Académique Documents
Professionnel Documents
Culture Documents
akhan@aayan.com
akhan@aayan.com
Welcome to NetWorker Implementation and Management training.
Copyright ©2016 EMC Corporation. All Rights Reserved. Published in the USA. EMC believes the information in this publication is accurate as of its publication
date. The information is subject to change without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH
RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE.
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. The trademarks, logos, and service
marks (collectively "Trademarks") appearing in this publication are the property of EMC Corporation and other parties. Nothing contained in this publication
should be construed as granting any license or right to use any Trademark without the prior written permission of the party that owns the Trademark.
EMC, EMC², the EMC logo, AccessAnywhere Access Logix, AdvantEdge, AlphaStor, AppSync ApplicationXtender, ArchiveXtender, Atmos, Authentica, Authentic
Problems, Automated Resource Manager, AutoStart, AutoSwap, AVALONidm, Avamar, Aveksa, Bus-Tech, Captiva, Catalog Solution, C-Clip, Celerra, Celerra
Replicator, Centera, CenterStage, CentraStar, EMC CertTracker. CIO Connect, ClaimPack, ClaimsEditor, Claralert ,cLARiiON, ClientPak, CloudArray, Codebook
Correlation Technology, Common Information Model, Compuset, Compute Anywhere, Configuration Intelligence, Configuresoft, Connectrix, Constellation
Computing, CoprHD, EMC ControlCenter, CopyCross, CopyPoint, CX, DataBridge , Data Protection Suite. Data Protection Advisor, DBClassify, DD Boost, Dantz,
DatabaseXtender, Data Domain, Direct Matrix Architecture, DiskXtender, DiskXtender 2000, DLS ECO, Document Sciences, Documentum, DR Anywhere,
DSSD, ECS, elnput, E-Lab, Elastic Cloud Storage, EmailXaminer, EmailXtender , EMC Centera, EMC ControlCenter, EMC LifeLine, EMCTV, Enginuity, EPFM.
eRoom, Event Explorer, FAST, FarPoint, FirstPass, FLARE, FormWare, Geosynchrony, Global File Virtualization, Graphic Visualization, Greenplum, HighRoad,
HomeBase, Illuminator , InfoArchive, InfoMover, Infoscape, Infra, InputAccel, InputAccel Express, Invista, Ionix, Isilon, ISIS,Kazeon, EMC LifeLine, Mainframe
Appliance for Storage, Mainframe Data Library, Max Retriever, MCx, MediaStor , Metro, MetroPoint, MirrorView, Mozy, Multi-Band Deduplication,Navisphere,
Netstorage, NetWitness, NetWorker, EMC OnCourse, OnRack, OpenScale, Petrocloud, PixTools, Powerlink, PowerPath, PowerSnap, ProSphere,
ProtectEverywhere, ProtectPoint, EMC Proven, EMC Proven Professional, QuickScan, RAPIDPath, EMC RecoverPoint, Rainfinity, RepliCare, RepliStor,
ResourcePak, Retrospect, RSA, the RSA logo, SafeLine, SAN Advisor, SAN Copy, SAN Manager, ScaleIO Smarts, Silver Trail, EMC Snap, SnapImage, SnapSure,
SnapView, SourceOne, SRDF, EMC Storage Administrator, StorageScope, SupportMate, SymmAPI, SymmEnabler, Symmetrix, Symmetrix DMX, Symmetrix
VMAX, TimeFinder, TwinStrata, UltraFlex, UltraPoint, UltraScale, Unisphere, Universal Data Consistency, Vblock, VCE. Velocity, Viewlets, ViPR, Virtual Matrix,
Virtual Matrix Architecture, Virtual Provisioning, Virtualize Everything, Compromise Nothing, Virtuent, VMAX, VMAXe, VNX, VNXe, Voyence, VPLEX, VSAM-
Assist, VSAM I/O PLUS, VSET, VSPEX, Watch4net, WebXtender, xPression, xPresso, Xtrem, XtremCache, XtremSF, XtremSW, XtremIO, YottaYotta, Zero-
Friction Enterprise Storage.
This slide is a depiction of the NetWorker training options available to you and how they fit into
the EMC certification tracks and exams. The courses in the NetWorker curriculum start at the
fundamental level and progress through specialist to more advanced, expert topics. All courses
in the curriculum are open to all audiences.
The review topics in the first lesson of this course, NetWorker Implementation and
Management, will direct you to the topics in the prerequisite eLearning course, NetWorker
Fundamentals, where you will find more detailed information about each topic.
Technical certification through the EMC Proven™ Professional program for the Storage
Administrators and Implementation Engineers tracks is based on the courses shown in the
diagram.
More information about the these exams and the supporting curriculum can be found at:
https://education.emc.com/guest/certification/.
This lesson provides a brief review of these prerequisites along with cross-references to the
prerequisite course to help you obtain this knowledge.
NetWorker protects critical business data by centralizing, automating, and accelerating backup
and recovery operations across an enterprise. NetWorker provides backup and recovery
support for diverse computing and storage environments including business applications and
virtual environments. Performance enhancements, such as block based backups, improve
backup performance and reduce the impact of backups on production environments. User
authentication, authorization and encryption support ensure information security. Backup
storage options include the leading deduplication technologies, disk backup and snapshot
technologies, as well as deep integration with the latest databases and applications.
A backup is a copy of production data, created and retained for the sole purpose of recovering
deleted or corrupted data.
Tracking is the process of storing information or metadata about backup save sets. The
Management Console server uses this information to generate reports.
Aging determines the length of time that backup data is available for recovery. NetWorker
allows you to specify how long individual copies of data are maintained.
Cloning is the process of copying a save set from one NetWorker backup volume to another.
The clone can then be managed independently with its own retention time.
Staging is the process of moving a save set from one volume to another.
The NetWorker server is a physical or virtual machine that manages the datazone and
facilitates client backups and recoveries. The NetWorker server maintains tracking and
configuration information.
The Management Console Server provides a global view of the NetWorker backup environment
for centralized management of one or more NetWorker datazones.
The Management Console client is a Java-based graphical user interface accessible from any
supported web browser.
NetWorker supports many types of devices that can be used to store backup data. Device
types include virtual and physical tape, disk, and cloud storage devices. Backup to
deduplication storage is supported with Data Domain and Avamar. Configuring and managing
backup devices is covered in detail later in this course.
Finally, the most fundamental NetWorker component is the NetWorker client. NetWorker client
software provides the functionality for generating backups, pushing the data to a NetWorker
storage node or directly to a backup device, and retrieving data for a recovery. Client software
is installed on all NetWorker hosts.
A save set is one or more files, directories, and/or file systems, or application-generated data,
residing on a NetWorker client, that is backed up as a unit to a NetWorker storage node and
written to backup storage. A save stream is a single save set in the process of being backed up
or recovered. The save program is used to back up a save set.
A volume is a unit of media, such as a tape cartridge or file system directory, to which backup
data is written.
A pool is defined as a collection of NetWorker labelled volumes. Pools are used in NetWorker to
assign specific backup data to specific volumes.
A protection group defines a set of data sources to protect, such as clients, VMware objects or
save sets.
Protection policies provide an organizational container for the workflows, actions and groups.
As we progress through this course, we will cover these terms in more detail and build upon
these definitions.
In a Microsoft Windows environment, the core NetWorker processes are started via two
NetWorker services.
The following pages provide summary information about the main NetWorker daemons. For
more detailed information, please see the EMC NetWorker Command Reference Guide or the
man pages.
The NetWorker storage node daemon, nsrmmd (network save and recover media multiplexing
daemon), runs on NetWorker storage nodes to support reading and writing of data to devices.
The nsrmmd daemon writes the backup data sent by save to a volume in the backup device it is
controlling, sends information to the NetWorker server to track data written to the volume, and
reads data from the volume during operations such as recoveries and cloning. One nsrmmd is
started for each device configured as a NetWorker resource.
Note: For disk-type devices there may be more than one nsrmmd per device.
For each enabled library (jukebox) in a datazone, nsrmmgd on the NetWorker server spawns a
nsrlcpd (network save and recover library control daemon) to control the actual jukebox
resources, such as media, slots, drives, and access ports. After performing a task, nsrlcpd
returns status information to nsrmmgd, which in turn provides it to nsrd.
nsrd - (network save and recover daemon) is the master daemon. nsrd manages the
NetWorker resource database, which contains almost all NetWorker configuration information.
It also starts the nsrmmdbd and nsrindexd processes. nsrd is started automatically at system
startup. Once started, nsrd starts the other server daemons and the nsrsnmd process on the
storage node.
nsrmmdbd - (network save and recover media management database daemon) provides the
read and write service for the media database.
nsrindexd - (network save and recover index daemon) provides the read and write service
for the client file index databases.
nsrjobd – (network save and recover job daemon) is responsible for coordinating all
scheduled backups. It stores information about these operations and provides it to the
NetWorker server and the NMC server for reporting purposes.
nsrmmgd – (network save and recover media management daemon) manages all library
operations. It is started on the NetWorker server by nsrd when the NetWorker services are
started or when the first jukebox resource is configured and enabled.
In a Windows environment, these processes are started via the NetWorker Backup and
Recover Server service.
Note: For more detailed information, refer to the NetWorker Command Reference Guide.
gstd – (general services toolkit daemon) is the master Console process and is responsible for
starting the gsttclsh and postgres processes. After a Console client has established
communication with the Console server, all further communication is performed through gstd.
postgres – This process manages the PostgreSQL Generic Services Toolkit (GST) database.
This database is also referred to as the Console server database and contains information
concerning all backup, recover, and cloning operations performed on NetWorker servers
managed by the Console server. This information is used by gstd to generate reports.
In a Linux environment, the processes are started automatically during system boot up. On a
Microsoft Windows host, the processes are started via the EMC GST Service which is configured
to start automatically during boot up; httpd is registered as the EMC GST Web Service.
A resource is defined by its attributes and the values of those attributes. There can be multiple
configurations or instances for each resource type.
For example, in the slide above, the client resource for bongo has a Save set attribute
configured to back up the /oracle directory. This client is a member of the Payroll group and
the Payroll group is assigned to the File system backups workflow which is configured to start
backups at 9:00 P.M.
Nearly all of the resources are stored on the NetWorker server and managed by the nsrd
daemon. A small number of resources are managed on the NetWorker client.
A client file index (CFI) stores information about each file backed up by a NetWorker client.
There is one CFI per physical NetWorker client. The stored information includes file
characteristics such as owner, size, permissions, and modification and access times, as well as
the timestamp of when the file was backed up. All files in a given save set have the exact
same backup timestamp. This information is used to support browsable recoveries, which
allow you to easily recover a client to a specific point in time.
As a save set ages, its CFI records are automatically purged to save space. The length of time
that the records are retained is determined by the Browse policy attribute in the client
resource. CFIs may require large amounts of space on the NetWorker server. Each record in a
CFI uses approximately 160 bytes. The default path of a CFI is
/nsr/index/hostname_of_client/db6.
The media database contains information about all NetWorker volumes and the save sets on
those volumes. For each volume there is a volume record. For each save set on a volume,
there is a save set record. This information is critical for supporting recoveries and is also used
during incremental backups to determine the timestamp of a previous backup. The location of
the media database is /nsr/mm/mmvolrel.
Important: Beginning with NetWorker 9, you specify only a retention period when backing up a
save set. NetWorker uses this value for both the Browse time and the Retention time for the
save set.
The data in the CFI files is XDR encoded for NetWorker use. Therefore, only NetWorker
GUI/CLI interfaces should be used to view and manage the CFI data.
nsrinfo displays the timestamp in two formats. The nsavetime format is the number of
seconds since January 1, 1970. This is the time format used internally by NetWorker. The
save time format is a more human-readable form of the date and time.
To maintain its integrity only use NetWorker GUI or CLI interfaces to view and manage the
data contained in the media database.
Note: The media database is a SQLite database. Operational requests are handled in parallel
and a targeted cache facility is employed, thus optimizing performance.
The jobs database consists of an embedded SQLite database server which is a full database
engine that can handle high loads without performance concerns. The database itself is stored
in a single file on the NetWorker server and is managed via time-based purging. The database
should not exceed 1 GB in size. The jobs database is re-created during NetWorker server
disaster recovery procedures.
The next step is to identify the host roles that are needed in your environment. This
includes NetWorker server, console server, storage nodes, and any proxy nodes that may
be used.
Once these are identified you need to validate sizing for each of these components as well
as any additional datazone requirements like the use of multi-tenancy.
The Release Notes documentation contains important configuration tips, installation and
upgrade notes, and the latest software patch information.
The Installation Guide provides step-by-step instructions for installing NetWorker server,
storage node, client and NMC.
Finally, the NetWorker 9 differences technical note covers the differences between
NetWorker 9 and previous releases. For information about updating to NetWorker 9 from a
previous NetWorker release, please refer to the Updating to NetWorker 9.0 from a Previous
Release Guide.
NetWorker product information and documentation can be found on the EMC Support web
site, https://support.emc.com. Note that the version numbers and dates of the manuals
will be different than what is shown here.
Additionally, you should consider the way that backup data is sent to the target devices. If
storage nodes will be used, you should determine how many and where they will best be
located. If using client direct, it’s important to ensure that backup clients have direct
access to the devices and you have identified all necessary data paths.
More often than not, you will have a combination of methods, using client direct for some
clients and storage nodes for others.
Note: It is important to understand that the data protection requirements largely dictate
the design of the NetWorker environment. NetWorker provides a multitude of features and
capabilities to allow it to be customized for even the most complex environments.
There are many components of a NetWorker environment that contribute to the disk space
needs. The NetWorker databases are stored on the server and should be sized based on
the number of resources that will be maintained on the server. Depending on your
retention requirements client file indexes can occupy a large amount of disk space as well.
Other disk space considerations include your software repository for pushing client updates,
as well as space required by the NetWorker Management Console and its database. It is
recommended to store the NetWorker databases on a different volume from the operating
system. SAN volumes are an excellent choice because they allow for higher I/O loads along
with advanced features like cloning and replication. NAS storage is not recommended for
the NetWorker databases.
Platform Compatibility
The best platform for your environment is generally the one that you have the most
administrative experience with. This could be Windows or Linux depending on your
environment. Another consideration is the use of a physical NetWorker server or the
NetWorker Virtual Edition (NVE). See the EMC NetWorker Software Compatibility Guide for
supported OS and platforms.
Network Connectivity
The EMC Licensing Solution is based on capacity and is the only licensing model available
for new NetWorker installations.
With this solution, one or more license servers must be installed in the NetWorker
environment. The license server is responsible for managing the NetWorker license and
capacity allocation across multiple datazones.
The license server reads a license file stored on the server to determine the type of licenses
and the amount of capacity purchased.
Configuration and management of the license server is performed by using the LMTOOLS
application on Windows or LMGRD on Linux.
With the EMC Licensing Solution, license files are node-locked to the License server. The
entitlements are tied to a customer’s ID and not to a specific NetWorker server. This makes
for more flexibility in license management.
The EMC Licensing Solution supports scaling of the NetWorker environment. There may also
be multiple license servers each servicing a set of NetWorker servers. In this case, the
license file for each license server is unique. Each license server is independent of any other
license servers in an environment. For example, in a site with 18 NetWorker servers, one
License server may manage 10 NetWorker servers and a second License server then
manages the remaining 8.
Contents of a license file include the hostname and IP address of the EMC Licensing
Solution License server. The license file for NetWorker may contain two types of licenses:
an update license which is required if updating from a previous NetWorker release and a
capacity license which enables multiple datazones.
NETWORKER_CAPACITY defines the licensed capacity that can be shared across datazones.
If a NetWorker server is restarted and the EMC Licensing Solution is in effect, the RAP
license resources are queried and all licenses are checked out again. In the event that the
EMC License server cannot be reached, the existing RAP resources are kept and periodic
attempts to check out licenses are made.
