM Tivoli Storage Manager backup-client setup
268
Next, we show how to configure the web client access using two methods: Installation of the web client through the GUI Installation of the web client at the command-line
269
3. Install the Remote Client Agent Service by entering the following command: dsmcutil install remoteagent /name:"TSM AGENT" /node:nodename /password:password /partnername:"TSMBA_web" Where nodename and password are your Storage Manager node name and password. TSM AGENT is an example. You can use any name as long as it differs from the Client Acceptor Daemon (CAD) name. The default name is TSM Remote Client Agent. The /partnername option value must match the name of the CAD service. The default name is TSM Client Acceptor. 4. Start the Client Acceptor Service by entering net start TSM CAD on the command line, or do the following steps: a. Open the Windows Start menu and select Settings Control Panel. b. Double-click Administrative Tools and then double-click Services. c. In the Services window, right-click TSMBA_web, and select Start from the pop-up menu. The window shown in Figure 8-7 is displayed.
To access the web client, enter the following URL from any supported web browser: http://your_machine_name:1581 Where your_machine_name is the host name of the machine running the IBM Tivoli Storage Manager client. The IBM Tivoli Storage Manager web client interface for client machines requires a Java web browser. For more information about how to set up the web client, see the IBM Tivoli Storage Manager Infocenter: http://publib.boulder.ibm.com/infocenter/tsminfo/v6/topic/com.ibm.itsm.nav.doc/t_p rotect_wf.html
270
Proceed as follows: 1. To create a policy domain named CLITEST_PD, we use the following command: define domain CLITEST_PD 2. Within the policy domain CLITEST_PD, we create one policy set named CLITEST_PS: define policyset CLITEST_PD CLITEST_PS 3. We create two separate management classes for the purpose of testing creation-based retention and event-based retention: define mgmtclass CLITEST_PD CLITEST_PS CLITEST_MG_CR define mgmtclass CLITEST_PD CLITEST_PS CLITEST_MG_EV 4. We assign the first management class as the default: assign defmgmtclass CLITEST_PD CLITEST_PS CLITEST_MG_CR 5. Next, we define archive copy groups (type=archive) for each of the management classes. The archive copy groups must be defined along with the appropriate parameters to differentiate between creation-based retention and event-based retention: Archive Copy Group (chronological retention): define copygroup CLITEST_PD CLITEST_PS CLITEST_MG_CR type=archive destination=filepool retver=1825 retinit=creation Archive Copy Group (event-based retention) define copygroup CLITEST_PD CLITEST_PS CLITEST_MG_EV type=archive destination=filepool retver=365 retinit=event 6. We validate the Policy Set using the following command: validate policyset CLITEST_PD CLITEST_PS The command returns the information that the default management class does not have a backup copy group, and that files will not be backed up by default if policyset is activated. This message is normal and expected in our case because the DR550 is an archive-only solution. 7. We now activate the Policy Set: activate policyset CLITEST_PD CLITEST_PS 8. Finally, we register the client node (CLITEST) that we use for the test: register node ssam_client1 password domain=CLITEST_PD With the above environment we now can use the IBM Tivoli Storage Manager command-line client and the web client to archive and retrieve documents. Also, we can use these types of IBM Tivoli Storage Manager clients to send events, Holds, and Releases. That is shown on the next pages.
Testing archive functions with IBM Tivoli Storage Manager command-line client
In this section we use the IBM Tivoli Storage Manager command-line client to execute the following scenario: Archive one document (create.file) into the System Storage Archive Manager Collection with the chronological retention policy. Archive one document (event.file) into the System Storage Archive Manager Collection, with the event-based retention policy Send a Hold to the document in the chronological retention environment Send an event (Activate Retention) to the document in the event-based environment.
271
Proceed as follows: 1. Log on to the IBM Tivoli Storage Manager command-line client (dsmc) by starting the client. 2. Archive a document named create.file with the IBM Tivoli Storage Manager command archive, specify the fully qualified path to the file along with its name and use the appropriate archive management class with the -archmc option. See Example 8-1 for the entire command and response.
Example 8-1 Archive a document with command-line and use chronological retention
tsm> archive c:\temp\create.file -archmc=clitest_mg_cr Archive function invoked. Directory--> 0 \\bscnb1767\c$\TEMP [Sent] Normal File--> 7,032,832 \\bscnb1767\c$\TEMP\create.file [Sent] Archive processing of '\\bscnb1767\c$\TEMP\create.file' finished without failure. Total number of objects inspected: 2 Total number of objects archived: 2 Total number of objects updated: 0 Total number of objects rebound: 0 Total number of objects deleted: 0 Total number of objects expired: 0 Total number of objects failed: 0 Total number of bytes transferred: 6.70 MB Data transfer time: 0.71 sec Network data transfer rate: 9,567.35 KB/sec Aggregate data transfer rate: 5,495.48 KB/sec Objects compressed by: 0% Elapsed processing time: 00:00:01 3. Archive a document named event.file with the IBM Tivoli Storage Manager command archive, specify the fully qualified path to the file along with its name and use the appropriate archive management class with the -archmc option. See Example 8-2 for the entire command.
Example 8-2 Archive a document with command-line and use event-based retention
tsm> archive c:\temp\event.file -archmc=clitest_mg_ev Archive function invoked. Normal File--> 7,032,832 \\bscnb1767\c$\TEMP\event.file [Sent] Archive processing of '\\bscnb1767\c$\TEMP\event.file' finished without failure. 4. Log on to the IBM System Storage Archive Manager server of your System Storage Archive Manager Collection with the administrative command-line client (dsmadmc) and validate the existence of the two formerly archived files with an appropriate SQL select statement (Example 8-3).
Example 8-3 Check for files on the Information Archive System Storage Archive Manager server
tsm: SSAM1>select * from archives where node_name='SSAM_CLIENT1' NODE_NAME: SSAM_CLIENT1 FILESPACE_NAME: \\bscnb1767\c$ FILESPACE_ID: 1 TYPE: FILE 272
IBM Information Archive: Architecture and Deployment
HL_NAME: LL_NAME: OBJECT_ID: ARCHIVE_DATE: OWNER: DESCRIPTION: CLASS_NAME: NODE_NAME: FILESPACE_NAME: FILESPACE_ID: TYPE: HL_NAME: LL_NAME: OBJECT_ID: ARCHIVE_DATE: OWNER: DESCRIPTION: CLASS_NAME:
\TEMP\ CREATE.FILE 3082 2010-03-23 15:36:51.000000 Archive Date: 03/23/2010 CLITEST_MG_CR SSAM_CLIENT1 \\bscnb1767\c$ 1 FILE \TEMP\ EVENT.FILE 3083 2010-03-23 15:38:41.000000 Archive Date: 03/23/2010 CLITEST_MG_EV
In the foregoing example, we see both files and the SQL select statement shows additional details about the archiving process and the management of the files. We use the file space name (FILESPACE_NAME), high level identifier (HL_NAME), and low level identifier (LL_NAME) in the next step to send events to the already archived files. 5. Send a Hold event to the create.file. See Example 8-4 for the entire command and the output.
Example 8-4 Send Hold event with the IBM Tivoli Storage Manager command-line client
tsm> set event -type=hold \\bscnb1767\c$\temp\create.file Rebinding--> 7,032,832 \\bscnb1767\c$\TEMP\create.file [Sent] Total number of objects archived: 0 Total number of objects failed: 0 Total number of objects rebound: 1 Total number of bytes transferred: 0 B Data transfer time: 0.00 sec Network data transfer rate: 0.00 KB/sec Aggregate data transfer rate: 0.00 KB/sec Objects compressed by: 0% Elapsed processing time: 00:00:03 6. Send an activation event to the file event.file. See Example 8-5 for the entire command and the output.
Example 8-5 Send event (activate retention) with the IBM Tivoli Storage Manager command-line client
tsm> set event -type=activateretention \\bscnb1767\c$\temp\event.file Rebinding--> 7,032,832 \\bscnb1767\c$\TEMP\event.file [Sent] Total number of objects archived: Total number of objects failed: Total number of objects rebound: Total number of bytes transferred: Data transfer time: Network data transfer rate: 0 0 1 0 B 0.00 sec 0.00 KB/sec
273
Aggregate data transfer rate: Objects compressed by: Elapsed processing time:
7. You can only validate the success of formerly sent events with the IBM Tivoli Storage Manager API or the IBM Tivoli Storage Manager web client. The latter is much easier, and you can use it directly without any further setup. Launch the web client from a web browser by entering the URL of the client, http://<tsm_client_address>:1581, where <tsm_client_address> represents the address of the IBM Tivoli Storage Manager backup-archive client and 1581 is the port for the web client service. In the running web client, select Actions Set Data Retention Events from the initial window and proceed in the next window to your files. Use the right mouse button on the files and click File details to open an Information Window (Figure 8-8).
In our example we see the Retention Initiation is started for both files. For the chronological retention (create.file) this initiation is started with the archival itself. For the event-based retention(event.file), the initiation is started with the sending of an event. We sent the event to the event.file in the above example. Also, we see the Hold on the create.file, but no Hold on the event.file. That is also correct, Because we sent the Hold in the above example only to one file. We discuss the usage of the IBM Tivoli Storage Manager web client in more detail in the next section, when we archive and retrieve documents, and also send events through the web client. Obviously, in that section we also validate the results with the IBM Tivoli Storage Manager web client.
Testing archive functions with IBM Tivoli Storage Manager web client
We now archive data using the chronological retention (Example 1) and the event-based retention (Example 2), that we configured in Testing environment: IBM Tivoli Storage Manager backup-archive client on page 270. For each example, we show how to trigger retention events and we use the web client for both examples. 274
Example 1: Chronological retention This example illustrates data archiving using the creation-based management class (chronological retention): 1. Launch the IBM Tivoli Storage Manager web client from a web browser by entering the URL, http://BAclient_IP:1581, where BAclient_IP represents the address of the BA client and select some files you want to archive, as shown in Figure 8-9.
2. Click the Archive tab to archive these files using the default (creation-based management class). After the Archive is complete, the message box shown in Figure 8-10 displays.
You can verify that the data that has been archived and that it has adopted the correct management class as well as the correct retention period. The menu Actions Set Data Retention Events shown in Example 8-11 is only available when you use the IBM Tivoli Storage Manager web client.
275
You can see an example in Figure 8-12. Notice that the status of Retention Initiation is Started. This is correct, because with chronological-based retention, the retention period starts counting down as soon as the data has been archived.
276
It is possible to put a hold on the archived data by first selecting the data that is required to be held, then selecting Hold from the drop-down menu for Select Event Type, and clicking Set Event. See Figure 8-13.
You can see in Figure 8-14 that items on hold are indicated by a lock.
The selected data will now be held indefinitely, until a release event is triggered by the user. To release the hold, select Release from the drop-down menu for Select Event Type, and click Set Event (see Figure 8-13). The countdown towards expiration resumes as though it was never put on hold.
277
Example 2: Event-based retention This example illustrates data archiving using an event-based management class. 1. Invoke the web client, and select files to archive. 2. Select Options Override Include Exclude List and choose the desired Management Class. We select CLITEST_MG_EV (the management class we created for event-based retention). See Figure 8-15.
Figure 8-15 Changing the Management Class from the BA Client before archiving
You can now verify the characteristics of the archived data by selecting one of the files you just archived and clicking View File Details. The result is shown in Figure 8-16. Notice that in this case that the Retention Initiation shows as Pending, which is to be expected because we used event-based retention and no Activate Event has been sent yet.
278
The countdown to expiration starts when an Activate Retention event is sent for that file. Figure 8-17 shows how to activate the retention: Select the file, then choose Activate Retention from the menu for the Select Event Type, and click Event.
279
As seen in Figure 8-18, the file characteristics of this file have now changed from Retention Initiation Pending to Retention Initiation Started.
The server will reject any attempt to delete the archived data, as shown in Figure 8-19.
Figure 8-19 Example of data that, after being archived, cannot be deleted
280
8.2.2 Integrating IBM Tivoli Storage Manager API with a System Storage Archive Manager Collection (using dapismp)
The System Storage Archive Manager/Tivoli Storage Manager API comes with a sample application called dapismp. You can use this sample program to explore and better understand the data retention and compliance-enhanced features. The sample API program dapismp creates objects and feeds them to the retention policies of a previously defined management class. You can then use this program to query the Information Archive System Storage Archive Manager collection for information about the objects that were created and trigger retention events for these objects. We use dapismp throughout this section of the book as we explore the features of System Storage Archive Manager/Tivoli Storage Manager. Furthermore, we use dapismp on a Microsoft Windows client system; in this environment, you can use the sample API program right after the installation and configuration of the API (on UNIX-based systems, you will need to compile the sample API program before you can run it). The executable file dapismp.exe can typically be found in the directory C:\Program Files\Tivoli\TSM\api\SAMPRUN, or an equivalent location, depending on where the System Storage Archive Manager/Tivoli Storage Manager client files have been installed. The dapismp sample API program requires a dsm.opt file in the same directory that must contain at least one of the following statements: TCPSERVERADDRESS <IP_address_of_IBM_IA_SSAM_server> ENABLEARCHIVERETENTIONPROTECTION yes
Testing environment for the IBM Tivoli Storage Manager API client
For our tests, we set up a new policy domain named APITEST and defined two management classes. The assigned default management class is named CREATION and uses the creation-based retention initiation. The second management class is named EVENT and uses the event-based retention initiation. Figure 8-20 and Figure 8-21 show detailed information about the retention settings in each management class. Our test node is named apitest1 and is registered in the policy domain APITEST1.
281
Policy Domain Name: Policy Set Name: Mgmt Class Name: Copy Group Name: Copy Group Type: Retain Version: Retention Initiation: Retain Minimum Days: Copy Serialization: Copy Frequency: Copy Mode: Copy Destination: Last Update by (administrator): Last Update Date/Time: Managing profile:
APITEST1 ACTIVE CREATION STANDARD Archive 1825 Creation Shared Static CMD Absolute FILEPOOL ADMIN 03/23/2010
Figure 8-20 Archive copy group settings for management class CREATION
Policy Domain Name: Policy Set Name: Mgmt Class Name: Copy Group Name: Copy Group Type: Retain Version: Retention Initiation: Retain Minimum Days: Copy Serialization: Copy Frequency: Copy Mode: Copy Destination: Last Update by (administrator): Last Update Date/Time: Managing profile:
APITEST1 ACTIVE EVENT STANDARD Archive 365 Event 730 Shared Static CMD Absolute FILEPOOL ADMIN 03/23/2010 10:26:33
Figure 8-21 Archive copy group settings for management class EVENT
The management class CREATION has been updated to be the default management class (see Figure 8-22). This means that objects delivered (by dapismp or a document management system) through the API to the System Storage Archive Manager Collection server without a specific management class assigned will be stored in the System Storage Archive Manager Collection with the policies of the standard management class, in this case, CREATION.
tsm: TSM>query mgmtclass apitest standard Policy Domain Name --------APITEST APITEST Policy Set Name --------STANDARD STANDARD Mgmt Class Name --------CREATION EVENT Default Mgmt Class ? --------Yes No Description
------------------------
282
************************************************************************* * Welcome to the sample application for the Tivoli Storage Manager API. * * API Library Version = 6.1.3.0 (unicode) * ************************************************************************* Choose one of the following actions to test: 0. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. Signon Backup Restore Archive Retrieve Queries Change Password Utilities : Deletes, Updates, Logevent, SetAccess, RetentionEvent Set preferences, envSetUp Exit to system Restore/Retrieve Without Offset Prompt Extended Signon
Enter selection ==>0 Figure 8-23 First window of sample API program dapismp after startup
2. Start a session with the Information Archive System Storage Archive Manager server: a. Select the option 0. Signon to attempt a session with the Information Archive System Storage Archive Manager server. The only information that must be provided here is your node name and password, as shown in Figure 8-24. The other fields can be skipped. An example of a successful signon is shown in Figure 8-24, where the success message is Handle on return = 1. Tip: If you have problems at this stage, check to see that the API environment variables DSMI_DIR, DSMI_CONFIG, and DSMI_LOG have been set. DSMI_DIR needs to point to the location of the API files, that is, c:\Program Files\Tivoli\TSM\api
283
Enter selection ==>0 Node name:apitest1 Owner name: Password:passw0rd API Config file:dsm.opt Session options: User Name: User pswd: Are the above responses correct (y/n/q)? y Doing signon for node ssam_client, owner , with password passw0rd Handle on return = 1 Figure 8-24 Example of successful signon
b. Submit the query session command on the System Storage Archive Manager server to verify that a session was started. Figure 8-25 shows that the attempt was successful. Now that you have successfully signed on to the server, proceed to step 3 on page 284.
Sess Number -----15 Comm. Method -----Tcp/Ip Sess Wait Bytes Bytes Sess Platform Client Name State Time Sent Recvd Type ------ ------ ------- ------- ----- -------- --------------IdleW 13 S 468 299 Node Sample-- apitest1 API
3. Create archive objects using dapismp. Use dapismp to create two objects and archive them to the System Storage Archive Manager server. Then look at their retention policies. Repeat this step and override the default management: a. From panel 1 of dapismp, select option 3. Archive, as shown in Figure 8-26. You are prompted for information about the file that dapismp creates and sends to the server. You are also prompted to enter the name of another management class, which overrides the assigned default management class. Figure 8-26 shows the minimum input required to create the first object in the chronological management class. Repeat this step with various file name qualifiers and override the default management class with the event-based management class EVENT, as shown in Figure 8-27. Continue to the next step.
284
3. Archive Enter selection ==>3 Filespace:apitest1 Highlevel:\ Lowlevel:\test1 Object Type(D/F):f Object Owner Name: Object already compressed?(Y/N): Wait for mount?(Y/N): File size:1000000 (in bytes) Number of files:1 Seed string:1 Archive description:apitest1 Mgmt class override: Are the above responses correct (y/n/q)? y Creating 1 object(s) called apitest1\\test1(nnn) each of size 1,000,000. Creating object 1 of 1 Size=1,000,000 Name=apitest1\\test1 Figure 8-26 Output of the archive function of dapismp into a standard management class
Enter selection ==>3 Filespace:apievent1 Highlevel:\apievent1 Lowlevel:\eventtest Object Type(D/F):f Object Owner Name: Object already compressed?(Y/N): Wait for mount?(Y/N): File size:1000000 Number of files:1 Seed string:1 Archive description:1"test event based" Mgmt class override:event Are the above responses correct (y/n/q)? y Creating 1 object(s) called apievent1\apievent1\eventtest(nnn) each of size 1,000,000. Creating object 1 of 1 Size=1,000,000 Name=apievent1\apievent1\eventtest Object: 1 Buffer: 1 Bytes sent: 1,000,000 Bytes left: 0 Figure 8-27 Event-based retention overrides the management class
Attention: As a reminder, the actual panels contain more options than those shown here. In the interest of saving space, we show only the minimum input needed to attain the desired results. We have edited out the options not used in this example.
285
4. Query the Information Archive System Storage Archive Manager server of the System Storage Archive Manager Collection. We now query the System Storage Archive Manager server and compare the policy information for both objects. Querying the System Storage Archive Manager server for archives can be done with the dapismp sample program or with select statements from the System Storage Archive Manager administrative command line. We show both methods here: From the first panel of the dapismp sample program, select option 5. Queries and then option 2. Archive Query in the following panel. Enter the name of the file space you want to query, which is required. In addition, the high-level and low-level qualifiers are required, as specified when the object has been created. In the low-level qualifier, a wildcard (*) can be used. For detailed output, answer yes when prompted, as shown in Figure 8-28, and continue. Figure 8-30 shows the output of the query.
Enter selection ==>2 Filespace:apitest1 Highlevel:\ Lowlevel:\* Object Type(D/F/A):f Show detailed output? (Y/N):y Are the above responses correct (y/n/q)?
y
Figure 8-28 Minimum input required for archive query using dapismp
From a System Storage Archive Manager administrative command-line (dsmadmc) prompt, enter the following SQL select statement: select * from archives where node_name=APITEST1 The output in Figure 8-29 shows that an object was archived to the server by node APITEST1; the object is bound to the default management class.
NODE_NAME: FILESPACE_NAME: FILESPACE_ID: TYPE: HL_NAME: LL_NAME: OBJECT_ID: ARCHIVE_DATE: OWNER: DESCRIPTION: CLASS_NAME: APITEST1 apitest1 1 FILE \\ test1 3074 2010-03-16 12:16:30.000000 apitest1 DEFAULT
286
5. Compare the results. Examine the information that System Storage Archive Manager has associated with the objects. Figure 8-30 and Figure 8-31 show the output of the archive query issued in the previous step. You can identify the parameters RETINIT and RETVER, which we discussed earlier in this book: RETINIT=creation The file that the dapismp program created was bound to the assigned default management class, in our case, management class CREATION (see Figure 8-30), which uses creation-based retention initiation (RETINIT=creation). Retention Initiated is STARTED (RETVER=n days is initiated). The Expiration date for this object is 2010/3/16 12:16:30. The Object Held is FALSE (deletion hold is not set). The high-level Object ID is 0-3074. This is important. You will need this information later.
When expiration processing runs on the server any time after 2011/3/2 12:16:30, this file will be deleted from the database, unless a deletion hold retention event is triggered for this object. We demonstrate this in Sending retention events using dapismp on page 288.
Item 1: apitest1\\test1 Object type: File Desc: apitest1 Insert date: 2010/3/16 12:16:30 Expiration date: 2011/3/16 12:16:30 Owner: Restore order: 4-0-35-0-0 Object id: 0-3074 Copy group: 1 Media class: Library Mgmt class: DEFAULT Object info is :Tivoli Storage Manager API Verify Data Object info length is :60 Estimated size : 0 1000000 Retention Initiated: STARTED Object Held : FALSE Figure 8-30 Creation-based retention initiation: Output of select statement
RETINIT=event The file that the dapismp program created was bound to the EVENT management class. (You chose to override the default and use the event management class; see Figure 8-27 on page 285.) The status of Retention Initiated is PENDING, because no retention activate event has been issued yet. The expiration date for this object is 65535/0/0 0:0:0 (the same is true when RETVER=nolimit). The status of Object Held is FALSE (the deletion hold is not set). The high-level Object ID is 0-3076. This is important. You will need this information later.
287
Item 1: apievent1\apievent1\eventtest Object type: File Desc: 1"test event based" Insert date: 2010/3/16 1:23:56 Expiration date: 65535/0/0 0:0:0 Owner: Restore order: 4-0-37-0-0 Object id: 0-3076 Copy group: 1 Media class: Library Mgmt class: EVENT Object info is :Tivoli Storage Manager API Verify Data Object info length is :60 Estimated size : 0 1000000 Retention Initiated: PENDING Object Held : FALSE Press any key to continue Figure 8-31 Event-based retention initiation: Output from dapismp archive query
288
This action triggers a deletion hold event for an archive object. Figure 8-33 shows that the object has a deletion hold status.
Item 1: apitest1\\test1 Object type: File Desc: apitest1 Insert date: 2010/3/16 12:16:30 Expiration date: 2011/3/16 12:16:30 Owner: Restore order: 4-0-35-0-0 Object id: 0-3074 Copy group: 1 Media class: Library Mgmt class: DEFAULT Object info is :Tivoli Storage Manager API Verify Data Object info length is :60 Estimated size : 0 1000000 Retention Initiated: STARTED Object Held : TRUE Press any key to continue Figure 8-33 Deletion hold is set
Table 8-1 illustrates the initial status of Retention initiated and Object Held after the creation of an object in the two particular management classes. While Retention initiated is already STARTED in the chronological (CREATION) management class, it is still PENDING in the event-based class. This will change to STARTED as soon as the retention event activation has been issued through the API. Object Held is FALSE for both, because no retention event hold has been issued. This will show TRUE after a hold is received and FALSE again after a release event.
289
Table 8-1 Initial status of files archived with creation-based and event-based retention Field Insert date: Expiration date Mgmt class: Retention Initiated: Object Held: RETINIT=creation 2010/3/16 12:16:30 2011/3/16 12:16:30 CREATION STARTED FALSE RETINIT=event 2010/3/16 12:16:30 65535/0/0 0:0:0 EVENT PENDING FALSE
For more information about the IBM System Storage Archive Manager/Tivoli Storage Manager API, consult Tivoli Storage Manager Using the Application Program Interface.
8.2.3 Integrating Content Manager with Information Archive System Storage Archive Manager Collection
An IBM Content Manager (CM) system contains a library server and one or more resource managers. The IBM Content Manager resource manager relies on Tivoli Storage Manager or System Storage Archive Manager for accessing secondary storage devices other than local file systems. The Content Manager resource manager communicates to the System Storage Archive Manager server using the Tivoli Storage Manager application program interface (IBM Tivoli Storage Manager API). In this mode, an active retention protection ensures availability of objects, such as files, for a period of time, which can be determined by the administrator. Interoperability: IBM Content Manager Enterprise Edition V8.4 and DB2 Information Integrator for Content V8.4 for Linux/UNIX/Windows operating systems themselves remain 32-bit applications with the exception of Linux on IBM System z, where the library server component is 64-bit with 31-bit user defined exits. Therefore, you need to use the 32-bit IBM Tivoli Storage Manager API in conjunction with Content Manager even if the host is running a 64-bit operating system. You can find more details about interoperability and support for ECM at the following link: http://www-01.ibm.com/support/docview.wss?rs=86&uid=swg21293849 The following rules apply to a Content Manager environment set up for the use of a System Storage Archive Manager, specifically, the System Storage Archive Manager Collection: You cannot migrate data out of Content Manager volumes. You cannot have more than one local Content Manager storage class in a Content Manager policy. If the first Content Manager storage class in the Content Manager policy does not have a System Storage Archive Manager volume under retention control: You can have other storage classes. In that case, if you also have a storage class with a System Storage Archive Manager volume under retention control, it must be the last storage class. You can have a remote storage class that contains a System Storage Archive Manager volume under retention control.
290
291
Figure 8-35 illustrates Content Manager for Tivoli Storage Manager archive management.
D e vi c e Ma n a g e r s
management class:
< DB2_CM_1Y > < DB2_CM_3Y > < DB2_CM_5Y > < DB2_CM_1Y >
TSM mgmt: DB2_CM_1Y storage class: TSMSTGCLASS_1Y
class: TSM
S t o r a g e S y s t e ms
Ti vol i S t or a ge Ma na ge r V ol um e s
Mi g r a t i o n P o l i c i e s
< TSMMIG POL_1Y >
storage class: TSMSTGCLASS_1Y
S t o r a g e Gr o u p s
< TSMSTGGRP_1Y > < TSMSTGGRP_3Y >
volum e:
volum e:
DB2_CM _1Y
DB2_CM _3Y
DB2_CM _5Y
D B 2 C M L I B R AR Y M ANAG E R
I t e m Ty p e
< TSMARCHIVE_1Y >
collection:
TSMWSCOLL_1Y
TSMWSCOLL_3Y
TSMWSCOLL_5Y
Figure 8-35 Overview: Content Manager for Tivoli Storage Manager archive management
Some important terms of a Content Manager environment include: Device manager A software artifact that acts as an intermediary between your resource manager and physical storage. It is the interface between the resource manager and the storage system defined with it in a migration policy. It communicates the tasks that you define for the resource manager to the storage system where you store your objects. You assign device managers to a storage class so that the storage class can communicate with the storage systems. A logical grouping of similar storage types that identifies the type of media on which an object is stored. It is not directly associated with a physical location; however, it is directly associated with the device manager, which is the interface between the resource manager and the actual physical location. You can assign only one device manager to each storage class. Types of storage classes include fixed disk, VideoCharger, media archive, and Tivoli Storage Manager.