Users of the legacy models may continue to use those models but they must install an EMC
Licensing Solution License server and set up a license file. The license file contains an
update license entitlement that is required to continue using traditional licensing.
Though not mandatory, it is recommended to convert to the EMC Licensing Solution model
for the flexibility and ease of use it affords. The evaluation period provides you with 30 days
along with a 15 days grace period to determine whether you want to continue using a
legacy model or use the EMC Licensing Solution.
If a user of the legacy capacity model wants to migrate to the EMC License Solution upon
upgrade to NetWorker 9, any unused capacity can be carried over and applied to the
amount of storage purchased for the new model.
Note: Once a NetWorker server is using the new model, there is no provision to go back to
legacy licensing.
The EMC Licensing Solution License server keeps count of how many units of capacity are
checked out from a license file. By default, one unit of measure is checked out for each
capacity request that is satisfied. Nsrlmc installs the entitlements on the NetWorker server
through an exchange with the license server. The backup administrator does not manually
install entitlements on the NetWorker server.
When a NetWorker server stops, the license server checks the checked out units back in.
The CLP API provides a function for nsrlmc to maintain this heart beat.
Note: The EMC Licensing Solution License server is a separate install from the NetWorker 9
server installation. The license server installation package is located in the same location as
the NetWorker server software.
Next, obtain a license file from Licensing@EMC.com. Provide the hostname and IP address
of the license server. NetWorker servers must communicate heartbeat and licensing
information with the EMC license server. By default, the license server and NetWorker will
communicate over port 27000. If port 27000 is not available, indicate which port you will
use as an alternate when obtaining the license file.
Copy the license file to a folder on the License server and the nsr/lic directory on each
NetWorker server that will access this license server. Even if the license server is co-located
with a NetWorker server, it must still be copied to both locations.
Finally, run the LMTools utility (Windows) or lmgrd (Linux) to configure and start the license
server service. To validate the license server service in running on Windows, look for the
service name in Windows Task Manager. The default service name is “Flexlm Service 1”,
however, this can be defined during initial configuration. In Linux, you can search for the
Lmgrd service to validate it is running. The license server application should be running
constantly to serve licenses to NetWorker.
The CLP refresh field allows the administrator to force NetWorker to re-query the License
server and license file.
Smaller, faster installers are available for the NetWorker client and NetWorker extended
client. Use these installers when only installing the client software. These are:
In Windows, the extended client is automatically installed when using the NetWorker
package for installing the NetWorker server and storage node. It is not automatically
installed when selecting the client install only from this package.
Please refer to the EMC NetWorker Installation Guide for installation requirements and
detailed procedures.
The base client package, lgtoclnt, must be installed first. The extended client software
package, lgtoxtdclnt, and the block based backup software, lgtobbb, may also be
required to be installed on the client.
When installing a NetWorker storage node, install the NetWorker client software first,
including the extended client, followed by the storage node rpm, lgtonode.
When installing a NetWorker server, install the NetWorker client and storage node software
first. Then, install the NetWorker server software package, lgtoserv, and the adaptor
package, lgtoadpt.
Also, as with previous NetWorker releases, the NetWorker Management Console requires
that at least the NetWorker base client is installed first. The NMC installation package is
lgtonmc.
Please refer to the EMC NetWorker Installation Guide for installation requirements and
detailed procedures.
Note that the NetWorker server is not supported on Solaris, AIX, Linux x86 and HP-UX
platforms; however, NetWorker storage nodes and clients are supported on these
platforms. NetWorker does not support Linux ia64.
The next several slides cover information that is supplied during the installation process.
http://console_server:http_service_port
where console_server is the host name of the console server and http_service_port is the
port number for the embedded web server that was specified during the Console server
installation. The default HTTP port is 9000. Alternatively, on Windows, the NMC can be
started from the shortcut on the desktop or from the Windows Start menu.
A supported version of Java Runtime Environment (JRE) must be installed on the Console
client. JRE, which includes Java Web Start, must be installed in order to download and run
the Console client properly. Upon launching the Console client, you are notified if an
appropriate version of JRE is not installed. Follow instructions for downloading and installing
a supported version of JRE from the Java web site. After installing JRE, close and restart the
browser.
The NetWorker Management Console Login screen is displayed to the user. A user
cannot run NMC unless a valid user name and password combination is provided. For User
Name, use administrator and for Password, use the password that was specified for the
NMC authentication during the installation.
Click Next to confirm the authentication server service account for the NMC server.
Click Next to specify the NetWorker server that will back up the NMC server database.
Click Next to specify a list of managed NetWorker servers. If this NetWorker Management
Console server will be managing more than one NetWorker server, add the names of each
server on a separate line.
To launch NetWorker Administration for a specific NetWorker server, click the server’s
name in this window and double-click the Launch NetWorker Administration link.
Note that when installing the NetWorker server, ensure that the NetWorker authentication
service is started before starting the NetWorker server services.
For more information about Microsoft Windows silent installations of NetWorker software,
including available installation options and troubleshooting, please refer to the EMC
NetWorker Installation Guide.
After installing the NetWorker server, install the EMC License server to use the EMC
Licensing Solution model.
At the beginning of the NetWorker Windows base client installation, you can choose to run
the System Configuration Checker. This checks for any OS-related configuration issues. If
any warnings are brought up, they can be addressed and then the Configuration Checker
can be re-run post-installation to verify that the warnings are cleared.
For NetWorker integration with Avamar, NetWorker uses the Avamar avtar binary on client
hosts. The Avamar client package is included with NetWorker and must be installed on the
client hosts that use the NetWorker Avamar integration for backup storage. This is included
when installing Windows clients using the separate base client install package.
Note: When installing a NetWorker server, skip the NetWorker License Manager software
installation option during the NetWorker installation. This is for the legacy NetWorker
License Manager and is not required in order to use the EMC Licensing Solution.
For Linux, the NetWorker software is installed in /usr by default. NetWorker binaries are
located in /usr/sbin. NetWorker directories are located in /nsr. Console server is installed
in the /opt/lgtonmc directory and the Console server database is located in
/opt/lgtonmc/lgto_gstdb.
For Linux , starting the processes during installation is optional. You can use a command
such as ps to verify the appropriate daemon processes are running.
On Windows, there are always two httpd processes running when the NMC server is active.
On Linux, there are two or more httpd processes running, where the parent httpd process
runs as root and the child processes run as the user name specified during the installation.
1. Stop the NetWorker Remote Exec Service. Since the EMC GST Service and
the Backup and Recover Server are dependent services, Windows will ask if you
also want to stop these services.
The networker script can be executed manually, using a start argument, to start the
NetWorker daemons. When the stop argument is used, all NetWorker daemons, as well as
any other running NetWorker processes, are stopped.
The NetWorker installation process installs a program named nsr_shutdown. This is the
recommended method of gracefully shutting down all NetWorker processes.
When the Console server is installed, a run-control script named gst is placed in the same
location as the networker script. Use an argument of start to start the Console server
daemons and an argument of stop to stop the Console server daemons.
NetWorker server daemons can also be started manually by executing nsrexecd, followed
by nsrd. For a NetWorker client or storage node, only nsrexecd should be started.
On a Linux host, use the operating system’s software removal utility to remove the
software.
In either case, the default behavior during removal is to perform a partial uninstall. This
leaves the NetWorker control data installed. To perform a complete uninstall on a Linux
host, the directory containing the NetWorker control data, \nsr, must be manually removed
using a utility such as rm. To perform a complete uninstall on a Windows host, manually
remove the C:\Program Files\EMC NetWorker folder or whatever folder contains the
NetWorker software.
Important:
Do not remove the install directory if the NetWorker or Console server software packages
will be updated or reinstalled.
Refer to the NetWorker Upgrading Guide available at EMC Support web site,
https://support.emc.com for detailed upgrading instructions.”
As part of the upgrade to NetWorker 9, the NMC database must be migrated to PostgreSQL.
A separate tool called gstdbunload is provided to unload data from the previous NMC
Sybase database. gstdbunload must be run before uninstalling or upgrading the previous
NMC version.
Each student works in their own VDC configuration, accessed with an assigned VDC
username and password. The NetWorker Implementation and Management lab
configuration consists of these five virtual machines:
This demonstration walks you through the steps of deploying and configuring a NetWorker
Virtual Edition NetWorker 9 server. To view the demonstration, enter this URL in your web
browser:
https://edutube.emc.com/Player.aspx?vno=McC1OMnFdkoU7hefLR8KZQ==&autoplay=true
Pools automatically separate data by data type. Pools are used by the NetWorker server to
direct a save set being backed up or cloned to a set of volumes.
As illustrated in the slide, there are two types of pools – Backup and Backup Clone – that
are used by NetWorker to segregate one type of data from another. For example, a save
set being backed up can only be written to a volume belonging to a Backup pool, and when
a save set is cloned, the new clone copy of the save set can only be written to a volume in
a Backup Clone pool.
It is recommended to use the Pool attribute in the action resource to specify the pool to be
used for the particular backup action. However, you can elect to use a pool specified in the
client resource by changing the setting of the Client Override Behavior attribute in the
backup action.
If the Client Override Behavior attribute is set to Client Can Not Override, then
NetWorker uses the value for the Pool attribute in the backup action.
If the Client Override Behavior attribute is set to Client Can Override, then the value
for the Pool attribute in the client resource is used. If the Pool value in the client resource
is empty, than the value defined in the backup action is used. This is the default setting for
new action specifications.
Ideally, each pool should have its own unique label template. However, more than one pool
can use the same label template. If a volume being labeled resides in an autochanger, or
library, that is configured to match barcode labels, the label template is ignored and the
volume name will be the same as its barcode value.
NetWorker has several pre-created label templates that can be used or you can create new
label templates from the Media window as shown on this slide. The lower left picture shows
the configured label template named Astro. The labels assigned to volumes start with
Astro.001, Astro.002, and so on up to Astro.999 and are based on the values specified in
the Fields and Separator attributes.
Max parallelism specifies the maximum number of simultaneous save streams that can be
sent to a drive on which a volume from this pool is mounted.
When the Auto media verify attribute is selected, the NetWorker server verifies data
written to volumes from the pool. Verification occurs when either a volume becomes full or
a volume becomes idle. Data is verified by repositioning the volume to read a portion of the
data previously written to the media. The data read is compared to the original data
written. Verification succeeds if there is a match. If verification fails, the volume is marked
full.
The Recycle from other pools attribute allows recyclable volumes from other pools to be
relabeled into a different pool. The Recycle to other pools attribute allows recyclable
volumes in the pool to be relabeled into a different pool. Both attributes are disabled by
default.
When the Store index entries attribute is enabled (default setting), CFI entries are
generated for save sets that are written to the pool.
With the use of virtual tape libraries, recycling of volumes is critical to reclaim disk space.
Relabeling of eligible volumes in a pool can be scheduled to occur automatically using these
attributes under Volume Operations:
• Recycle start: Defines the time to start the automatic relabel process each day. By
default, the automatic relabel process is not done.
• Recycle interval: Defines the interval between two starts of automatic relabel
processes.
• Max volumes to recycle: Defines the maximum number of recyclable volumes that
can be relabeled during each automatic relabel process.
• Recycle last start: This is the last time that scheduled automatic recycling was
performed.
Note: For a complete list of pool and label template resource attributes, see the nsr_pool
and nsr_label topics in the EMC NetWorker Command Reference Guide or the Linux man
pages. Also, please refer to the Media pools topic in the EMC NetWorker Administration
Guide.
The label contains information such as the volume name, the name of the pool to which the
volume was assigned, and the block size to be used when writing to the volume.
During a backup, the NetWorker server matches a save set to the appropriate nsrmmd based
on the pool to which the volume belongs.
In this slide, you can see that we are labeling the device, AFTD1, into the Astro pool that
uses the volume label, Astro.001.
NetWorker provides user interfaces for configuring and running both types of backups as
shown here. Commands are also available for configuring and running backups from the
command line.
Scheduled backups are the preferred option for performing on-going, day-to-day backups
as well as ad-hoc or on-demand backups. By using scheduled backups, you ensure that
data is protected on a regular basis according to specifications that you define in NetWorker
data protection policies. It is recommended to reserve client-initiated backups for specific
use cases only as needed.
Policies allow you to design a data protection solution at the data level instead of at the
host level. You define what data you want to back up for each host using a NetWorker client
resource. Then, you assign those client resources to backup groups. Next, you design
workflows that define the actions or tasks that you want to perform for that group, when to
automatically run the workflow and how often to run.
As you can see here, policies allow for the creation of complex workflows by chaining
multiple actions in a workflow. In this way, you can specify what happens to a group of
client resources throughout the data protection lifecycle.
In the example shown here, for Workflow 1, there is only one action in the workflow. The
save sets defined in the client resources of Protection Group 1 are backed up by the
traditional backup action. Workflow 2 contains two actions. First, a check connectivity action
is performed. Then, only the save sets for the clients in the group that are online are
backed up by the backup action.
First, we create client resources for the clients hosting the data that we want to back up.
We create a protection group and add the client resources into the group.
After creating a policy resource, we create a workflow, assign the group to the workflow and
decide when and how often the workflow automatically runs.
Lastly, we create one or more actions in the workflow to specify what we want to occur
during the workflow.
When planning and implementing your protection strategy, you may want to create groups
before creating the workflows as we have outlined here, or you can create workflows first
and then create groups and assign them to the applicable workflows, whichever works best
for you.
The easiest and most common way to create client, group, and policy resources is to use
the wizards and windows in the NetWorker Administration Protection window. In this
lesson, we explore these resources and the options they offer.
NetWorker includes two client resources for backing up the NetWorker server and the
NetWorker Management Console server.
There are also several pre-configured policies along with corresponding groups and
workflows. These pre-configured policies are the Bronze, Gold, Platinum, and Silver policies.
You can modify the pre-configured resources and also create your own. Groups, policies and
workflows can also be copied and deleted. Workflows can be moved from one policy to
another.
NetWorker provides the New Client Wizard to walk users through the steps to quickly
create a client. The New Client Wizard is accessed from the Protection window by right-
clicking Clients.
The wizard asks for the client name and supplies default values for the several attributes in
the client resource. The slide lists the client resource created for a client named
winclient.emc.edu.
It is important to note that prior to configuring the client using the New Client Wizard, we
first installed the NetWorker client software on the client host.
Alternatively, you can use the Properties window of the client resource to create and
configure a NetWorker client.
The New Client Wizard presents the most common client resource fields to allow
administrators to quickly configure client resources for most situations. You will find that
the Client Properties window contains many more fields to further customize backups for
individual client resources and save sets. A full set of attributes is displayed by selecting
Diagnostic Mode from the View menu. We will discuss several of these additional fields
later in this course.
Note: To modify an existing client created with the wizard, right-click the client and select
Modify Client Wizard.
The slide shows a specification for backing up two save sets: C:\Documents and Settings
and C:\Program Files.
Important: Certain save sets are excluded from the All save set. Also special keywords can
be used with All to define the file systems to include in a client backup. For a list of
excluded save sets and key words, please refer to the “The All save set” topic in the
NetWorker Administration Guide.
The special save set DISASTER_RECOVERY:\ is used to back up all of the data that is
required to perform a Windows BMR recovery. Recovering Windows hosts is covered in
more detail later in this course.
If Save set is set to anything other than All and you want to back up any of the Windows
SYSTEM save sets, you must explicitly specify them in the save set list.
Each group can be assigned to only one workflow. The same client resource can be added
to more than one group.
A Basic client group defines a static list of client resources to back up. When creating the
group, you select the client resources to add to the group. In the screenshot on the left, we
have added a winclient.emc.edu client resource to the group.
A Dynamic client group determines the clients to be protected at run time based on the
value of a tag. When the group is created, you specify a tag that is used to choose the
clients. Then, when configuring clients, you assign that tag to all clients that you want to be
members of the group. At run time, NetWorker automatically generates a list of client
resources with a tag that matches the client tag specified for the group. The benefit of this
type of group is that an administrator does not need to remember to add specific clients to
a group; clients are automatically added to the group based on the tag you assign when
creating the client resource. In the example on the right, we have created a dynamic clients
group with a tag of Backup at 7. At run time, this client resource is automatically added to
the group.