Storage class
292
Storage system
An actual physical device or unit where the objects are stored. There are various types of storage systems, such as volumes on Windows, file systems on UNIX, Content Manager VideoCharger, media archive, and Tivoli Storage Manager. Storage systems are also known as volumes. A storage system is associated with a storage class. A user-defined schedule for moving objects from one storage class to the next. It describes the retention and class transition characteristics for a group of objects in a storage hierarchy. Creating a migration policy and defining the migration schedule automates the migration of objects so that you do not have to manually monitor migration. Management classes: Tivoli Storage Manager and System Storage Archive Manager refer to their migration policies as management classes.
Migration policy
Storage group
A group that contains one or more storage systems and storage classes. It associates each storage system to a storage class.
IBM Content Manager for Windows and System Storage Archive Manager configuration
We assume that the Content Manager V8.4 software is installed and configured and that a Content Manager client is available for testing archive functions. The Tivoli Storage Manager server is located in the Information Archive appliance; therefore, the archive retention protection is set on, which makes it a System Storage Archive Manager server. To enable Content Manager for Windows to access the System Storage Archive Manager server for archive management, complete the following steps on the Content Manager resource server, and then the Tivoli Storage Manager administrative command-line client (dsmadmc), and finally, the Content Manager System Administrator Client, as outlined in the following sections.
293
5. In the Welcome to the InstallShield Wizard window, click Next. 6. In the Destination Folder window, select the installation folder, such as c:\Program Files\Tivoli\TSM\, and then click Next. 7. In the Setup Type window, change the default setting from Typical to Custom, and then click Next. 8. In the Custom Setup window, select the Administrative Client Command Line Files and Client API SDK Files additional features (three are already selected), and then click Next. (Figure 8-36.) Although the administrative client command line is not necessary for the Content Manager, we use this interface to set up the Information Archive System Storage Archive Manager server and check the results of archive sessions. This step is optional and you do not need to install this product if you prefer to use the administrative web client. The Client API SDK Files contain the dapismp command line for testing purposes. It can be useful to test the server connection to the System Storage Archive Manager server with this tool.
Figure 8-36 IBM Tivoli Storage Manager Backup-Archive client - Custom Setup window
9. In the Ready to Install the Program window, click Install. The InstallShield Wizard starts installing the software. 10.When the InstallShield Wizard Completed window opens, check that the installation is successful and click Finish. If it is not successful, correct the problem and repeat the installation. 11.The API uses unique environment variables to locate files. Set up the API environment variables DSMI_CONFIG, DSMI_DIR, and DSMI_LOG in Microsoft Windows (select System Properties Environment Variables). It is a best practice to configure the variables for the entire system (system variables) rather than for a single user (user variables). See Figure 8-37 for details.
294
Figure 8-37 Set IBM Tivoli Storage Manager API Environment Variables window
Attention: Check that the file dscenu.txt exists in the API directory. Usually it is located in the c:\program files\tivoli\tsm\baclient directory. In order to get Content Manager connected by the IBM Tivoli Storage Manager API ensure that the message repository file is also located in the IBM Tivoli Storage Manager API directory c:\program files\tivoli\tsm\api. 12.Copy the dsm.opt file from the backup-archive client installation folder to the API installation folder. If there is no dsm.opt file, copy the dsm.smp sample option file from the Tivoli Storage Manager configuration directory (C:\Program Files\Tivoli\TSM\config) to the backup-archive client installation folder and to the API installation folder. Rename the sample option file from dsm.smp to dsm.opt in both folders. 13.Edit the dsm.opt file within the backup-archive client installation folder. Set the IP address of your System Storage Archive Manager server to (TCPServeraddress), commmethod tcpip, tcpport 1501, enablearchiveretentionprotection on, and passwordaccess generate. Save the changes. This step is optional, and you do not need to configure this file if you do not use the administrative command-line client. 14.Edit the dsm.opt file within the API client installation folder. Set the IP address of your System Storage Archive Manager server to (TCPServeraddress), commmethod tcpip, tcpport 1501, enablearchiveretentionprotection on, and passwordaccess prompt. Save the changes. The Tivoli Storage Manager API access method generate is supported by Content Manager, but the resource manager first attempts to access Tivoli Storage Manager with prompt. If using prompt is not successful, it retries using generate. If you use generate, you need to use the Tivoli Storage Manager API sample program dapismp to change the password, which in turn, enables this feature.
295
Tip: You can configure Content Manager to signal Tivoli Storage Manager to use the retention mode instead of using the Tivoli Storage Manager parameter enablearchiveretentionprotection. To do this, in the Device Manager Properties window, configure your Tivoli Storage Manager device manager, ICMADDM, and set Parameters to mode=retention. By using this configuration, you do not have to configure the Tivoli Storage Manager API options file with enablearchiveretentionprotection on.
Important: The configuration of System Storage Archive Manager archive copy groups includes the most sensitive retention settings in your System Storage Archive Manager Collection, because you define the overall rules and time periods here. In production environments, this is the most important step during the entire setup. 5. Validate the policyset by issuing this System Storage Archive Manager command: validate policyset db2_cm_pd db2_cm_ps The command will return the information that the default management class does not have a backup copy group, and that files will not be backed up by default if this set is activated. Because the System Storage Archive Manager Collection is an archive-only environment, and indeed we want to archive Content Manager objects, you can ignore any messages about backup copy groups and space management setting. 6. Activate the policyset with the following System Storage Archive Manager command: activate policyset db2_cm_pd db2_cm_ps 7. After the successful definition of all policies, you can register a node in the newly created policy domain. Name the Content Manager resource manager cmarchive and register it in the DB2_CM_PD domain: register node cmarchive password domain=db2_cm_pd archdelete=yes
297
3. Click Resource Managers and then click RMDB. This will expand the tree of the resource manager database (RMDB), as shown in Figure 8-38. If your resource manager is not running, or there are problems in the communication between the library server and the resource manager, the message shown in Figure 8-39 will be displayed instead of an enlarged tree. Start the resource manager or correct the problems and click RMDB again.
4. Configure the resource manager as follows: a. Right-click Server Definitions in the left pane of the window and click New, as shown in Figure 8-40, to open the New Server Definition window (see Figure 8-41). This is the general way to create new entries for all of the entities within the resource manager; therefore, we do not show this process in detail again.
Figure 8-40 Create new Server Definitions for the resource manager
298
i. In the Server Definition Properties window, specify the parameters that pertain to the Information Archive System Storage Archive Manager server. With the exception of the values in the Hostname and the Password fields, the values shown in Figure 8-41 can normally be used. Enter the host name of your Information Archive System Storage Archive Manager server and user CMARCHIVE. The user CMARCHIVE has been registered as System Storage Archive Manager client node in previous steps, when you registered the node. Select ftp from the Protocol drop-down list. Choose an arbitrary port number for the Port number field. Any port number will work for a server type of Tivoli Storage Manager. Leave the Schema field blank, but enter a fully-qualified path to the Tivoli Storage Manager API option file in the Path field (this is optional if you only use one Tivoli Storage Manager server).
299
b. Click Device Managers and then double-click ICMADDM in the right pane. This opens the Device Manager Properties window for ICMADDM, as shown in Figure 8-42.
In the Parameters field, type mode=retention and enable the device manager by selecting Enable. Click OK to save the information. An alternative value, retention_aggregate, has been introduced for the mode parameter, to overcome the problem with growing System Storage Archive Manager databases due to high amount of stored objects. Each object stored in a System Storage Archive Manager server will have an entry in the System Storage Archive Manager database. On average, each object stored into System Storage Archive Manager will use ~500 bytes in the database. The size of the database will increase linearly as the number of objects stored increases. When the System Storage Archive Manager databases grow very large, performance can start to degrade. Or, you can even reach the limit of size of the System Storage Archive Manager database, which is 1 TB for System Storage Archive Manager V6.1. To alleviate this issue and to allow Content Manager to store large volumes of objects to the System Storage Archive Manager server, the Content Manager Resource Manager allows the system administrator to enable aggregation. When aggregation is used, Resource Manager objects are grouped together into one System Storage Archive Manager object, thereby reducing the overhead on the System Storage Archive Manager database. Note that you can only use aggregation when the Resource Manager is using Tivoli Storage Manager or System Storage Archive Manager in archive copy group mode, which is also known as standard retention mode. To enable retention and aggregation mode, the Tivoli Storage Manager device driver (ICMADDM) within the Content Manager Resource Manager configuration must have its parameters set to mode=retention_aggregate.
300
Important: Within Content Manager, you can configure the Tivoli Storage Manager device manager ICMADDM to signal to Tivoli Storage Manager or System Storage Archive Manager that archive protection is in use. Therefore, the Parameters field must contain mode=retention. If this parameter is not set, you must enable the archive protection in the Tivoli Storage Manager API option file dsm.opt with ENABLEARCHIVERETENTIONPROTECTION ON. It is good practice to always set both parameters in your environment. c. Right-click Storage Classes and click New to open the New Storage Class window. In the Name field, type a meaningful name for your new storage class. Select Local destination, and select ICMADDM as the Device manager. Click OK to save the storage class.
In our example, we created three storage classes named TSMSTGCLASS_1Y, TSMSTGCLASS_3Y, and TSMSTGCLASS_5Y. These storage classes will be later attached to the appropriate System Storage Archive Manager management classes. Hence, we use similar naming conventions for both configurations, that is the System Storage Archive Manager management classes and the according Content Manager storage classes. d. Double-click Storage Systems to expand its contents. Right-click Tivoli Storage Manager Volumes and click New to open the New Tivoli Storage Manager Volume window. Define your new Tivoli Storage Manager volume, but do not assign it at this time (Assignment: Unassigned). In the Tivoli Storage Manager management class field, type the Tivoli Storage Manager management class you want to use with this Content Manager storage system. Select the Server name and Storage class that you created before and that belong to the volume. See Figure 8-44. Click OK to save the configuration.
301
Figure 8-44 Define a new IBM Tivoli Storage Manager Volume for storage class TSMSTGCLASS1Y
When defining Tivoli Storage Manager volumes for the use of the Information Archive System Storage Archive Manager server, be aware that Content Manager connects to the configured System Storage Archive Manager server. Therefore, the Information Archive System Storage Archive Manager server must be available and configured for Content Manager at this time; otherwise, Content Manager will display an error message, as shown in Figure 8-45.
Important: Always enter your Tivoli Storage Manager management class in uppercase. Refer only to Tivoli Storage Manager management classes that use the event-based archive retention.
302
If you experience a problem as shown in Figure 8-45, it is possible that Content Manager cannot communicate with the System Storage Archive Manager server. This might happen when CM cannot access the IBM Tivoli Storage Manager API files. Even if you already specified the IBM Tivoli Storage Manager API variables in the system environment, you explicitly need to configure the variables DSMI_DIR and DSMI_LOG_PATH within the Content Manager DB2 database. To do so, or to verify the current settings, perform the following steps: Log on the Resource Manager Administration Console by using your web browser and log in as user rmadmin. The user account and the password is created during the installation of the Content Manager. The Resource Manager Administration Console can be accessed at the URL: https://localhost:9443/icmrm/admin/ Also, the TCP/IP port, which must be specified in this URL, is created during the Content Manager installation and it might not be the same in your environment. Select the Advanced Parameter tab and search for the DSMI_DIR and DSMI_LOG_PATH variable. Verify that the values points to the directory where the IBM Tivoli Storage Manager API is installed. The example in Figure 8-46 points to c:\program files\tivoli\tsm\api.
303
Figure 8-47 shows an example of how to configure the first of three Tivoli Storage Manager volumes. Associate this volume with the appropriate System Storage Archive Manager management class of one year retention (DB2_CM_1Y); this is the name resource manager gives to the volume. The storage class you created for this configuration is named TSMSTGCLASS_1Y and it is referenced in the third line.
Create three volumes in total (DB2_CM_1Y, DB2_CM_3Y, and DB2_CM_5Y) and assign the same Server name. Choose the appropriate Storage class each time. The result shows three Tivoli Storage Manager volumes with names belonging to the Information Archive System Storage Archive Manager management classes, as shown on the right side of Figure 8-47. e. Right-click Storage Groups and click New to open the Storage Group Properties window, as shown in Figure 8-48. In the Name field, type the name you want to give to the new storage group, for example, TSMSTGGRP_1Y. The Storage systems list identifies the available storage systems. From this list, choose the storage system that you want to associate with this storage group. For example, choose the volume DB2_CM_1Y for the storage group TSMSTGGRP_1Y.
304
Click OK to save the configuration. Create three storage groups (TSMSTGGRP_1Y, TSMSTGGRP_3Y, and TSMSTGGRP_5Y) and assign the appropriate Tivoli Storage Manager volume each time. Only assign one volume to one storage group. f. Right-click Migration Policies and click New to open the New Migration Policy window, as shown in Figure 8-49. In the Name field, type the name of the migration policy and click Add. The New Migration Policy Entry window opens. Select the correct Storage Class and the Retention period. Always select Forever as the Retention period.
305
Create three migration policies (TSMMIGPOL_1Y, TSMMIGPOL_3Y, and TSMMIGPOL_5Y) and assign the appropriate Storage Class each time. g. Right-click Workstation Collections and click New to open the New Workstation Collection window, as shown in Figure 8-50. In the Name field, type a unique name for your workstation collection, for example, TSMWSCOLL_1Y. In the Migration policy field, select the dedicated migration policy you want to use, for example, TSMMIGPOL_1Y, and the Resource Manager will automatically fill in the Storage group field, in this case, with TSMSTGGRP_1Y. You can replicate objects in this collection to several other collections that are on various resource managers. Because we only have one resource manager in our environment, we do not use the Add button, but save the configuration instead.
Click OK to save the configuration. Create three workstation collections (TSMWSCOLL_1Y, TSMWSCOLL_3Y, and TSMWSCOLL_5Y) and assign the appropriate Migration policy and Storage group each time. 5. Configure the library server: The Content Manager library server can be used for various operations and therefore has a variety of entities to configure. We concentrate on the item type only, because this is the only entity we need in our environment. It might not be the same in your production environment. An item type is a template that consists of a root component, zero or more child components, and a classification. By classifying the item type, you make a judgement about the purpose of the items created using this item type. The classifications are item, resource item, document, and document part. The following example shows you how to create document item types. The Content Manager client applications require that each document item type has a base part. Typically, document item types have ICMBASE (base part), ICMANNOTATION (graphical annotations that overlay the base part), and ICMNOTELOG (separate textual comments).
306
There are additional parts (ICMBASETEXT and ICMBASESTREAM) available: ICMANNOTATION Contains additions to, or commentary about, the main data; following the document metaphor, annotations include sticky notes, color highlights, stamps, and other graphical annotations in the text of a document. These are the typical annotation parts from previous releases of Content Manager. Using the Client for Windows or the eClient, your users can create graphical annotations, which are viewed on top of the file or document being displayed. Most client applications can show or hide these annotations. Contains the fundamental content of a document item type that stores any non-textual type of content, including image and audio. Requirement: To be viewable in the eClient, all document item types must include at least one base document part. Contains the fundamental content of a document item type that stores text content. If you plan to index a text part of your document, store the part in this part item type. Indexing a text part enables a text search to be performed on the content of the part. Contains a log of information entered by users, for example, indicating the reason that the insurance application was denied or instructions to the next reviewer of the document. These are the typical notelog parts from previous releases of Content Manager. Using the Client for Windows or eClient, your users can create, view, and edit notelog parts. Notelog parts contain the user account, time stamp, and text comments as entered by client users. Contains streamed data, such as video.
ICMBASE
ICMBASETEXT
ICMNOTELOG
ICMBASESTREAM
To configure the library server, follow these steps: a. Expand Data Modeling in the system administration tree. b. Right-click Item Types and click New to open the New Item Type Definition window, as shown in Figure 8-51: i. On the Definition page, in the Name field, type a meaningful name. Item type names are case-sensitive and must be unique. Use names that are easy to remember and that reflect the folders and documents are included in item type. Naming conventions: The item type names in our example reflect the use of Tivoli Storage Manager and the retention period. These names might not be relevant in your situation, and you might prefer to use names that reflect the folders and documents that are included in your environment. ii. Click Translate to open the Translate Display Name window. All of the available languages defined in the system are listed. In the Translated Name column, type the translated display name for the other languages. Click OK to save the information. iii. In the New version policy field, select Never create. In the Item type classification list, specify the new item type as Document. In the Item retention period field, select the retention period for the item. This number is the expiration date calculated by the library server when an item is created. See Figure 8-51 for other settings.
307
iv. Click the Access Control tab. On the Access Control page, in the Access control list field, select PublicReadACL. In the Access control list checking field, specify whether the access control list applies to the item type level or item level. For example, choose Item type level. See Figure 8-52.
Figure 8-52 New Item Type Definition window: Access Control tab
308
v. Click the Attributes tab. On the Attributes page, select the attributes or attribute groups that you want to add into the item type from the Available attributes or groups list. Click Add to add them to the Selected attributes and components list. See Figure 8-53 for an example.
In our example, the use of the Auto-linking, Foreign Keys, Logging, and User Exits tabs is optional. Check if this is also true for your environment. vi. Click the Document Management tab. On the Document Management page, click Add to open the Define Document Management Relations window, as shown in Figure 8-54. In the Part type field, select a first part (ICMANNOTATION) to associate with the document item type. From the Access control list drop-down list, select an access control list (PublicReadACL) to associate with the part type. In the Resource manager field, select the resource manager (RMDB) on which the part type is stored. In the Collection field, select the collection (TSMWSCOLL_1Y) on which the part is stored. In the New version policy field, specify a version policy (Never create) for the part type. Click Apply to apply the first document management relation.
309
vii. In the Part type field, select a second part (ICMBASE) to associate with the document item type. From the Access control list, select an access control list (PublicReadACL) to associate with the part type. In the Resource manager field, select the resource manager (RMDB) on which the part type is stored. In the Collection field, select the collection (TSMWSCOLL_1Y) on which the part is stored. In the New version policy field, specify a version policy (Never create) for the part type. Click Apply to apply the second document management relation. viii.In the Part type field, select a third part (ICMNOTELOG) to associate with the document item type. From the Access control list, select an access control list (PublicReadACL) to associate with the part type. In the Resource manager field, select the resource manager (RMDB) on which the part type is stored. In the Collection field, select the collection (TSMWSCOLL_1Y) on which the part is stored. In the New version policy field, specify a version policy (Never create) for the part type. Click OK to apply the third document management relation and to close the window. See Figure 8-55 for the results.
Figure 8-55 New Item Type Definition window: Document Management tab
Click OK at the bottom of the New Item Type Definition window. This saves the configuration of the new item type.
310
c. Repeat this procedure to create two more item types (TSMARCHIVE_3Y, TSMARCHIVE_5Y) with the appropriate settings. The library server now contains three item types created for archive purposes, as shown in Figure 8-56. The three item types are associated with the Information Archive System Storage Archive Manager server as a storage unit, and they provide archive retentions of one year, three years, and five years.
311
3. Next, two windows open at once. Use the Welcome - Select an Action window, or the regular Client for Windows window for the further tasks (Figure 8-57). We prefer to use the regular Client for Windows window instead of the alternative Welcome - Select an Action window. Therefore, we mark the Do not show this again box and close the latter window.
4. In the regular Client for Windows window, go to File Import to open the Import window. 5. In the Import window, click Add Files to Import and select the files you want to archive from the list. Use the buttons in the upper part of the window to navigate to the folder where the data can be found and click one or more of the files you want to import. Tip: If you select more than one file, only select files of the same type and where you want to use the same retention policy. Because in the next step you will select the file type for all selected files, and you select the retention policy (Item Type), the files must be of the same type. The files will be displayed in the File name field. Click Open.
312
6. Back in the Import window, you now see the selected files in the Files to be imported field. With the File Type pulldown-menu, select the type of file that is appropriate for your files, that is, JPEG Image. In the Item Type pulldown-menu, select the appropriate retention policy, i.e TSMARCHIVE_1Y. The fields Timestamp and user account are automatically filled by the client, but you can fill in any other information, if that is necessary (Figure 8-58).
Click Import to import the selected files. The Content Manager Client starts importing the files and shows the progress in an import progress window, as shown in Figure 8-59.
7. Repeat the foregoing procedure twice to import two more files. Select various files each time. For the first file, in the Item Type field, select TSMARCHIVE_3Y. For the second file, in the Item Type field, select TSMARCHIVE_5Y. When finished, click Close.
313
8. In the regular Client for Windows window, go to Search Basic to open the Basic Search window. In the Item Type pulldown-menu, select the item type TSMARCHIVE_1Y and use the default search parameters for a general search. See Figure 8-60 for an example of search results from this kind of search.
9. Double-click one of the files matching your search criteria. The integrated document viewer will display the file content as demonstrated in Figure 8-61.
314
8.2.4 Integrating Content Manager OnDemand with System Storage Archive Manager Collection
A Content Manager OnDemand system contains a library server and one or more object servers. The object server stores data objects in its cache file systems, which can be defined on locally attached or SAN-attached storage. The object server also supports archive storage systems. The UNIX and Windows platforms OnDemand object server supports Tivoli Storage Manager as their archive repository and uses the Tivoli Storage Manager API to communicate with and transfer data objects to archive storage. When data is loaded into the OnDemand system, OnDemand creates objects, which hold the compressed data and store it in its cache file systems. These objects can also be archived to Tivoli Storage Manager at the time the data is loaded into OnDemand, or after the objects have been stored in the OnDemand cache storage for a predetermined amount of time. This hierarchical use of storage is useful for storing data on fast access devices such as disk (online) during the time of the highest likelihood of access to the data and then migrating to archive storage. Instead of the IBM Tivoli Storage Manager you can also utilize the IBM System Storage Archive Manager in an IBM Content Manager OnDemand environment. Hence, you also can use the Information Archive System Storage Archive Manager Collection with IBM Content Manager OnDemand.
3. Use the OnDemand Configurator for these steps: a. Start the OnDemand for Windows configurator and then select Instances. Click the instance_name of the instance you want to enable for Tivoli Storage Manager use. b. Select the Storage tab. c. In the Configuration area at the top of the Storage tab, select the TSM option. d. After selecting TSM, click TSM Options. Enter the path to the Tivoli Storage Manager program files directory of the Tivoli Storage Manager API and the path to the Tivoli Storage Manager options dsm.opt file, as shown in Figure 8-62. Click OK. On the Storage tab, click Apply.
e. You will see a warning stating that the OnDemand services must be restarted for the changes to take effect, as shown in Figure 8-63.
4. Use the OnDemand Administrator for these steps: a. Start the OnDemand Administrator client by selecting Start Programs IBM OnDemand32 OnDemand Administrator. Log on to the OnDemand server. 316
IBM Information Archive: Architecture and Deployment
b. Navigate to the Storage Sets icon and select the storage set that you want to update. In our case, we chose the storage set Library Server. c. Right-click and select Update storage set.
d. On the next window, choose the primary object server *ONDEMAND, and click Update to update the primary object server named Library Server, as shown in Figure 8-65 on page 317. This brings you to the Update a Primary Node window.
e. From the Update a Primary Node window (Figure 8-66), perform these steps: i. Clear the Cache Only check box. ii. In the Logon field, enter the Tivoli Storage Manager node name that you registered with the System Storage Archive Manager server; see 8.2.3, Integrating Content Manager with Information Archive System Storage Archive Manager Collection on page 290.
317
iii. In the Password field, enter the password you entered when registering the node to Tivoli Storage Manager and verify the password. iv. You can update the Description field to reflect that this is no longer a cache-only primary storage node. v. Select OK in the Update a Primary Node window. vi. Now, you can update the description of the storage to reflect that this is no longer a cache-only storage set. Then, select OK in the Update a Storage Set window (see Figure 8-65).
f. This storage set is now able to store objects to the System Storage Archive Manager server. You now need to create or update an application group to use the new settings. 5. Use the OnDemand Administrator for these steps: a. Navigate to the Application Groups icon and select the application group that you want to update. In our case, we chose the application group jpeg1. b. Right-click and select Update, as shown in Figure 8-67.
318
c. Select the Storage Management tab from the Update an Application Group window. From the Storage Set Name list, choose the name of the storage set you updated in the previous steps (Figure 8-68 on page 319). d. Set the Cache Data values. The cache data setting determines if the report data is stored in the DASD cache, and if so, how long it is kept in cache before it expires. You can also choose to have the cache searched or not searched when retrieving documents for viewing. If you choose not to store reports in cache, a storage set that supports archive storage must be selected. e. The Life of Data and Indexes values determine when OnDemand can delete reports, resources, and index data from the application group. Choose from: Never expires: OnDemand maintains application group data indefinitely. Expires in __ Days: After reaching this threshold, OnDemand can delete data from the application group. The default value is 2555 (seven years). The maximum value that you can type is 99999 (273 years). Important: If you plan to maintain application group data in archive storage, the length of time that the archive storage manager maintains the data must be equal to or exceed the value that you specify for the Life of Data and Indexes fields. Consult the IBM Content Manager OnDemand for Multi platforms: Administration Guide, SC18-9237 for more information. f. Do not select the Cache Data option. Click the Advanced button.
g. In the Advanced Storage Management window, choose when you want to have data objects migrated from the OnDemand cache file system to the System Storage Archive Manager server. If you leave When Data is Loaded option selected, each time data is loaded by the OnDemand applications into OnDemand, the objects are stored in the cache file system and to Tivoli Storage Manager archive storage at the same time.
319
This configuration setting has the advantage that if the cache file system of this OnDemand object server is damaged (disk failure), the objects are still accessible from the Tivoli Storage Manager storage. 6. Migrate the data from cache. This determines when documents and resources are migrated to archive storage: a. A storage set associated with a Tivoli Storage Manager client node must be selected to enable migration to archive storage. See Figure 8-69 on page 320. The possible values are: No: Data is never migrated from cache. This option is unavailable when a storage set associated with a Tivoli Storage Manager client node is selected for the application group. When Data is Loaded: Data is migrated to archive storage when the data is loaded into the application group. Next Cache Migration: Data is migrated to archive storage the next time that ARSMAINT is run with the -m option. The -m option indicates that data and resources are to be copied from cache to archive storage. After __ Days in Cache: Specifies the number of days that data is to remain in cache-only storage. After reaching the prescribed number of days in cache storage, the data is copied to archive storage the next time that ARSMAINT is run with the -m option for data migration.
b. Click OK in the Advanced Storage Management window, and OK in the Storage Management tab of the application group. You are now able to load data using an application in the application group that we updated. This data will be migrated to the System Storage Archive Manager server and stored in the OnDemand cache file system. Figure 8-70 and Figure 8-71 show the load command used from the OnDemand command window to successfully load data with the generic indexer and the output of the select statement used to query the Tivoli Storage Manager database after the load that shows the object was archived to Tivoli Storage Manager. In this case, it was a System Storage Archive Manager server. 320
IBM Information Archive: Architecture and Deployment
C:\Program Files\IBM\OnDemand for WinNT\bin>arsadmin load -g jpeg1 -u admin -p ondemand -i c:\arsload\gen.txt -d c:\arsload -h ondemand OnDemand Load Id = >5014-1-0-4FAA-0-0< Loaded 1 rows into the database Document compression type used - OD77. Bytes Stored = >9929< C:\Program Files\IBM\OnDemand for WinNT\bin> Figure 8-70 Load data to OnDemand with generic indexer, migrate to Tivoli Storage Manager
NODE_NAME: ODARCHIVE FILESPACE_NAME: \CAA FILESPACE_ID: 1 TYPE: FILE HL_NAME: \DOC\ LL_NAME: 2FAAA OBJECT_ID: 1043 ARCHIVE_DATE: 2010-03-22 20:57:51.000000 OWNER: DESCRIPTION: IBM OnDemand CLASS_NAME: STANDARD select * from archives where node_name=ODARCHIVE Figure 8-71 Select statement output to Tivoli Storage Manager after OnDemand migration
Application Group
Storage Set Storage Node OnDemand Cach File Systems
IBM Information
Archive
If you are configuring an OnDemand for UNIX system to use Tivoli Storage Manager for archive storage, you need to be sure that the ars.cfg file has been updated to reflect that Tivoli Storage Manager (SSAM) is to be used as the storage manager. The file also needs to include valid paths for Tivoli Storage Manager options files and all of the Tivoli Storage Manager components that will be used.