To edit existing policies or create new ones, use the Protection window. Here we have
created a new policy named File system Backups.
Note: A group must be assigned to a workflow in order for any actions in the workflow to be
performed.
A Backup Traditional action performs a scheduled backup of the save sets defined in the
client resources of the group assigned to the workflow.
A Probe action runs a user-defined script on a client host that passes a return code. If the
return code is 0, the next action such as a backup, is performed. If the return code is 1,
then the next action in the workflow is not performed.
A Check Connectivity action is used to ensure there is connectivity between the clients and
the NetWorker server before a sequential action is performed.
The next several slides in this lesson describe some of the most common options for each of
the backup traditional, probe, and check connectivity action types.
The default schedule is to perform a full backup on Sunday followed by incremental backups
the rest of the week. To quickly set the same value for each day, select the backup type
from the list and choose Make All. The supported backup levels are explained in detail in
the next several pages.
A full backup backs up all files and directories in a save set and is the lowest backup level,
being equivalent to a UNIX level 0 backup. A full backup requires the most storage space
and takes the longest time to perform.
An incremental backup contains all files that have changed since the last backup of any
type while a cumulative incremental backup contains files that have changed since the last
full. Using incremental and cumulative incremental backup levels generally takes less time
than performing full backups and uses less volume space. However, using these backup
levels may slow file recovery if multiple save sets are required to recover to a particular
point in time.
Only the NetWorker server and storage nodes are involved in synthetic full backup
processing. By lessening the number of traditional full backups, the backup workload of
backup clients is reduced, as well as the network overhead involved in transferring the
backup data from the clients to the storage node. Synthetic backups also reduce recovery
time and steps as data can be restored from the synthetic full backup instead of a
traditional full backup and all its dependent incremental backups.
In the example shown on the slide, the synthetic full backup taken on Wednesday combines
the full backup run on Monday with the incremental backups run on Tuesday and
Wednesday. The resulting synthetic full backup is equivalent to a traditional full backup run
at the same time as the Wednesday incremental backup and reflects the state of the data
as of Wednesday’s incremental backup. The incremental backup run on Thursday includes
all changes since the incremental on Wednesday. The next synthetic full backup (not
shown on the slide) will combine the previous synthetic full backup and subsequent
incremental backups.
When Client Override Behavior is set to Client Can Override, values for Schedule,
Pool, Storage Nodes and Retention policy in the client resource are used instead of the
values for comparable attributes in the backup action. The default for this attribute is to
allow the client to override the action.
Retries: The number of times NetWorker should retry failed probe and backup actions.
Retry delay: Amount of time in seconds that NetWorker waits before retrying a failed
action.
Inactivity Timeout: Maximum amount of time that a job is given to fail to communicate
back to the NetWorker server.
Note: For definitions of the attributes displayed on NetWorker wizard windows, click in
the lower left corner of each window.
This slide shows the attributes in the client resource for specifying a schedule, pool, storage
node and retention. (Note you can see these attributes in the Client Properties window by
enabling Diagnostic Mode from the View menu.) The selections for the Retention policy
attribute can be found in Time Policies from the Server window. The selections for the
Schedule attribute are found under Schedules from the tree in the Protection window.
The options for the various pre-configured Time Policies and Schedules may be modified
if needed.
In the example shown here, we want to keep the save sets defined for this client resource
for a period of one quarter while the backup action specifies a period of one month. All
other save sets for the client resources in the group assigned to the action will be retained
for one month.
For a probe action, you define the days of the week that the action will run. If the Start
backup only after all probes succeed attribute is checked, the following backup action
runs only if all probes in client resources in the assigned group succeed. Succeed is defined
as a return code of 0. If the field is not checked, the backup action starts if any one of the
probes associated with a client resource in the assigned group succeeds.
A NetWorker probe resource is created for each probe script. The probe resource specifies
the probe script name and command options, if any.
The probe resource is then associated with one or more client resources.
The client resources are associated with a group and the group is associated with the
workflow containing the probe action.
For the check connectivity action, you define the days of the week that the action will run.
If the Succeed only after all clients succeed attribute is checked, the following action
runs only if all clients succeed. If the checkbox is cleared, the following action runs if
connectivity is achieved for one or more clients.
Note: Retries, Retry Delay, Inactivity Timeout and Send notification options are not
supported for the check connectivity action.
The Traditional backups workflow pictured here is a workflow in the policy named File
system Backups for a basic backup. The workflow is configured with one action named
backup. When the workflow runs, the workflow backs up the clients assigned to the File
system backup group to a device in the AFTD Devices pool.
Through the use of policies and workflows, NetWorker enables you to see at-a-glance how
your data is protected.
The table summarizes the valid workflows that can be configured for traditional backups
through to a third action. A workflow can be as simple as one backup action or it can be
more complex with a succession of various actions. There are some rules, though, for which
action types can occur where in the succession. For example, the only action that can follow
a traditional backup is a clone action. The clone action can occur either concurrently with or
after the backup action. A workflow for a traditional backup can optionally include a probe
or check connectivity action before the backup. A check connectivity action can be followed
by either a backup action or a probe action. When configuring the actions in a workflow, the
wizard enforces these rules by only presenting the valid action types depending upon the
position of the action in the workflow.
In the example displayed above, a workflow named “Workflow for probe” contains two
actions, a probe action and a backup action. A list of clients to back up is sent to the backup
action depending upon the outcome of the probe action.
This is an example of a workflow with two actions; a check connectivity action followed by a
backup traditional action.
Finally, we discuss running manual, client-initiated backups using the save command and
NetWorker user.
In this example, workflows in the DR Backups, Server Protection and Standard Filesystem
policies are enabled for autostart. Each workflow starts according to the schedule defined in
the workflow. The last time a policy, workflow or action was run is displayed in the Start
Time column of the Policies section of the Monitoring window.
The policy framework runs the savegrp command for probe and backup actions. savegrp
issues remote execution requests to a configured group of clients, causing the clients to run
a backup command (usually save) for their configured save sets. The client, group, and
policy resources, along with associated workflows and actions, determine what is backed
up, when it is backed up, how it is backed up and where the backup data is stored.
After an action, workflow or policy completes, the NetWorker server executes configured
notifications for these events.
savegrp uses nsrexecd to start saves on NetWorker client hosts. nsrexecd, running on
each client host, only allows remote execution requests from NetWorker hosts listed in the
client’s /nsr/res/servers file. If this file is empty or does not exist, the client can be
backed up by any NetWorker server.
The Priority attribute on the NetWorker client resource allows administrators to control the
order that the NetWorker server contacts clients for backup. A client with the lowest priority
value in a backup operation is contacted first. If a value is not specified, then the backup
order is random. By default, the value for the Priority attribute is set to 500. To guarantee
that the backup of one client occurs before the backup of another, place each client in
separate groups and configure the workflows to start at different times.
To run workflows, right-click the name of the policy or workflow that you want to start and
select Start. Starting at the policy level causes all workflows for the policy to start. You can
run a workflow for selected clients in the workflow by selecting the workflow and then
choosing Start Individual Client from the Monitoring menu.
When using the nsrpolicy start command, it is possible to override the workflow and run
the workflow for just one or more clients as long as the client(s) are clients that are
specified in the group assigned to the workflow.
In the example shown here, we are starting the workflow, Workflow with multiple actions,
in the policy, File system Backups, for just one of the clients in the workflow.
Note: There are many other operations that can be performed using nsrpolicy including
configuring policies, workflows and actions. Please refer to the nsrpolicy topic in the
NetWorker Command Reference Guide for details.
As shown here, from the Monitoring window, open up the tree in the Policies section to
the desired level. For backup actions, you can drill down to the clients within the backup.
The status column displays the status of running operations or for the last run time. For
example, a green checkmark indicates a successful completion for the last time the
operation ran. A blue icon indicates an operation is in progress and a red icon points to a
failed operation. There are other policy status icons that may appear; hover the mouse over
an icon to display its meaning. Additional monitoring information can be seen from
Monitoring:
• Policies – Lists all policies, workflows and actions with status, the time the last
backup was run, the duration of the backup, the completion percentage, and the next
time the backup will run. Clicking the Actions tab displays a list of all the configured
actions. Column information indicates the action status and its policy and workflow.
• All Sessions – Displays all sessions currently running on the NetWorker server. You
can select other session tabs to display only certain session types, such as save
sessions, recoveries and clones. You can cancel a session by highlighting the session,
right-clicking and selecting Stop.
• Devices – Contains storage node, volume, pool and performance information for
configured NetWorker devices. The status icon indicates if the device is currently
active (shown here), disabled or idle.
• Log – Contains information about the many actions performed by NetWorker during
the running of the policy or workflow.
• Alerts – May contain information such as the license status alert shown here. The
priority column indicates the criticality of the alert.
Here is an example of a failed workflow, Workflow with multiple actions. The Policies
section of the window provides a visual status of a problem in the form of the red status
icon for the failed action and workflow. Not shown here, is that there is also a red status
icon next to the workflow’s policy indicating that there was a failure within the policy.
Messages reporting failed operations are listed in the Log section of the window.
By right-clicking the workflow or action and selecting Show Details, NetWorker displays
more information about the operation. In this case, the details for the failed probe action
reports that the action did not contain any defined probes. Using this information, we found
that the client resources in this workflow did not have a probe resource assigned to them.
Because the probe action was configured to require that at least one client must have a
probe execution status of success, the action failed.
Notifications can be sent to a log file or to an email address. You can change the content of
the notification command to send the notification to a different log file or to a mail
recipient.
At the workflow level, you have the choice to use the notification configuration that was set
at the policy level or to send a notification that is defined for the workflow on completion of
all of the actions in the workflow or on failure of any one of the actions. When a notification
is set at the workflow level, it supersedes any notifications configured at the policy level.
Likewise, for an action, you can choose to use the notification configured at the policy level
or you can configure a different command on completion or on failure of the action. When a
notification is set at the action level, the notification is generated in addition to any
notifications generated at the workflow or policy levels.
In the example shown here, the default notification is left unchanged at the policy level.
However, for the backup action, we chose to use a different notification upon completion of
the action. When the action finished, the notification message was written to a file called
tradbkupaction.log in \nsr\logs.
The checkpoint restart feature is not enabled by default and is configured on a per client
basis. To enable the feature, check Checkpoint enabled from the client resource General
tab. Checkpoint granularity is the level at which the backup can be restarted, either at
the directory or file level. When restart by directory is selected, after each directory is
saved, the data is committed to the index and media database. If restart by file is selected,
every file is committed to the index and media database. This is time consuming and has
the potential to degrade performance during a backup containing many small files. Because
of this, restarting by file is recommended only for save sets with a few, large files.
Important: The checkpoint restart feature cannot be used on Windows platforms or when
parallel save streams are enabled.
Note: The NMC database cannot be backed up as part of a Checkpoint Restart backup.
The Backup command attribute is used to enter a specific backup command when using
one of NetWorker’s add-on modules, such as NetWorker Module for Microsoft and
NetWorker Module for Databases and Applications, to perform application-specific backups.
You can create a custom script to perform tasks before, after, or instead of the save
process. These tasks might include moving, deleting or renaming files, stopping and
starting processes, or generating logging information. When writing a custom script, you
must include the save command if you want a save stream to be generated. The save
command should have an argument of $* to retain all of the arguments sent by the
NetWorker server.
The custom script must have a name that begins with nsr or save (for example,
nsr_my_custom_command or save_my_custom_command). The custom script file must also
reside in the same directory as the NetWorker save command. On Windows hosts, the
default location of save is C:\Program Files\EMC NetWorker\nsr\bin; on UNIX hosts,
execute which save to determine the location.
You can also specify the savepnpc command in the client's Backup command attribute. Use
savepnpc if you want to run either pre-processing commands before any client save sets
are backed up and/or post-processing commands after all save sets have been backed up.
Note: For more information about using savepnpc, see the savepnpc, preclntsave, and
pstclntsave topics in the NetWorker Command Reference Guide.
For a client to execute any type of backup, it must first be configured as a client resource
on the NetWorker server. When the client performs a save, it generates a save stream,
sends it to the assigned storage node, and sends tracking information to the NetWorker
server. The storage node also generates tracking information which it sends to the server.
Client-initiated manual backups have a backup level of manual instead of the backup levels
of full, incremental, and so on.
Unless the -x option is used, save will not cross mount points. For example, save / in a
Linux environment backs up only the root file system.
Please refer to the NetWorker Command Reference Guide for additional options and
information about save.
Important: Caution should be exercised when using the –x option because save traverses
network-mounted (NFS, CIFS) file systems and drives. In a Microsoft Windows
environment, running save –x / causes all drives to be backed up.
Previewing the backup ensures that save is working properly and displays an estimated size
of the save set as well as the number of files to be backed up. A list of files that would be
saved is also displayed.
The four buttons in the upper-left corner of the window initiate the following tasks:
• Perform a backup – This opens the smaller backup window shown in the slide on the
right.
• Perform a recovery – This opens a recovery window and is discussed in the modules
dealing with recoveries.
• Perform an archive – This requires a special license and is not covered in this
course.
• Verify files – This allows you to verify whether a recent backup or archive operation
was successful by comparing data on disk to data on a volume. See the NetWorker
Administration Guide for details.
The client name and NetWorker server managing the backup or recovery are shown at the
bottom of the NetWorker User window.
After marking the files and directories to back up, click Start (green lightening bolt) to
begin the backup. You can monitor the backup in the Backup Status window, which opens
as soon as the backup begins.
A password must be set before password protection or encryption can be performed. This is
done by selecting Password from the Options menu and entering a password.
Using Special Handling affects all the files backed up during the backup session. To perform
compression, password protection, or encryption only on selected files in the backup, right-
click the item you want to handle specially and select the appropriate action from the menu.
The Attributes column shows the special handling that is currently set. A value of P is
marked for password protection, E for password protection and encryption, and C for
compression.
Important: When choosing a password option, DO NOT FORGET THE PASSWORD!!! It is not
stored anywhere other than the volume on which the data is written. During recovery of
PW2 encrypted data items, you are prompted for the password. If you cannot provide it,
you cannot recover the files. If backup data is password-protected but not encrypted, an
administrative user (root or Administrator) is able to recover the data.
Using synthetic full backups can reduce the number of full backups that need to be run but
does not eliminate the requirement to run full backups. Run synthetic backups as a
replacement for full backups, not in addition to.
Because synthetic full backup operations include only the NetWorker server and storage
node, they have the potential to reduce the impact of backup operations on the network
and client resources. However, it is also important to monitor the impact of synthetic
backup processing on participating storage nodes.
First, an incremental backup of the save sets is performed (not shown here). Then, a full
backup is performed for the NetWorker storage node client, nwwindows.emc.edu, to
consolidate the most recent, previous full/synthetic full backup with all the incremental
backups that have run since the most recent, previous full/synthetic full backup. At the end
of the synthetic full operation, NetWorker verifies the integrity of the new full backup.
In a block based backup, NetWorker scans a volume or a disk in a file system in a single,
sequential pass and backs up only the blocks that are in use in the file system. It does this
by taking an image-based backup at the volume level, rather than walking an entire file
system in the backup process. Block based backups use the VSS snapshot capability on
Windows and the Logical Volume Manager and Veritas Volume Manager on Linux to create
consistent copies of source volumes for backups. Block based incremental backups use the
change block tracking methodology to identify and back up only the changed blocks.
Using block based backup technology, backups complete in less time than comparable non-
BBB backups. In addition, no index is created as part of this workflow. This makes block
based backups of particular benefit for high density file systems where, potentially, millions
of files would need to be indexed and indexed again with every backup. The fact that
NetWorker does not create an index in this process is a differentiator in the industry. It
saves time and space in the backup workflow. Even though an index is not created,
recovery at the file level is still supported. This is done by virtually mounting the backup, at
which point, files can be viewed and recovered.
Block based backups require the use of client direct, consequently, only AFTD and Data
Domain device types are supported as backup targets. You can, however, clone block based
full backups to other device types including tape and virtual tape.
To enable the block based backup feature, select the Block based backup attribute in the
client resource. Note that Client direct is enabled by default. Valid save sets include the All
save set and volume/volume mount point levels. Save sets at the folder or file level are not
supported for backup. For Linux, each volume group must have at least 10% free space for
block based backups to succeed. This space is required for copy on write snapshot
processing.
Note: Checkpoint restart and standard NetWorker directives are not supported for block
based backups.
When backups are sent to an AFTD, selecting any level apart from full or incremental
results in an incremental backup being performed. The next backup after 38 incremental
backups will automatically be a full backup.
On a Data Domain device, selecting any backup level apart from full results in a virtual full
backup. The backup save sets are displayed as level full. Forever incremental backups are
supported.
A full backup must be created initially. Incremental backups must be created on the same
device as full backups. When using incremental backups, the next backup after a reboot of
a client host will be a level full.
Please see the NetWorker Administration Guide for a further discussion of NetWorker block
based backup support.
• A local directive file is a text file named .nsr (UNIX) or nsr.dir (Windows) that contains
directive statements. The save command always looks for a directive file in a directory
before backing up the directory. These directives only apply to the data within the path
where the directive file is located. This type of directive affects both server-initiated and
client-initiated backups.
• A NetWorker User local directive (Microsoft Windows only) is created using NetWorker
User by a user logged in with local Windows Administrator privileges. This type of
directive resides in a networkr.cfg file located at the root of the system volume (usually
C:\). The syntax of this type of directive is identical to a server-side directive. A
NetWorker User local directive affects both server-initiated and client-initiated backups.
If there is a conflict between directives, global directives take precedence over local
directives. On Windows systems, NetWorker User local directives take precedence over local
directive files.
A directory specification indicates which directory the ASMs or save environment keywords
are applied to. A single directive resource may contain multiple directory specifications.
• Directory names are specified within double angle brackets, “<< >>”. A directory
specification of “<< / >>” on a Windows host is equivalent to all drives.
• Quotes around the directory specification are not required for a UNIX path name.
• Indentation is optional.
ASMs on following lines affect how files under the specified directory are saved. When an
ASM has a leading + it is recursively applied to all subdirectories.
A pattern is a file or directory name. It may contain the wildcards *, ?, and []. Multiple
pattern arguments are separated by white space.
In the following example, the skip ASM applies only to files or directories in /etc whose
names end in .log.
<< /etc >>
skip: *.log
Examples of ASMs include compressasm, which compresses the files or directories in the
save set, and skip, which omits files or directories from the backup. Some of the available
ASMs are listed in the slide. A full list of ASMs is available in the uasm topic in the
NetWorker Command Reference Guide and the UNIX man pages.
Examples:
1. Skip the file expenses.xls in the C:\docs directory, and compress all files having a
.mdb extension residing in C:\docs and recursively below it.
2. Skip all files with .tmp and .jpg extensions anywhere under /opt/data.
In the following example, software compression is being recursively performed on all files
under the root directory. However, the forget keyword says, “Stop applying any ASMs that
are currently in affect” and ignore says “Ignore all .nsr files located in or below
/export/home.”
<< / >>
+compressasm: .
<< /export/home >>
forget
ignore
The result is that nothing under /export/home is compressed and all .nsr files under
/export/home are ignored. Thus, even if a user has a directive file
/export/home/xyz/.nsr containing: skip: image_data which was created to avoid
backing up a directory of large images that can be easily recreated, the directory is actually
backed up because the local directive file is ignored. You could use both ignore and allow
together to correct the situation. To allow only xyz to have a .nsr file, add a second
directive statement, allowing only the .nsr file in the xyz directory. The directive resource
now looks like this:
<< / >>
+compressasm: .
<< /export/home >>
forget
ignore
+compressasm
<< /export/home/xyz >>
allow
You apply a global directive to individual client resources using the Directive attribute on
the client resource.
In this example, we want to skip all files with an extension of tmp for a specific Windows
client resource. When a backup action runs for this client resource, it will skip all tmp files.
This type of directive has limitations. It can only configure ASMs that NetWorker User is
familiar with. These include null (similar to skip), compressasm, pw1 (password-protect),
and pw2 (encrypt).
To configure the directives, start NetWorker User and select Local Backup Directives from
the Options menu. All files and directories are initially marked. Unmark files and
directories you want skipped during backups, and apply special handling to those items for
which you desire special handling. Save the directives by selecting Save Backup
Directives from the File menu. The networkr.cfg file is created and read by save during
subsequent backups. If the file already exists, it is updated each time you save the
directives.
networkr.cfg resides at the top level of the system volume (usually C:\).
More information about directives can be found in the nsr_directive (for server-side) and
the nsr (for client-side) topics in the NetWorker Command Reference Guide or the
UNIX/Linux man pages. Also, please refer to the Directives topic in the NetWorker
Administration Guide.
A snapshot is a point-in-time (PiT) copy of data files, volumes or file systems. NSM provides
snapshot backups on disk that can be tracked and managed from NetWorker. You can
leverage snapshots for impact-free backups by using a server other than the production
host to perform clones of snapshots to backup media. This alternate proxy host or mount
host will take on the performance burden instead of the production server.
NetWorker provides a single pane of glass approach to data protection. You configure
snapshot backups using NetWorker data protection policies and workflows, allowing you to
manage the snapshot lifecycle from creation to clone and expiration. NetWorker provides
NSM snapshot backups with the same benefits that are offered for conventional backups
such as monitoring, scheduling and reporting.
Array-based:
Software-based:
NAS support includes Isilon OneFS 7.x and higher, VNX, VNX2, and VNXe/VNXe2, and
NetApp OnTAP 8.x and higher.
Snapshot Only: With a workflow containing only a snapshot backup action, NSM creates a
snapshot on the storage array. The snapshot is retained on the storage array only.
NetWorker catalogs the snapshot as a backup in its media database. For application
backups, NetWorker also records the application files being protected in the CFI. The
snapshot can be used for a snapshot restore.
Snapshot and Rollover: The second workflow depicts a snapshot backup action followed
by a clone action. Here, NSM creates a snapshot and then the save sets specified in the
client resource are copied (cloned) from the snapshot to backup media. Media can be DD
Boost or AFTD devices. The NetWorker media database catalogs both the snapshot and the
rollover/clone. For the clone, NetWorker records the content of the snapshot for file system
backups in the CFI; for the backup and the clone, the application files being protected for
application backups are recorded in the CFI. You can also clone VMAX3 Snapvx snapshots to
ProtectPoint devices. A rollover-only workflow can be achieved by following a snapshot
backup action with a clone action that specifies to delete the source save set after the clone
action completes. In this case, the snapshot is cataloged, cloned to media and then deleted.
Only the rollover is available for recovery.
Delayed Rollover. The third workflow shows a delayed rollover where the clone action is
not directly tied to a snapshot backup action. In this example, a save set group is used to
select the specific input for the clone. We discuss configuring clone operations in a later
module of this course.
Many of the options in the Policy Action wizard are similar to those for other types of
backups. Of particular note for snapshot backups are the fields on the Specify the
Snapshot Options screen. Snapshot retention is specified using duration-based retention
with the Retention attribute. After the period of time specified here, the save set is
removed from the media/CFI databases and the snapshot is deleted. For Minimum
Retention Time, specify the minimum amount of time to retain the snapshot. When the
minimum amount of time expires, a snapshot action in progress can remove a snapshot
from a storage device to ensure that there is sufficient disk space for the new snapshot.
The client resource is used to specify snapshot backup options such as the storage array on
which to create the snapshot, and the mount host and storage node to be used for
rollovers. When NSM is enabled for the client resource, the wizard presents storage array
and other NSM backup options for configuration.
Snapshot restore - You mount and browse the snapshot file system on the storage
node/mount host and select the files, file systems, or volumes to restore.
Restore from clone - You perform a traditional NetWorker restore from backup storage
media.
Rollback restore - You restore the snapshot by using the storage array features. An
application volume is unmounted and its entire contents are replaced by the entire contents
of the selected snapshot.
Important: A rollback destroys all previously existing data on the target application volume.
With NetWorker modules, applications can be backed up in an open and consistent state.
NetWorker application modules fully integrate with third-party, vendor-specific APIs or
applications, eliminating the need to develop or maintain custom backup and recovery
scripts. They provide fast, online, automated, and reliable granular backup and recovery for
popular database, messaging, content, and ERP applications. NetWorker application
modules are listed on the slide and include:
• EMC NetWorker Module for Databases and Applications (NMDA) is a unified
backup solution for various databases and applications. NMDA software works with the
supported database or application software and NetWorker software to support the most
commonly used third-party applications, including IBM DB2, IBM Domino/Notes, Oracle,
MySQL, Sybase, and Informix.
• EMC NetWorker Module for Microsoft Applications (NMM) delivers a unified backup
solution for Microsoft applications. NMM works with Microsoft Volume Shadow Copy
Service (VSS) technology for backups of Microsoft Exchange, SQL, SharePoint, Hyper-V,
and Active Directory. Additionally, this module provides the capability to leverage
Microsoft VDI for SQL Server to provide a second method for Microsoft SQL backups.
• NetWorker Module for SAP provides backup and recovery of SAP applications,
including SAP HANA.
• NetWorker Module for MEDITECH is used to protect MEDITECH implementations.
NetWorker Module for Database Applications supports integration with NetWorker Snapshot
Management for NMDA for Oracle and DB2 with data on supported primary storage.
NetWorker Module for SAP supports integration with NSM for NMSAP with Oracle with data
on supported primary storage.
The first option is guest-based where a NetWorker client is installed on each virtual machine
host the same as if it was a physical machine.
Note: The VADP or legacy option is still supported, though it has been replaced with the
NetWorker VMware Protection solution. More information on the legacy method can be
found in the NetWorker VMware Integration Guide at support.emc.com.
Note: The acronyms EBR and VBA are used interchangeably; both refer to the EMC Backup
Recovery appliance which is also known as the VMware Backup Appliance.
Guest-based backup and recovery provides a simple and familiar implementation. Guest-
based backups support database and application backups as well as incremental backups at
the file level. With guest-based backup however, the backup processing load of one virtual
machine can negatively impact system resources available to all VMs hosted on the same
physical ESX server. The virtual machine must be powered on for backups. And, the
NetWorker client software installed on each virtual machine must be maintained and
updated.
NetWorker client software is not required on the virtual machines that will be backed up by
the NetWorker VMware Data Protection solution.
The VMware protection solution revolves around the EMC Backup and Recovery appliance
(EBR). The EBR (VBA) registers itself with the vCenter server as well as the NetWorker
server. The VBA includes 8 internal proxy agents. An external proxy adds 8 proxy agents.
Each VBA proxy is controlled by the VBA.
Data protection policies are defined on the NetWorker server using the NetWorker
Management Console. The vCenter administrator applies the protection policies to virtual
machines through the vSphere web client within the EMC Backup and Recovery user
interface. The EMC Backup and Recovery appliance internal storage can reside on FC, iSCSI
or NAS (NFS) storage.
The EMC Backup and Recovery appliance supports back up to its internal storage and to
Data Domain.
External proxies can be used to enhance the scalability and accessibility of the EBR
environment.
• Scalability: The backup administrator can deploy additional external proxies to
increase the total number of virtual machines being backed up simultaneously.
• Accessibility: vSphere supports complex storage topologies which may require a VBA
proxy to be hosted on an ESX host other than the one hosting the VBA. In such
situations, the backup administrator must deploy an external proxy.
Download of the OVA files can be performed from the EMC online support site at
http://support.emc.com
The vSphere administrator uses the EMC Backup and Recovery plug-in to apply policies to
virtual machines and to perform manual backups of virtual machine(s) and virtual machine
level restores.
As groups are the sources of what is to be backed up, VMs to be backed up are added to a
protection group. If you want to add VMs using the EBR GUI, they are added to the EBR
policy.
The cross sync feature checks that whatever is configured in NetWorker gets pushed across
to the EBR before a policy is run thus ensuring consistency and integrity between the two
sides. If the cross sync fails, the policy fails.
In addition to recovery through the GUI, there are FLR and NetWorker CLI commands to
enable CLI recovery. A NetWorker proxy CLI is provided for proxy deployment and
configuration.
With a file-level restore, specific folders or files are restored from an image backup. This
type of restore is more resource intensive and is best suited for restoring a relatively small
amount of data.
Note: The libraries and devices available for configuration are listed in the Devices window
of NetWorker Administration. For an up-to-date list of supported NetWorker devices, refer
to the EMC NetWorker Hardware Compatibility Guide at support.emc.com.
A NetWorker server can manage many storage nodes but a storage node can be managed
by only one NetWorker server. In other words, a storage node cannot exist in two data
zones at the same time.
Relationship to
Description
NW Server
A device that is attached to (either direct or SAN-attached) and
Local
controlled by the NetWorker server.
A device that is attached to (either direct or SAN-attached) and
controlled by a NetWorker storage node that is not also the
NetWorker server.
Remote
All remote device names have an “rd=sn_hostname:” preceding
the device path on the storage node. The slide shows an
example of a remote device name.
To create a storage node resource, right-click Storage Nodes in the left pane of the
Devices window and select New. In the resulting window specify the host name of the
storage node. Select the type of storage node, SCSI, NDMP or SILO.
In the status attributes, a Yes for Enabled means that the storage node is available for
use. Specifying No indicates a service or disabled state. New device operations cannot
begin and existing device operations may be cancelled.
We review more of the most commonly used storage node attributes in the course by type
of managed device.
Note: A storage node resource for the NetWorker server is automatically created during
installation of the NetWorker server.
To support reading and writing of data, one or more nsrmmd processes is started per
configured device. Depending upon the configuration, AFTD and DD Boost devices use
multiple concurrent nsrmmd processes per device and multiple concurrent save sessions per
nsrmmd process.
There is one nsrsnmd process running on each storage node with configured and enabled
devices. nsrsnmd manages all device operations that the nsrmmd processes handle on behalf
of the NetWorker server’s nsrd process. Communication between nsrsnmd and nsrd is
event-based; nsrsnmd is automatically invoked by nsrd, as required.
To verify that the processes are running on a storage node, use the UNIX/Linux ps
command or, on a Windows host, use Windows Task Manager.
• File type device (FTD) – Is the basic, legacy disk device type.
• Advanced file type device (AFTD) - Supports concurrent backup and restore
operations. AFTDs can reside on a local disk on a NetWorker storage node or on network-
attached disk devices that are either NFS or CIFS mounted to a NetWorker storage node.
• DD Boost device - Resides on Data Domain systems with enabled DD Boost. Backup
data is stored in a DD Boost device in deduplicated format.
When creating a NetWorker device resource for a file device, the name of the device is the
full pathname of the directory, for example E:\, D:\Filedev1, or /filedevice2. It is strongly
suggested that you create separate file systems for each file type device. If multiple file
devices share the same file system, they will each contend for the available disk space. If a
file device resides in a file system containing operating system or user files, there will also
be contention for available space. If a file type device cannot be assigned its own dedicated
file system, the device’s Volume default capacity attribute should be used to limit the
amount of space that can be used by the device. If this attribute has a value (it is null by
default), the volume becomes full upon the specified amount of data (750 MB, 12 GB, 1 TB,
etc.) being written to it.
After the device resource is created, a file type device’s volume is labeled and mounted.
File type devices are legacy devices and their use is limited. It is recommended to use AFTD
or DD Boost devices instead of file type devices.
The Client Direct feature enables Networker clients to back up directly to AFTDs over CIFS
or NFS, bypassing the storage node.