321
8.2.5 Integrating IBM FileNet P8 with a System Storage Archive Manager Collection
The main functions of the IBM FileNet P8 platform are content management, business process management, and compliance. The IBM FileNet P8 Platform is composed of the following three core products: IBM FileNet Content Manager IBM FileNet Business Process Manager IBM FileNet Records Manager The IBM FileNet Content Manager serves as the main content management, security management, and storage management engine for the family of IBM FileNet P8 products. The main components of these core products are the following engines (see Figure 8-73): Content Engine: The Content Engine provides main library services; manages documents, folders, content, and business-specific objects; and allows content to be stored, retrieved, transformed, classified, and secured. The Content Engine can manage content stored in a file store, a database, or a fixed storage device. Process Engine: The Process Engine incorporates software services for managing all aspects of business processes (also called workflows), such as process execution, process routing, rules management, process simulation and modeling, and workflow analysis Application Engine: The Application Engine provides the presentation layer and includes out-of-the-box user interfaces and components for building custom solutions. The Application Engine is the component that hosts the Workplace. Workplace provides an interface for adding content to the IBM FileNet P8 system and for performing other primary content-oriented tasks, such as declaring records, accessing workflow queues, and searching. Workplace is built using the IBM FileNet Web Application Toolkit and runs within a Web Container on a J2EE application server.
As you can see in Figure 8-73, the Content Engine offers interfaces to various data stores, including the IBM Tivoli Storage Manager API that can be used to store contents in a System Storage Archive Manager Collection in Information Archive. The Process Engine module allows you to implement Workflow management. This software component is available only for Windows. We did not use or install that component for the illustration of the Information Archive integration scenario. The FileNet Enterprise Manager is the administration tool for the Content Engine. This tool runs only on Windows and needs the Web Services Enhancement from Microsoft installed. The FileNet Configuration Manager is the configuration tool for the WebSphere instance of the Content Engine. Important: To implement FileNet P8, an LDAP server is required: The Content Engine, FileNet Enterprise Manager, and WebSphere Instance 2 are connected to the LDAP server and use the same account to communicate between the components.
LDAP DB2
WebSphere Instance 2
https://<ip-adr>:9043/ibm/console
Figure 8-73 Overview of FileNet Modules and attachment with Information Archive
SnapLock
Local Files
TSM API
Content Engine
https://<ip-adr>:9080/FileNet/Engine
323
8.2, System Storage Archive Manager-based Integration with Information Archive on page 266). Next, you need to register the FileNet Content Manager server in the System Storage Archive Manager server (register node). The easiest way to do this is to use the IBM Tivoli Storage Manager administrative command-line client (dsmadmc). The administrative command-line client is preinstalled and preconfigured on Information Archive. You can start it with the authority of an IA Archive Administrator or IA System Administrator. Complete the following steps from the keyboard video mouse (KVM) console at the appliance, or remotely through a Secure Shell (SSH) connection: 1. Log on to the Management Console server. 2. At the command prompt, enter dsmadmc -server=<collection_name> where collection_name is the name of the System Storage Archive Manager collection you are accessing. 3. Enter the user name and password that are eligible for access to the collection. 4. At the command shell, respond to the prompt to enter System Storage Archive Manager commands (see Example 8-6.) 5. Register a node for the Filenet Content Manager with the System Storage Archive Manager register node <nodename> <password> passexp=0 command. 6. To exit the shell, enter the quit command.
Example 8-6 System Storage Archive Manager command line interface
iaadmin@IA-Primary:~> dsmadmc -server=SSAM1 IBM Tivoli Storage Manager Command Line Administrative Interface - Version 6, Release 1, Level 3.3 (c) Copyright by IBM Corporation and other(s) 1990, 2009. All Rights Reserved. Enter your user account: Enter your password: Session established with server SSAM1: Linux/x86_64 Server Version 6, Release 1, Level 2.2 Server date/time: 02/22/2010 17:29:03 Last access: 02/18/2010 21:53:38 tsm: SSAM1>reg node winsrvfilenet1 <password> passexp=0 Tip: Add the option passexp=0, otherwise the password for the node will expire after a predefined period of time and you will need to change it again. To avoid this situation, we prefer to use the unlimited period of time and manually change the password when it is most convenient. itsoadmin
324
Use the user account and password that were configured during the installation of the FileNet P8 environment. The default user account is wsadmin. Figure 8-74 shows the logon menu.
If the login is successful, the ISC Welcome window shown in Figure 8-75 is displayed.
325
2. At the Welcome window, expand Environment in the navigation tree (Figure 8-76). 3. Click Shared Libraries. The Shared Libraries dialog displays in the middle pane. 4. Click New.
326
5. In the Shared Libraries configuration dialog (Figure 8-77), under General Properties, fill in the correct path for classpath and native library path for the generic .dll library files. Explanation: FileNet brings generic .dll library files on Microsoft Windows that are used to attach devices to the IBM Tivoli Storage Manager API. The path to those generic library files has to be defined. In our example, we are defining the shared library TSMAPILIB in the Shared Libraries window.
6. Map the TSMAPILIB library to the IBM TSM API files that must be on a share. Perform the following steps (see Figure 8-78): a. In the Navigation tree, expand Application, then Application Type. b. Click WebSphere Enterprise Application. c. Mark the check box FileNet Engine.
327
7. On the configuration panel (Figure 8-79) for the selected resource (FilenetEngine), click the Reference shared libraries button to map / check the created share.
328
After completing the configuration changes just described, you have to restart the WebSphere Instance. You can stop and start it with the following procedure: 1. Open a Microsoft command-line window at the server, where the WebSphere Application Server is running. 2. Stop the server with the following command: C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>startserver server1 3. Start the server with the following command: C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>startserver server1
Storage Policy
Document Class
Fixed Content Device: A Fixed Content Device is a FileNet Content Engine object providing connectivity to an independent software vendor's fixed content system. It can be associated with one or more Fixed Storage Area(s) for actual content storage. The Fixed Content Device also often refers to the storage device in an independent software vendor's fixed content system.
Chapter 8. Integrating IBM Information Archive with archiving applications
329
FileNet P8 can work with fixed content devices such as these: IBM Tivoli Storage Manager API NetApp SnapLock Image Services Fixed Storage Area: A Fixed Storage Area is a file storage area that has a connection to an independent software vendor's fixed content system providing additional storage capacity and security. This connection is provided by the Fixed Content Device. Storage Policies: A Storage Policy provides mapping to specific physical storage areas and is used to specify where content is stored for a given class or object with content (for example, a document). Content Engine supports the mapping of storage policies to one or more storage objects; therefore, each Storage Policy can have one or multiple Fixed Storage Areas as its assigned content storage target. Document Classes: Before you can add documents to the Content Engine, you must define custom Document Classes in the object store. There are predefined Document Classes in Enterprise Manager, which you can use to create custom subclasses for your application. You can assign custom properties to these subclasses based on the required values that will be stored with the documents. For example, you might have a Contracts document class with Contract Type, Date, and Company Name properties assigned to it. Additional system properties such as Creator and Document Title are automatically assigned to the document class upon creation, and are stored as system properties. All properties can be inherited by subclasses. See inheritance for more information. Content Cache Area: The Content Cache Areas provide a local storage of frequently accessed documents accessible over the network. These Content Cache Areas allow users geographically remote from the File Storage Areas to quickly access frequently requested document content. In the following sections we describe the configuration of these objects step by step. You must first configure the access to the Content Engine in the FileNet Enterprise Manager administration tool and logon. After you start the FileNet Enterprise manager, you can log on to a Content Engine instance or configure one to log on to. See Figure 8-81.
330
You can Add or Edit a connection. In Figure 8-82 we show the configuration settings for our server WINSRVFILENET1 as an example.
331
To create a new Fixed Content Device, follow these steps: 1. In the left pane of the Content Engine Enterprise Manager window, right-click the Fixed Content Devices folder. Click New. The Fixed Content Device wizard starts (Figure 8-84).
2. In the Create Fixed Content Device window, click Next. 3. Insert the name and description of the Fixed Content Device and click Next. Figure 8-85 shows the connection parameter from the Fixed Content Device object. In our example the TCP/IP address of our System Storage Archive Manager Collection is 9.153.1.26 and this collection uses port 1502. (You can get that information from the Collection Properties notepad of the IBM Information Archive GUI if necessary).
332
4. Scroll down the Configuration Parameters list to enter the node name and password (that you defined when you created the System Storage Archive Manager Collection). 5. Provide a filespace name that will be used later in the System Storage Archive Manager Collection. Click Next. The Fixed Content Device finish window is displayed. 6. Click Finish to complete this part.
333
The Create Storage Area wizard welcome window is displayed (Figure 8-87).
2. Click Next, and select the site for the FixedStorage Area object. If you do not have more than one site, just select the default. 3. Enter a name for the new Storage Area and enter a description. The name must be unique in your FileNet environment. 4. Select the type of the Storage Area. Always select Fixed Storage Area as shown in Figure 8-88, and then click Next.
334
5. Each Fixed Storage Area uses its own staging area on a shared filesystem. A shared filesystem is necessary because the staging area can reside on a separate server, or you can have more than one Content Engine instance using the same staging area. The permissions for the shared filesystem have to be at least Contributor for Everyone. 6. Insert the Staging Area path and select the Management class corresponding to the System Storage Archive Manager Collection in Information Archive as shown in Figure 8-89. Then click Next.
Figure 8-89 Staging Area path and selected Management Class from the System Storage Archive Manager Collection
7. In the Create a Storage Area window, leave the default parameters as shown in Figure 8-90. (You can limit the used storage size, but it is preferable to keep the default parameters.) Click Next to proceed.
335
As mentioned before, you can create the Storage Policy together with the Fixed Storage Area in the same wizard and step. 8. On the Create a Storage Area window (Figure 8-91), which displays a summary view of the parameters configured through the wizard, click Finish.
At this stage, a new Fixed Storage Area and the Storage Policy are created. Next you have to configure the various Document Classes used from your Workplace application.
336
Figure 8-93 FileNet Enterprise Manager - Content Cache Area Chapter 8. Integrating IBM Information Archive with archiving applications
337
3. In the Cache Properties window (Figure 8-94), check if the settings are in line with the needs of your environment. There are many parameters that you can optionally define, besides the name and the share name. For instance, you can create a new Content Cache Area here or edit the settings of an already configured Content Cache Area.
4. In the FileNet Enterprise Manager (Figure 8-95), set the cache limits for your site. These limits can be set in the properties of the site itself, in the FileNet Enterprise Manager.
338
After the cache configuration is complete, you can use the FileNet Workplace to archive and retrieve documents.
2. In the next window (Figure 8-97), select the object store that you want to use to archive your documents. In FileNet P8, the default object store is SYSOS, that is, the database used for the instance. This database stores all the configuration objects and metadata for archived documents. In our example we used the default SYSOS object store.
339
3. In the Workplace: Add Document Wizard (Figure 8-98), to create a new document, set the required parameters, such as the Document Title. Click Next to define which user accounts have which access rights to the new document.
340
4. After the security settings are set, select a file to archive in FileNet. In our example we archive the file New P8 Order.jpg as you can see in Figure 8-99.
5. Click Finish. The next window, as shown in Figure 8-100, indicates that the document was archived successfully.
341
6. As a test, try to delete the document. You get an error message as shown in Figure 8-101. You can delete the document if it has expired (passed its retention period).
You also need a user with *SECOFR authority on IBM i to complete the following steps.
343
6. To grant access, enter the TCP/IP host name or TCP/IP address of your IBM i system. Leave Host access level at its default (Write and Read) as shown in Figure 8-103:
Figure 8-103 Grant access for host IBM i to File Archive Collection
Click OK to go back to the File Archive Collection Properties window (Figure 8-102 on page 343). 7. In the Collection Properties window, click Apply, otherwise your new address will not be saved and you will later get cryptic errors when mounting the shares, such as the message: (CPFA09C: Not authorized to object. Object is *N).
344
8. In the Collection Properties window (Figure 8-104), click General for the appropriate File Archive Collection and write down the Access Information (that is, the addresses of the NFS shares.
Figure 8-104 General information about File Archive Collection - Access information
Now you are ready to proceed with the IBM i configuration and you can leave the IA GUI.
345
dn: uid=iiasysusr,ou=users,dc=stgt,dc=spc,dc=ihost,dc=com ... uidNumber: 2000 gidNumber: 1000 In this example, the user account is IIASYSUSR and the UID number is 2000. Using this information, we create a User Profile in an IBM i 5250 session: CRTUSRPRF USRPRF(IIASYSUSR) TEXT('IIA System User') SPCAUT(*IOSYSCFG) UID(2000) Attention: According to the IBM i Information Center, a user needs special authority *IOSYSCFG to be able to MOUNT an NFS share. We found that this is not enough for mounting the Information Archive File Archive Collection. We added special authority *ALLOBJ, otherwise the MOUNT will fail. Also be aware that the user IIASYSUSR has, by default, the password IIASYSUSR, which is not really safe, especially for a user with *ALLOBJ authority!
346
3. Use the command WRKAUT '/nas1' and check the authorities (Figure 8-105). Work with Authority Object . . . . . . Type . . . . . . . Owner . . . . . . Primary group . . Authorization list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : : : : : /nas1 DIR IIASYSUSR *NONE *NONE
Type options, press Enter. 1=Add user 2=Change user authority Data Authority *R *RWX
4=Remove user
Opt
347
2. After the MOUNT has completed, be sure to check the authorities using WRKAUT '/nas1/data (Figure 8-106).
Work with Authority Object . . . . . . Type . . . . . . . Owner . . . . . . Primary group . . Authorization list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : : : : : /nas1/data DIR IIASYSUSR *NOUSRPRF *NONE
Type options, press Enter. 1=Add user 2=Change user authority Data Authority *RWX *NONE *NONE
4=Remove user
Opt
Compare this output with the authorities of the directory before the MOUNT. Note that *PUBLIC has no data authority and that *NOUSRPRF has been added, also with no data authority.
348
5. Use the following command to set the read-write permission of the file to read-only for the owner, group, and the rest of the world. chmod 444 test.txt With that command, the file is committed to Information Archive and the ingestion starts. 6. Change directory to the File Archive Collection metafile directory and verify the content of the metafile with the following commands: cd /nas1/meta more test.txt Observe that the procedure was successful. The metafile is filled with meaningful content and the information from the previous commands is embedded (Example 8-8). It can take a while for the archive data to be ingested and for the content of the metafile to show up with the correct information. Until then, you see an empty metafile only.
Example 8-8 Information Archive metafile for the archive data
<?xml version="1.0" encoding="UTF-8" ?> <fields> <_SYSTEM_minimumRetention_>Sat Sep 4 12:00:00 2010</_SYSTEM_minimumRetention_> <_SYSTEM_serviceClass_>IADefault</_SYSTEM_serviceClass_> <_SYSTEM_md5Checksum_>d41d8cd98f00b204e9800998ecf8427e</_SYSTEM_md5Checksum_> <_SYSTEM_retained_>2010-03-04 13:27:54</_SYSTEM_retained_> </fields>
349
350
Chapter 9.
351
352
The Health Monitor page is divided into sections that are each dedicated to a component in the IBM Information Archive: Disk Space Usage: This section displays how much free space is available in each collection (Figure 9-2).
Collection Status: This section displays a count of how many collections are in critical status and how many are in a warning status (Figure 9-3). A collection is assigned a warning status only if the amount of remaining disk space is less than 10%. A collection is assigned a critical status if a hardware component that is assigned to the collection signals any event notification (for example: Cluster node is down) or if the amount of remaining disk space is less than 5%. An event notification can affect the status of just one collection or all the collections in the appliance. For example, if there is a problem with the cluster node servers, which all the collections share, all the collections are assigned a critical status.
Hardware Status: This section displays a count of how many hardware components are in critical status and how many are in warning. The information in this section comes from IBM Systems Director, which is included in the appliance. From this section, you can open IBM Systems Director to get a more specific view on the errors that are associated with the hardware components (Figure 9-4).
353
Events: The event log provides a list of all the events that have occurred on the appliance, including events that you did not configure notifications for. You can configure how long events remain listed in this table. By default, each event is deleted after 30 days, whether or not it has been resolved. A typical listing is shown in Figure 9-5.
To get detailed information about the event, you have to click the Event within the Health Monitor Event view. An Event details window is displayed as shown in Figure 9-6.
354
Important: Some events are created by the IBM System Director and forwarded to the IA GUI Health Monitor. When the detailed event view shows Source: IBM_DIRECTOR, you have to open the IBM Systems Director interface using the Service Tools page in the IA GUI to view the alerts. Modifying event record retention: You can modify the time period for retaining records of system events. Records are deleted after the specified time period. System events are displayed in the Events table of the Health Monitor. Log on to the Information Archive GUI and complete the following steps: 1. 2. 3. 4. 5. Expand Information Archive Management in the navigation tree. Click Health Monitor. In the Events table, click Select Action / Manage Event Records (Figure 9-7). Enter the number of days, and click OK. After completing these steps, click OK or Apply in the properties notebook to commit any changes.
355
4. Click the Event Notification tab in the Appliance properties notebook as shown in Figure 9-8.
5. Click Select Action Configure Notification Method. 6. Enter your values as shown in Figure 9-9. You can use the Test Notification Configuration button to send a test email to the default list of email recipients. Important: The Sender email address must be a valid email address, otherwise you will get a delivery error message.
356
Default notifications: There is a predefined set of notifications configured called default, which includes a set of critical and warning messages. You can modify this set or use it with default settings.
357
6. Click Add to select from a list of predefined status events as shown in Figure 9-11. Select the check box for the events that you want to be notified of. The events are all messages that are also visible in the Health Monitor. Click OK when the selection is completed.
7. Enter changes into the form as shown in Figure 9-12 and click OK.
358
8. After you complete these steps, click OK or Apply in the properties notebook to commit the changes. The information sent by trap or email is similar that shown in Example 9-1.
Example 9-1 Example email notification
Tivoli Information Archive Manager Notification Message Severity: critical Event: HTTP server is down Timestamp: Mar 2, 2010 1:41:51 PM GMT+00:00 Appliance: IA-Primary Appliance type: 2231 Appliance model: IA3 Appliance Serial number: 7800200 Details: CTJIM0103E The HTTP server on cluster node ianode1 is down.
Figure 9-13 Test Event Notification Example 9-2 Test notification email
IBM Information Archive event notification message: This is an automated notification test message. You are receiving this message because you have been identified as a default E-mail recipient.
359
3. Run the command sendtestalert -type E-mail or sendtestalert -type snmp to verify that the notification is working. This is shown in Example 9-3.
Example 9-3 Example Test notification by Information Archive CLI
IACLI> sendtestalert -type E-mail CTJIC0156I The event notification test was successful. A test E-mail notification was sent to the default E-mail recipients.
After completing these steps, click OK or Apply in the properties notebook to commit any changes.
After completing these steps, click OK or Apply in the properties notebook to commit any changes.
360
2. To obtain the MIB files from the Information Archive support website, start a web browser and go to: http://www.ibm.com/systems/support/storage/disk/InformationArchive You need these two files: IBM-IAM-NOTIFICATION-MIB IBMIA-TC-MIB
361
Figure 9-14 IBM Tivoli Storage Manager Health Monitor Main Page
3. Click Select Action and select Configure Health Monitor as shown in Figure 9-16.
362
5. After the password is entered, you have to resynch the Health Monitor password: Click Select Action and Resynch the Health Monitor Password as shown in Figure 9-16 on page 363. After the password is valid on all servers, you get a message as shown in Figure 9-18.
363
The window is divided into the following sections: Schedule Information: The information is a summary of the results of client schedules in all policy domains for the last 24 hours. To search for more information about the results of schedules, expand the Activity Log section, and use the client node name or schedule name as a filter for viewing the activity log. Database Information: The information in this section is the analysis that the Health Monitor performed for the server's database to determine its status. A database-backup hyperlink appears if the database has not been backed up within the past 24 hours. From the analysis, the Health Monitor generates a list of links to actions that need to be or can be performed. Activity: Tables in this section display information about currently running server sessions and processes. A session is established each time an administrator or client node connects with the server. The server starts a process for each task that it performs. Activity Log: The information shows the number of warning and error messages in the activity log in the last 24 hours. If you make no changes for filtering the activity log and click Update Table, the list includes all messages in the activity log. Storage Device Status: The status is a summary of the availability of all libraries and drives for the server. When a volume is present in the drive, the status column displays the status of the volume. Otherwise, the status column indicates whether the drive is online or offline.
364
Event notifications
If you have created hardware-related event notifications, you are notified of the event by email or an SNMP trap. A summary count of hardware errors is also shown on the Health Monitor page of the Information Archive GUI. The included IBM Systems Director monitors the following appliance components: Cluster Node (2231 Model S2M) Management Console (2231 feature code 5600) RSM server (2231 feature code 5601) Ethernet switches SAN switches
365
4. Log on to the web interface, using the iaadmin user account and the password that you specified in the Initial Configuration Wizard.
5. On the Manage tab of the Welcome page, click Service and Support Manager. You might have to scroll down the page to see the Service and Support Manager link (Figure 9-21). Click the Service and Support Manager link to launch the Service and Support Manager Getting Started wizard. This wizard configures the Electronic Service Agent tool.
366
6. Complete the Getting Started wizard (Figure 9-22) using the information supplied on the planning worksheet.
Click Next. 7. You must specify contact information as shown in Figure 9-23 so that IBM support knows whom to contact about the problem.
Click Next.
367
8. Specify the System location information so that IBM support can route problem reports to the appropriate support center. An example is shown in Figure 9-24.
Click Next. 9. You must configure the management server to use an existing Internet connection so that the Service and Support Manager can report problems and send service information to IBM support. On the Connection page shown in Figure 9-25, click Test Connection to ensure that the specified connection method can successfully connect to the Internet.
Click Next.
368
If the connection test was successful, you get the message shown in Figure 9-26.
10.You need an IBM ID to view service information that was sent to IBM support by the Service and Support Manager (Figure 9-28).
Click Next. 11.On the Automatic monitoring page, select the Yes, automatically discover and monitor eligible systems check box if not already selected. See Figure 9-28. Click Next.
369
12.The Summary panel of the Service and Support Getting Started Wizard displays a summary of the information you specified and selections that you made to complete the wizard. Review the information provided on the Summary panel shown in Figure 9-29 to ensure that the information is correct. Click Finish.
370
Follow these steps to investigate the error: 1. Access the IBM Systems Director and log on using the iaadmin user account and password. For more information, see Accessing the IBM Systems Director on page 101. 2. Click Navigate Resources in the navigation tree as shown in Figure 9-30. 3. In the Groups table, click All Systems.
For each IMM that has an Access status of No access as shown in Figure 9-31, use the following steps: 1. In the System table, click No access for one of the systems.
371
2. In the Request Access panel (Figure 9-32), User ID field, type USERID (case sensitive). In the Request Access Password field, type PASSW0RD (case sensitive; PASSW0RD includes a zero). Click Request Access. These are the default IMM passwords, which cannot be changed.
3. Check the Selected targets table at the bottom of the Request Access panel as shown in Figure 9-33 and verify that the Access column has a status of OK.
372
If the status does not change to OK, use the following steps to remove and rediscover the IMM and its subsystem. A rediscover will only discover an internal appliance server: 1. In the All Systems table, click the name of the IMM that has the No access status. The Navigate resources window shown in Figure 9-34 displays.
2. From the Navigate Resources (Properties) page, click the Inventory tab to get the window shown in Figure 9-35.
3. From the Collected Items navigation tree, click System - Operating System.
373
4. In the Inventory details window: Operating System table, right-click the entry and select Remove as shown in Figure 9-36.
After removing the inventory, you get the message shown in Figure 9-37.
5. In the left-hand navigation tree, expand Inventory and click Advanced System Discovery. A window is shown as illustrated in Figure 9-38.
374
6. In the Advanced System Discovery table, select all of the profile names and click Run. In the pop-up menu in Figure 9-39, select Run Now and click OK.
In the detailed view, you can verify the status from the discovery process (Figure 9-40).
7. Click Navigate Resources in the navigation tree. In the Groups table, click All Systems and check for the IMM that you removed. Ensure that it has been added and that the Access status is OK.
375
376
3. Locate and click the node with the problem to display the properties page for that node. An example is shown in Figure 9-42.
4. Click the Event Log tab to display recent activity, and to view additional information regarding a particular system status. 5. Click the Active Status tab. 6. Click the system status instance that you are interested in. The Ignore and Delete buttons become active. An illustration is shown in Figure 9-43.
7. Click Delete to remove the instance from the page. The status on the properties page change to OK. Important: Do not click Ignore. Clicking Ignore will cause the system to ignore this type of event until otherwise specified. If you do accidentally click Ignore, you can reactivate a status by clicking the Status tab, selecting the item, and clicking Activate.
377
2. Click Critical to show the actual errors. 3. Use the Status tasks to get more information about the health or errors within the appliance. There are four status tasks available as shown in Figure 9-45. 378 Health summary View problems View active and ignored status Groups by status
379
380
381
Select Update System Configuration in the RSM Main Menu to get the System Configuration window shown in Figure 9-50.
Contact Information
First you have to update the contact information. Click Contact Information to get the Contact Person Information configuration window as shown in Figure 9-51. You need to define at least one contact person, but you can define up to 20 people. One of these contacts must be defined as the Primary Contact for the RSM. Later during configuration of the storage controllers, you will be able to associate one of the contacts defined here with each Information Archive storage controller. Alerts sent to IBM include the primary contact information for the RSM server and the information for the contact associated with the Storage Controller problem.
382
Only one of these contact entries can be associated with a given storage controller. You can use the alternate phone number and hours to call fields to specify another person for IBM Service to call in case the first person is not available. The phone number fields can only contain the number. But the hours to call fields are free form and you can put any text into them. Fill in each field and then select Update configuration to save the information. Be sure to include a complete phone number including country codes for international dialing. The Alternate phone number and Hours to call alternate number fields are optional. Time Zone can be entered in any format.
Company Information
In the system configuration window, click Company information to get the Company Information window. Fill in the fields and then select Update configuration to save the information. All fields are required except for Address 2. Required fields with missing or incorrect information are indicated by an asterisk to the right side of the field.
Connection Information
In the System Configuration window (Figure 9-50 on page 382), click Connection Information to get the Connection Information window shown in Figure 9-53.
Fill in the fields and then select Update configuration to save the information. Required fields with missing or incorrect information are indicated by an asterisk to the right side of the field: SMTP Server: The default value is DIRECT, which will cause the RSM system to send emails directly to the destination. You can also specify the TCP/IP address (xxx.xxx.xxx.xxx) of your SMTP email server. 383
If using DIRECT, one reason that emails might not be delivered is because your company's firewall might only forward emails sent from your email server. Specifying the TCP/IP address of your SMTP email server can resolve this problem. If using the TCP/IP address of your SMTP email server, one reason that email might not be delivered is because the filtering on your email server might be blocking email sent by the RSM system. Check with the administrator of your email server to determine if a special rule for the RSM system is required. Management Station: Enter the optional the TCP/IP address (xxx.xxx.xxx.xxx) of your Management Console (running IBM DS Storage Manager) that will send SNMP traps to the RSM system. If this field is filled in, the management station will be periodically pinged to verify that the network connection is OK Location of RSM server: Indicate in which rack, room, or building the server is located. Country or Region: If you have attached one of the global modems manufactured by Multitech that IBM has tested for use with RSM, the modem will automatically be initialized for operation in the specified country or region. Remote access method: Some method of remote access must be configured in order for IBM Service to be able to respond to alerts from the RSM system. Either the modem connection, the SSH connection, or both must be configured. Modem phone number: Enter phone number for the modem attached to the Remote Support Manager, including area and country codes. This is the number the IBM service will use to dial the modem. The following characters are allowed: 0123456789. All other characters will be automatically removed. If no modem is to be attached to the RSM system, enter NOMODEM in this field and complete the configuration for remote access by SSH client. Phone Line Check number: In the United States and some other regions, the RSM system can usually determine that the phone line is connected without requiring this field. Leave this field blank unless the RSM system always reports problems when performing phone line checks. If the RSM system always reports that the phone line check is failing, enter the number you intend to use to dial the modem from within your internal phone system. If the check still fails, enter the dialing prefix (if any) required by your internal phone system to reach an outside line and then the modem phone number used to dial the RSM modem from outside your internal phone system. There might be some combinations of location, internal telephone systems, and modems that will not allow the phone line check to be performed. In this case, enter DISABLE in this field to bypass the phone line check. Except for the word DISABLE, only spaces and numbers are allowed. Remote SSH access: Enter the IP address and port number for the IBM Service to use to connect to the RSM system using a SSH client. Your external firewall must be configured to map this external address and port number to the RSM system. The default listening port number for SSH is 22, but you can assign another port number for the RSM system on this page. 384
IBM Information Archive: Architecture and Deployment
If you do not want to use SSH for remote access, specify the internal IP address, 172.31.3.250, to get SSH enabled for the internal SSH communication. This internal address cannot be used for remote connections. If an SSH connection is not configured, then a modem must be configured. You can optionally provide a user account and password to be used by IBM Service to authenticate with your external firewall before attempting to connect with a SSH client. All of this information is encoded in the alert, so IBM Service will have the information necessary to connect to the RSM system.
Storage Subsystems
In the System Configuration window (Figure 9-50 on page 382), click Storage Subsystem to get the Storage Subsystem window shown in Figure 9-54. Fill out all requested information.
Attention: Do not enter a DS Storage Manager password in the password fields. Name: The name is predefined within the IBM Information Archive and must match exactly the hostname used in IBM DS Storage Manager for this subsystem (storage controller). When using Enhanced Remote Mirroring, it might be necessary to match the Storage Controller naming. Location: Indicate where the Storage Controller subsystem is located: rack, room, or building number.
385
IP Address: The IP Addresses are predefined in Information Archive. The IBM Serial Numbers are on the label in front of the storage controller. IBM Product ID: The Product ID is predefined in Information Archive. Verify that the Product ID is entered as 2231-D1A. Contact person: Choose from the list of previously defined contact people. This person will receive notifications about problems for this storage controller. Part of an IBM Solution: The Storage Controller (or subsystem) is part of an IBM Solution. The RSM must reflect the IBM Information Archive serial number. This is necessary to route problem reports to the correct IBM support team. The Part of an IBM Solution field is predefined on IBM Information Archive. To verify the Information Archive, log on with the lservice user account. Click System Configuration and Storage Subsystems and select the affected storage controller. A window similar to the one shown in Figure 9-54 is displayed.
Click Update to see the IBM Information Archive Solution Information. The window is shown in Figure 9-55.
386
The Type, Model and Serial number field must match the IBM Information Archive.
Configuration Test
On the System Configuration page, run the Configuration Test as shown in Figure 9-56. When each configuration section shows a status of OK, an option to run a Configuration Test will be available at the bottom of the window. The RSM Configuration Test will verify connectivity to all configured devices. Click Refresh Status until the test completes and the results are shown. Any problems are indicated by a status of Problem and the specific device will be flagged with a double asterisk. Click the areas indicating a problem to determine which device and/or IP address cannot be reached. Additional information about test results are written to the Activity Log and displayed on the System Configuration page. See the Help for the Configuration page for suggestions on resolving the problem. Re-run the configuration test until all problems are resolved.
Figure 9-56 Run configuration Test Chapter 9. Monitoring and call home
387
During the configuration test, (see Figure 9-57) the profile for each subsystem (storage controller) will be downloaded. This will verify connectivity to the storage controller, verify that this version of RSM software is compatible with the firmware on the Storage Controller and if the Storage Controller name matches the name used in DS Storage Manager. The configuration test will also determine if there are any drive expansion units attached to the controller. If any drive expansion units are detected, the configuration status for the Storage Controller will change to Configuration Incomplete and additional configuration fields will now be available for setting the IBM machine type and serial numbers of each detected drive expansion unit. When storage expansion units are used, you have to update the fields with the Model, Type, and Serial number. It has to look like 2231-D1B xxxxxxx.
After the Configuration Test completes without reporting a problem and Remote Access has been verified, contact IBM Information Archive support to have a test alert sent and to activate the system.
System Activation
Before the Remote Support Manager can send alerts to IBM, it must be activated by contacting IBM Service. This is also the last step in verifying the correct operations of RSM. 1. Contact IBM Support to activate the system. You have to call for service using the Machine Type and Serial Number of Information Archive. 2. On the RSM user interface, click Remote Access and enable remote access. A window is displayed as shown in Figure 9-58. 3. Provide IBM Support with the remote access information (either the phone number of the modem or the SSH connection information). 4. IBM Support will verify that they can connect to the system. 5. After generating and verifying receipt of a Test Alert, IBM Support will activate the system for reporting.
388
After RSM is activated, the Information Archive storage controllers are ready for monitoring and call home.
7. Click the Remote Access button. The panel is displayed as shown in Figure 9-59. 8. Click Enable Remote Access to enable the access for IBM Support.
When Remote Access is enabled, the remote user login (rservice) is enabled and calls to the modem will be answered.
Acknowledging alerts
The acknowledge state of an alert is an indication that IBM Service has seen or is aware of the alert. When IBM Service dials into the RSM system, they will view the existing alerts and acknowledge them. In some situations, IBM Service might not require remote access to the RSM or subsystem in order to determine the cause of a problem, and they might call you to discuss the problem resolution. You can also acknowledge (or close) alerts.
Closing alerts
The RSM software sends an alert to IBM Service for the first event reported for a subsystem and for each unique event that indicates a hardware failure. Additional alerts that occur (usually related to the initial event) are held by the RSM system and are available for examination by IBM Remote Support when they connect to the RSM system in response to the initial alert. When all active alerts for a subsystem are closed, the next event for that subsystem will again be sent to IBM Service. Problem reports: Closing an alert in the RSM software does not close the problem report with IBM Service.
390
Security
Adding a modem or enabling SSH connections to one of your systems creates a potential entry point for unauthorized access to your network. RSM software modifies many characteristics and behaviors of the system it is installed on to protect this entry point and to maximize the amount of control you have in managing remote access. To ensure the integrity of these controls, consider the server that the RSM software is installed on to be a single purpose appliance. RSM controls initial access to the system by remote users and then manages an internal firewall to limit the scope of access a remote user has to your network.
391
log into the system locally and is also recognized by the RSM browser interface. The password for this user is set by the root user of the system. rservice is used by IBM Service and is only valid on the remote modem or SSH connection. The Switch User (su) command is disabled to prevent a normal user from attempting to become root and have unrestricted access to the system. The RSM software makes other changes in program and directory permissions to limit what programs and files these users can access. 2. IP connections: The remote connection made by IBM into the RSM system is a console interface and programs that can initiate an IP connection on this interface are removed from the system during installation of the RSM software. The only TCP/IP related daemons (or services) running on the RSM system are snmptrapd, sshd, and httpd, which listen for SNMP traps, secure shell session requests and HTTP(S) requests respectively. 3. Firewall states: The RSM software manages an internal firewall that limits the TCP/IP destinations that can be accessed by local and remote users of the system. The rules for inbound and outbound IP traffic that control the internal firewall are managed dynamically by the RSM software. There are three general states that the firewall can be in: Disabled: All IP traffic is permitted both into and out of the system. Enabled: Closed: This is the normal state when there are no active alerts present and the system is waiting for notification from IBM DS Storage Manager of a problem: The firewall will accept incoming SNMP traps, ping, traceroute and HTTPS requests. Outbound traffic for DNS, ping, traceroute, IBM's WWW and FTP sites and port 25 of your configured SMTP (email) server. There is no access to any of your configured SAN devices or other addresses except as previously noted. Forwarding of TCP/IP traffic is also disabled, which prevents the system from being used as a router. Enabled: Open: In the Enabled: Open state, outbound access to one or more configured storage systems or other configured SAN devices is also permitted. Access is allowed only to those devices that have active alerts or those that you have placed in Service Access mode. If you have defined any custom firewall rules, those rules will also be in effect. Enabled: Custom: The Enabled: Custom state will be seen in place of Enabled: Closed when one or more custom firewall rules has been configured in /etc/rsm/rsm-firewall.conf. Custom rules might allow SSH access on your local network for administration. When RSM is included as part of an IBM Solution, rules can be created to allow communication with other elements in the solution.
392
Inbound SNMP traps on port 163 Outbound connections to Domain Name Servers (DNS) on port 53. Outbound connections to the configured email (SMTP) server In addition, the following connections are allowed for management and maintenance of the RSM system. Outbound connections to IBM's websites and FTP servers Ping requests and responses Traceroute requests and responses Inbound HTTPS requests While a subsystem has an active alert, outbound connections to that subsystem are allowed. Outbound connections are also allowed for all devices that have been placed in Service Access mode. The internal firewall permits outbound connections on any TCP port, but limits those connections to only devices listed in the RSM configuration and under specific conditions, such as when a device is reporting a problem. The internal firewall allows no inbound connections except for: nn SSH (default is port 22): This port is used to provide remote access to the RSM system for IBM Support. It is enabled when the RSM Remote Access state is enabled and the SSH configuration has been provided. A second SSH port that can be used for remote access can be configured to use a non-standard port number. 443 HTTPS: Management of the RSM from within the customer network.
9.5 Reporting
The IBM Information Archive provides several ways to view current and historical status information about the appliance. You can generate historical reports in several formats and view status information in the Information Archive GUI. You can also use external tools to obtain additional information. There are some differences in the reporting options available for each type of document collection.
393
3. In the Navigation tab, expand Tivoli Products and click IBM Information Archive Reports. The available reports are listed in the Reports table as shown in Figure 9-60.
4. Right-click the Capacity utilization analysis for File Archive Collections, select View As, and select the report format. If you select Microsoft Excel, the report data is exported but not the charts. When you select HTML format, you will get a window as shown in Figure 9-61 and Figure 9-62. Important: The Capacity utilization for File Archive Collections report is only available for File Archive Collections. 5. In the On-Demand Report Parameters window, select a document collection for which to generate the report and specify a time interval as illustrated in Figure 9-61.
The generated report is shown in Figure 9-62. The generated report appears in a separate web browser window. To save a copy of the report to your local computer, on the web browser, click File Save.
394
395
396
The Collection Overview page as shown in Figure 9-64 also provides a total count of stored documents for both File Archive Collections and System Storage Archive Manager collections. For File Archive Collections, the count is updated every 12 hours. For System Storage Archive Manager collections, the count is updated each time the page is refreshed. Log on to the Information Archive GUI and complete the following steps: 1. Expand Information Archive Management in the navigation tree. 2. Click Collection. A window is opened as shown in Figure 9-65.
3. Click one of the four Document status buttons to view detailed document status information. An illustration is shown in Figure 9-66. The count shown for File Archive Collections includes all documents, including those documents that have no content.
397
398
The Logging and Tracing section can be found in the Information Archive Management navigation tree in the Service Tools menu as shown in Figure 9-67.
9.6.1 Logging
System logs record the appliance errors, warnings, and status changes and are used by IBM service representatives to diagnose problems.
Levels of detail
There are multiple levels of detail that the error logs can be configured to capture, as shown in Figure 9-68: Only error messages: Tracks only errors that are generated by the hardware and software components in the appliance. Error and warning messages: Records any warnings signaled because of a recoverable error. The default value is Error and warning messages. Error, warning, and informational messages: Records any informational messages for normal conditions or events supplied to clarify operations such as state transitions, and operational changes.
399
However, do not change the logging level unless directed to do so by the IBM Support Center.
If you are directed to do so, log on to the Information Archive GUI and complete the following steps: 1. 2. 3. 4. 5. Expand Information Archive Management in the navigation tree. Click Service Tools. In the Logging and Tracing section, click a collection name. Select the level of logging and click OK. (see Figure 9-68). After you complete these steps, click OK or Apply in the properties notebook to commit any changes.
9.6.2 Tracing
Traces record how Information Archive components interact with each other. This information is useful when diagnosing system problems that might not be recorded in the error log. By default, tracing is set to the intermediate level. Important: Do not change the tracing level unless you are directed to do so by an IBM service representative.
The tracing level that you set from the Information Archive GUI only configures the tracing for the Information Archive document ingestion and collection management software.
Substitute trace_level with the trace level to set for the subsystem. The values can be:
401
In Example 9-4 we illustrate this process. After changing the tracing level, the appliance might be unresponsive for a few minutes while it completes the requested changes.
Example 9-4 Tracing Level example
login as: iaadmin Using keyboard-interactive authentication. Password: Last login: Thu Mar 11 11:41:35 2010 iaadmin@IA-Secondary:~> ia_service.py -r trace -c hsm -l mid Routing trace config command to node ianode3. This may take several minutes. Configuring tracing for 'hsm' on 'ianode1' Configuring 'hsm' with command: /opt/tivoli/tiam/bin/setHSMTrace.sh mid Copying dsm.opt.mid to dsm.opt... Enabling logrotate for HSM trace_tsm.out... Stopping the HSM Daemons. killing the dsmwatchd process Restarting the HSM Daemons. Trace level set to mid. Finished setting trace level for 'hsm' to 'mid' on 'ianode1'. Configuring tracing for 'hsm' on 'ianode3' Configuring 'hsm' with command: /opt/tivoli/tiam/bin/setHSMTrace.sh mid Copying dsm.opt.mid to dsm.opt... Enabling logrotate for HSM trace_tsm.out... Stopping the HSM Daemons. killing the dsmwatchd process Restarting the HSM Daemons. Trace level set to mid. Finished setting trace level for 'hsm' to 'mid' on 'ianode3'. Configuring tracing for 'hsm' on 'ianode2' Configuring 'hsm' with command: /opt/tivoli/tiam/bin/setHSMTrace.sh mid Copying dsm.opt.mid to dsm.opt... Enabling logrotate for HSM trace_tsm.out... Stopping the HSM Daemons. killing the dsmwatchd process Restarting the HSM Daemons. Trace level set to mid. Finished setting trace level for 'hsm' to 'mid' on 'ianode2'. Updating trace_current.properties file.
402
10
Chapter 10.
403
404
Figure 10-1 shows the zoning configuration for tape attachment to the internal SAN switches.
To achieve maximum protection level for the Information Archive appliance, for example, it is possible to configure the primary site to use tape devices attached to the local site for tape migration but use a tape library and tape devices connected to the remote switch for database backups and copy pools. Tip: If you implement a tape attachment strategy where the primary Information Archive appliance is also using the devices attached to the remote Information Archive appliance switches, be aware that the actual I/O for backup or migration will be routed by the Inter Switch Links, which are primarily used for Enhanced Remote Mirroring to synchronize the primary and secondary disk subsystems. External SAN switch attachment: In this configuration, the cluster nodes are connected to a customer-supplied external SAN switch. You can connect as many tape devices as the external SAN switch can support. All cluster nodes that are attached to the external switch can access all of the tape devices. The customer is responsible for determining the interoperability between the appliance cluster nodes Host Bus Adapters (HBAs) and the external SAN switch as well as for the implementation of redundant fabric configuration. The cluster nodes HBAs are QLogic 4 Gb FC Dual-Port PCIe HBA for IBM System x. To check if your SAN switch is compatible, see the System Storage Interoperation Center at: http://www.ibm.com/systems/support/storage/config/ssic/ Important: The tape device connection methods cannot be combined in certain ways: Do not connect the tape devices directly to the cluster nodes while also through a switch. Do not connect the tape devices through the internal SAN switch while also through an external SAN switch. Do not connect the internal SAN switch to an external switch of any kind. This can compromise the zoning of the internal SAN switch.
405
IBM tape libraries: TS3100 (for LTO 3 and LTO 4 tape drives) TS3200 (for LTO 3 and LTO 4 tape drives) TS3310 (for LTO 3 and LTO 4 tape drives) TS3400 (for TS1120 and TS1130 tape drives) TS3500 (for TS1120, TS1130, LTO 3 and LTO 4 tape drives) To read more about models and features of IBM tape drives and libraries, go to the website: http://www.ibm.com/systems/storage/tape/index.html
406
File access times: Retrieving files from a tape device can take minutes depending on the performance of the tape device, and it is significantly slower than retrieving files from the appliance disk subsystem. If you must access your files frequently, do not migrate them to tape storage. For migration, both File Archive Collections and System Storage Archive Manager Collections can use tape storage. In both cases, the tape device is the last level in the storage migration hierarchy: For File Archive Collections, documents are migrated from primary disk storage to secondary disk storage within the appliance, and then migrated to tape. For System Storage Archive Manager collections, documents are migrated directly from initial disk storage to tape.
407
Backing up the System Storage Archive Manager database: Like the actual data, the System Storage Archive Manager database needs protection from the very same scenarios just described. Without the System Storage Archive Manager database, access to the archived data is impossible. Therefore, backing up the database to tape (preferably to a remote site) is as vital as the backup of the original data. Backing up the System Storage Archive Manager database does not include the actual System Storage Archive Manager data. A database backup needs to be done for each collection by its own. Even if you have multiple System Storage Archive Manager Collections configured, each collection needs to be backed up individually. This also applies to File Archive Collections. In Information Archive environments, even with Enhanced Remote Mirroring enabled, it is also critical to back up the System Storage Archive Manager database to tape in order to protect against possible database corruption. The required steps for System Storage Archive Manager database backup are described in chapter Backing up the System Storage Archive Manager database on page 443.
408
10.5.1 IBM System Storage Archive Manager and Information Archive Tivoli Storage Manager tape pools
When using System Storage Archive Manager or File Archive Collections, the technical reasons to establish a storage hierarchy, which includes disk and tape, are based on the various functions the product offers: Backup of storage pools (copy pools) Data migration Information Archive Tivoli Storage Manager / System Storage Archive Manager Database Backup (DBB)
Manual tape devices are devices operated by the administrator because they do not have
any automated functionality or the hardware necessary for automation. For example, any stand-alone tape drive is considered to be a manual tape device. The tapes are mounted and dismounted by the administrator, and the storage of tape volumes is under the control of the administrator.
Automated tape devices have the hardware (such as cartridge accessor, storage slots, and input/output slots) and functionality to operate without administrator intervention. Mounting and dismounting tape volumes or storage of volumes within the library is fully automated. Whenever possible, choose automated tape devices over manual tape devices.
Tape devices are defined to System Storage Archive Manager and Information Archive Tivoli Storage Manager through library and drive definitions. Each physical library (of whatever tape technology) is associated with or mapped to a tape device class definition. The device class definition informs the servers about the type of drive being used, for example, the format and capacity. Tape drives within a large tape library can be logically grouped to meet performance requirements for various groups of data, as illustrated in Figure 10-2. Tape devices: See the section Planning for tape attachment on page 409 for more information about supported tape devices.
409
Migration
The physical location of an object within the storage pool hierarchy has no effect on its retention policies. Migrating objects to another storage media such as tape can free up storage space on higher-performance devices such as disks.
Tape Library
read on one drive, write on other
Tape Drive #2
Tape Drive #1
DB Volume
Recovery Log
DB Volume
DBB
DBB DBB Backup DBB Storage SSAM Copy Tape Pool Pool COPY Volume COPY Volume COPY Volume
LOG Volume
Primary Disk Pool
LOG Volume
ITSM CONFIG
Migration
STG Volume STG Volume STG Volume
STG Volume
STG Volume
STG Volume
Figure 10-2 Tape attachment for System Storage Archive Manager with migration and copy policies
410
10.6 Configuring tape libraries and drives for use with Information Archive
This section describes attaching the IBM Enterprise Library TS3500 with the LTO Ultrium 4 WORM-Capable Tape Drives 3588 Model F4A to Information Archive. We selected these devices because they support WORM functionality and hardware encryption. The technical aspects of this illustration remain the same for most of the other possible devices, including the TS1130 enterprise tape drive with dual port interface. Instead of the IBM Automated Tape Libraries, you can use simpler options, such as LTO libraries or stand-alone tape drives. Use the following procedure to configure tape attachment for migration of archived documents from disk storage to tape. Tape migration is configured per collection. Before starting this procedure, ensure that you have completed the following prerequisites: You have created an Information Archive document collection. Our examples refer to a System Storage Archive Manager collection SSAM1 and a File Archive Collection NFS1. The tape device has been started and is connected to the appliance.
411
cluster nod e1
A B
cluste r no de2
A B A
cluster node 3
B
LTO Drive1
LTO Drive2
LTO Drive1 connected to swi tch1, port 9 LTO Drive2 connected to swi tch2, port 11
Figure 10-3 Cluster nodes and TS3500 library with LTO4 drives connected to the internal SAN switch
412
2. Configure the tape devices on all cluster nodes by entering the sudo IBMtapeconfig command as shown in Example 10-2. The IBMtapeconfig utility is part of the IBM device driver package and is pre-installed in each cluster node of Information Archive appliances.
Example 10-2 configure the tape devices using the command IBMtapeconfig
iaadmin@ianode1:~>/usr/bin/IBMtapeconfig Creating IBMtape special files major number: 253 Attached devices: 0 1 mknod -m 0666 /dev/IBMtape0 c 253 0 mknod -m 0666 /dev/IBMtape0n c 253 1024 mknod -m 0666 /dev/IBMtape1 c 253 1 mknod -m 0666 /dev/IBMtape1n c 253 1025 Creating IBMchanger special files major number: 253 Attached devices: 0 1 mknod -m 0666 /dev/IBMchanger0 c 253 2048 mknod -m 0666 /dev/IBMchanger1 c 253 2049 3. You can identify the detected tape devices by executing the command cat /proc/scsi/IBMchanger and cat /proc/scsi/IBMtape. See sample output in Example 10-3 and Example 10-4.
Example 10-3 Sample content of /proc/scsi/IBMchanger
iaadmin@ianode1:~>cat /proc/scsi/IBMchanger lin_tape version: 1.24.0 lin_tape major number: 253 Attached Tape Devices: Number model SN HBA 0 03584L22 0000078A02340406 qla2xxx 1 03584L22 0000078A02340406 qla2xxx
Example 10-4 Sample content of /proc/scsi/IBMtape
FO Path NA NA
iaadmin@ianode1:~>cat /proc/scsi/IBMtape lin_tape version: 1.24.0 lin_tape major number: 253 Attached Tape Devices: Number model SN HBA 0 ULT3580-TD4 1310125225 qla2xxx 1 ULT3580-TD4 1310127710 qla2xxx
FO Path NA NA
4. The test for proper communication with the library medium changer can be performed with the IBMtapeutil utility. Typing the IBMtapeutil -f /dev/IBMchanger0 inquiry command returns the TS3500 Library (3584-L22) vital product data, as displayed in Example 10-5.
Example 10-5 Sample output of command IBMtapeutil -f /dev/IBMchanger0 inquiry
413
Product ID----------------------------03584L22 Product Revision Level----------------8900 vendor1, Length 20 0123456789ABCDEF [780000078A0234 1] [.... ]
0 1 2 3 4 5 6 7 8 9 A B C D E F 0000 - 3738 3030 3030 3037 3841 3032 3334 2031 0010 - 8000 0000
10.6.3 Defining LTO4 tape drives and TS3500 library in the System Storage Archive Manager server
This section describes the configuration for a TS3500 tape library with two LTO4 tape drives in the System Storage Archive Manager server (for System Storage Archive Manager Collections). The steps are similar if you need to configure tape attachment with an Information Archive Tivoli Storage Manager server for File Archive Collections. Note that if you plan to configure tape attachment for more than one collection, you can share the drives among multiple collections by configuring IBM Tivoli Storage Manager library sharing. IBM Tivoli Storage Manager library sharing is described in 10.7, Tape drive encryption on page 433. To ensure that your tape devices are connected properly and detected by the cluster nodes, you can either open the Integrated Solution Console page from Information Archive Management System Management (see Figure 10-4) or execute the cat /proc/scsi/IBMtape command as shown in Example 10-4.
To define the LTO and library devices to System Storage Archive Manager, complete the following steps: 1. Start an Information Archive Administration web interface. Then, select Tivoli Storage Manager Storage Devices from the main menu on the left side of the Administration Center web interface. 2. Start the storage device wizard by selecting Servers Add a storage device. Click Next to start the wizard. Figure 10-5 shows a drop-down list with the available device types for new storage devices. In our example, we use the LTO device type because our 3588 drives use LTO compatible media, which include LTO4, LTO3, LTO2, and LTO1. In this window, you can also define devices that are connected to other Tivoli Storage Manager servers. These devices can be shared between Tivoli Storage Manager servers defined using the IBM Tivoli Storage Manager library sharing functionality as described later on this chapter.
414
3. Define a TS3500 library named TS3500. To define the library, type the name TS3500 into the Library name field and choose SCSI as the library type, as shown in Figure 10-6. Depending on the device type you chose from the previous menu, there are various library types available.
4. Define the library settings. The device special file name is the device name that is used by the operating system to communicate with the library. In the case of our TS3500 library, this is /dev/IBMchanger0. Figure 10-7 also gives you the option to share the library with other Tivoli Storage Manager servers, as mentioned in step 3.
415
The next window gives you an overview of the defined library and its parameters. 5. Define the tape drives. Select Define Drives Add Drive from the drop-down menu. Specify the drive name drive01 and the device special file name /dev/IBMtape0 for the first drive. In the case of the TS3500 library, the drive element address will be determined automatically by the IBM Tivoli Storage Manager server. Click Add Another to repeat this step for the second drive using drive02 and /dev/IBMtape1 as parameters. Click OK to define the drives. By clicking Next, you get an overview of the defined drives. 6. Add Volumes. This part of the wizard helps you discover and check-in the storage media, in our case, the tape volumes. We assume the use of an empty tape volume with barcode labels for this first test. You can add more volumes at a later time by invoking the Add volumes wizard again in the library properties drop-down menu (see Figure 10-8).