An AFTD volume is never marked as full. A save set being written to an advanced file type
device will never continue (span) onto another volume. Instead, if the file system
containing the volume becomes full, NetWorker suspends all saves being directed to that
device until more space is made available on the volume. A message is displayed stating
that the file system requires more space. The nsrim process is invoked to reclaim space on
the volume. A notification is sent by email to the NetWorker administrator.
As a security feature to restrict where AFTDs can be created, in the applicable storage node
resource, you can enter the path or paths of the storage directory that will contain AFTDs
into the AFTD allowed directories attribute.
Do not use a temporary directory. It is strongly suggested that you create separate file
systems for each AFTD. If multiple AFTDs share the same file system, they each contend for
the available disk space. If an AFTD resides in a file system containing operating system or
user files, there will also be contention for available space.
For Dynamic nsrmmds, select whether nsrmmd processes on the storage node devices will be
started dynamically. When not selected, which is the default setting, NetWorker runs all
available nsrmmd processes. If selected, NetWorker starts one nsrmmd process per device
and adds more only on demand, as needed.
NetWorker AFTD devices can be created from the Devices window using either the Device
Wizard or the Properties window.
The attributes from the Properties window are shown here; however, with either method,
similar information is provided:
• For Name, enter the name you would like to use for the device. This can be the path
to the device, or it can be a meaningful name of your choosing. If the storage node is
not also the NetWorker server, this AFTD will be a remote device. The remote device
name must use this format: rd=storagenodename:devicename.
• In the Device access information attribute, enter the complete path to the device
directory. Multiple entries may be made. The first path enables the storage node to
access the device via its defined mount point. You can also provide alternate paths for
Client Direct clients.
• Select adv_file as the Media type for advanced file type devices.
It is possible to configure multiple AFTD devices that share a single storage volume. The
devices can be on the same storage node or on a different storage node. Each device must
have a different name and must specify a path to the storage location. This enables storage
devices and volumes to be better utilized by allowing different devices to mount and access
volumes at the same time. A new session can be distributed to any other nsrmmd seeing
the same volume.
Clients with network access to AFTD or DD Boost storage devices can send their backup
data directly to the storage devices, thus bypassing the storage node in the backup path.
The storage node continues to manage the devices for the NetWorker clients but does not
handle the data. Using Client Direct has the potential for reducing bandwidth usage as the
backup data travels directly from the client to the storage device. Also, any bottlenecks at
the storage node are avoided.
Options include:
Max sessions – This option distributes save sessions based on the Max sessions attribute
of all devices configured on the storage node. This is the default.
Target sessions – This option distributes save sessions based on the Target sessions
attribute of all devices configured on the storage node.
To create a Data Domain device, first launch the New Device Wizard from the Devices
window of NetWorker Administration.
The New Device Wizard walks you through the remaining steps for creating your Data
Domain device.
At this point, you can either choose a pool that you have already created for DD Boost
backups and label the device into that pool or you can create a new pool. A dedicated pool
is required for DD Boost devices. Be sure you do not mix DD Boost backups and traditional
backups in the same pool.
Once you have selected a pool, you can check Label and Mount device after creation. In
the next window, choose the storage node for the device and the method of transport, Fibre
Channel or IP.
The last wizard step is to review the configuration settings. The Device Access Information
is the fully qualified hostname of the Data Domain system and the name of the Data
Domain storage folder on the system. A colon (:) separates the Data Domain system name
and the device folder name.
Upon successful configuration, the device is labeled and mounted. In the NetWorker
Administration Devices window, verify that the device is labeled and mounted, ready for
use. The Data Domain system appears as a managed application in the NetWorker
Management Console Enterprise window.
In a typical backup cycle, the administrator schedules a full backup followed by several
incremental backups. To create a Virtual Full backup, NetWorker sends commands to the
Data Domain system that consist of the regions that are required to create a full backup.
During the transfer no data is transferred over the network. Instead, the regions of the full
backup are synthesized from the previous full and incremental backups that are on the
system using pointers. This process eliminates the data that needs to be gathered from the
file server, reducing system overhead, time to complete the process, and network
bandwidth requirements. NetWorker uses the DDBoost API to create the Virtual Synthetic
full backups.
Virtual Synthetic full backups are an out-of-the-box integration with NetWorker, making it
‘self-aware.’ Therefore, if you are using a Data Domain system as your backup target,
NetWorker will use Virtual Synthetic full backups as the backup workflow by default when a
Synthetic full backup is scheduled, thus optimizing incremental backups for file systems.
Virtual Synthetic Fulls reduce the processing overhead associated with traditional Synthetic
full backups by using metadata on the Data Domain system to synthesize a full backup
without moving data across the network. A traditional full backup is recommended only
after every 8-10 Virtual Fulls have been completed. Therefore, the use of Virtual Synthetic
Full backups also reduces the number of traditional full backups from 52 to 6 per year – a
90% reduction. If a Virtual Synthetic full operation fails, NetWorker defaults to creating a
Synthetic full.
The path(s) to the AFTD device are specified in the device’s Device access information
attribute. If the storage device is directly connected to the storage node, a different access
path is specified for the client than that for the storage node. A configuration using a CIFS
share is shown on the slide.
If the storage device is not directly connected to the storage node, as with NAS, the device
access information is the same for the storage node and clients.
Checkpoint restart supports Client Direct backups only to AFTD devices, and not to DD
Boost devices. If a client is enabled for checkpoint restart and a Client Direct backup is
attempted to a DD Boost device , then the backup reverts to a traditional storage backup.
For Client Direct backups to AFTDs using checkpoint restart, checkpoint restart points are
not made less than 15 seconds apart. Checkpoints are always made after larger files
requiring more than 15 seconds to backup.
The “as a service” model represents a new way of resource delivery in IT. Just as
virtualization ushered in faster and more robust services, it is now having a similar effect
when applied to servers and storage. Server and storage environments can be easily
provisioned, expanded, contracted, decommissioned, and repurposed yielding extreme
flexibility and elasticity.
Backup operations to cloud storage occur over a TCP I/P network. Data sent to a NetWorker
cloud device can be encrypted and/or compressed. There is also a bandwidth throttling
mechanism for cloud backup devices that allows you to limit the amount of bandwidth that
NetWorker can consume for cloud operations during specified periods of time.
All traditional NetWorker workflows are supported with cloud storage in NetWorker,
including backup, recovery, staging and cloning operations. To send backup data to a cloud,
you direct the backup operation (backup, clone, etc.) to a volume mounted on a cloud
storage device. Save sets on a cloud expire based on retention policies. When save sets
expire, space on the cloud is freed up. Cloud volumes are infinitely appendable. Cloud
volumes are not recycled. Cloud volumes can be manually deleted from the NetWorker
Administration Media window.
In addition to the above components, many libraries also have the following:
• Bar code reader - This is an optical device that reads a bar code affixed to a tape.
Using a bar code reader improves the speed of creating or refreshing the library’s
inventory of tape media.
• Import/export port - This is a special port used to move tapes into and out of the
library
without opening the door. It is also known as the Cartridge Access Port (CAP).
• Front panel - This is used to set up and control the library.
• Door - This allows access to the slots, media, and drives. Many libraries have a sensor
that detects when the door has been opened, which may initiate an inventory.
• A dedicated library is controlled by a single storage node. The robotic controller and all
tape drives are managed by the same storage node.
• A shared library is cabled in such a manner that two or more storage nodes control some
portion of the library. A shared library is supported in SAN (Storage Area Network) and
non-SAN environments. There are two configurations available for shared library
• Static drive assignment - All drives are statically bound to a specific storage node
and multiple storage nodes are assigned a drive. Often used with virtual tape
libraries.
• Dynamic Drive Sharing (DDS) - Supported only in a SAN environment.
Individual drives in the library are controlled by more than one storage node.
However, only one storage node can use a drive at any given time. DDS is used to
share physical tape libraries/drives among storage nodes.
It should also be noted that not all drives in a library must be dynamically shared. For
example, in the environment depicted in the slide, it would be possible to allow alto access
to all four tape drives but allow soprano access to only the top drive. Thus, only the top
drive would be dynamically shared.
DDS reduces hardware demands by allowing multiple storage nodes to use the same drive,
but at different times. Once configured, the administration (labeling, mounting, etc.) of a
shared drive is the same as for a non-shared drive.
For more information about NetWorker DDS configurations, refer to the EMC NetWorker
Administration Guide.
Important: DDS is only supported in a storage area network (SAN) environment. DDS is
only supported within a single data zone.
Multiplexing enables more than one save stream to write to the same device at the same
time. This allows the device to write to the volume at the collective data rate of the save
streams, up to the maximum data rate of the device.
The amount of multiplexing allowed (the number of save sets that can back up
simultaneously) is primarily controlled by two NetWorker settings, server parallelism and
device target sessions. These settings are discussed in detail in a later module.
Note: For more information on OTF, refer to the mm_data topic in the EMC NetWorker
Command Reference Guide.
1. When a save is initiated, nsrmmd interfaces with the device to write the data to the
volume.
2. The nsrmmd daemon performs the following tasks to support multiplexing of backup data,
using Open Tape Format:
• Breaks each save set into chunks.
• Combines chunks from various save sets into records.
• Sends the records to the device which writes them to the volume.
• Periodically, nsrmmd writes end-of-file marks to the volume, creating media files. These
file marks are used for faster positioning during reading of the volume.
3. As each record is written to the volume, nsrmmd sends tracking information to the media
database on the NetWorker server. This information is inserted into volume and save set
records in the database, and tracks the location of each media file, media record, and
save set chunk.
Note: For more information on Open Tape Format, see the mm_data topic in the EMC
NetWorker Command Reference Guide or the UNIX/Linux man pages.
If the SCSI address changes, the library becomes unavailable. In such situations, it is
required to disable the library and change the “control port” address to reflect the new SCSI
address of the library controller.
Persistent naming is used to ensure that the operating system (OS) or device driver of a
server always creates and uses the same symbolic path for a device (sometimes referred to
as device file).
As a best practice, EMC recommends enabling persistent binding and naming for tape
libraries and tape devices. This avoids device reordering on reboots or plug and play events.
If a device reordering occurs, the NetWorker software is not able to use any affected drives
until the configuration is manually corrected.
For details on how to configure persistent naming from the operating system or device
driver, refer to your operating system and/or device driver documentation.
For a library to be configured using NetWorker Administration, the library must be able to
provide hardware information, such as device serial numbers, to NetWorker. If this
information cannot be automatically provided to NetWorker by the firmware, jbconfig is
used to configure the library.
The Skip scsi targets field is used to specify SCSI addresses to skip (in bus.target.lun
format) when performing a scan operation. This is useful if the storage node has tape drives
or libraries that you do not want NetWorker to use. Placing a list of SCSI addresses to be
skipped in the storage node resource results in those addresses being skipped during all
scan operations.
If there are unconfigured tape drives or libraries on the storage node(s) that you do not
wish to be affected by a scan operation, specify each SCSI ID in the Exclude SCSI Paths
field. This field can be used to prevent NetWorker from configuring a device and from
unnecessarily scanning attached SAN disks or non-tape library/drive SCSI IDs. Any
addresses in the Skip scsi targets attribute of the storage node resource are automatically
included in the Exclude SCSI Paths for the storage node.
After the scan operation is finished, unconfigured devices are displayed in the left pane of
the Devices window. The icon used to represent an unconfigured drive or library looks like
an orange circle containing a wrench.
In the resulting Configure Library window, assign the drives in the library to the storage
node that will control the robot. In the slide, there is only one storage node shown, nwlinux
in the window. However, in a SAN environment, it is possible that additional storage nodes
are able to access the library. If these storage nodes have been scanned by NetWorker,
they are also displayed in the window.
Click Start Configuration to create the jukebox resource and device resources for the
drives within the library.
Important: An unconfigured library is listed in the left pane under each storage node that
has access to it.
In the slide, \\.\Tape3 on leg1-win5 and /dev/rmt/2cbn on leg1-sun5 have the same
serial number. NetWorker also recognizes that \\.\Tape2 on leg1-win5 and /dev/rmt/3cbn
on leg1-sun5 have the same serial number and therefore point to the same physical drive.
During library configuration, one drive is assigned to leg1-win5 and the second drive is
assigned to leg1-sun5. After the library has been configured, there are now two device
resources associated with the tape library. One of the drives is configured with leg1-sun5
and the other with leg1-win5. The tape library is controlled by leg1-sun5.
Important: Always configure a library using the storage node that you want to control the
robot.
To view a jukebox resource, right-click the library and select Properties from the drop-
down menu. The General tab shows basic information about the library.
Auto media management indicates whether NetWorker should automatically label and
write to non-NetWorker tapes as needed. It is disabled by default.
Bar code reader indicates whether NetWorker should list the bar code on the tape in the
jukebox's inventory and in the media database. It is enabled by default.
Match bar code labels indicates whether NetWorker should use the value on the bar code
as the NetWorker volume name for the tape. It is enabled by default.
Max parallelism is the maximum number of drives to use concurrently for a label or
inventory operation. The default value is one less than the number of drives in the jukebox
(Number drives attribute).
With the Devices window, label and inventory operations are performed by right-clicking
the library and choosing the appropriate selection from the menu. From the menu, you can
also perform a hardware reset of the library and have volumes moved from the import slots
to empty volume slots.
In Target Media Pool, select the pool to which the volumes will belong.
With Prompt to Overwrite Existing Label checked (default), NetWorker prompts the user
if there is an existing label on the volume.
If the volume should not be recycled automatically, select Allow Manual Recycle.
After a volume is labeled, it must be mounted before NetWorker can use it. This is done
automatically within a library.
Note: If an existing volume is labeled in NetWorker, existing data on the volume will be
completely lost. You will not be able to recover any data that existed on the tape before the
label operation.
If you choose Ignore from the dialog box, the icon remains in the User Input field as a
reminder that input must be provided before the operation will continue. To later supply
input, click the User Input icon on the shortcut bar. Note that this icon is available from
any NetWorker Administration window. Alternately, input can be supplied by selecting
Supply Input from the Operations screen of the Monitoring window.
By double-clicking a volume in the right pane, you can display a list of save sets that have
been written to the selected volume. This is a good way to verify that a first backup to a
tape device is happening as expected.
Libraries that have serial numbers can be configured using either NetWorker Administration
or the jbconfig command. However, devices that do not provide serial numbers must be
configured using jbconfig. Also, use jbconfig to configure IBM tape libraries that are
controlled through the use of the IBMs tape driver.
SCSI address - Each tape drive has a unique bus, target, and logical unit number (LUN).
Many people mistakenly believe that the lowest SCSI address is the first tape drive in the
library. This is not always the case.
Library element address - Each slot and tape drive is assigned a unique element address
by the robotic controller. The tape drive with the lowest element address is the first drive;
the next highest element address is the second drive, and so on.
Operating system pathname – A tape drive is accessed through its operating system
device pathname.
When using jbconfig to configure a tape library, you are prompted to enter the operating
system pathname of each drive, beginning with the drive having the lowest element
address. Understanding the order of the drives is necessary to properly configure the
library.
When using jbconfig to configure the library shown in the slide, you are prompted four
times for the pathname of a tape drive in the library. What is the correct sequence of
pathnames to enter? Since you are first prompted for the drive having the lowest element
address, the correct sequence is \\.\Tape3, \\.\Tape2, \\.\Tape1, and \\.\Tape0. This order
corresponds with the ordering of the element addresses.
Persistent binding and persistent naming can be used to resolve issues regarding device
ordering.
The NetWorker inquire command lists all SCSI devices detected by the operating system
on the storage node. This command is part of the storage node software.
The sjisn command is used to display information about a specific library. Not all libraries
support the sjisn command.
By comparing the output from inquire and sjisn you can determine the tape drive
ordering and the operating system pathname assigned to each drive.
In the slide, the sjisn output shows the serial number of the drive at element address 1 is
10000091. The output of the inquire command shows the operating system has assigned
the drive with that serial number a device pathname of /dev/nst2. Since 1 is the lowest
numbered element address, when prompted by jbconfig to provide the path name of the
first drive in the library, you should enter /dev/nst2.