416
At this time, you must not have any volume known to the System Storage Archive Manager database, so you can proceed with the standard options. The wizard will start a background process that can be monitored by entering the command query process from the Administrative command line interface (Figure 10-9).
7. Create storage pools. In this step, we define a primary tape storage pool named TAPE_POOL with a maximum of 999 scratch volumes (Figure 10-10). The number of scratch volumes depends on your configuration. You can also define a copy pool, but we will skip this step for now because it is described later in this example.
417
The Storage device wizard has finished the steps and shows a list of the defined devices (Figure 10-11).
In the storage devices main window, you now see the previously defined library. By clicking the name of the library, you get the library properties overview, where you can adjust the library parameters and add or remove volumes. Figure 10-12 shows the general library properties box. Note that the serial number and the worldwide name of the library have been automatically detected.
418
Note that a standard LTO device class named LTO_CLASS_1 has already been defined and activated by the wizard in read/write mode. 8. Define an additional device class for the LTO WORM media. From the storage devices main window, select Servers View Device Classes. You get a list showing the Device Classes defined for the System Storage Archive Manager Server. Select Create a Device Class from the drop-down menu of this list, as shown in Figure 10-13.
Complete this step by selecting LTO as the device type. By clicking Next, you will see the device class properties box. Provide a useful name such as LTO_CLASS_WORM and select the previously defined library. Enable the WORM capability by checking the check box, as shown in Figure 10-14, and finish the wizard.
419
9. Verify the definitions. Verify your definitions by issuing the following commands at the command line: query query query query query library drive path devclass stgpool
For a more detailed list, specify f=d, which is the short form of format=detailed. Example 10-6 shows detailed information about the previously defined device class using the query devclass LTO_CLASS_WORM f=d command.
Example 10-6 Detailed informational output for a WORM-enabled device class
tsm: SSAM1>q devclass LTO_CLASS_WORM f=d Device Class Name: Device Access Strategy: Storage Pool Count: Device Type: Format: Est/Max Capacity (MB): Mount Limit: Mount Wait (min): Mount Retention (min): Label Prefix: Library: Directory: Server Name: Retry Period: Retry Interval: Shared: High-level Address: Minimum Capacity: WORM: Drive Encryption: Scaled Capacity: Last Update by (administrator): Last Update Date/Time: LTO_CLASS_WORM Sequential 0 LTO DRIVE DRIVES 60 60 ADSM TS3500
10.6.4 Integrating LTO4 drives and TS3500 library into the storage hierarchy
In this section, we describe three scenarios for integrating the TS3500 library into the storage hierarchy.
420
If you are using the web interface, go to the Storage devices main window and select Servers View Storage Pools Create a Storage Pool and follow the wizard. Fill in the storage pool name ARCHIVE_TAPES and an optional description. Choose Primary, sequential access as the storage pool type.
Figure 10-15 Storage pool wizard: Select name, description, and type
Finish the wizard by selecting the device class LTO_CLASS_WORM for the storage pool, as shown in Figure 10-16, and confirm the overview of the created storage pool settings.
Figure 10-16 Storage pool wizard: Select the WORM-enabled device class
421
You now see an overview of the defined storage pools, as shown in Figure 10-17. Note that the FILEPOOL is preconfigured for the System Storage Archive Manager Server during collection creation.
Figure 10-17 Defined storage pools for the System Storage Archive Manager Server
By clicking the storage pool name, you get the storage pool properties box. Set the values according to your needs. On the command line, issue the help update stgpool command for information about syntax and the use of parameters. In the context of a WORM medium, the Delay Period for Volumes Reuse parameter does not make sense at first. By nature, a tape WORM media cannot be reused at all. However, the effect of this parameter is that an empty volume (all data expired from the System Storage Archive Manager point of view) is kept in the System Storage Archive Manager database in status PENDING until the delay period passes. After that, System Storage Archive Manager wipes out all references to this volume; it is unknown from now on. This status enables you to define a mechanism within System Storage Archive Manager to identify expired volumes, and, for example, convey them to a scrapping process. For example, a daily query volume status=pending command displays the empty tapes. Furthermore, these volumes must have been kept in pending status for as long as database backups are held. This allows a rollback to a previous version of the database in case of a disaster while still having access to the data on the WORM media, which is not the case if the volumes had already been scrapped. Therefore, it is a good practice to set the Delay Period for Volumes Reuse to a non-zero value; in the context of the Information Archive System Storage Archive Manager Server, set this to three days, because database backups are kept for this period of time. CRC Data is set to YES; this improves the data integrity for the copy objects. CRC Data specifies whether a cyclic redundancy check (CRC) validates storage pool data when audit volume processing occurs on the server. By setting CRC Data Validation to YES, data is stored that contains CRC information. When you schedule audit volume processing, you can continually ensure the integrity of data stored in your storage hierarchy. We assume that you always configure the CRC data validation on the Information Archive Appliance, even if you never use the audit volume processing to validate the data. Tip: Use the IBM Tivoli Storage Manager features such as Delay Period for Volumes Reuse and cyclic redundancy check (CRC) data validation to improve data integrity. 2. Include the sequential access storage pool in your storage hierarchy. To use the previously defined storage pool ARCHIVE_TAPES, you need to include it in the existing storage hierarchy by updating the FILEPOOL to point to the new pool: update stgpool filepool nextstgpool=archive_tapes 422
IBM Information Archive: Architecture and Deployment
If you are using the web interface, open the FILEPOOL properties box from the Storage Pools overview and choose ARCHIVE_TAPES from the Next Storage Pool drop-down menu, as shown in Figure 10-18.
Figure 10-18 FILEPOOL properties box: Choose the next storage pool
The High Migration Threshold and Low Migration Threshold values are kept at the default values. Crossing the high threshold causes the IBM Tivoli Storage Manager server to start migrating data off this pool to the next specified pool until the percentage of occupancy (versus the total capacity of the storage pool) indicated by the low threshold has been reached. A good practice to control the occupancy level is to work with scripts and schedules to adjust these values dynamically according to, for example, storage capacity requirements or backup schedules. For example, set up a schedule to run every day to initiate the migration of all data from the disk pool to the tape pool on a daily basis. This schedule calls a script that sets both the low migration threshold and then the high migration threshold to zero. This will instantly result in the migration of all data off the disk pool into the tape pool. After completion, the values will be set to the original values, again using a combination of scripts and schedules. The advantage of this method, rather than maintaining the migration thresholds constantly at the same level, is a guarantee that all objects will eventually migrate onto WORM tape. Otherwise, small objects run the risk of never migrating, because they might always be within a capacity level that is lower than the low migration threshold. Cache Migrated Files controls whether or not objects are deleted from the FILEPOOL after successful migration to the ARCHIVE_TAPES. Deleting objects releases the space in the primary pool, while caching them increases the hit ratio on disk and reduces the number of tape mounts required in case a object is accessed by users. Migration Delay set to 0 means that objects can be migrated by System Storage Archive Manager according to the occupancy level. If, for example, a requirement exists to keep objects in the disk pool for at least one year to guarantee fast access times, this parameter has to be set to a value of 365. Migration Continue specifies if migration must continue disregarding and overriding the (non-zero) Migration Delay value. If you do not want this behavior, consider an appropriate sizing of the primary disk pool.
423
Figure 10-19 Storage pool wizard: Select name and description for copypool
Define LTO_CLASS_WORM as the device class and choose the maximum number of scratch volumes, as shown in Figure 10-20. Terminate the wizard by confirming the summary. This new copy storage pool can now be used as a target to incrementally back up data to the LTO WORM media. The backup will be established with two scheduled processes: One copying data off the disk storage pool FILEPOOL and another copying data off the tape storage pool ARCHIVE_TAPES, because any document or data object can be stored in either of the pools, depending on whether it has already been migrated or not.
424
2. Create a server command script to back up the primary pool to the copy pool with the following sequences: a. The primary pool FILEPOOL b. The sequential access pool ARCHIVE_TAPES To complete these tasks, create a server command script named BASTGPOOL with the following syntax: define script bastgpool update script bastgpool "backup stgpool filepool copy_tapes wait=yes" update script bastgpool "backup stgpool archive_tapes copy_tapes wait=yes" If using the web interface, go to the storage devices main window and select Servers Server Properties Scripts Create Script, as shown in Figure 10-21.
Note that by using the Administration Center web interface, you have the capability to test scripts (even with user-defined variables) before production use.
425
3. Create a schedule to execute a server command script. Create a schedule named BASTGPOOL or execute the previously created server command script BASTGPOOL at the command line: define schedule bastgpool cmd="run bastgpool" active=yes starttime="12:00:00" If using the web interface, select Server Properties Administrative Schedules Create a Schedule. Follow the wizard and provide BASTGPOOL as the schedule name, add a description, and enter run BASTGPOOL as the command to run in the schedule, as shown in Figure 10-22.
Figure 10-22 Administrative schedule wizard: Choose name and command to run
Select the time, date, and repeat frequency of this schedule. See Figure 10-23.
Specify the options shown in Figure 10-24. End the wizard by committing the summary.
426
In our example, the System Storage Archive Manager Server will, from 03/08/2010 (March 08, 2010) and forward, attempt to start the script BASTGPOOL on a daily basis at 06:00:00 pm. If it cannot be started within the specified duration of one hour, the script will be skipped and thus not be executed until the next day. After being started, the primary pools will be backed up to the tape copy pool as specified in the server command script. The Start time has to be chosen individually to reflect the desired schedules and workload within the customer environment. Note that the tape library has to have a sufficient number of cartridges and that these are checked into the System Storage Archive Manager server. The number of cartridges depends on the amount of data stored in the primary storage pool or pools being backed up. If not enough media are available, the schedule can be suspended by making it inactive with the following command: update schedule bastgpool type=archive active=no If you are using the web interface, select Server Properties Administrative Schedules, select the BASTGPOOL script, and choose Modify Schedule. In the schedule properties notebook, uncheck the Schedule is active check box as shown in Figure 10-25.
427
Tip: Working with scripts instead of single schedules has a significant advantage: Single schedules will be executed based on their starting time, without depending on other schedules. Within a script, the parameter wait=yes enables you to initiate a process dependent on the previous one, which is often desired. In our example, we want to have the backup of the primary disk storage pool happen and complete first, before the backup of the sequential access storage pool is carried out. A script can include many and any kind of System Storage Archive Manager server commands, such as disable session, expire inventory, and update stgpool. 4. Optional: Run the script once to verify that it is working correctly. The script can be started manually to verify that the desired backups are actually carried out. Note that this can be a time-consuming process, depending on the amount of data already stored in the System Storage Archive Manager primary storage pools. It also assumes that enough tape media are inserted in the library and available for System Storage Archive Manager use. Start the script BASTGPOOL to initiate the backup of the primary storage pools: run bastgpool If using the web interface, select Server Properties Scripts, select the BASTGPOOL script, and choose Run Script. In the Run Script window, leave the check box Show processing information in addition to script commands checked and watch the script results. Click Run Script to start the process. See Figure 10-26.
428
Figure 10-26 Run script: Watch the output in the script results box
The output of a successful backup process will look similar to the illustration shown in Figure 10-27.
429
Figure 10-28 Create administrative schedule for daily database backups to tape
Accept the default settings for the remaining steps until you get to the summary. Then click Finish to complete the wizard. Start the System Storage Archive Manager database backup once with the following command: backup db devc=LTO_CLASS_1 type=full Your database is now successfully backed up to rewritable tape media. Check the activity log with the command query actlog for entries such as these: ANR4550I Full database backup (process 10) complete, 643 pages copied. ANR0985I Process 10 for DATABASE BACKUP running in the BACKGROUND completed with completion state SUCCESS at 22:47:18.
430
The command query libvol shows at least one rewritable tape volume with a status of DbBackup, as shown in Example 10-7.
Example 10-7 Query libvol command output
tsm: SSAM1>q libvol Library Name -----------TS3500 TS3500 TS3500 TS3500 TS3500 TS3500 Volume Name ----------IA0000L3 IA0001L3 IA0002L3 IA0003L3 IA0010L4 IA0020LT Status ---------------Private Scratch Scratch Scratch Scratch Scratch(WORM) Owner ---------NFS1 Last Use --------DbBackup Home Element ------4,098 4,101 4,096 4,097 4,102 4,099 Device Type -----LTO LTO LTO LTO LTO LTO
This schedule initiates a full database backup onto rewritable tape media every day at 07:00:00. The preconfigured database backup onto specific disk space in the DS4200 starts at 06:00:00, and it will be completed by the time the backup to tape starts. If the script cannot be started within the specified duration of one hour, the script will be skipped and not be executed until the next day. This step demonstrates how to integrate a database backup to tape into the preconfigured System Storage Archive Manager Server. A better practice is again to create a server command script, combining both the database backup to disk and then to tape, consecutively, using the wait=yes parameter, as described in the previous steps. It is up to the customer to customize the IBM Tivoli Storage Manager server concepts according to the business needs and requirements of the company.
431
2. Using the IBM Tivoli Storage Manager command line interface: Open the Administrative command line interface and perform the steps shown in Example 10-8 to modify the migration thresholds.
Example 10-8 Modify migration setting by command line interface
iaadmin@IA-Primary:~> dsmadmc -server=SSAM1 IBM Tivoli Storage Manager Command Line Administrative Interface - Version 6, Release 1, Level 0.90 (c) Copyright by IBM Corporation and other(s) 1990, 2009. All Rights Reserved. Enter your user account: Enter your password: tsm: SSAM1>query stgpool Storage Pool Name ----------ARCHIVEPOOL FILEPOOL IA_TAPEMIG dwendler
tsm: SSAM1>update stgpool IA_tapemig hi=50 lo=30 ANR2202I Storage pool IA_TAPEMIG updated. tsm: SSAM1>q stg IA_TAPEMIG Storage Pool Name ----------IA_TAPEMIG Device Class Name ---------LTO_CLASS-1 Estimated Capacity ---------0.0 M Pct Util ----0.0 Pct Migr ----0.0 High Mig Pct ---50 Low Mig Pct --30 Next Storage Pool -----------
Tip: The value that you specify in the migration high threshold field is the percentage of capacity utilization at which migration starts. The value that you specify in the migration low threshold field is when migration ends.
432
433
In this chapter, we describe the implementation of application managed encryption with a System Storage Archive Manager server. Additional information about key management and how to initiate tape encryption can be found in the IBM Tape Device Drivers Installation and Users Guide, also available at the following web sites: http://publib.boulder.ibm.com/infocenter/tivihelp/v1r1/index.jsp?toc=/com.ibm.itst ftp://ftp.software.ibm.com/storage/devdrvr/Doc/IBM_Tape_Driver_IUG.pdf
434
tsm: SSAM1>define devclass LTO_Encrypt library=TS3500 devtype=LTO DRIVEEncryption=on ANR2203I Device class LTO_ENCRYPT defined. tsm: SSAM1>define stgpool LTO_encrypt_pool LTO_Encrypt maxscratch=10 ANR2200I Storage pool LTO_ENCRYPT_POOL defined (device class LTO_ENCRYPT).
435
Drive path definitions: Tape drives can be connected to more than one host or cluster node in order to configure library sharing across multiple collections as well as supporting collection failover to another cluster node in case of cluster node failures. By configuring the tape devices with identically persistent namings on all cluster nodes, the Information Archive Tivoli Storage Manager servers can be configured in a way that the drive path definitions will refer always to the correct tape device. The output in Example 10-10 shows that four tape drives are attached to the system and the IBM tape device driver has generated the two special files for each tape device in the /dev directory, as shown in Example 10-11. The special files in the style /dev/IBMtapeXn are No rewind on close devices. This means that the tape drive does not perform an implicit rewind of the loaded tape media when the file descriptor to that special file name is closed. This will be done automatically by the standard special file /dev/IBMtapeX. Both special file names belong to the same physical device.
Example 10-10 Query installed IBM tape devices
iaadmin@ianode1:~> cat /proc/scsi/IBMtape lin_tape version: 1.24.0 lin_tape major number: 253 Attached Tape Devices: Number model SN HBA 0 03592E06 000001327093 qla2xxx 1 03592E06 000001327095 qla2xxx 2 03592E06 000001327095 qla2xxx 3 03592E06 000001327093 qla2xxx
FO Path NA NA NA NA
iaadmin@ianode1:~> ls -la /dev/IBMtape* crw-rw-rw- 1 root tsmsrvrs 253, 0 2010-04-13 crw-rw-rw- 1 root tsmsrvrs 253, 1024 2010-04-13 crw-rw-rw- 1 root tsmsrvrs 253, 1 2010-04-13 crw-rw-rw- 1 root tsmsrvrs 253, 1025 2010-04-13 crw-rw-rw- 1 root tsmsrvrs 253, 2 2010-04-13 crw-rw-rw- 1 root tsmsrvrs 253, 1026 2010-04-13 crw-rw-rw- 1 root tsmsrvrs 253, 3 2010-04-13 crw-rw-rw- 1 root tsmsrvrs 253, 1027 2010-04-13
If one or more drives are powered off or are not connected to the host, the Linux kernel will detect the tape devices in another order during a reboot and thus existing configurations in the backup application might refer to an invalid special file name. This is one example, but there are other cases where the special file names of devices can change when the system is rebooted. For applications that need a consistent naming convention for all attached devices, this is accomplished with persistent naming by defining a unique logical name. Certain applications, such as IBM Tivoli Storage Manager, do not necessarily rely on persistent namings. A function called SAN discovery enables IBM Tivoli Storage Manager to detect the correct SAN attached tape devices based on their serial number and WWPN regardless of the special file name created in the hosts SYSFS.
436
iaadmin@ianode1:~> udevinfo -a -p $(udevinfo -q path -n /dev/IBMtape0) looking at device '/class/lin_tape/IBMtape0': KERNEL=="IBMtape0" SUBSYSTEM=="lin_tape" SYSFS{sys_encryption_write}=="2" SYSFS{sys_encryption_proxy}=="1" SYSFS{dev}=="253:0" looking at device '/devices/pci0000:00/0000:00:03.0/0000:15:00.1/host6/rport-6:0-0/target6:0:0/6:0:0 :0': ID=="6:0:0:0" BUS=="scsi" DRIVER=="lin_tape" SYSFS{primary_path}=="NA" SYSFS{ww_port_name}=="0x500507630F810916" SYSFS{ww_node_name}=="0x500507630F010916" SYSFS{serial_num}=="000001327093" SYSFS{rev}=="268F" SYSFS{model}=="03592E06 " SYSFS{vendor}=="IBM " The rules for device naming are read from the files located in the /etc/udev/rules.d/ directory, or at the location specified by the udev_rules value in the /etc/udev/udev.conf file. Every line in the rules file defines the mapping between device attributes and the device name. One or more keys are specified to match a rule with the current device. If all keys are matching, the rule will be applied and the name is used to name the device file. If no matching rule is found, the default kernel device name is used.
437
iaadmin@ianode1:~> for i in {0..3}; do echo; udevinfo -a -p $(udevinfo -q path -n /dev/IBMtape$i) | grep "KERNEL\|ww_port_name\|serial_num\|ID==\"[0-9]:[0-9]:[0-9]: [0-9]"; done; KERNEL=="IBMtape0" ID=="6:0:0:0" SYSFS{ww_port_name}=="0x500507630F810916" SYSFS{serial_num}=="000001327093" KERNEL=="IBMtape1" ID=="6:0:1:0" SYSFS{ww_port_name}=="0x500507630F410917" SYSFS{serial_num}=="000001327095" KERNEL=="IBMtape2" ID=="8:0:0:0" SYSFS{ww_port_name}=="0x500507630F810917" SYSFS{serial_num}=="000001327095" KERNEL=="IBMtape3" ID=="8:0:1:0" SYSFS{ww_port_name}=="0x500507630F410916" SYSFS{serial_num}=="000001327093" The udev rules are defined in the rules file /etc/udev/rules.d/98-lin_tape.rules. Example 10-14 shows an example to create unique special file names for the tape drive devices based on the attributes SYSFS{serial_num} and SYSFS{ww_port_name}. This creates a device special file name defined at variable SYMLINK based on the serial number and the WWPN of the drive.
Example 10-14 Create udev rules for IBM tape drive devices BUS=="scsi", KERNEL=="IBMtape[0-9]", SYSFS{serial_num}=="000001327093", SYSFS{ww_port_name}=="0x500507630F410916", SYMLINK+="tape0" BUS=="scsi", KERNEL=="IBMtape[0-9]n", SYSFS{serial_num}=="000001327093", SYSFS{ww_port_name}=="0x500507630F410916", SYMLINK+="tape0n" BUS=="scsi", KERNEL=="IBMtape[0-9]", SYSFS{serial_num}=="000001327093", SYSFS{ww_port_name}=="0x500507630F810916", SYMLINK+="tape1" BUS=="scsi", KERNEL=="IBMtape[0-9]", SYSFS{serial_num}=="000001327093", SYSFS{ww_port_name}=="0x500507630F810916", SYMLINK+="tape1n"
438
After restarting the udev service or rebooting the operating system, the new special file names will be created as shown in Example 10-15.
Example 10-15 List new special file names created by udev device manager
iaadmin@ianode2:~> ls -l /dev/tape* lrwxrwxrwx 1 root root 8 Apr 20 09:23 lrwxrwxrwx 1 root root 9 Apr 20 09:23 lrwxrwxrwx 1 root root 8 Apr 20 09:23 lrwxrwxrwx 1 root root 9 Apr 20 09:23 lrwxrwxrwx 1 root root 8 Apr 20 09:23 lrwxrwxrwx 1 root root 9 Apr 20 09:23 lrwxrwxrwx 1 root root 8 Apr 20 09:23 lrwxrwxrwx 1 root root 9 Apr 20 09:23
/dev/tape0 -> IBMtape3 /dev/tape0n -> IBMtape3n /dev/tape1 -> IBMtape0 /dev/tape1n -> IBMtape0n /dev/tape2 -> IBMtape1 /dev/tape2n -> IBMtape1n /dev/tape3 -> IBMtape2 /dev/tape3n -> IBMtape2n
iaadmin@ianode2:~> for i in {0..3}; do echo; udevinfo -a -p $(udevinfo -q path -n /dev/IBMchanger$i) | grep "KERNEL\|ww_port_name\|serial_num\| ID==\"[0-9]:[0-9]:[0-9]:1"; done; KERNEL=="IBMchanger0" ID=="6:0:0:1" SYSFS{serial_num}=="0000078A0234040B" KERNEL=="IBMchanger1" ID=="6:0:1:1" SYSFS{serial_num}=="0000078A0234040B" KERNEL=="IBMchanger2" ID=="8:0:0:1" SYSFS{serial_num}=="0000078A0234040B" KERNEL=="IBMchanger3" ID=="8:0:1:1" SYSFS{serial_num}=="0000078A0234040B"
439
Based on the attributes selected in Example 10-16 on page 439, the following udev rules are created, as shown in Example 10-17.
Example 10-17 Create udev rules for IBM medium changer devices
BUS=="scsi", KERNEL=="IBMchanger[0-9]", ID=="6:0:0:1", SYMLINK+="changer1" BUS=="scsi", KERNEL=="IBMchanger[0-9]", ID=="6:0:1:1", SYMLINK+="changer2" BUS=="scsi", KERNEL=="IBMchanger[0-9]", ID=="8:0:0:1", SYMLINK+="changer3" BUS=="scsi", KERNEL=="IBMchanger[0-9]", ID=="8:0:1:1", SYMLINK+="changer0"
After restarting the udev service or rebooting the operating system, the new special file names will be created as shown in Example 10-18.
Example 10-18 List new special file names created by udev device manager
ianode2:/etc/udev/rules.d lrwxrwxrwx 1 root root 11 lrwxrwxrwx 1 root root 11 lrwxrwxrwx 1 root root 11 lrwxrwxrwx 1 root root 11
# ls -l /dev/changer* Apr 20 09:23 /dev/changer0 Apr 20 09:23 /dev/changer1 Apr 20 09:23 /dev/changer2 Apr 20 09:23 /dev/changer3
The special file names created for persistent naming will remain the same regardless of the sequence in which the tape devices are reported to the hosts. If these persistent special file names are defined in the backup application, there is no need to update the path definitions any more.
440
11
Chapter 11.
441
442
tsm: SSAM1>define stgpool tapecopy LTO_CLASS_1 pooltype=copy reusedelay=3 maxscratch=100 crcdata=yes ANR2200I Storage pool TAPECOPY defined (device class LTO_CLASS_1). 5. Define a script to summarize all necessary tasks that need to be scheduled. The first command within this script will be the backup stgpool command which copies all data from disk to tape. To define a new script, enter the command define script <name_of_script> <command_to_execute> desc=<description_of_script> See Example 11-2.
Example 11-2 Define script daily_backup_to_tape
tsm: SSAM1>define script daily_backup_to_tape "backup stgpool filepool tapecopy wait=yes" desc='daily backup to tape' ANR1454I DEFINE SCRIPT: Command script DAILY_BACKUP_TO_TAPE defined. 6. Run the script by entering run daily_backup_to_tape, to create the first copy of your data from the primary storage pool to tape. With the query occ command, you can verify the success of the copy process. If each defined node does show the same number of files on the primary disk pool and the storage copypool on tape, then both pools are synchronized. 7. Define a schedule to run the script on a regular basis. Issue the command: define schedule <name_of_the_schedule> type=administrative cmd=<name_of_the_script_which_was_created> active=yes starttime=<time_to_start>. Example 11-3 illustrates the usage of the command. Tip: It is best to schedule this script at a time when the activity of your collection is low (nightly hours). The runtime for the backup script depends on the amount of changes in the storage pool and the speed of your backup device. You can verify the runtime afterwards by checking the activity log of the System Storage Archive Manager server. The backup is very I/O intensive and it will impact the performance of your collection, if it runs in parallel with your daily business or other schedules.
Example 11-3 Define schedule to run the daily_backup_to_tape script
tsm: SSAM1>define schedule backup_to_tape type=administrative cmd="run daily_backup_to_tape" active=yes starttime=02:00 ANR2577I Schedule DBBACKUP_TO_TAPE defined.
443
You can query the contents of the script with the IBM Tivoli Storage Manager command q script DAILY_MAINT f=l as shown in Example 11-4.
Example 11-4 Content of the DAILY_MAINT script which performs daily database backup
tsm: SSAM1>q script daily_maint f=l Name Line Command Number ---------- ------ -----------------------------------------------------------DAILY_MAI- 1 backup db type=full devclass=fileclass wait=yes NT 6 delete volhistory todate=today-3 type=dbb 11 delete volhistory todate=today-30 type=stgnew 16 delete volhistory todate=today-30 type=stgreuse 21 delete volhistory todate=today-30 type=stgdelete 26 backup volhistory 31 backup devconfig To start a database backup to disk manually, perform the following steps: 1. Log in to the Information Archive Management Console and enter the command dsmadmc -server=<collection_name> to open a System Storage Archive Manager administrative command line session. 2. Log in to the System Storage Archive Manager server with a userid and password that has the TSM Administrator role. 3. Enter the command backup db type=full devclass=fileclass wait=yes. The backup file will be stored under /tiam/<collection_name>/tsm/fileclass/*.dbv. 4. Issue the command backup volhist to save the history of used volumes into a file. 5. Enter the command backup devconfig to save the device configuration of the System Storage Archive Manager server into a file. Tip: Always use the System Storage Archive Manager database backup to disk as well when you do the backup to tapes.