Notes:
To ensure consistent results, it is a best practice to disable the library before running
inquire on a configured library.
For more information, see the inquire, changers, and sjisn topics in the EMC NetWorker
Command Reference Guide and the UNIX/Linux man pages.
To test a device, load a volume into a drive and then verify the operating system can see
the volume in the drive. This can be done using the mt command, which is native to UNIX
hosts and is provided as part of the NetWorker software on Windows hosts. When mt is
used with the status option, it will either return data on the device in the drive, or state no
device in drive.
You can also use the sjirdtag and sjirelem commands to display the changes being made
by the sjimm command. These commands read the media presence and data from a
jukebox. The sjirelem command can also print where the last place of a piece of media
had been prior to its current location, when the jukebox provides that information.
See the sjimm, mt, sjirdtag, and sjirelem topics in the EMC NetWorker Command
Reference Guide and the UNIX/Linux man pages for more information and a description of
additional features.
Caution: A series of commands exists that allow direct interaction with libraries (sji
commands) and tape drives (cdi commands). These commands should only be used by
expert users, as the consequences of using them can be unknown. These commands may
directly interact with the libraries and drives without the knowledge of NetWorker.
Since jbconfig creates a jukebox resource on the NetWorker server, if it is executed from
a storage node, the administrative user running the command must belong to the
NetWorker server’s Administrators user group. After jbconfig creates the resource, the
user can be removed from the user group.
After the jukebox resource is created, it is managed using either of the standard
administrative interfaces: NetWorker Administration or nsradmin.
Which Jukebox - Select the library to configure from the list of auto-detected libraries.
Only SCSI libraries that have not already been configured are listed. If there is only one
configurable library, you are not prompted.
Is any drive going to have more than one path defined - Answer yes if dynamic drive
sharing is being configured for any of the drives in the library.
The pathname of each tape device – This is the operating system pathname.
After receiving all your input, jbconfig lists the options that have been set.
Note: nsrjb has many additional options. See the nsrjb topic in the EMC NetWorker
Command Reference Guide and the UNIX/Linux man pages for more information.
nsrinfo, nsrls, and mminfo are usually executed on the NetWorker server. However, both
nsrinfo and mminfo have a –s nw_server option which allows you to run the command
from any NetWorker host.
When using a Windows pathname on a UNIX command-line, single quotes are required to
turn off the special meaning of the backslash. An ending ‘\’ or ‘/’ in a pathname is required
to match a directory with that pathname.
nsrinfo(1m) syntax:
Where clientname is the name of a NetWorker client and is a required argument. The
output of nsrinfo includes the pathname of each file, and the date and time it was backed
up, in both savetime and nsavetime formats.
nsrls(1m) syntax:
nsrls [ clientname | -m ]
Where clientname is the name of a NetWorker client and, if specified, causes that client’s
CFI usage to be summarized. If no arguments are specified, summary information is
displayed for all CFIs.
Output of nsrls includes the total number of records contained in the CFI and the total
amount of disk space used by the CFI.
nsrls has a -m option which displays the number of records in each of the media database
files and the amount of disk space used by each file.
Right-clicking a client pops up a context menu from which you can display more detailed
information about the client’s CFI or perform a consistency check on it.
If you choose Show Save Sets from the context menu, the Index Save Sets window pops
up which displays the names of all the client’s browsable save sets and the amount of space
in the CFI used for file entries from those save sets. Upon selecting a save set name in the
upper pane, information for each individual save set with that name is displayed in the
bottom pane.
A CFI commonly contains several cycles worth of entries for each save set name.
A cycle is defined in NetWorker as a Full backup and all its dependent save sets.
Incremental and cumulative incremental save sets are dependent on the most recent Full
save set for a current recovery of the save set.
To give an example of what a cycle is, if a client has a 28 day retention policy, uses a
schedule of running a full backup on Sunday and incremental backups the rest of the week,
and has a save set list of C:\Windows\Fonts, the client’s CFI will contain four or five cycles
of the C:\Windows\Fonts save sets, with each cycle being comprised of a full backup and its
six dependent incremental save sets.
To manually remove entries from a CFI prior to the entries being automatically purged due
to normal aging of data, Remove Oldest Cycle removes all entries belonging to the oldest
full save set of the selected save set name and all entries belonging to its dependent save
sets. This is commonly done to quickly reduce the size of a CFI.
mminfo(1m) syntax:
mminfo [ -options ] [ -q queryspec ] [ -r reportspec ] [ volname ]
If no arguments are specified, the output includes all browsable save sets created since
midnight of the previous day. By default, the fields displayed include the save set name,
client name, timestamp, size, backup level, and the name of the volume containing the
save set.
If portions of a save set reside on multiple volumes, there is a line of output for each
volume.
Options and arguments are used to define other queries and reports. If the volname
argument is used, the output is restricted to save sets on that volume.
Queries may use the operators ‘<‘, ‘>’, and ‘=’ to compare a field to a value. Commas are
used to separate multiple queries. If queryspec begins with the negation operator ‘!’, the
comparison matches only if the field does not match the value.
Reports are generated by providing a comma-separated list of volume or save set attributes
which are displayed in the order specified. To specify a field width within a report, append
“(width)” to the attribute keyword, for example “name(10)”.
In the slide, the -q queryspec syntax is used to query the database for save sets named
C:\Windows\Fonts that have more than one copy:
-r reportspec is used to display the name of the save set truncated (or blank-padded) to
10 characters, the save set ID, the clone ID, the number of copies, the volume containing
the save set, and the client name:
Important: There are many volume and save set attributes that may be used for querying
and reporting. All of these options are listed and described in the mminfo(1m) man page
and the NetWorker Command Reference Guide.
To list the snapshot save sets for a client, type the following command at the prompt:
where :
• server – hostname of NetWorker server
• client – hostname of the client from which NSM backed the data up
Note: The NetWorker Command Reference Guide and NetWorker man pages provide further
details on these operations.
Query NetWorker server bongo’s media database, reporting on all browsable save sets, with
a colon (:) separating each field of output. This can be executed on any NetWorker client.
mminfo -s bongo -a -xc:
Display all save sets with a name of /stardata that were backed up from alto, generate
verbose output and separate the fields with a semi-colon. The semi-colon must be quoted
(UNIX only) because it is special to all UNIX shells.
mminfo –c alto –N /stardata –v –xc’;’
Query the database for save sets older than 2 days. The default set of attributes is
displayed.
mminfo -q "savetime < 2 days ago"
Query the database for save sets backed up from flute within the past 2 days.
mminfo -q "savetime > 2 days ago, client=flute"
Display information on volumes containing save sets backed up from flute and which were
written to during the past week.
mminfo -m -t "last week" -q client=flute
Note: See the mminfo(1m) man page and the NetWorker Command Reference Guide for
examples and further information.
When the Volumes option is selected in the left pane, a list of all volumes is displayed.
Right-clicking on a volume pops up a context menu used for performing tasks associated
with volumes; such as displaying all save sets on a volume and deleting a volume from the
media database.
Double-clicking a volume also displays all save sets on the volume. The information
displayed is equivalent to that generated by using mminfo –v volumename.
To perform a query, click Save Sets in the left pane of the Media window. In the right
pane, specify the save set characteristics of those save sets you want information about.
Change to the Save Set List tab to perform the query and report matching save sets.
In the Query Save Set tab, you can choose to display only those save sets matching a
specific status and type. The default value is All for both Status and Type.
Copies commonly refers to how many times a save set has been cloned. A save set that
has been cloned once has 2 copies, the original and one clone. Additionally, any save set
written to an advanced file type device is seen as having 2 copies. The drop-down menu in
the Copies field allows you to perform comparisons using the ‘=‘, ‘>’ and ‘<‘ operators.
You can specify the maximum backup level of the save set. Since a full backup is
equivalent to a level 0, selecting Full matches only full level backups. To match client-
initiated save sets, All must be selected.
When selecting a range of values for the Save Time field, a calendar is displayed from
which you select the desired date. A specific time of day can be specified by manually
editing the From and To fields.
While the command-line utilities in the slide are usually executed on the NetWorker server,
both nsrmm and mmlocate include a –s nw_server option which allows you to run the
command from any NetWorker host.
Note: The nsrmm command has numerous functions. In the context of database
management, it is used to change the save set and volume status, delete save sets and
volume records from the media database, and age save sets. nsrmm can also be used to
manage standalone devices, including the labeling and mounting of volumes.
You will may also see references to a Browse policy on the client resource or Browse
time when looking at save set metadata. The browse policy was used in previous versions
of NetWorker. Beginning with NetWorker 9, NetWorker uses the Retention value for both
the Browse time and the Retention time.
When a save set is backed up, the value for Retention is added to the current date to
determine the save set’s browse time and retention time. These values are stored in the
save set record as the ssbrowse and ssretent attributes, and are used to determine when
the save set changes from one status to another as it ages.
The browse time specifies the date when the save set’s entries are removed from the
client’s CFI, thereby making the save set no longer browsable. The retention time specifies
the date when the save set expires and is no longer required. Beginning with NetWorker
9, the browse time and the retention time will be the same.
Save sets are checked for aging automatically once a day when the Server backup
workflow runs or by manually running nsrim. Dependent save sets may delay the aging of
certain save sets. For example, a level Full save set that has passed its browse time will
remain browsable (and therefore tracked in the CFI) until all incremental save sets that
depend on the full save set also pass their browse times. Thus, the aging of save sets may
be delayed by up to one cycle period, where a cycle is defined as the length of time
between full backups.
A browsable save set has not passed its browse time and is therefore still tracked in both
the media database and a client file index. Both a browsable recovery and a save set
recovery can be performed on the save set.
A recoverable save set has passed its browse time but has not exceeded its retention
time. Because it has passed its browse time it is no longer tracked in a client file index.
Only a saveset recovery can be performed without rebuilding the client file index for that
saveset.
A recyclable save set has passed both its browse and retention times. A recyclable save
set is treated exactly like a recoverable save set except it will not keep the volume it is on
from being automatically recycled (relabeled).
Note: The mminfo(1m) man page contains more information for the other mminfo status
flags.
Important: A recyclable save set on a tape volume is only removed when that tape is
relabeled. A recyclable save set residing on a file type or an adv_file type device is
removed by nsrim on the same day it becomes recyclable.
Beginning with NetWorker 9, you specify only a retention period when backing up a save
set. NetWorker uses this value for both the Browse time and the Retention time for the
save set.
When NetWorker labels a volume, the volume is assigned a status of appendable. Backups
can only be written to appendable volumes.
When a volume becomes full, it is assigned a status of full and can no longer be used for
backups. A tape volume will become full when the physical EOM (end of media) marker is
encountered during a save or when a write error results in the save being directed to
another volume.
When all save sets on a volume become recyclable, the status of the volume itself changes
to recyclable. Recyclable volumes may be automatically recycled (relabeled) by NetWorker
in the event that no appendable volumes are available to satisfy a backup request.
A volume can be manually assigned a status of read only. This will keep additional data
from being written to the volume. Full and recyclable volumes are automatically given a
secondary status of read only.
Important: Manually setting a volume to read only does not keep it from being recycled, it
only prevents further data from being written to it.
nsrim syntax:
nsrim [ -option arg ] [ -option ]
Note: See the nsrim(1m) man page or the NetWorker Command Reference Guide for more
information.
You can specify browse_time and retention_time in any format described in the
nsr_getdate(3) man page. The time can be an absolute time such as MM/DD/YY, or a time
relative to the current date, such as “2 Months” or “4 years”.
Changing the retention time for a save set changes the dates for all instances of the save
set.
NetWorker uses the retention time value for both the retention and browse times. This is
shown on the slide. Notice that after running the nsrmm command that contains different
values for changing the browse and retention times, the mminfo command shows that the
browse time is still the same as the retention time.
Notes:
Changing a client’s Retention policy attribute does not affect the browse and retention
times of existing save sets.
See the nsrmm(1m) man page and the NetWorker Command Reference Guide for more
information.
where mode can be any of the modes listed in the slide. The volume argument is the name
of the volume whose record you want to change.
If a write error occurs when writing to a volume, the volume mode is changed to full to
avoid trying to write additional data to a volume which is possibly damaged. However, if
the error was actually caused by the device, using nsrmm with the notfull argument can be
used to make the volume appendable again.
The -S ssid option is used to change the status of specific save sets. A common use is to
reset the status of a suspect save set after determining that the volume really is not
damaged.
The volume used falls in one of the five categories listed below in order of priority. Each of
these categories requires the volume be available on an appropriate storage node.
Using the –d option without –P removes save set and/or volume records from the media
database.
Note: The NetWorker scanner command can be used to restore database information for
save sets and volumes that are inadvertently deleted.
Recycle - Allows you to set a volume to manual or automatic recycle. This is the same as
nsrmm -o { manual | notmanual }.
Delete - Allows you to purge CFI entries of all save sets on the volume. You can
additionally
remove the volume record and all the corresponding save set records. This is the
same as nsrmm -dP volume.
If a volume is labeled in a jukebox, the location field is automatically set to the name of
the jukebox. The field can be manually updated using mmlocate or NetWorker
Administration
mmlocate syntax:
mmlocate [ -options ] [ location ]
The location argument specifies what to set the location to or which volumes to manage
based on location. The default (no options/arguments) lists all volumes and their location
values.
Here on the slide the example shows the tape volume selected is M00005L5 and the set
location to Moved to the third shelf of cabinet 3.
nsrck syntax:
nsrck [ -L level ] [ -options ] [ clientname ]
The slide shows the seven levels of consistency checking that nsrck can perform. Each level
incorporates the actions of the lower levels. Level 7 is different from all other levels in that
it is used only for recovery of a CFI.
With no options, scanner reads the entire volume and displays a list of save sets found.
Information displayed includes save set name, SSID, and date and time of the backup.
Additionally any media errors that occur will be reported as well.
The –m option causes scanner to read the entire volume, creating save set records in the
media database for any save sets not currently tracked. If the media database does not
have a volume record for the volume being scanned, a volume record is created.
When the –i option is used, scanner populates the media database with volume and save
set information, just like with –m, but additionally populates the appropriate client file
indexes with file information read from each save set on the volume. This operation can be
very time consuming if there are many save sets with lots of files.
When used in combination with the –i option, –S ssid is used to restrict which save set(s)
the operation is performed on. For example, to populate a CFI with the list of files from
save sets 1289372 and 1236738, located on a volume in device \\.\Tape1, the command
would be:
scanner –i –S 1289372 –S 1236738 \\.\Tape1
To recover the entire media database or an entire CFI, use the nsrdr command. This is
discussed later in this course in the Recovering NMC and NetWorker Servers module.
• Use the nsrlogin utility to log in to the NetWorker system and perform operations as
an authenticated user.
• A recent full backup of a save set is not needed because the data was corrupted before
the backup took place. It was written to a file device and needs to be deleted to free up
space. mminfo is used to determine the SSID of the save set.
• nsrmm is used to delete the save set record. Unfortunately, the administrator specifies
the wrong SSID. mminfo is executed again just to verify that the save set is indeed
gone. It is now necessary to rebuild the deleted save set record.
• scanner is used to recreate the media database save set record. The output is
redirected because when the –m option is used, scanner oddly enough generates a
recover stream that is not needed in this situation.
• The administrator runs mminfo to see if the save set is once again being tracked and
discovers that although the save set record is back, the save set is not browsable. The
save set needs to be returned to its original status, which was browsable.
• The administrator can run scanner is again with the –i option to populate the client
file index.
Recoveries can be categorized by the method used to recover the data. In a Browsable
Recovery, the administrator or user browses and selects the set of files and directories to be
recovered using interfaces that require information from the client file index.
A Directed Recovery is any recovery in which data that was backed up from one computer is
recovered to another.
A Save Set Recovery can be performed at any time for any save set. By default, an entire save
set is recovered. However, you can recover individual files and directories. A save set recovery is
commonly done:
• When the last backup was a full backup and you want to recover the entire save set.
• When a large number of files are being recovered from a single save set. If a save set has
millions of files, the process of marking each file for recovery during a browsable recovery
can take a considerable amount of time. A save set recovery does not require marking each
file and thus can lead to faster file recovery.
The most common recovery is where a single NetWorker client performs all three roles. For
example, you might be logged in on hostA (administering client), recovering data previously
backed up from hostA (source client), to its original location on hostA (destination client).
Another example of a common recovery is initiating a recovery of a remote client’s files from a
central administering client. For example, the administrator may perform a recovery from HostB
(administering client) of a file backed up from HostA (source client) to HostA (destination client).
The user on the client must belong to a NetWorker user group that has the Recover Local Data
privilege (members of the NetWorker Administrators and Users user groups automatically have
this privilege). The user also must have operating system ownership of the files being recovered
and have write privileges to the directories where the data is recovered.
2. From the Operation menu select Recover/Directed Recovery to run a browsable recovery;
3. Select the type of recovery. Select Save Set Recovery to perform a save set recovery. You
are then prompted for the source client whose data you will restore. The Source Client
window only contains clients for which the administering client has remote access privileges.
4. When performing a browsable recovery, you are prompted for the destination client. This is
the same as the source host unless you are performing a directed recovery.
5. After selecting the data to be recovered (either by file or by save set selection), click Start
(green lightening-bolt) to begin the recovery.
recover(1m) syntax:
recover automatically assumes the source client is the same as the administering client. To
specify a different source client, use the –c option. If the administering client is configured as a
NetWorker client in multiple data zones, you can use the –s option to specify the NetWorker
server that will control the recovery.
The pathname argument is either the path to set as the initial working directory for browsing
(interactive mode) or, if the -a option is used (non-interactive mode), the path(s) to recover. The
default initial working directory is the current directory.
Note: See the EMC NetWorker Command Reference Guide for more information including a
description of the command options and subcommands.
Alternatively, you can choose to relocate the recovered data to a different directory. The folder
you specify in the Relocate recovered data to field will be created if it does not exist.
Subfolders are created as necessary to retain the folder hierarchy that existed when the files were
backed up. There may be times when you want to recover a set of files to a location other than
the folder from which they were backed up. Relocating recovered files is useful for comparing an
existing set of files with the same set of files that were previously backed up.
Note: In NetWorker User, you can select the action to be performed when a file naming conflict
occurs prior to beginning the recovery.
Important: Do not close the Status window until a recover completion message is displayed.
Prematurely closing the window aborts the recovery.
When running the recover command, information about each file in the recovery can be
displayed by using the verbose subcommand.
Priority Criteria
#
1 If the volume to be read is already mounted on a device, the storage node
controlling that device
2 The first storage node listed in the Recover storage nodes attribute of the
NetWorker client resource that is being recovered having access to the
required volume.
3 The first storage node listed in the Storage nodes attribute of the NetWorker
client resource that is being recovered having access to the required volume
4 The storage node listed in the Read hostname attribute of the jukebox
resource, or if this is empty, storage nodes on which a device in the library is
configured
The Read hostname attribute in the Configuration tab of the jukebox resource specifies the
storage node to use for recoveries and cloning if a client’s preferred storage nodes are not
available. The default value of this attribute is the hostname of the storage node controlling the
first drive in the library.
After providing a name for the recovery, you can choose to either start the recovery now or
schedule the recovery to start at a later time.
You might want to change the browse time if you need to:
• Retrieve an old version of multiple files
• Retrieve an old version of an entire directory, file system, or client
• Look for a file that is still browsable but is not displayed in the GUI
This can happen if the file was deleted prior to the most recent full backup.
Changing the browse time is an option in all NetWorker recovery interfaces. In the NetWorker
Recover wizard, the option is found in the Versions menu and Change Browse Time is
displayed to change the browse time.
Important: If you need to recover files from different points in time, either use the Versions
option for each file or perform multiple recoveries with different browse times.
In the example on the right, the versions command is used to determine that a previous version
of the file, Config.xml, was backed up on Oct 29. To recover that version of the file, the
changetime command is used to change the browse time to a time afternoon of Oct 29 making
the backup on Oct 29 the most current version prior to the new browse time. After adding that
version of the file to the recovery list, the list command is used to verify that it was added.
Note: See the NetWorker Command Reference Guide for more information including a description
of the command options and subcommands.
One or more save sets are specified during the recovery. Although the default behavior is that
each save set is entirely recovered, you can specify a set of individual files or directories to be
recovered instead.
Since a save set recovery does not utilize CFI information, it does not perform a point-in-time
recovery.
Let’s assume that save sets backed up on Days 1-6 were browsable for only one month. Now, on
Day 36, none of those save sets are browsable and you want to recover the file system to the way
it looked after the incremental backup on Day 6. The following steps must be performed:
1. Recover the Day 1 Full save set.
2. Recover the Day 5 Cumulative incremental save set.
3. Recover the Day 6 incremental.
If no files were deleted or renamed between Day 1 and Day 6, the file system is now fully and
accurately recovered. However, if deletions occurred, files which didn’t exist on Day 6 were
recovered in the Day 1 or Day 5 recoveries. Additionally, if a file was renamed, it will now exist
under both its original and new names. For the recovered file system to accurately reflect the Day
6 file system, you must determine which deletions and renames occurred and manually perform
them again.
To identify the save sets you need for a save set recovery:
1. Identify the most recent full backup of the save set.
2. Identify the most recent cumulative incremental backup of the save set.
3. Identify all the incremental backups that was performed after the most recent cumulative
incremental backup until you reach the desired point in time.
In the example shown on the slide, a recovery is performed after Day 7’s backup. To perform the
recovery, you need the Full save set from Day 1, the cumulative incremental save set from Day 4
and the incremental save sets from Days 5, 6, and 7.
When you have recovered the last save set required to restore your data to a specific point in
time, you may need to perform additional file handling. This could include deleting files and
directories that were deleted during the backup cycle and renaming files that were renamed
during the backup cycle.
As with browsable recoveries, you can perform searches and view properties, versions and
volumes for selected items.
If you want to recover a subset of the save set, select Advanced Options and specify the path of
the directory or file to be recovered in the Extra recover options attribute. Multiple items can be
specified, separated by a space.
In this example, we have selected the save set, C:\Documents in the Select the Data to
Recover window. However, we only want to recover the C:\Documents \Morefiles directory from
that save set. When the recover runs, only the contents of the specified directory are recovered.
Note: Before performing the recovery, determine the SSID of the save set to be recovered using
NetWorker Administration or the mminfo command.
See the NetWorker Command Reference Guide for more information including a description of the
command options and subcommands.
Recovery must be launched by the root user (UNIX) or Windows Administrator on the host
performing the recovery. This host must be a NetWorker client of the NetWorker server. The user
must have the Remote Access All Clients privilege on the NetWorker server. Note that users in the
Administrators group on the NetWorker server are automatically granted the necessary privileges.
The Remote access attribute in the source client’s client resource must contain the destination
client if the user@destination client does not have the Remote Access All Clients privilege.
The destination client must allow remote execution requests from the administering client.
Remote execution is performed by nsrexecd. Remote execution privileges are controlled by the
following methods:
– The /nsr/res/servers file on the destination client lists the hosts authorized to make
remote execution requests.
– nsrexecd on the destination client can use the –s option to specify a host authorized to
make remote execution requests. If this option is used, the /nsr/res/servers file is
ignored.
– Optionally, the Disable directed recover attribute can be set to yes in a NetWorker
client’s resource database, /nsr/res/nsrladb. This disallows directed recoveries from
any remote host. (nsradmin –d /nsr/res/nsrladb)
Additionally, you may not be able to recover files between dissimilar file system formats. For
example, you cannot recover data from an NTFS file system on a Windows client to a FAT file
system because of the way file permissions are handled. However, files from a FAT file system can
be recovered to an NTFS file system because there are no permissions in a FAT file system; NTFS
gives recovered files the permissions of the directory they are recovered to.
Note: SYSTEM and VSS SYSTEM save sets cannot be recovered using a directed recovery.
Only clients for which nw.emc.edu has remote access privileges are displayed in the client
selection windows.
Upon initiating the actual recovery, the administering client contacts nsrexecd on the destination
client and requests that it execute recover with the list of files provided.
Only clients for which nw.emc.edu has remote access privileges are displayed in the client
selection windows.
After you have selected the source and destination clients, the contents of the source client’s CFI
is displayed, allowing you to browse and mark files for recovery in the exact same manner as in a
normal browsable recovery.
Upon initiating the actual recovery, the administering client contacts nsrexecd on the destination
client and requests that it execute recover with the list of files provided.
The -c client option specifies the source client and the -R client option specifies the
destination client. The required -i [YNR] option specifies what the destination client should do in
response to file naming conflicts:
-iN the file is not recovered if a conflict occurs
-iY the existing file is overwritten when a conflict occurs
-iR renames the file when a conflict occurs; .R is appended to each recovered file name in
UNIX/Linux; ~ is placed in front of file name in Windows
To perform a directed save set recovery using recover, use this command format:
recover –s nw_server –R destination_client –i{NYR} –S ssid
Snapshot Recovery: A snapshot saveset is mounted giving the administrator the ability to
browse and select directories or individual files to restore.
Rollover: A conventional NetWorker restore is performed from the backup storage media. You
can also recover from the snapshot, either full or partial. If the data was rolled over to backup
media. In short , whatever you can do with a NetWorker created backup to media, you can do
with an NSM generated backup to media.
Rollback: The snapshot is restored by using the storage array capabilities. A volume on the
application host is unmounted and the rollback replaces the entire content of the unmounted
volume. You can perform a rollback, which reverts the entire disk to state to the time of the
snapshot. This is done at the array-level.
For example file systems E:\, F:\, and G:\ live on LUN 02E. Rolling back G will restore everything
on LUN 02E including E:\ and F:\.The recovery from snapshot management includes the ability to
perform a rollback which will overwrite the original data , as well as mount the save set from
browse and recovery.
NetWorker supports three types of user interfaces for snapshot recovery operations
• nsrsnap_recover command
Note: NetWorker does not support rollbacks on RecoverPoint appliance. Rollbacks destroys all
previously existing data on the source appliance volume.
The wizard supports snapshot recovers, rollover, standard media recoveries. The progress is
visible in both the Wizard and the NMC Monitoring interface. Operations are also logged to the
standard recovery logs.
Select the Filesystem (Snapshot) recovery type from Available Recovery Types.
Clone operations use the Recover Pipe to Save (RPS) method to clone data. With this
method, the existing NetWorker backup and recover framework is used to replicate the data
from source to destination. Clone performs a save set recover operation on the source and
stores data in a buffer. Then, a save thread consumes the data and performs a save
operation onto the destination. You can clone save sets either manually or automatically.
Nsrclone,running on the NetWorker server, initiates the clone operation and spawns
nsrrecopy on the source storage node. Data movement is performed by the nsrrecopy
binary on the source storage node. There are two threads for nsrrecopy: one for read
and one for write. One nsrrecopy is spawned per volume and multiple volumes of save
sets can be cloned in parallel.
Two devices are required for cloning. Save sets are always completely cloned. Thus, if a
save set begins on one volume and continues (spans) onto one or more additional volumes,
each of the source volumes will be mounted and read during the clone operation.
Conversely, if the destination volume becomes full during a clone operation, another
volume from the same pool must be made available for the cloning to continue. Concurrent
clone, backup, and recovery operations can be performed on the same device at the same
time when using advanced file type or Data Domain devices.
No volume may contain more than one instance (copy) of a save set. This eliminates the
possibility of losing multiple instances of a save set if a single volume becomes damaged.
Since backup data cannot be mixed with clone data on a volume, it is required that the
destination volume belong to a clone pool.
• You can configure cloning to occur in the same workflow as a backup action (backup and
clone workflow). In this configuration, you create a workflow with a backup action and a
clone action. The clone action can occur after the backup action or concurrently with the
backup action. There can be a single clone action or multiple clone actions.
• You can configure cloning to occur in a workflow apart from the backup action (clone-
only workflow). In this configuration, you create a group for save set selection and
specify that group and a clone action in the clone-only workflow. There can be multiple
clone actions in the workflow. This is useful if you want the clone operations to occur at
different times from backup operations.
Save Set Query group - Use a Save Set Query group in clone-only workflows where you
want to clone save sets on an ongoing basis, based on save set criteria.
Save Set ID List group – Use a save set group in clone-only workflows where you want to
clone a specific list of save sets. Specify the save set ID/cloneID (ssid/clonid) identifiers.
When the –S option is used, a list of save set IDs must be specified. If the –S option is not
used, arguments following any options must be NetWorker volume names.
nsrclone(1m) syntax:
nsrclone [options] -S ssid ... | volume ...
where ssid is a save set to clone; volume is a volume containing save sets to clone. Note
that ssid/cloneid may also be used to specify which save set with multiple copies to use as a
source. Additional information including a full list of the command options can be found in
the NetWorker Command Reference Guide, or the NetWorker Cloning Integration Guide.
Note: The nsrclone command requires specific privileges based on session authentication.
Use the nsrlogin command to authenticate a user and generate a token for the nsrclone
and mminfo commands.
Multiple volumes can be specified on the command-line. The -f option of the nsrclone
command can be used to specify a file (or standard input) containing a list of volumes to
clone. When using an input file, each volume must be on a line by itself.
Note: The first flag associated with a save set indicates which part of the save set is stored
on a volume. This flag can be displayed with the mminfo -v command and is also displayed
when viewing the save sets for a volume in the Volume Save Sets window in NetWorker
Administration Media. Values for the first flag are:
• c: Save set is completely contained on this volume.
• h: Save set spans volumes and the head is contained on this volume.
• m: Save set spans volumes and a middle section is contained on this volume.
• t: The tail section of a spanning save set is contained on this volume.
Examples
• Clone all save sets backed up since 1:00 a.m. this morning:
nsrclone –S –t “01:00”
• Clone all save sets backed up in the last 24 hours with backup level full and group
Default:
nsrclone -S –e now -l full -g Default (now is a valid nsr_getdate format)
• Clone all save sets backed up between 9:00 p.m. yesterday and 8:00 a.m. this morning:
nsrclone –S -t “yesterday 21:00” –e “08:00”
You can specify a retention policy value for the clone save set that differs from the value
that is defined for the original save set. When the retention policy differs for the original
and clone save set, you can expire the original save set and reclaim the space on the
source AFTD but maintain the data on a clone volume for future recoveries.
If the clone instance is written to a pool having a retention policy, the retention time of that
save set instance is determined by the pool’s retention policy instead of the client’s
retention policy. A different clone retention time can also be set using the –y retent_time
option with nsrclone and with the nsrmm -e command. Setting the clone’s retention to a
longer period than the client’s retention allows the clone to remain recoverable even after
the original backup is no longer retained. Note that retention specified from the command
line overrides the retention policy for the clone pool.
The browse period for a clone can be extended with the -w option of nsrclone when creating
a clone save set. Note that the browse period is left unchanged if the save set’s browse
date is later or if the new time has already passed. This option requires the -y retention
option and must not be greater than the retention time.
Important: The date on which a volume becomes recyclable is determined by the clone
retention times of save set instances on the volume, not by the save set retention times.
For example, if 10/17/16 was the longest save set retention time on a volume and the
longest clone retention time on the volume was 1/1/2016, the volume would not become
recyclable until 1/1/17.
Cloning backup data to a cloud complements backing up to disk. In the example shown on
the slide, backups are first written to disk. Then, the backup data is cloned to a volume on
an CloudBoost appliance. The original backup data is retained on disk only as long as
required for short term recovery operations. Data on cloud storage is retained for a longer
period of time according to business requirements for long term/offsite storage.
Data that is cloned from one Data Domain device to a target Data Domain device, typically at a
remote location, retains its deduplication format and is known as clone controlled replication
(CCR) or as an optimized clone.