444
tsm: SSAM1>update script daily_backup_to_tape "backup db devc=lto_class_1 type=dbsnapshot wait=yes" ANR1456I UPDATE SCRIPT: Command script DAILY_BACKUP_TO_TAPE updated.
Tip: Use the DB backup type dbsnapshot for the database backup to tape. Doing this performs a full backup of the database without interrupting the existing series of backups on disk. If you choose the DB backup type full or incremental, the recovery log will be cleared after the backup and you must restore the backup from tape instead of just from disk. The DB backup to disk allows a restore point-in-time or to the most current state. A backup to tape with the type dbsnapshot will be only used for a restore point in time. 3. To complete the backup tasks, you must define how many backup sets on tape you want to keep. Preferably, hold a minimum of three backup sets. In addition, back up the volume history and the device configuration. 4. The volume history will be stored under /tiam/<collection_name>/tsm/volumehistory. The device configuration will be saved under /tiam/<collection_name>/tsm/devconfig. These files are required if you need to restore the System Storage Archive Manager server. Example 11-6 shows which commands to add to the script daily_backup_to_tape.
Example 11-6 Add commands to daily_backup_to_tape_script
tsm: SSAM1>update script daily_backup_to_tape "delete volhist todate=today-3 type=dbsnapshot" ANR1456I UPDATE SCRIPT: Command script DAILY_BACKUP_TO_TAPE updated. tsm: SSAM1>update script daily_backup_to_tape "backup volhist" ANR1456I UPDATE SCRIPT: Command script DAILY_BACKUP_TO_TAPE updated. tsm: SSAM1>update script daily_backup_to_tape "backup devconfig" ANR1456I UPDATE SCRIPT: Command script DAILY_BACKUP_TO_TAPE updated. 5. At this stage, you have defined a script which runs daily at 2 AM, backs up the primary disk pool to tape, backs up the System Storage Archive Manager database to tape, saves the volume history, and saves the device configuration. Issue the command q script daily_backup_to_tape f=l to see the tasks performed by the script, as shown in Example 11-7.
Example 11-7 Content of the daily_backup_to_tape script
tsm: SSAM1>q script daily_backup_to_tape f=l Name Line Command Number ---------- ------ -----------------------------------------------------------DAILY_BAC- 1 backup stgpool filepool tapecopy wait=yes KUP_TO_TAPE 5 backup db devc=lto_class_1 type=dbsnapshot wait=yes 10 delete volhist todate=today-3 type=dbsnapshot 15 backup volhist 20 backup devconfig
445
#!/bin/sh # # This script offloads the volumehistory and the devconfig files from the IA # storage subsystem to the Management Console into the /home/iaadmin directory # # modify the <collection_name> with the actual collection name # if [ -f /tiam/<collection_name>/tsm/volumehistory ] ; then scp /tiam/<collection_name>/tsm/volumehistory iaadmin@iamconsole1:/tmp/volumehistory_<collection_name>_date +%m%d%y fi if [ -f /tiam/<collection_name>/tsm/devconfig ] ; then scp /tiam/<collection_name>/tsm/devconfig iaadmin@iamconsole1:/tmp/devconfig_<collection_name>_date +%m%d%y fi if [ -f /tiam/<collection_name>/tsm/dsmserv.opt ] ; then scp /tiam/<collection_name>/tsm/dsmserv.opt iaadmin@iamconsole1:/tmp/dsmserv.opt_<collection_name> fi 5. Enter su - to get root authority. 6. Generate an entry in the crontab to run this script regularly. Enter the command vi /etc/cron.d/offload_tsm_config_files. Enter the contents as in Example 11-9. This crontab entry starts the script tsm_config_files_offload.sh each day at 4:00 AM.
446
0 4 * * * iaadmin /home/iaadmin/tsm_config_files_offload.sh
447
8. Now you will need to create the collection again using the Information Archive GUI at Information Archive Management Collections Create Collection or the Information Archive CLI command createcollection -name <collection_name> -colltype <ssam or file>. Make sure to use the same name for the collection as before. This command creates the underlying file system and directories for the collection, rebuilds the System Storage Archive Manager server with default settings and distributes the Information Archive configuration files across the cluster nodes. 9. Use the Information Archive GUI or iacli.sh to suspend the collection. Click the suspend (pause) button under System Management in the Information Archive GUI or use the command suspendcollection -name <collection_name> in the Information Archive CLI on the Management Console. This will halt the System Storage Archive Manager server of the collection. Now you can proceed to restore the contents of the System Storage Archive Manager collection from tape.
Prerequisites
Observe these requirements: 1. This procedure requires root authority. If Enhanced Tamper Protection is enabled at you appliance, you need to contact IBM support to obtain the Emergency Support Access (ESA) patch to restore temporary root authentication. The patch can only be obtained from IBM under very specific conditions. 2. The collection must be in suspend state. Use the Information Archive GUI or iacli.sh to suspend the collection. Click the suspend (pause) button under system management in the GUI or use the command suspendcollection -name <collection_name> in the Information Archive CLI. This will stop the System Storage Archive Manager server. 3. In case of a destroyed or corrupted file system, you need to restore the System Storage Archive Manager configuration files. Make sure you have the volumehistory, the devconfig, and the dsmserv.opt available. These files reside on the Management Console in the /tmp directory if you followed the instructions in Offloading System Storage Archive Manager configuration files on page 446. 4. Check that the filesystem for the collection is mounted by GPFS. Enter the command df at a cluster node and verify that the filesystems, /tiam_utility and /tiam/<collection_name> are available.
4. Stop the Information Archive middleware with the sudo ia_controlmiddleware.sh -stop command. This will stop the middleware only at this node. Collections that are running on other cluster nodes (if any) are not affected. 5. If necessary, restore the volumehistory, the devconfig, and the dsmserv.opt files, if you have copied these files to the /tmp/ directory on the Management Console, as described in Offloading System Storage Archive Manager configuration files on page 446. Determine the correct filenames and issue the following commands: scp iaadmin@iamconsole1:/tmp/dsmserv.opt_<collection_name> /tiam/<collection_name>/tsm/dsmserv.opt Enter the iaadmin password, when prompted. scp iaadmin@iamconsole1:/tmp/devconfig_<collection_name>_<date> /tiam/<collection_name>/tsm/devconfig scp iaadmin@iamconsole1:/tmp/volumehistory_<collection_name>_<date> /tiam/<collection_name>/tsm/volumehistory cd /tiam/<collection_name>/tsm Verify the group and ownership of the copied files with the ls -l command. They must belong to group tsmsrvrs and owner u<number 1 to 9>. Use the chown and chgrp commands to modify the ownership, if necessary. Check if the restored dsmserv.opt file contains the same TCP/IP port as the newly created collection. You can find the TCP/IP port settings of the new collection in the file /opt/tivoli/tsm/client/ba/bin/dsm.sys. In this file, look for the section that corresponds to the name of the affected collection. If the TCP/IP port numbers are not the same, correct the entry in the restored dsmserv.opt file. See Example 11-10.
Example 11-10 Compare TCP/IP port settings in dsmserv.opt and dsm.sys
ianode1:~ # grep TCPPORT /tiam/SSAM1/tsm/dsmserv.opt TCPPORT 1501 ianode1:~ # cat /opt/tivoli/tsm/client/ba/bin/dsm.sys maxrecalldaemons 99 candidatesinterval 0 reconcileinterval 0 servername SSAM1 commmethod tcpip tcpport 1501 tcpserveraddress 172.31.4.2 nodename ia_reserved passwordaccess generate passworddir /tiam_utility/tiam/SSAM1 errorlogretention 30 errorlogname /opt/tivoli/tiam/log/dsmerror.log ENABLEARCHIVERETENTIONPROTECTION yes compression off servername commmethod tcpport tcpserveraddress nodename passwordaccess passworddir errorlogretention compression off TSMDBMGR_SSAM1 tcpip 1501 localhost $$_TSMDBMGR_$$ generate /tiam/SSAM1/tsm 30
449
6. Determine the actual instance user for the collection. This user is also the owner of the /tiam/<collection_name>/tsm directory. Issue the command grep <collection_name> /etc/passwd | cut -d ':' -f 1. The user will be u1, u2, or u3, corresponding to the collection number. 7. The database can now be restored. The command is similar to the following one, where <user> is the instance user from the step above. Command to restore the database from disk to the most current state: sudo su - <user> -c /opt/tivoli/tsm/server/bin/dsmserv restore db todate=today totime=now Command to restore the database from tape (point in time restore): sudo su - <user> -c /opt/tivoli/tsm/server/bin/dsmserv restore db todate=today totime=now source=dbsnapshot 8. When the restore is finished, start the Information Archive middleware on the cluster node with the command sudo ia_controlmiddleware.sh -start. 9. Log out from the cluster node ianode1 with exit. 10.Press the Print Screen key to switch back to the Information Archive Management Console by selecting iamconsole1 from the KVM switch menu. 11.Put the node out of maintenance back to normal mode using the Information Archive GUI or enter the Information Archive CLI command transitionnode -name ianode1 -maintenancemode off. 12.Resume the System Storage Archive Manager Collection at the Management Console using the Information Archive CLI command resumecollection -name <collection_name> or perform this action by the Information Archive GUI. The restore process of the System Storage Archive Manager database is completed now. You can proceed to the next section, Restoring disk storage pools, to restore the content of the disk storage pool from tape, if required. Audit process: If you have restored your System Storage Archive Manager database from tape (point in time restore), run an audit of all storage pool volumes, as described in 11.1.3, Verifying data integrity of storage pool volumes on page 451, to identify objects that were stored between the database backup and the point of failure. Perform this audit after the restore of the disk storage pools, if necessary.
For all listed volumes, set the volume state to DESTROYED using the command up volume <volume_name> acc=destroyed. See Example 11-11.
Example 11-11 Set volume state to destroyed
tsm: NFS1>q volume stgp=filepool Volume Name Storage Pool Name ------------------------ ----------/tiam/SSAM1/tsm/fileclas- FILEPOOL s/00000002.BFS Device Class Name ---------FILECLASS Estimated Pct Volume Capacity Util Status --------- ----- -------2.0 G 61.8 Filling
tsm: SSAM1>upd vol /tiam/SSAM1/tsm/fileclass/00000002.BFS acc=destroyed ANR2207I Volume /tiam/SSAM1/tsm/fileclass/00000002.BFS updated. 3. Enter the restore stgpool <name_of_disk_storage_pool> copy=<name_of_tape_copy_pool> command to start the restore. You can add the option preview=yes if you want to preview but not perform the restore. The preview lets you identify tape volumes required to restore the storage pool.
Restoring a volume
This section describes how to restore a single disk storage pool volume from tape. A storage pool can consist of multiple storage pool volumes. If only one volume is damaged, there is no need to restore the whole storage pool. Restore only the affected volume. The IBM Tivoli Storage Manager command q volume stg=filepool will show you the status of all volumes in the storage pool: 1. Open the terminal window at the Management Console, open the System Storage Archive Manager administrative command line interface with the command dsmadmc -server=<collection_name> and log in with you System Storage Archive Manager administrative user. 2. Enter the restore volume <name_of_disk_storage_pool> copy=<name_of_tape_copy_pool> command to start the restore. You can add the option preview=yes if you want to preview but not perform the restore. The preview lets you identify tape volumes required to restore the volume.
451
tsm: SSAM1>audit volume /tiam/SSAM1/tsm/fileclass/00000002.BFS ANR2310W This command will compare all inventory references to volume /tiam/NFS1/tsm/fileclass/00000002.BFS with the actual data stored on the volume and will report any discrepancies; the data will be inaccessible to users until the operation completes. Do you wish to proceed? (Yes (Y)/No (N)) y ANR2313I Audit Volume (Inspect Only) process started for volume /tiam/SSAM1/tsm/fileclass/00000002.BFS (process ID 3). ANS8003I Process number 3 started. tsm: SSAM1>q actl search=audit Date/Time Message -------------------- ---------------------------------------------------------03/18/2010 10:06:41 ANR2017I Administrator FELDNER issued command: AUDIT VOLUME /tiam/SSAM1/tsm/fileclass/00000002.BFS (SESSION: 6547) 03/18/2010 10:09:05 ANR2017I Administrator FELDNER issued command: AUDIT VOLUME /tiam/SSAM/tsm/fileclass/00000002.BFS (SESSION: 6547) 03/18/2010 10:09:05 ANR1199I Removable volume /tiam/NFS1/tsm/fileclass/00000002.BFS is required for audit process. (SESSION: 6547) 03/18/2010 10:09:05 ANR0984I Process 3 for AUDIT VOLUME (INSPECT ONLY) started in the BACKGROUND at 10:09:05 AM. (SESSION: 6547, PROCESS: 3) 03/18/2010 10:09:05 ANR2313I Audit Volume (Inspect Only) process started for volume /tiam/SSAM1/tsm/fileclass/00000002.BFS (process ID 3). (SESSION: 6547, PROCESS: 3) 03/18/2010 10:09:05 ANR4133I Audit volume process ended for volume /tiam/SSAM1/tsm/fileclass/00000002.BFS; 16 files inspected, 0 damaged files found and marked as damaged, 0 files previously marked as damaged reset to undamaged, 0 objects need updating. (SESSION: 6547, PROCESS: 3) 03/18/2010 10:09:05 ANR0987I Process 3 for AUDIT VOLUME (INSPECT ONLY) running in the BACKGROUND processed 16 items with a completion state of SUCCESS at 10:09:05 AM. (SESSION: 6547, PROCESS: 3)
452
The secondary disk storage category consists of a modified IBM Tivoli Storage Manager server that holds all migrated objects. There is no need to back up this internal IBM Tivoli Storage Manager server. All data migrated to the internal IBM Tivoli Storage Manager will be recalled during the backup procedure and saved to the external IBM Tivoli Storage Manager server (it must be procured by the customer). The restore procedure will rebuild this internal IBM Tivoli Storage Manager server from scratch and initiate a migration of all restored data back to this internal IBM Tivoli Storage Manager server.
Backing up the primary disk storage to an external IBM Tivoli Storage Manager server
You can back up all data in the primary Tivoli Storage Manager server (not provided with Information Archive). If you have multiple File Archive Collections on your Information Archive appliance, you must define only one connection to an external IBM Tivoli Storage Manager server. This connection will save the data of all configured File Archive Collections on the appliance. On the external IBM Tivoli Storage Manager server, you can configure where the data is to be backed up, to disk or directly to tape. Compliance: If you need to be compliant in your environment, make sure that this external IBM Tivoli Storage Manager server follows the compliance rules and regulations too. A configuration script will configure an IBM Tivoli Storage Manager client on ianode1 and start the scheduler daemon on ianode1. The external IBM Tivoli Storage Manager server connection is restricted to ianode1 and only this cluster node can be used to back up the data of all File Archive Collections to the external IBM Tivoli Storage Manager server. The external Tivoli Storage Manager server will also save the appliance components backup files which are located in the /tiam_utility directory.
Prerequisites
Consider the following restrictions when configuring the File Archive Collection backup: The backup operation runs on ianode1 of the Information Archive appliance. If ianode1 is in a failover state, the backup will not run until the cluster node is restored. The customer is responsible for setting up and maintaining the external Tivoli Storage Manager server. You must use a Tivoli Storage Manager server that supports a Tivoli Storage Manager 6.1.x client. See the Tivoli Storage Manager client documentation for the supported Tivoli Storage Manager server versions.
Defining Information Archive appliance to external IBM Tivoli Storage Manager server
Use this section to register the IBM Information Archive as a node to the external IBM Tivoli Storage Manager server and define a schedule to perform the backup of the File Archive Collection data on regularly basis.
453
Log on to your external IBM Tivoli Storage Manager server administrative client and complete the following steps: 1. Register a node for your Information Archive appliance ianode1 in your IBM Tivoli Storage Manager server with the register node command: register node <client_node_name> <password> domain=<domain_name> contact=IBM Information Archive Administrator client_node_name = name of the TSM node (for example IA_node) password = Define a password that will be used for authentication. domain_name = policy domain name; The default policy domain is STANDARD 2. Modify the Tivoli Storage Manager server copy group and set Copy Serialization to shared dynamic: update copygroup <domain_name> <policy_set_name> <class_name> ser=shrdy Backups: The shared dynamic option specifies that if a document is being changed, the Tivoli Storage Manager server retries the backup four times. If the document is still changing, the latest version is saved. 3. Create a schedule that runs daily. Set the action to incremental. Schedule this command to run when you expect less activity on the appliance: define schedule <domain_name> <schedule_name> type=client act=incremental starttime=03:00 domain_name = policy domain name; Use the same value as in step 1. schedule_name = name for the schedule (for example IA_Schedule) 4. Enter the following command to associate the client node with the schedule that was created: def assoc <domain_name> <schedule_name> <client_node_name> Use the values as defined in step 1 and 3. 5. Enter the command setopt commtimeout 300 and enter y, when asked for confirmation. Tip: Extending the communication time-out prevents the connection from closing because of the additional time it takes to back up files that are large or have been migrated to secondary storage or tape.
Configuring Information Archive to external IBM Tivoli Storage Manager server relationship
In this section we describe the configuration of the IBM Information Archive to contact the external IBM Tivoli Storage Manager server: 1. Log in to the Information Archive Management Console with the iaadmin user and open a terminal window. 2. Enter the command ia_config_tsm_backup.py -c. You will be prompted to enter the following parameters: TSM server address TSM server port TSM node name TSM node password 454 (IP address of external IBM Tivoli Storage Manager server) (TCP port of the IBM Tivoli Storage Manager server) (registered node name for the Information Archive appliance as defined in step 1 of the previous section) (password which was used during the register node)
The script will update the dsm.sys file at ianode1, test the authentication to the external IBM Tivoli Storage Manager server and start the scheduler daemon. See Example 11-13 for an illustration.
Example 11-13 define relationship to external IBM Tivoli Storage Manager server
iaadmin@IA-Primary:~> ia_config_tsm_backup.py -c IBM Information Archive Backup Configuration Utility Copyright IBM Corporation 2008, 2009 Enter the following Tivoli Storage Manager configuration information: TSM Server Address: 9.153.1.93 TSM Server Port: 1500 TSM Node Name: ia_nfs1 TSM Node Password: Retype Password: Updating Tivoli Storage Manager Server Configuration... Done. Authenticating with TSM Server... Done.
Starting TSM Client Scheduler Daemon... Done. Now, the scheduler on the cluster node ianode1 will initiate the backup, at the predefined timestamp, of the following files which are on the Information Archive disk storage subsystem, to the external IBM Tivoli Storage Manager server: /tiam_utility/* /tiam/* All directories with /tiam/.../tsm are excluded! Internal server instances: The directories /tiam/.../tsm are excluded, because they represent the internal SSAM/IBM Tivoli Storage Manager server instances of the IBM Information Archive. These internal server instances have their own backup procedures. If you changed the Tivoli Storage Manager server schedule, stop and restart the backup daemon from the management console server. Use the following steps: 1. Log in to the Information Archive management console server with the iaadmin user ID. 2. Enter the command ia_config_tsm_backup.py -d to stop the backup daemon. 3. Enter the command ia_config_tsm_backup.py -s to start the backup daemon. Attention: If you have a mirrored Information Archive configuration with Enhanced Remote Mirroring, you need to do these configuration steps on both ianode1, primary, and secondary, using the same registered node name.
455
456
5. Press the Print Screen key and select iamconsole1 from the KVM menu to switch back to the Management Console. Logon with userid iaadmin, open a terminal window, and enter the command: sudo /sbin/reboot This reboots the management node to reflect the changes in the graphical user interface. 6. Reenable support for file collections: If the deleted file collection was the last file collection on your Information Archive appliance, the support for this collection type becomes disabled. Perform the following steps to reenable the support for file collections: a. Log on at the GUI of the management node. b. Go to Information Archive Management System Management General Settings. c. Click Properties. d. On the General tab, set the check mark at File archive collections and press the Apply button. e. At the IP Settings tab, verify the IP addresses for the NFS nodes. f. Click OK to commit all changes. 7. Recreate the File Archive Collection that you are restoring as follows. You can use the GUI or the CLI to recreate the file collection. The procedure using the GUI can be found in 6.4.1, Creating a File Archive Collection on page 183. Original settings: Recreate the collection with the same name and the same settings as before. You can find the original settings in the configuration worksheet, which was used at the initial configuration. This procedure uses the CLI to recreate the collection: a. Start the Information Archive CLI interface with the command iacli.sh. You will be prompted for user account and password. Use a user which has the IA Archive Administrator user role. b. Create a new collection by entering the command: IACLI> createcollection -name <collection_name> -colltype file_archive -retentionperiod <0-24855> -autocommit <on/off> -auditlogaccess <on/off> -retentionperiod: Specifies the number of days to retain documents that are associated with the default service class. -autocommit: Specifies whether documents are automatically committed to archival storage. -auditlogaccess: Specifies whether audit logs can be accessed by a predefined LDAP group. Use the createcollection command to create a new collection with the same name and the same settings as the collection you are restoring. At minimum you must enter the collection name, the minimum retention period, the auto commit value, and the value for the audit log access. The command will automatically use the first available Information Archive Storage Controller to create the file systems on it. The collection creation process runs for several minutes.
457
Tip: To prevent archive users from storing documents during the restore process, do not add any users, groups, or hosts at this time. You can configure the access at the end of this procedure. 8. Reconfigure tape attachment at the internal IBM Tivoli Storage Manager server (optional). If you are migrating archived data to tape, you must reconfigure the tape attachment in the internal Tivoli Storage Manager server of your recreated file collection. See Chapter 10., Tape attachment with IBM Information Archive on page 403, for how to configure the tape attachment. 9. Use the Information Archive GUI or Information Archive CLI (iacli.sh) to suspend the new created collection. Click the suspend (pause) button under System Management in the Information Archive GUI or use the command suspendcollection -name <collection_name> in the CLI on the Management Console. This will halt the internal IBM Tivoli Storage Manager server of the File Archive Collection.
Restoring primary storage from external IBM Tivoli Storage Manager server
The command to restore all collection data will be entered at the management node. The management node forwards this command internally to the cluster node ianode1. The ianode1 connects as Tivoli Storage Manager client to the external Tivoli Storage Manager server, opens a restore session, and restores all collection data into the GPFS file system. Important: For the following commands, you need root authority. If you have enabled Enhanced Tamper Protection, you will need to contact IBM Support for temporarily regaining root access. Follow these steps: 1. Stop middleware partially at ianode1. Press the Print Screen key and switch to ianode1. Log on with user iaadmin, enter su to upgrade to root authority and execute the following steps: a. Start the appliance IBM Tivoli Storage Manager server with the command: /opt/tivoli/tiam/bin/workloadmanager.sh -removecollection --mountpoint=/tiam/<collection_name> b. Enter the command /opt/tivoli/tiam/bin/workloadmanager.sh -status |grep <collection_name> Verify that the collection you removed is not listed in the status report. c. Enter the command /opt/tivoli/tiam/bin/wlm_controlfranktsm.sh --mountpoint=/tiam/<collection_name> -start The command lists status updates of the collection starting. The messages saying that dsmc and dsmadmc are unable to connect do not indicate a problem with the collection starting and you can ignore them. 2. Start the restore of file collection data. Switch back to the Management Console by pressing the Print Screen key and select iamconsole1 from the KVM menu. Log in to the Management Console as iaadmin and enter the following command in a terminal window: ia_restore.py -c <collection_name> -g
458
This command starts the restore of the archived data and metadata from the external IBM Tivoli Storage Manager server back in the File Archive Collection. Tip: The restore can take a long time to complete. The restored data will be migrated automatically to the second storage area of the file collection (internal Tivoli Storage Manager server) if the utilization threshold is reached. Navigate to the /home/iaadmin directory and view the log files named tsmcons.log and dsmerror_backup.log to monitor the restore progress. 3. Restart middleware at ianode1. After the restore has completed successfully, press the Print Screen key and select ianode1 from the KVM menu to switch to ianode1. You must still be logged in as root. Important: If you have enabled Enhanced Tamper Protection, you will need to contact IBM Support for temporarily regaining root access. Do the following tasks: Enter the command /opt/tivoli/tiam/bin/wlm_controlfranktsm.sh --mountpoint=/tiam/<collection_name> -stop Enter the command /opt/tivoli/tiam/bin/workloadmanager.sh -addcollection --mountpoint=/tiam/<collection_name> 4. Resume the collection. Go to the Management Console using the KVM switch. Resume the restored collection using the Information Archive GUI or enter the Information Archive CLI command resumecollection -name <collection_name>.
459
460
12
Chapter 12.
461
462
Figure 12-1 depicts how to connect two Information Archive appliances for remote mirroring.
PRIMARY SITE SECONDARY SITE
Customer Network
Enhanced Remote Mirroring - SSH Tunnel
10
11
10
11
1 3
2 4
Sys t em x3650M2
Cluster Node 1
0 1 2 3 4 5 6 7 8 9 10 11
1 3
2 4
Sys t em x3650M2
10
11
1 3
2 4
Syst em x3650M2
Cluster Node 2
Cluster Node 2
1 3
2 4
Sys t em x3650M2
Syst e m St or age
Storage Controller
4 GBs / 2 GB / s
Storage Controller
4 GBs / 2 GB / s
Ctrl A
Ctrl B
Ctrl A
Ctrl B
463
464
Note that Enhanced Remote Mirroring configuration is usually part of an IBM service engagement: Connecting the Fibre Channel cables for remote mirroring. For steps, see Connecting the Fibre Channel cables for Enhanced Remote Mirroring on page 465. Establishing a SSH-tunnel connection between the mirrored appliances. For steps, see Establishing SSH-tunnel connection between the mirrored appliances on page 467. Specifying the secondary appliance. For steps, see Defining an Information Archive to be the secondary appliance for Enhanced Remote Mirroring on page 468. Synchronizing the data between the appliances. For steps, see Synchronizing data between the primary and secondary appliances on page 470.
12.2.2 Connecting the Fibre Channel cables for Enhanced Remote Mirroring
You must prepare two Fibre Channel (FC) cables for the Inter Switch Link (ISL) connection between primary and secondary site. Each SAN switch will have one ISL connection which runs at 4 Gbps speed. The FC cable type depends on the SFP type ordered. For long distance, you can use native Fibre Channel, low-latency, high-bandwidth connections such as dense wavelength division multiplexing (DWDM) or coarse wavelength division multiplexing (CWDM) technologies. If you use such extenders, ensure that they are 4 Gbps capable to get the expected performance.
465
FC cabling
Connect the first FC cable to port 12 of SAN switch 1 (lower switch) and the second FC cable to port 12 of FC switch 2 (upper switch). Make sure that you interconnect SAN switch 1 of Information Archive at the primary site with FC switch 1 of Information Archive at the secondary site. The same applies to SAN switch 2. Check the back of the disk controllers to verify that the LED lights next to the FC cable are flashing green. If the lights are red, the connection has not been established. Important: For compliance reasons it is not suitable to connect the Fibre Channel cables to your enterprise SAN environment. After establishing the ISL connection between the four SAN switches (the connections are from the Brocade1 switch at the primary Information Archive to Brocade1 switch at the secondary Information Archive and from the Brocade2 switch at the Primary Information Archive to the Brocade2 switch at the secondary Information Archive), verify that each switch role is either Principal or Subordinate.
iaadmin@IA-Primary:~> telnet brocade1 Trying 172.31.0.30... Connected to brocade1. Fabric OS (IBM_2498_B24) Fabos Version 6.1.2 IBM_2498_B24 login: admin Password: IBM_2498_B24:admin> switchshow switchName: IBM_2498_B24 switchType: 71.2 switchState: Online switchMode: Native switchRole: Principal switchDomain: 1 switchId: fffc01 switchWwn: 10:00:00:05:1e:a2:e4:9c zoning: ON (D1_zone_cfg) switchBeacon: OFF Check the role setting by using the switchshow command on all four switches. Issue the telnet brocade1 and telnet brocade2 as illustrated in Example 12-1 from the Management Consoles at both the primary and secondary Information Archive sites. If the SwitchRole value is not either Principal or Subordinate, you need to run the commands shown in Example 12-2 on both SAN switches at the secondary site to adequately configure the switches.
466
Important: The commands shown in Figure 12-2 must ONLY be run at the secondary site (because executing the command at the primary site will erase the SAN configuration, and access to the Information Archive storage will be lost).
Example 12-2 Reconfiguring SAN switches (secondary site only)
iaadmin@IA-Secondary:~> telnet brocade1 IBM_2498_B24:admin>portdisable 12 IBM_2498_B24:admin>cfgclear IBM_2498_B24:admin>cfgsave IBM_2498_B24:admin>reboot iaadmin@IA-Secondary:~> telnet brocade2 IBM_2498_B24:admin>portdisable 12 IBM_2498_B24:admin>cfgclear IBM_2498_B24:admin>cfgsave IBM_2498_B24:admin>reboot Then, log on again on both switches (with the telnet command) and re-enable port 12 on each switch, with the command: IBM_2498_B24:admin>portenable 12. When done, type exit to terminate the session.
467
To establish the connection between the appliances, proceed as follows: 1. Log on to the Management Console of the appliance running in primary role using the iaadmin user account. You can do this locally or remotely. 2. Run the following command: sudo ia_cfgermpair -enable --mcip=remote_mc_ip Where remote_mc_ip is the public TCP/IP address of the Management Console of the remote appliance. See Example 12-3 for details.
Example 12-3 sudo ia_cfgermpair command
sudo ia_cfgermpair -enable --mcip=9.153.1.22 10-05-17 15:04:12 [ia_cfgermpair] ['/opt/tivoli/tiam/bin/ia_cfgermpair', '-enable', '--mcip=9.153.1.22'] 10-05-17 15:04:22 [ia_cfgermpair] Tunnel is INACTIVE 10-05-17 15:04:22 [ia_cfgermpair] Reconnecting to 9.153.1.22 Please enter iaadmin password for 9.153.1.22 The authenticity of host '9.153.1.22 (9.153.1.22)' can't be established. RSA key fingerprint is a2:c2:ee:18:ec:e5:6c:7a:13:f9:b8:44:94:b6:5e:67. Are you sure you want to continue connecting (yes/no)? yes Password: 10-05-17 15:05:06 [ia_cfgermpair] Tunnel is INACTIVE 10-05-17 15:05:06 [ia_cfgermpair] Reconfiguring tunnel settings 10-05-17 15:05:08 [ia_cfgermpair] Tunnel is ACTIVE 3. Enter the iaadmin password for the remote appliance when prompted. The command output is similar to the example shown in Example 12-3. 4. Test the connection using the following steps on each appliance: See Example 12-4. In our example we are running the commands from the Management Console of the primary. a. Run the following ping command to verify that you have established a connection with the remote Management Console: ping dr_remote_mc b. Run the following ping command to verify that a connection is established with the remote storage system: ping mirror_ctrl_1_a
Example 12-4 remote appliance ping test
ping dr_remote_mc PING dr_remote_mc (10.0.0.200) 56(84) bytes of data. 64 bytes from dr_remote_mc (10.0.0.200): icmp_seq=1 ttl=64 time=0.274 ms 64 bytes from dr_remote_mc (10.0.0.200): icmp_seq=2 ttl=64 time=0.356 ms ping mirror_ctrl_1_a PING mirror_ctrl_1_a (172.30.0.100) 56(84) bytes of data. 64 bytes from mirror_ctrl_1_a (172.30.0.100): icmp_seq=1 ttl=63 time=0.535 ms 64 bytes from mirror_ctrl_1_a (172.30.0.100): icmp_seq=2 ttl=63 time=0.496 ms
12.2.4 Defining an Information Archive to be the secondary appliance for Enhanced Remote Mirroring
As part of setting up or restoring a mirroring environment, you must define which appliance is to be the secondary appliance in the mirrored pair. 468
IBM Information Archive: Architecture and Deployment
You must complete this procedure under the following scenarios: During the initial setup process for the mirrored environment After you have explicitly removed the mirroring relationship To define the secondary appliance (Example 12-5), follow these steps: 1. From the keyboard video mouse console (KVM console) of the secondary appliance, log on to the Management Console with the iaadmin user account. 2. At the command line, enter the following command: sudo /opt/tivoli/tiam/bin/ia_cfgsecondary.sh
Example 12-5 Define the secondary appliance
iaadmin@IA-Secondary:/> sudo /opt/tivoli/tiam/bin/ia_cfgsecondary.sh Starting the secondary configuration of the appliance Calling cfgSecondary.sh on ianode1 mmchfs: Propagating the cluster configuration data to all affected nodes. This is an asynchronous process. cfgSecondary.sh completed successfully with rc=0 Restarting ISC The appliance has been successfully configured as the secondary appliance 3. To verify that your Information Archive is configured as secondary appliance, you can enter the following command as iaadmin at the Management Console: sudo isSecondary.py The command returns True if the appliance is in secondary mode. Be aware that a secondary appliance Information Archive GUI will not be the same as a primary appliance GUI, because some functionality is only possible on an Information Archive in primary role. See Figure 12-3 for an illustration of the secondary Information Archive GUI for the System Management tab. Other Information Archive GUI panels present additional functionality when used in an Enhanced Remote Mirroring environment.
469
sudo /opt/tivoli/tiam/bin/cfgERM.sh Started configuring ERM Now pairing Local Storage: disk_ctrl_1_a disk_ctrl_1_b to Remote Storage: mirror_ctrl_1_a mirror_ctrl_1_b Adding Subsystems to Managed Systems list Updating Primary Storage Subsystem name to iastorage1 Updating Secondary Storage Subsystem name to iastorage1b Remote Mirroring feature has been enabled but not activated. Activating Remote Mirroring feature Activating ERM on primary Activating ERM on secondary Continuing with LUN pairing Pairing iadata_85_1 to iadata_85_1 on iastorage1b Pairing iadata_85_2 to iadata_85_2 on iastorage1b Pairing iarecovery to iarecovery on iastorage1b Pairing utilfs to utilfs on iastorage1b Now pairing Local Storage: disk_ctrl_2_a disk_ctrl_2_b to Remote Storage: mirror_ctrl_2_a mirror_ctrl_2_b Adding Subsystems to Managed Systems list Updating Primary Storage Subsystem name to iastorage2 Updating Secondary Storage Subsystem name to iastorage2b Remote Mirroring feature has been enabled but not activated. Activating Remote Mirroring feature Activating ERM on primary Activating ERM on secondary Continuing with LUN pairing Pairing iadata_85_1 to iadata_85_1 on iastorage2b ERM has been successfully configured Exiting script with rc=0. Please refer to the logfile @ /opt/tivoli/tiam/log/dr/cfgERM.05172010162655.out
470
The two sites are now configured and the primary storage controller begins copying all data to the secondary storage controller. Depending upon the capacity of your storage, the synchronization (copying) can take several hours or days to complete. When the synchronization is complete, the LUNs in the DS Storage Manager will look as shown in Figure 12-4.
You have the possibility to optimize the synchronization settings. For details, see 12.6.1, Changing synchronization priority on page 484. Important: If you change the synchronization settings, change them back after the synchronization has finished, to avoid performance problems. You can check the synchronization status using the sudo checkMirrorStatus.sh script, which is explained in 12.6.3, Checking the Enhanced Remote Mirroring status on page 487.
471
After establishing the mirror, you can observe that several menu panels will have changed in the Information Archive GUI. For example you, will now have the possibility to run the IBM Systems Director and RSM Server (in the Service Tools task) from the remote appliance as well (see Figure 12-5).
As shown in Figure 12-6, you are now able to see events from the secondary appliance within the Health Monitor at the primary appliance.
Ensuring connectivity
Follow these steps to check connectivity between the sites: 1. Stop the archiving process on the client applications. If archiving continues, the applications receive errors and can stop responding during this procedure. 2. Log on as iaadmin to the primary Information Archive GUI (site A). Expand Information Archive Management in the navigation tree and click System Management. In the Collections section, click the suspend (pause) button that is next to the mirrored collection. Suspend all collections. 3. Log on to the secondary Management Console at site B with the iaadmin user account. You can log on either from the keyboard video mouse console (KVM console) or remotely through a secure SSH connection. 4. Run the script to switch the appliance roles by entering the following command: sudo /opt/tivoli/tiam/bin/ia_activaterecoverysite.sh -m switch Depending on the configuration (numbers of cluster nodes and storage controllers) the command can take between 30 and 90 minutes to complete. See Example 12-7.
Example 12-7 Running Failover script ia_activaterecoverysite.sh -m switch
sudo /opt/tivoli/tiam/bin/ia_activaterecoverysite.sh -m switch [ia_activaterecoverysite] Starting the activation of the appliance at the recovery site
473
[ia_activaterecoverysite] Calling checkMirrorStatus.sh to verify all logical drives are synchronized (optimal) [ia_activaterecoverysite] All logical drives are completely synchronized (optimal), checkMirrorStatus.sh exited with rc=0 Node attached to power control hardware at 'ianode' is booted. [ia_activaterecoverysite] Calling ia_cfgsecondary.sh on dr_remote_mc mmchnode: Propagating the cluster configuration data to all affected nodes. This is an asynchronous process. Node attached to power control hardware at 'ianode' power cycled. [ia_activaterecoverysite] ia_cfgsecondary.sh completed successfully with rc=0 [ia_activaterecoverysite] Calling activateRecoverySite switch on ianode [ia_activaterecoverysite] Rebooting ianode Node attached to power control hardware at 'ianode' power cycled. [ia_activaterecoverysite] Waiting for nodes to reboot... [ia_activaterecoverysite] ianode has successfully booted. [ia_activaterecoverysite] activateRecoverySite completed successfully with rc=0 [ia_activaterecoverysite] Calling ia_recovery_healthcheck.sh on ianode1 [ia_activaterecoverysite] The health is good, ia_recovery_healthcheck.sh exited with rc=0 [ia_activaterecoverysite] Calling restoreConfigFiles on ianode1 mmchnode: Propagating the cluster configuration data to all affected nodes. This is an asynchronous process. Connection to ianode closed by remote host. [ia_activaterecoverysite] restoreConfigFiles completed successfully with rc=0 [ia_activaterecoverysite] Calling restoreMCConfigFiles [ia_activaterecoverysite] restoreMCConfigFiles completed successfully with rc=0 [ia_activaterecoverysite] Rebooting ianode [ia_activaterecoverysite] Waiting for nodes to reboot... [ia_activaterecoverysite] ianode has successfully booted [ia_activaterecoverysite] Waiting for IA Software Stack to Load. [ia_activaterecoverysite] Calling ia_recovery_healthcheck.sh on ianode1 [ia_activaterecoverysite] The health is good, ia_recovery_healthcheck.sh exited with rc=0 [ia_activaterecoverysite] Rebooting the management console Node attached to power control hardware at 'iamconsole1' power cycled. [ia_activaterecoverysite] The appliance has been successfully activated on the recovery site [ia_activaterecoverysite] Exiting script with rc=0. Please refer to the logfile @ /opt/tivoli/tiam/log/dr/ia_activaterecoverysite.05262010082532.out
474
The script shown in Example 12-7 on page 473 will change the roles of the logical drives, reboot each node twice, and restore the configuration files from the utility LUN. 5. Log on to the Management Console on site A and verify that site A is now the secondary appliance by opening a terminal window and run the command sudo isSecondary.py. The command returns True if the role of the appliance is secondary. Refer to Example 12-8.
Example 12-8 Command sudo isSecondary
iaadmin@IA-Primary:/> sudo isSecondary.py True 6. If your appliance TCP/IP addresses are unique to the network, reset them using the procedure explained in Resetting File Archive and System Storage Archive Manager Collection TCP/IP addresses on page 475. 7. If you use the same NFS and SSAM TCP/IP addresses at both sites, you can just resume the collections in the Information Archive GUI. 8. Resume all collections on the new production appliance (primary role) as mentioned in 4.2.7, Resuming a collection on page 109 9. If you automatically back up your File Archive Collections to an external IBM Tivoli Storage Manager server, you must verify the collection backup settings 10.Remount or restart your client application.
Resetting File Archive and System Storage Archive Manager Collection TCP/IP addresses
When you switch the appliance roles, the clustered NFS and System Storage Archive Manager Collection TCP/IP addresses are copied from site A (the former production appliance) to site B (the new production appliance). If the CNFS and System Storage Archive Manager Collection TCP/IP addresses are unique to the site B network, use this procedure to reset them: 1. Log on to the Information Archive GUI on site B (new Primary). 2. Expand Information Archive Management in the navigation tree and click System Management. 3. Make sure the collections are suspended. If not, suspend all collections as described in 4.2.6, Suspending a collection on page 108 4. In the General Settings section, click Properties. 5. Click IP Settings and enter the NFS TCP/IP addresses for each cluster node or the System Storage Archive Manager Collection TCP/IP addresses in the site B appliance. A window opens as shown in Figure 12-7.
475
6. Click OK or Apply to save the settings. 7. Resume the collections. From System Management, in the Collections section, click the resume button that is next to the mirrored collection. See 4.2.7, Resuming a collection on page 109 8. If you automatically back up your File Archive Collections to an external IBM Tivoli Storage Manager server, you must verify the collection backup settings 9. Remount or restart your client application.
12.4.2 IBM Information Archive disaster recovery with Enhanced Remote Mirroring
Use this section to understand what to do in case of a disaster.
476
3. Log on to the Management Console on site B and verify that site is now the primary appliance by running the following command: sudo isSecondary.py The command returns False if the appliance is the primary. 4. If your collection TCP/IP addresses are unique to the network, reset them using the procedure explained in Resetting File Archive and System Storage Archive Manager Collection TCP/IP addresses on page 475 5. Resume the collections. At the Management Console in the Information Archive GUI, select System Management, in the Collections section, click the Resume button that is next to the mirrored collection. See 4.2.7, Resuming a collection on page 109 for details. 6. If you automatically back up your File Archive Collections to an external IBM Tivoli Storage Manager server, you must verify the collection backup settings 7. After the primary Information Archive (site A) is restored, you must restore the mirroring relationship. Log on to the Management Console of Site B (primary role) using the iaadmin user account. Run the following command: sudo ia_cfgermpair -enable --mcip=remote_mc_ip Where remote_mc_ip is the public TCP/IP address of the Management Console in the remote appliance. 8. Configure the Site A as secondary appliance. From the keyboard video mouse console (KVM console) at Site A (secondary role), log on to the Management Console with the iaadmin user account. At the command line, enter the following command: sudo /opt/tivoli/tiam/bin/ia_cfgsecondary.sh 9. Synchronize the data between the appliances. Log on to the Management Console at the primary appliance (Site B) with the iaadmin user account. 10.Start the data synchronization using the following commands: sudo /opt/tivoli/tiam/bin/cfgERM.sh After both appliances are synchronized, you can either maintain the role reversal or switch the appliance roles so that site A is restored as the primary appliance.
477
sudo /opt/tivoli/tiam/bin/ia_cfgsecondary.sh 5. Log on to the Management Console on site B and verify that site is now configured as secondary appliance by running the following command sudo isSecondary.py 6. Start the data synchronization using the following commands at the command line on the Primary appliance (site A): sudo /opt/tivoli/tiam/bin/cfgERM.sh
12.4.3 Failing components in one of the IBM Information Archives with Enhanced Remote Mirroring
Because most of the Information Archive components are redundant, you can replace and update many of the components in concurrent mode (that is without stopping host applications). See the IBM Information Archive Service Guide, SC27-2327 for information regarding components repair actions. However, if you cannot repair or replace a component in concurrent mode at the primary site, you can do a failover to the secondary site, to minimize your applications downtime. This is explained in Using tape drives in an Enhanced Remote Mirroring environment on page 472. Keep in mind that for recovery actions like reinstalling the Management Console or Cluster Node server, the utilfs LUN from the Storage Controller (iastorage1) is needed in primary role. This LUN keeps all the configuration data which is required to do a reinstall.
478
iaadmin@IA-Secondary:/> sudo /opt/tivoli/tiam/bin/checkMirrorStatus.sh ===============Mirror Status for [disk_ctrl_1_a | disk_ctrl_1_b]=============== iadata_85_1: Synchronized iadata_85_2: Synchronized iarecovery: Synchronized utilfs: Synchronized ===============Mirror Status for [disk_ctrl_2_a | disk_ctrl_2_b]=============== iadata_85_1: Synchronized
=========================Mirror Status Check Complete======================== 2. Log on to the Management Console on the primary (production) appliance using the iaadmin user account.
479
3. Run the mirroring suspension script by entering the following command: sudo /opt/tivoli/tiam/bin/ia_ermsuspend.sh See Example 12-10.
Example 12-10 Output of the ia_ermsuspend script
sudo /opt/tivoli/tiam/bin/ia_ermsuspend.sh Starting the ERM suspension on all logical drives Calling checkMirrorStatus.sh to verify all logical drives are synchronized (optimal) Suspending remote mirror for iadata_85_1 Suspending remote mirror for iadata_85_2 Suspending remote mirror for iarecovery Suspending remote mirror for utilfs Suspending remote mirror for iadata_85_1 NOTE: It should be noted that IA is dependent on the DS4000 for recording the changes that occur while the mirror is suspended. If the I/O rate to the IA volumes is high and/or the suspend continues for sufficient time, the DS4000 will consume all of the resources used to hold the change information, and the DS4000 will internally remove the copy services relationships (the remote mirroring will be removed here). If this happens, a full synchronization will be required. The customer should monitor the DS4000 through the DS4000 client and issue the ia_ermresume.sh command prior to the internal remove. ERM has been successfully suspended on all logical drives Exiting script with rc=0. Please refer to the logfile @ /opt/tivoli/tiam/log/dr/ia_ermsuspend.05252010114123.out When the script successfully completes, a message that the Enhanced Remote Mirroring has been successfully suspended is displayed. You can verify the suspend settings using the DS Storage Manager, to see information similar to that shown in Figure 12-8.
480
sudo /opt/tivoli/tiam/bin/ia_ermresume.sh Starting the ERM resume on all logical drives Resuming remote mirror for iadata_85_1 Resuming remote mirror for iadata_85_2 Resuming remote mirror for iarecovery Resuming remote mirror for utilfs Resuming remote mirror for iadata_85_1 ERM has been successfully resumed on all logical drives Exiting script with rc=0. Please refer to the logfile @ /opt/tivoli/tiam/log/dr/ia_ermresume.05252010124249.out You can verify if the resume was successful, using the DS Storage Manager. The DS Storage Manager display information similar to that shown in Figure 12-9.
Figure 12-9 DS Storage Manager panel after ia_ermresume script Chapter 12. Enhanced Remote Mirroring
481
sudo /opt/tivoli/tiam/bin/ia_activaterecoverysite.sh -m remove [ia_activaterecoverysite] Starting the activation of the appliance Node attached to power control hardware at 'ianode' is booted. [ia_activaterecoverysite] Calling activateRecoverySite remove on ianode [ia_activaterecoverysite] Rebooting ianode Node attached to power control hardware at 'ianode' power cycled. [ia_activaterecoverysite] Waiting for nodes to reboot... [ia_activaterecoverysite] ianode has successfully booted. [ia_activaterecoverysite] Waiting for IA Software Stack to Load. [ia_activaterecoverysite] Calling ia_recovery_healthcheck.sh on ianode1 [ia_activaterecoverysite] The health is good, ia_recovery_healthcheck.sh exited with rc=0 [ia_activaterecoverysite] Rebooting the management console Node attached to power control hardware at 'iamconsole1' power cycled. [ia_activaterecoverysite] The appliance has been successfully activated on the recovery site [ia_activaterecoverysite] Exiting script with rc=0. Please refer to the logfile @ /opt/tivoli/tiam/log/dr/ia_activaterecoverysite.05272010142636.out
482
After the mirror was removed, the LUNs display in DS Storage Manager as shown in Figure 12-10.
If you have removed the mirrored relationship as a test and site A is still operating, you can continue to use site A as the production site for the archiving applications that currently use it. You can then configure other applications to archive to site B. If both appliances are operational after the mirroring is removed, they can individually perform production until the mirror is reestablished. Tip: If you activate the collection on both Information Archive appliances, make sure you use unique TCP/IP addresses, otherwise you will get address conflicts.
483
484
6. In the Change Subsystem Settings window, click Select all under the Priority section, and move the slider to a priority. An example is shown in Figure 12-12.
Important: Depending on the capacity of your storage, the synchronization (copying) can take several hours, days, or sometime weeks to complete. On the other hand, selecting the highest priority will definitely impact the performance of your archiving applications.
485
3. Right-click the Primary Logical Drive. Select Test Mirror Communication to perform a connection checkout. The menu is shown in Figure 12-13.
If the communication test returns a Passed with Caution status, the primary logical drive and secondary logical drive are communicating correctly. An example is shown in Figure 12-14.
486
iaadmin@IA-Primary:/opt/tivoli/tiam/bin> sudo checkMirrorStatus.sh ===============Mirror Status for [disk_ctrl_1_a | disk_ctrl_1_b]=============== iadata_85_1: Synchronizing - 48% complete iadata_85_2: Synchronized iarecovery: Synchronized utilfs: Synchronized ===============Mirror Status for [disk_ctrl_2_a | disk_ctrl_2_b]=============== iadata_85_1: Synchronizing - 64% complete
487
488
13
Chapter 13.
DR550 migration
IBM Information Archive (Information Archive) is designed to consolidate various archive storage solutions into one appliance. The various data interfaces as well as the components of the Information Archive offer various ways to read and write data with archive applications and even migrate data from other archive storage systems into Information Archive. One direct storage migration path, which is offered as an IBM service, is the migration of archive data from any IBM System Storage DR550 (DR550) and IBM TotalStorage DR450 (DR450) into IBM Information Archive. This will help to do long-term retention even after end of service for the DR550 and DR450 products. End of service for DR550 is planned for 31. December 2014. The migration process is auditable and includes a proof of the authenticity of the data. In this chapter we describe the process of migrating data from the DR550 to IBM Information Archive. Because the migration itself will be done within an IBM service offering, we do not show every single command or output from such a migration. However, we do describe all prerequisites and the most interesting results.
489
13.1 Migration
The IBM Information Archive solution is a follow on product to DR550 and respectively DR450. Therefore IBM developed the functionality of data migration to this new level of archiving appliances. The method for migrating preserves the regulatory compliance design objectives of IBM System Storage Archive Manager. It does not allow data to be deleted before its retention time expires and it does not allow the retention time of data to be reduced. The customer is able to continue to use the DR550 during almost the whole process of migrating the data into Information Archive. The System Storage DR550 appliance can receive and respond to archive requests while the data is being migrated. You also can stop the migration at any point and resume it later. Keep in mind that migration usually includes IBM System Storage Archive Manager policies, nodes, and admin definitions beside the archived data. If there is any other necessary DR550 data to be migrated, first discuss that with your IBM service representative before the migration starts. IBM decided to provide this migration from DR550 to Information Archive as a service offering. This decision was derived from the fact that DR550 systems are usually part of a compliance environment. Because a DR550 migration to Information Archive is a one time activity, a service provider like IBM can profit from various customer cases whereas the customer itself will only deal with his own. That is, why IBM can offer a lot more skill and experiences with the migration. Hence, the process is running smooth and effective. In the next sections we will give you some information about how to prepare the data migration from DR550 to Information Archive.
13.1.1 Prerequisites
First of all, if not already done, you need to update the DR550 to Version 5.1 or higher, which includes TSM 5.5.4 or higher. In these versions are specific modules included which are used for the DR550 migration. To migrate the data from an IBM System Storage DR450, you must upgrade it to Version 5.1 or higher as well before this procedure. The update of a DR450 and DR550 system can be ordered separately as a service from IBM and IBM business partners. Before you can start with the data migration from DR550 to Information Archive, there are some prerequisites to check and deliver on both systems. Also, there are some restrictions to be aware of. The latter is covered in 13.1.2, Restrictions on page 491. You need to have the DR550 and the Information Archive appliance on the same Ethernet network because the file transfer uses only this way. Then, the first step on Information Archive is to create a System Storage Archive Manager Collection. We explain this in detail in Creating and maintaining a System Storage Archive Manager Collection on page 143. It is important that the created System Storage Archive Manager Collection is only used for the migration process and not for any other archive application or usage. With that, you avoid problems during the data migration from Information Archive. Afterwards, the previously created, and now filled with migrated data, System Storage Archive Manager Collection can be used for additional services. For instance, a new archive application can be registered to that System Storage Archive Manager Collection.
490
To access the System Storage Archive Manager Collection after creation from the management node command line run dsmadmc -server=<collection name>. The logon name is by default the user and password from the creator of the collection. Make sure that the IBM System Storage Archive Manager storage pool on Information Archive is large enough to save all DR550 data. To verify this you can use query filespace and query stg on the IBM System Storage Archive Manager command line. As before mentioned, the System Storage Archive Manager Collection must be empty before you migrate the data from DR550, but you need to create an specific user account on the DR550 and Information Archive, with the same password on both systems. At the IBM System Storage Archive Manager prompt, run reg admin <migration_account> <password> passexp=0. You also need to give sys authority to this account on both systems, run grant auth <migration_account> class=sys. If you have a primary tape storagepool within the DR550, you need to make all the tapes available during the migration to Information Archive, because all this data need to be read and transferred using the Ethernet network. At this point in time you have to involve the IBM service.
13.1.2 Restrictions
Beside the prerequisites, there are some restrictions to the migration of DR550 data to an IBM Information Archive. Here are the most important restrictions: The migrated documents must be stored in a System Storage Archive Manager collection on Information Archive. The documents must be exported to a System Storage Archive Manager collection that was created as part of the migration procedure. You cannot use a collection that was created before this procedure, even if the collection is empty. You cannot migrate the contents of two System Storage DR550s into a single System Storage Archive Manager collection. You must migrate all the data on a System Storage DR550 to a System Storage Archive Manager collection. Migrating a portion of the archive can impact the compliance of the archive. The System Storage DR550 archive must be smaller than the maximum capacity of a System Storage Archive Manager collection. The first collection has a capacity of 77 TB and two additional collections can be added with a capacity of 66 TB each. A System Storage DR550 containing File System Gateway data cannot be migrated to Information Archive yet. One reason for this is that Information Archive has no CIFS available yet. All WORM tapes media used in DR550 cannot be used in IBM Information Archive. Because WORM tapes usually hold critical business data and compliance data and cannot be physically erased securely, it is best to engage certified external media deletion services to dispose the media. The customer is not allowed to use the System Storage Archive Manager Collection in Information Archive before engaging IBM service if they intend to migrate a DR550 into Information Archive. However, it is possible that the target IBM System Storage Archive Manager server in Information Archive will already contain data before the import, both to allow incremental import into a server and also to allow customers to explore use of Information Archive during the service offering before actually migrating data from DR550 into Information Archive System Storage Archive Manager Collection. If you have already data in the System Storage Archive Manager Collection, you have to make sure that the
Chapter 13. DR550 migration
491
node and policy names are unique and do not collide with the names you want to migrate from the DR550. API applications that cache object ids will not be supported by the export/import migration process. This is because the object ids will change after the import of the objects. This is already documented as an improper usage of the API. These applications will either need to be changed to no longer cache object ids or they will need to somehow update the object ids to match the new ones.
492
Related publications
The publications listed in this section are considered particularly suitable for a more detailed discussion of the topics covered in this book.
Other publications
These publications are also relevant as further information sources: IBM Information Archive Installation and Planning Guide, SC27-2324 Installing and Configuring Information Archive, GC27-2326 Information Archive Service Guide, SC27-2327 Information Archive Users Guide, SC27-2325 IBM Systems Director Systems Management Guide, GC30-4176 IBM Remote Support Manager for Storage Planning, Installation and Users Guide, GC26-7933 IBM System x3650 M2 Type 7947 Problem Determination and Service Guide, Part Number 69Y3535, available at: ftp://ftp.software.ibm.com/systems/support/system_x_pdf/69y3935.pdf IBM System Storage DS4200 Express Storage Subsystem Installation, Users and Maintenance Guide, GC27-2048
Online resources
These websites are also relevant as further information sources: IBM Information Archive: http://www.ibm.com/systems/storage/disk/archive/index.html
493
494
Index
Numerics
2231-D1A 1314, 16, 1820, 25, 29, 31 2231-D1B 1314, 1820 2231-IA3 9, 1214, 16, 18, 2122, 25, 32, 35 2231-IS3 9, 14, 16, 18, 2122 2231-S2M 1516 3494 48, 129, 406 3588 411, 414 3592 129, 406, 434 7014-T00 rack 14 attributes 2, 134, 136138, 142, 158, 177, 202, 253, 256, 258, 309 audit log 181, 188, 198 AUDIT VOLUME 138, 452 Auditor 7576 automatic commit 172
B
backup 2, 47, 53, 117118, 120123, 169, 179, 194197, 199200, 202203, 231, 236, 261, 266271, 274, 293, 295, 297, 315, 364, 403, 405, 407408, 410, 423424, 428431, 435436, 440445, 450, 452454, 459 base frame 1314, 18, 38 bastgpool 425428
A
access protection 11 Activate 134, 162, 164, 271, 278279, 281, 288, 297, 377 Active Directory 52, 64, 182, 227229, 253, 255256, 259 Administration Center 84, 119, 124126, 133, 362, 414, 425 administrative interface 59, 6768, 72, 7577, 81, 117, 133, 181, 211, 215, 431 adminsecuritymanager 67 AES 139, 433 agroup host group 31 API 44, 5051, 116, 118, 120, 122123, 130, 261, 264, 266, 274, 281283, 287, 289291, 293294, 296, 299, 301, 303, 315316, 322, 324, 327, 330, 342, 492 API function 134136, 142 application encryption 433 application encryption method 433 application managed encryption 433434 Archive xixii, 14, 7, 4347, 4950, 5253, 5556, 5860, 6263, 65, 6768, 72, 7578, 8182, 84, 86, 88, 9596, 98, 101111, 113, 115118, 167175, 178182, 184, 186, 188194, 196197, 199, 201, 203204, 206, 209, 211, 214216, 218, 220, 225229, 237, 241, 248249, 252253, 259, 261264, 266269, 271273, 275276, 282283, 285, 289290, 293295, 302, 315, 319, 322, 324, 331, 337, 339, 342343, 345349, 351353, 355, 357, 359360, 365, 370, 378379, 381, 385389, 393, 395396, 398, 400401, 403404, 406409, 411, 414, 431, 433, 435, 441, 447448, 452457, 459, 461464, 473, 475478, 489492, 506 Archive Administrator 75, 111 archive copy group 131134, 137, 159, 199, 203, 268, 291, 296, 300 archive retention 118, 130, 133135, 174, 177, 266267, 293, 296, 302 chronological 134135 event-based 134135 archiveretentionprotection 151, 160 array 27, 29, 46 ARSMAINT 320 attribute 134 Copyright IBM Corp. 2010. All rights reserved.
C
cable type 54, 465 cabling 15, 22, 3235 cache data 319 caching 181 CAD 2, 270 call home 55, 57, 68, 75, 87, 97, 101, 355, 365, 381, 389 capacity planning 45 capacity upgrade 29 capacity utilization 395 CCW 182, 188 checksum 170, 176 chronological 169, 174, 186 chronological management class 284 chronological retention policy 135 CIFS 491 Client Acceptor Daemon 270 Client Acceptor Service 269270 client node 117118, 122123, 130, 138139, 203, 211, 271, 299, 320, 361, 364, 454 cluster node 13, 1516, 18, 25, 34, 40, 45, 4849, 54, 70 coarse wavelength division multiplexing (CWDM) 465 collection 1012, 16, 20, 30 collection properties 208209, 211, 215 command line 68, 82, 95, 102103, 110112, 117, 119, 123, 126, 269270, 286, 294, 398, 403, 420, 422, 426, 432, 444, 450451, 456, 491 command line client 270 commit date and time 176 committed 169170, 172, 175, 177, 190, 205, 208, 214, 219 CommonStore for Exchange Server 262 community 66 compliance 1011, 18, 22, 25, 168, 180, 185, 191 features 11 compliance features 11 component storage 116, 266, 401 components 7, 4446, 50, 57, 68, 71, 81, 8385, 87,
495
9395, 118120, 127, 130, 168, 174, 181, 228, 263265, 270, 306, 309, 321323, 353, 365, 378379, 389, 399401, 403, 453, 462, 473, 478, 489 compression 10, 178179, 196, 204 configuration 5, 1112, 16, 2527, 2933, 35, 38, 41, 4346, 4849, 52, 5456, 58, 61, 6466, 6869, 8081, 86, 8889, 91, 94, 105, 109110, 115117, 127, 141143, 148, 167, 176, 182, 189191, 194, 196197, 200, 204, 210, 214, 219, 227, 231, 234, 236, 238, 242243, 245247, 249, 268269, 281, 291, 293, 295297, 300302, 304306, 310, 315316, 320, 323, 327330, 337, 339, 345, 359, 378, 381385, 387, 391, 393, 403407, 412, 414, 417, 433435, 444446, 448, 453455, 463465, 467, 469, 473474, 478, 492 Consistent Mirror Group 463 console kit 13, 23 container 168 Content Engine 265, 322325, 329330, 332, 335 content management 7, 116, 262265, 322, 342, 406 Content Manager 123, 136, 261265, 290292, 294297, 300303, 306307, 311, 313, 315, 322, 324 Content Manager OnDemand 123, 262264, 315, 319, 342 Content Manager System Administration Client GUI 297 control path drives (CPD) 411 controller 4446, 87, 8991, 9394, 9798, 104, 122, 168, 253, 351, 381383, 385386, 388, 412, 442, 450, 452, 463465, 471 copy group 130134, 195, 199, 203, 268, 271, 282, 291, 296297, 300, 454 copy group archive 132 copy pool 409, 417, 425, 427, 442, 450 copy storage pool 165, 407, 410, 424, 442 CRC 164165, 422, 492 Create Collection Wizard 182, 188, 192, 194 create directory 212 crontab 446 CRU 20 current 68, 76, 82, 8687, 93, 121, 179, 202, 217, 243, 267, 293, 303, 391, 393, 401, 445, 450
device special file name 415416, 438 device type 129, 141, 152, 197, 406, 414415, 419 directory 52, 86, 109, 121, 142, 153, 155, 169170, 175, 181, 188190, 193, 199200, 211217, 222, 228, 230234, 238, 243, 246, 255, 266267, 281, 283, 295, 303, 316, 342, 346, 348349, 360, 392, 446, 448450, 453, 459 directory sharing 211, 218 directory tree 240, 346 disaster recovery 2, 31, 41, 127129, 404, 409 Disaster Recovery Protection 12 disk drive 46 disk storage primary 178 secondary 178 Distinguished Names (DN) 228 DN 228 DNS 55, 63, 345, 392393 Document Management System (DMS) 7 Document Manager 262 document protection 11, 173, 180 document protection settings 11 document retention 11 document rule 173, 175, 193, 204, 206207, 209 document status information 396 DR550 45, 10, 12, 18, 24 DRGC attributes 142, 309 DRIVEENCRYPTION 433 drives 12, 18, 20, 2931 DS Storage Manager 12, 25, 2728, 31 DS Storage Manager password 83 DS4200 1314, 16, 18, 29, 57, 431 dsm.opt 139140, 266269, 281, 284, 295, 301, 316, 402 dsmadmc 124, 161, 270, 272, 286, 293, 296, 324, 432, 442, 444, 450451, 458, 491 dsmserv 446, 448450 dsmserv.opt 446, 449
E
ECM 4, 262263, 265, 290 eDiscovery 4 Electronic Service Agent 365366 encryption 6, 48, 51, 132133, 139, 403, 411, 433435 application managed 433434 tape drive 48, 433435 transparent 139, 433 encryption key 139140, 433 ENCRYPTIONTYPE 139 ENDTCPSVR 246 Enhanced Remote Mirroring 21, 26, 31, 35, 4950, 53, 58, 69, 86, 122, 385, 404, 407408, 441, 461462, 464465, 480481 Enhanced Tamper Protection 6, 11, 5152, 54, 6162, 68, 83, 191 Environmental Service Module 20 Ethernet Adapter fibre 40 Ethernet cable 40 Ethernet network 22, 37, 39 Ethernet switch 1314, 2223, 44, 103104, 365
D
DAILY_MAINT 199200 dapismp 266, 281288, 294295 data archive 264 data object 424 data retention 1011, 31, 51, 267, 274276 data shredding 118, 141, 152, 161162, 197 deduplication 6, 10, 132, 178179 default management class 132, 202, 271, 281282 Delay Period for Volumes Reuse 422 deletion hold 118, 137138, 143, 159, 174, 287289, 396, 491 release 287, 289 deletion protection 133 dense wavelength division multiplexing (DWDM) 465 device class 128129, 131, 152153, 197199, 409, 419421, 424425, 430, 435, 443 device driver 300, 412413, 433, 436
496
event automatic 352 notifications 352, 354355, 357, 359360, 365 Event Log 94 event log 94, 370, 379380 event retver 162163 Event-based 118, 132, 134135, 138, 169, 174, 176, 281 EXP 420 1920 EXP420 1314, 18 Expansion Drawer 1314, 18, 20, 29 expansion drawer 18 expinterval 204 expiration date 132, 135136, 138, 174, 287, 289, 307 expiration processing 138, 287 expiration time 172 expire inventory 428
378379 hierarchical storage management 5, 24, 179 Hold 67, 134, 169, 174, 176177, 180, 222224, 268, 271, 273274, 277, 281, 288, 346 host group 31 hot-spare drive 29 HSM 179, 202 HTTP 44, 167, 180, 182, 189190, 211, 215, 219, 223 Hypertext Transfer Protocol 44, 182
I
IA Archive Administrator 75 IA Auditor 76 IA Operator 7576 IA software upgrade 24, 26 IA System Administrator 75, 102, 109, 111 ia_tsm_daily_maint.script 196197 iaadmin 11, 28 iaadmin password 82 IAArchiveAdministator 67 iadata 85_1 31 iadata 85_2 31 IADefault 175178, 186, 192, 204 iam_tsm_setup.script 196 iarecovery 31 IASystemAdministrator 67 IBM Content Manager 262264, 290291, 293, 297 IBM Director 55, 82 IBM FileNet Content Manager 322 Web Application Toolkit 322 IBM FileNet P8 Platform 265 IBM FileNet P8 Platform 322 IBM i 242, 246248 IBM Information Archive 4 hardware 9, 12 software 9, 12 IBM InfoSphere Content Assessment 3 IBM InfoSphere Content Collector 3 IBM InfoSphere Discovery 4 IBM Optim 3, 123 IBM Smart Archive Strategy 34 IBM System Storage Archive Manager 115116, 118, 120, 122, 127, 132, 165, 266, 315, 409 IBM System Storage Archive Manager (SSAM) 24 IBM System Storage DR550 4 IBM Systems Director 15, 17, 26, 351, 353, 355, 365, 370, 376, 378380 No access error 370 event log 370, 379380 IBM Tivoli Storage Manager 12, 24, 44, 5051, 53, 116117, 119, 122123, 178179, 199, 202, 204, 267268, 270, 315, 324, 398, 407408, 432, 453 API 139, 166 database 410 Extended Edition 117 HSM 122124, 202 usage 116, 118 Version 5.2.2 117 Index
F
fabric 405 failback 473 failover 45, 121, 148, 436, 453, 473, 476, 478 FC cabling 3435 feature key 49, 462, 464 Federation Services 265 Fibre Channel 404, 412 File Archive Collection 10, 44, 50, 53 file expiration 204 file migration threshold 179 file permission 171 file system 56, 45, 65, 86, 108, 116, 120, 122123, 127, 130, 148, 152, 168171, 175, 179, 181182, 186, 189, 197, 211, 216218, 220, 227, 259, 265266, 319320, 446448, 456 FileNet Business Process Manager 262, 322 FileNet Content Manager 262263, 265, 322, 324 FileNet Image Manager Active Edition 262263 FileNet P8 261263, 265, 322323, 325, 330331, 337, 339 FileNet Records Manager 262, 322 firewall 5556, 85, 9091, 384385, 391393 firmware upgrade 86 FTP 246, 267, 392393
G
General Parallel File System (GPFS) 25, 169 GID 188, 213, 253, 255, 257 global hot-spare 29 GNOME 222 GPFS 6, 15, 2425, 31, 169 group management 7172 group roles 79 groupOfNames 236237
H
halt 121, 447448, 456, 458 HBA 31, 34 Health Information portlet 363 Health Monitor 351352, 354355, 358, 361365,
497
IBMchanger 413, 435, 439440 IBMtapeconfig 413 IBMtapeutil 413 ICMANNOTATION 306307, 309 ICMBASE 306307, 310 ICMBASESTREAM 307 ICMBASETEXT 307 ICMNOTELOG 306307, 310 ICW 41, 52, 5758, 6061, 66 Identity Management 253256 idsldap 234 idsxcfg 231 idsxinst 231, 234 IMM 370373, 375 import 234, 236, 238, 246, 248, 311313, 491492 indexed search 263 inetOrgPerson 236237 ingestion 170, 172173 Initial Configuration Wizard 41, 52, 5758, 6061, 66, 192, 241, 248, 252, 259 Integrated Management Module 370 Integrated Solutions Console 17, 2627, 59, 125, 431 intelligent Power Distribution Unit (iPDU) 14 intelligent power distribution unit (iPDU) 1415 invalid 133 IP address 54, 56, 61, 63, 65, 75, 9596, 99, 110, 125, 146, 166, 181, 190, 229, 246, 295, 332, 344345, 383385, 387, 447, 454 iPDU 14, 57, 103 ISC 59, 67, 119, 124125, 325, 414, 431 iscadmin 11, 59, 62, 67 item type 306310, 314
logging 352, 379, 398, 400 logging level 399400 logical drive 27, 29, 463464, 486 logs 92 lservice 386, 391
M
main 45, 59, 8788, 103104, 144, 169, 183, 238239, 245, 269, 307, 322, 329, 381, 414, 418419, 421, 424425 management class 130133, 137, 202, 271272, 275, 278, 281282, 284287, 289, 296297, 301302, 304 retention policies 281 Management Console 13, 1718, 23, 25, 2728, 32, 37, 40, 44, 54, 59, 68 management server 365, 368 See also IBM Director, Server MD5 170, 176 medium changer 404, 411, 413, 439440 memory 13, 15, 1718, 26 metafile 169171, 173178, 204, 209210, 216219, 221224, 226 schema 169170, 174178, 209210, 216219, 221224, 226 Mgmt class 136, 285, 287290 Mgmt class override event 285 MIB 360361 Microsoft Active Directory 228, 253, 259 Migrating data 406 migration 50, 75, 117118, 122123, 141, 144, 178179, 187, 197, 202, 204, 292293, 305306, 320321, 403, 405407, 409411, 420, 423, 431432, 453, 489492 migration threshold 179 mirroring 56, 404, 463465, 467468, 470, 476477, 479, 482483 mount 5859, 169170, 180181, 215218, 285, 345347 My notification 85 My notifications page 85
J
JXplorer 246248 jython 110, 113114
K
Keyboard Video Mouse (KVM) switch 23 KVM 32, 58, 8284, 9596, 98, 101104, 106107, 111, 124, 324, 446448, 450, 456459 cabling 32 KVM switch 13, 23, 32, 103, 412
N
namespace 167 Navigate Resources 370, 373, 375376 Network File System (NFS) 10 Network Information Service (NIS) 253 NFS 6, 44, 108109, 113, 167170, 177, 180182, 184191, 196197, 199, 211, 215218, 220, 225226, 229, 342, 345347, 459 NFS mount 216 NOLIMIT 134, 136, 138 notifications 355 NTP 52, 54, 75, 181
L
Last Update 156158, 201203, 282, 420 Last Update Date/Time 156158, 201203, 282, 420 LDAP 11, 52, 55, 5859, 6365, 67, 7275, 77, 113, 133, 180, 182183, 188189, 227231, 234, 236, 238, 241249, 252253, 255, 259, 322323, 342, 346, 457 Bind Account 255 client 59, 228, 230 LDAP Data Interchange Format (LDIF) 236 ldapsearch 241, 248, 252, 259 LDIF 236 library server 290, 298, 306307, 311, 315 Lightweight Directory Access Protocol (LDAP) 11 lin_tape 412, 436438
O
Object ID 287289 Object Server 264 OnDemand 123, 262264, 315316, 318321, 342 Administrator 316, 318
498
Configurator 316 OPAL 166, 226 OpenLDAP 229, 249, 252 Operator 7476 OU structure 256 ownership 6, 181, 188, 259, 346, 449
P
PACS 7 parity 29 passwd 68 password 56, 5859, 63, 6768, 75, 8284, 101, 111, 113114, 117, 124, 133, 139, 162, 164, 183, 217, 227, 233, 236237, 241, 248, 252253, 259, 266, 269, 271, 283284, 295, 297, 303, 315, 318, 324, 333, 346, 360, 362363, 366, 371, 385, 391, 432, 442, 444, 449, 454, 457, 491 passwordaccess 268269, 295, 449 permission 67, 172, 182, 189, 228, 342, 349 PID 116 policy 46, 52, 82, 111, 117118, 122, 127, 130133, 169170, 173175, 197, 201, 205, 208, 256, 270271, 281, 286, 290, 292293, 296, 305307, 309310, 312, 333, 364, 396, 406, 492 default settings 4, 6, 117, 127, 130133, 173175, 197, 201, 205, 270271, 281, 290, 292293, 296, 306307, 309310, 312 policy domain 117, 130133, 201202, 271, 291, 296297, 315 expiration process 138 STANDARD 156, 158, 201 policy set 130133, 142, 157, 201, 271, 296 policy-managed 10, 24 portenable 69 Ports on Demand 50, 69 power distribution unit plus 15 power off 101103 power on 104 preferred path 31 premigration 179 primary disk storage 178179, 193 profile 155158, 200203, 282, 346, 375, 388 protection 56 levels 180 protection levels 180 protection settings 11 putty 28
RAID 6 20, 29, 46 Records Manager 262, 322 recovery 2, 53, 94, 120122, 127129, 361, 374, 404, 409, 441, 445 Recovery Guru 9394 recovery log 361 Redundant Array of Independent Disks 29, 46, 122 reference architecture 7 Release 124, 134, 174, 224225, 268, 277, 281, 288, 324, 346, 432 Remote Access Timeout 91 Remote Client Agent Service 270 Remote Support Manager 18, 25 Remote Support Manager (RSM) 18 Resource Manager 300, 303, 306 retention event 135, 143, 174, 287289 retention hold 180, 223, 225 retention period xi, 2, 45, 5051, 130, 134, 136138, 165, 169170, 172174, 176, 180, 186, 192193, 204, 220, 275276, 307, 342, 348, 457, 506 retention policy 135136, 143, 205, 312313 retention-managed data 2 RETMIN 134138, 159, 296 RETVER 134137, 287, 296 role 67, 72, 7477, 8182, 84, 87, 111, 124125, 133, 144, 165166, 182183, 209, 215, 255, 352, 365, 393, 395, 442, 444, 456457 rservice 91, 390392 RSM 18 Configuration Test 387 ports 392 RSM server 13, 18, 2223, 25, 32, 37, 40 rsm-passwd 68 rule 175, 193, 204, 206207 rules 173, 207, 209
S
SAN cabling 33 SAN fabric 31, 33 SAN switch 1314, 2122, 3435, 41, 48, 5657, 69 SAN zoning 31 SATA 2, 15, 1720, 409 schedule 47, 86, 127, 151153, 155, 196197, 199200, 293, 364, 422423, 426428, 430431, 443444, 446, 453454 SDK 294 secondary disk storage 178, 193 secondary logical drive 463464, 486 security xi, 4, 6, 48, 5152, 8182, 9192, 120, 132133, 140141, 178, 180, 182, 227, 255, 263, 322, 330, 341, 410, 506 Security Log 92 sendtestalert 360 service xii, 34, 50, 54, 5657, 68, 8486, 9091, 109, 144, 170, 172175, 177, 186, 192193, 204206, 219, 269, 274, 368369, 381, 384, 388389, 391, 399400, 457, 459, 489491 service class 174175, 186, 192193, 204205, 207, 220 session 99, 110, 122, 125, 140, 144, 246, 249, 268, Index
Q
query process 417
R
rack 54, 57, 103104, 384385 base 9 expansion 9 population 21 Rack Security Kit 14 RAID 46, 122
499
283284, 345346, 348, 364, 392, 428, 444 SFP 23, 31, 50, 56, 462, 465 sharing directory 211 shredding 118, 132, 140, 152, 161163, 197 single node 182 site preparation 53 SLES 52, 58, 227, 229, 231, 233, 238, 249, 252 Small Form Factor Pluggables (SFPs) 23 Smart Archive Strategy 34 SMclient 2728, 98, 100 SNMP 55, 66, 87, 90, 351352, 355, 357, 359360, 384, 391393 SNMP trap 359, 365 software updates 71, 8485 software upgrade 24, 26 space allocation 186 SSAM 24, 44, 4748, 5051, 77, 116117, 168, 261, 263, 266267, 270272, 282283, 286, 290291, 293294, 296297, 299302, 304, 311, 315, 317318, 320323, 329, 331332, 335, 342, 403, 407411, 414, 417, 419, 422423, 427428, 430431, 433435, 441448, 450452, 455, 490492 archived data 51, 116, 122, 132, 135, 407408, 442, 490 database 116, 119120, 122, 127, 300, 303, 320, 407408, 410, 422, 430, 433, 442448, 450, 492 features 115118, 132, 266 server database 140, 433, 435 volume 128, 154, 290, 304, 417, 422, 445, 492 SSAM collection 10 SSH 5556, 82, 91, 95, 99, 110111, 124, 324, 384385, 388, 391393 states 7576, 392, 396 statistics 92 status 2, 57, 69, 7576, 8791, 9394, 111, 134, 137, 155, 165, 200, 210, 276, 287, 289, 351353, 355, 357358, 360364, 370373, 375, 377380, 387, 393, 396, 399, 422, 431, 442, 444, 451, 458, 471, 479, 486488 Status Manager 378 storage configuration 29 Storage Controller 1314, 16, 1822, 2629, 31, 57, 431 storage controller 30, 34 Storage Groups 304 storage hierarchy 120, 127128, 165, 293, 409, 420, 422 Storage Manager 25, 28 storage pool 127, 130132, 138, 141, 152, 197199, 220221, 406408, 410, 417, 420, 422, 424, 427428, 431, 433, 435, 442444, 447, 450451, 491492 storage requirements 46 STRTCPSVR 246 stub file 179 su 83, 392, 446, 448, 450, 458 subnet mask 41 Support Portal 267 SUSE Linux 58 switchshow 466 System Administrator 75, 102, 109, 111 System Log 92 System Storage Archive Manager 10, 118
Administrator 144 API 122, 295 application 118, 122 database 120121, 407 System Storage Archive Manager Collection 44, 47, 5051, 57, 61 System Storage Archive Manager policies 51 System Storage Productivity Center (SSPC) 398
T
tape xixii, 2, 46, 4748, 53, 57, 69, 117118, 121123, 178179, 182, 403412, 414, 416417, 420, 422423, 427428, 430431, 433435, 437445, 447448, 450451, 453454, 456, 491492 tape attachment 1112, 33, 48 tape device 48, 70, 403407, 409, 436 tape drive 12, 128129, 403404, 406, 409, 411, 433436, 438 Tape drive encryption 132, 433 tape library 10, 12, 40, 69, 128129, 179, 405, 409, 414, 427, 433434, 459 tape pool 409, 420, 423 tape volume 416, 431 TCP/IP address 22, 31, 41 TCPServeraddress 295 thresholds 109, 179, 403, 406, 420, 423, 431432 time server 52, 61, 181 Time Zone 383 Tivoli Common Reporting 393, 395 Tivoli Directory Server Instance Administration Tool 231 Tivoli Enterprise Console 360 Tivoli Open Process Automation Library (OPAL) 166, 226 Tivoli Storage Productivity Center 398 Total Cost of Ownership (TCO) 5 Traceroute 393 tracing 351, 398, 400402 tracing level 400401 transaction data 2 transparent encryption 139, 433 trap 357, 359, 365 TS1040 434 TS1120 129, 406, 433434 TS3500 406, 411413, 415, 420, 431, 434435 tsmAdministrator 67
U
udev 403, 437440 UID 188, 213 uncommitted 170, 172173, 190, 204 upgrade 24, 26 USB 5859, 63, 8586 user accounts 7275, 84, 133, 227, 229, 252, 258, 340 user group 181, 188189 user management 7172 utilfs 31
500
V
verify_wellness 5758 volhist 194, 199200 volume mapping 31
W
Web Client 134, 269270 Workstation Collections 306 WORM 48, 53, 118, 129, 406, 411, 419421, 423424, 431, 442, 491 write caching 163 wsadmin 110, 113114
X
XML 168, 170, 175, 177, 219, 222, 226, 262, 264265 XML descriptor 27 X-Server 28 xterm 28
Z
zoning 22, 31, 36, 48, 405
Index
501
502
Back cover
Universal storage repository for all types of content High security with Enhanced Tamper Protection Support for multiple access methods
This IBM Redbooks publication can help you understand, configure, monitor, and use IBM Information Archive. As you address your information retention needs, whether keeping valuable content for long periods of time, meeting industry retention regulations, or addressing corporate governance, you need an archiving solution that is secure, scalable, but also cost-effective. IBM Information Archive is the next-generation information retention solution designed as a universal archiving repository for all types of content to help midsize and enterprise clients reduce cost, manage risk, and address clients complete information retention needs: business, legal, or regulatory. This highly versatile, smart business system can be a useful tool for clients in their efforts to support regulatory compliance by providing a storage repository with robust security features designed to prevent the alteration or deletion of the storage repository in which information is stored until their business-designated retention period has elapsed. This book is a comprehensive document intended for customers and field personnel who want to understand, deploy, use, and monitor IBM Information Archive.