Clone controlled replication uses the native Data Domain replication feature to copy data from
one Data Domain system to another. Clone controlled replication uses a special Data Domain
API command. Do not confuse this clone controlled replication with standard directory level
replication, which is also supported. For clone controlled replication, clone employs intelligence
when creating groups to clone so that all threads are equally balanced. It uses fast copy
instead of file copy for replication within the same Data Domain device.
The clone is created quickly and uses low bandwidth and low storage capacity. A clone that is
created in this format may be used for data recovery or to create further copies, for example,
to traditional disk or tape storage. This method results in minimal impact on production or
primary backup and recovery operations.
First, an estimate of overhead for save sets is determined. This is the amount of time for
processing the save sets to include both computational and data transfer overhead. Then, if
the total save set overhead is small (< max thread*threshold), the initial parallelism is
increased so the job finishes within a short period of time. If total save set overhead is
large (> max thread*threshold), the default initial parallelism is used.
You can also fine-tune the load balancing parameters through the use of a file
/nsr/debug/update_rps_ccr_env. In this file, you can specify the following variables:
• Network=LOW|MED|HIGH (Default = MED)
• Computation=integer (<=30) (Default = 2)
• Threshold=integer (<30*60) (Default = 10 * 60)
Like cloning, staging requires two devices, one or more source volumes, and one or more
destination volumes.
When a save set is staged, it is actually cloned, resulting in an additional instance (copy) of
the save set being tracked in the media database save set record. Upon successful
completion of the clone operation, the information pertaining to the original instance (copy)
of the save set is removed from the save set record.
If the save set being staged is on tape, it remains on the tape until the tape is relabeled. If
the save set being staged is on a file or adv_file type device, it is immediately deleted from
the device/volume (directory).
Staging is often used to move save sets from file and adv_file devices to long term media
such as tape. This allows the most recent backups to be written to and recovered from disk,
then moved to tape to free space for subsequent backups. Staging is also used to remove
non-recyclable save sets from an otherwise recyclable volume.
nsrstage syntax:
-m is a required option to stage (move) save sets and -S ssid specifies which save set(s)
to stage. The optional /cloneid is for save sets with more than one instance (copy), to
identify the instance of the save set to stage. If an instance is not specified, all instances
except for the staged copy are deleted from the media database.
Note: See the NetWorker Command Reference Guide for more information and specific
command options..
Automatic save set staging is designed to move data from file/adv_file type devices to tape.
Staging allows you to perform backups to disk, potentially maximizing backup performance,
and later move the save sets to tape.
Staging prevents the file/adv_file type device from becoming full by periodically checking
the following:
• How long each save set has been on the file type device - Save sets are staged
after a specified number of days or hours, regardless of how full the volume (file
system) is.
• The percentage fullness of the file system on which the file/adv_file type
device directory resides - Save sets are staged when the file system reaches a
certain percentage of utilization (the high water mark), regardless of a save set’s age.
Once staging begins, it continues until the file system utilization has decreased to the
specified low water mark.
Select check file system to perform an immediate check of the fullness of the file
system(s) to determine whether the high-water mark has been reached, thereby requiring
automatic staging.
After selecting stage all save sets and clicking OK, all save sets residing on all devices
managed by the stage resource will be staged.
The access control features of NetWorker enable authenticated users to perform secure
administrative functions, and backup and recovery operations.
NetWorker provides logs that record the sequence of activities for the NetWorker server,
NetWorker Management Console server, and each NetWorker client. Resource update
logging provides for the tracking of all resource changes made on a NetWorker server. This
information is useful for accountability where there are multiple NetWorker administrators,
for security in the event of a system intrusion and for general auditing of modifications.
Auditable security events include authentication attempts, privilege checks and resource
creation and deletion. Multiple systems can send their audit data to the same audit log
server thus providing centralized audit capabilities.
Through the use of user authentication and authorization, NetWorker administrators can
restrict user access to backup data for restores. Security from disclosure of backup data can
also be provided by encrypting data during backup operations. When enabled, data is
encrypted on the client as the save stream is generated.
When users log into the NetWorker Management Console server, the user’s credentials are
authenticated using the NetWorker Authentication Service. NetWorker Authentication
Service, or AuthC, provides token-based authentication for NMC and CLI users.
Authenticated users are granted privileges in NMC through the use of specific NMC roles.
Users with appropriate permissions are granted access to NetWorker Administration for
individual NetWorker servers through NMC.
In the next lessons of this module, we examine NetWorker authentication and authorization
in detail.
You control access to the pass phrase through the lockbox resource on the NetWorker
server. NetWorker administrators with sufficient privileges can specify a list of users that
have permissions to store, retrieve and delete AES pass phrases. Only users specified in the
lockbox resource can modify the Datazone pass phrase attribute in the NSR resource.
In this example, when the any backup workflow containing this client runs, the save set is
encrypted during the backup operation.
During a recovery of encrypted backup data, the pass phrase that was used to encrypt the
data must be used to decrypt it for a successful recovery. By default, NetWorker uses the
current value of the Datazone pass phrase attribute to recover the data. If the key
generated from this pass phrase fails, NetWorker uses the key generated from the default
pass phrase. If this fails, NetWorker fails the recovery.
Note: The –p pass-phrase option for the recover command, can be used to specify an
additional pass phrase to use when attempting to recover files backed up using the aes
directive. Using this option causes recover to generate an encryption key from the pass
phrase and try it if the default and current datazone pass phrase keys do not work. This
option can be specified multiple times.
AuthC is a web-based application installed on each NetWorker server. It supports two types
of users and authentication. For authentication service local users, user names and
passwords are maintained and authenticated using the local AuthC database. Optionally,
AuthC can be configured to also use an LDAP or Active Directory (AD) server for
authentication. With external authentication, user names and passwords are maintained by
the external authority.
The AuthC local database is used to store AuthC configuration information and to verify
credentials for local users. An hierarchical database structure is maintained for users and
groups to support multi-tenant configurations. The AuthC database is backed up by the
default Server Protection policy.
Next, the NMC server looks up the user role membership for the user to determine the level
of authorization that the user has on the NMC server. When the user attempts to connect to
a NetWorker server, if the user has the rights to manage the selected NetWorker server,
the NMC server provides the token information about the user to the NetWorker server.
The NetWorker server compares the information contained in the token with contents of the
External roles attribute in each configured user group to determine the authorization level
that the user has on the NetWorker server. NetWorker then allows or denies the user
request.
First, during the NetWorker server installation process, AuthC is installed on every
NetWorker server host. This is done as part of the NetWorker server installation process for
Windows and is a required package for Linux NetWorker server installations. When you
install a NetWorker Management Console server, you specify the name of the NetWorker
server that will authenticate access to the NMC server. For example, if the NMC is managing
more than one NetWorker server, you designate one of the NetWorker servers as the AuthC
authentication host for the NMC.
Next, establish trusts between NetWorker servers if the NMC will be managing more than
one datazone.
Then, configure LDAP or AD authentication, if desired, as well as any local users for NMC.
Assign roles and privileges to the users in NMC and the NetWorker servers.
We go into more detail for each step in the next several slides.
Trust is established using the nsrauthtrust command. Run the command on the host
where you are adding the trust. The command format is:
nsrauthtrust -H Authentication_service_host –P
Authentication_service_port_number
Note: When a NetWorker server is on the host that provides the authentication services to
the NMC server, trust is established automatically.
Use NetWorker Management Console to create and modify user accounts in the local user
database.
The CLI tools, authc_config and authc_mgmt, are used to configure and manage
authentication and the AuthC database. Uses for the commands include:
Use authc_mgmt to manage local database user accounts and groups, local user options
management, and user and group query management. Other operations such as querying
the LDAP or AD directory are also accomplished with this tool.
The NetWorker Security Configuration Guide contains detailed information about configuring
and using authc_config and authc_mgmt.
Use the authc_config command to configure AuthC for external authentication. The
authc_config command shown here configures the NetWorker Authentication Service to
authenticate users in an AD directory in our lab on a host named, dc, in the domain,
emc.edu.
When NMC is first launched, the default NMC user account, administrator, and the
authentication server service account are assigned to all three Console user roles.
Notes:
AuthC creates a built-in local administrator account during installation. When you log into
the NMC server for the first time, the wizard creates a service account for the NMC server in
the AuthC database with the format svc_nmc_nmc_servername . The NMC server uses this
account for interprocess communications between the NMC server and a managed
NetWorker server. It is recommended that you do not modify the properties of the service
account.
You can use the GST_RESET_PW environmental variable to reset the administrator
password.
Authentication Service User refers to users that are managed locally by the NetWorker
Authentication Service. You create the user names and maintain the passwords using NMC.
Note that you can also assign NMC roles to local users from the Identity tab.
External Repository User refers to user accounts that are created and maintained, including
password maintenance, by an external authority server when AuthC is configured to use the
external authority for authentication. When using external authentication, when a user logs
into NMC for the first time, a user object is automatically created. Optionally, you can
create the user object in NMC first as shown here. In this case, AuthC verifies that the user
name is a valid name in the external repository.
Users can manage data in NMC, such as reports and events, for hosts to which the user is
given permission. By default, a user can manage all hosts. Depending upon the user role
assigned to the user, user access to specific hosts can be restricted using the Permissions
tab.
Note: A user must belong to the Console Security Administrator role to add new Console
users. To manage local users with the Console Security Administrator role, the user must a
member of a NetWorker Authentication Service group that has administrator privileges. For
example, the Administrators group.
To set the level of access (privileges) that the user has to the NMC server, map each user
or group that you want to have access to the NMC to one of the three NMC roles. Map local
users to a role using the Local Users section of the Edit User Role window. Use the
External Roles section to add external users. To add an external user, type the
distinguished name of the user or group.
In the example shown here, we have mapped a local user, MaryAdmin, and the external
user group, networker_admins, to the Console Application Administrator role. By mapping
the external user group, all members of the group can access the NMC server. Notice that
the authentication server service account for the NMC server, svc_nmc_nmc_nwwindows,
and the user, administrator, are automatically local users for the user role.
Note: To assign roles, the user must belong to the Console Security Administrator role.
Continuing on with our examples, after configuring external authentication with the AD
server of emc.edu, we are logging into the NMC with the login account, tparker. This
account is a member of the networker_admins group.
In this example, the nsrlogin command is run to validate the user tparker and generate a
token for the user.
For both external and local users, the Login Information tab provides details about the
last user login.
For all users, use the Properties window for each role to change the users that are
members of a selected role.
Note: To assign roles and edit permissions, the user must belong to the Console Security
Administrator role.
When setting up a new installation of NMC, you are prompted to specify the NetWorker
servers that will be managed by the NMC during execution of the Console Configuration
Wizard. After this initial setup, new NetWorker servers can be added to the Console from
the Enterprise window.
To add a new NetWorker server to manage, right-click Enterprise in the tree and then
select New > Host. In the Create Host window, specify the name of the NetWorker server
to manage. In the Select Host Type window, select NetWorker to manage a NetWorker
server. Next, in the Manage NetWorker window, choose whether to gather information
from the NetWorker server.
Alternatively, the gstmodconf command-line utility can be run on the Console server to
manage the NMC and add an additional NetWorker server. See the NetWorker Command
Reference Guide for additional information concerning options and arguments.
From Enterprise, you can also create new folders in the Enterprise tree to organize
multiple hosts into groups.
The User authentication for NetWorker attribute defines how the Console user accesses
a managed NetWorker server. When enabled, which is the default option, an access request
to a NetWorker server is based on the Console user name. There is a separate network
connection from the NMC server to a NetWorker server for each Console user that has an
Administration window open to that server. If disabled, the user id of the gstd process
owner determines the Console user access and there is only one connection from the NMC
server to a managed NetWorker server
From the Setup menu you can also perform some of the NMC configuration tasks that you
run the first time that you start a NetWorker Management Console, such as the running the
Console Configuration Wizard and setting the name of the server that will back up the
NMC.
For detailed information about using these options, please refer to the NetWorker
Administration Guide.
Specific users or groups of users are associated with a user group via the External roles
and Users attributes of the user group’s resource.
Each NetWorker user group has a specific set of privileges associated with it, defined by the
Privileges attribute. Users and groups of users must be a member of one or more user
groups with privileges that correspond to the tasks that they need to perform.
To add a NMC/AuthC local user to External roles, click the “+” sign and select the user
from the list of local users and groups. To add an external user, type the distinguished
name of the user or group. It is recommended to specify user names where a user belongs
to a large number of groups.
Here we see an example of adding the networker_admins group and the MaryAdmin local
user to the External roles attribute of a user group.
The Users attribute of a user group defines membership for operating system users that
perform operations outside of NetWorker Administration. These include CLI commands such
as nsradmin, save and recover, and NetWorker modules, such as NMM and NMDA. To add a
user in the Users attribute, use a “name=value ,host=value” format. An example of this
format is: “user=sally, host=winhost”. An asterisk (*) when used as a value, means all
possible values.
The privileges associated with each user group can be modified with the exception of the
Application Administrators user group and the Security Administrators user group. The
preconfigured user groups cannot be deleted. Additional groups, however, can be created
by the administrator to meet the specific needs of a data protection environment.
For a detailed description of all user privileges that can be assigned to a user group within
NetWorker, refer to the NetWorker User Groups topic in the NetWorker Security
Configuration Guide.
For example, to have access to the client database (nsrexec), a user must be a member of
the Administrator list.
After establishing trust, NetWorker Authentication Service users must be granted access to
each NetWorker server that is not local to the NetWorker Authentication Service. This is
done by updating the user groups on each NetWorker server to include the users requiring
access to the NetWorker server.
Use the nsraddadmin command to grant the NetWorker Authentication Service groups
access to the NetWorker server. This adds the NetWorker Authentication Service
Administrators group to the External Roles of the Security Administrators and Application
Administrators user groups and the Users group to the External Roles of the Users user
group. The format of the command is:
nsraddadmin –H authentication_service_host –P
authentication_service_port_number
Next, use NetWorker Administration to add the service account for the NMC server
(svc_nmc_nmc_server_name) to the External Roles attribute of the Users user group.
Important: Resource files are text files and are to be modified only using NetWorker
administrative resources, including NetWorker Administration and the nsradmin command.
DO NOT EDIT THEM! See the nsradmin topic in the NetWorker Command Reference Guide
for a description of nsradmin options, commands and examples.
Note: Other files and directories may exist in /nsr/res. Also, a small amount of resource
information exists in the /nsr/res/nsrladb directory on each NetWorker client.
Resource update logging is enabled using the Monitor RAP attribute in the NetWorker
server resource (NSR). By default, this attribute is enabled but hidden. To display the
Monitor RAP attribute, enable the diagnostic mode from the View menu. Then, right-click
the name of the NetWorker server from any NetWorker Administration window and select
Properties.
Note: There are several NetWorker client resources, such as NSR Port Range, that are
managed by nsrexecd and therefore excluded from the resource update logging feature.
These resources are maintained in the directory /nsr/res/nsrladb on all NetWorker
clients.
For each event, there are several lines of information written to the file. This includes a
time stamp of when the change was made followed by the type of action performed
(CHANGED, CREATED, or DELETED) and the affected NSR resource type. Remaining lines
provide the details of the modification. If the type of action is CHANGED, the old value is
displayed followed by the new value. If the action is CREATED or DELETED, all the
resource’s attributes and attribute values are displayed.
Here we have an example of the rap.log file entry for a change made to a client resource.
The save set for the client was changed from C:\Windows\Fonts to C:\Program Files\EMC
NetWorker\nsr\logs. You can see that the log mentions both the old and the new value for
the save set.
Note: Each data protection policy is described by a single resource called NSR Protection
Policy. The NSR Protection Policy resource describes one or more workflows and each
workflow contains one or more actions. In the rap.log you will see when a NSR Protection
Policy is created and when it is started.
NetWorker assigns a severity to each security audit message. At installation, each client is
automatically configured to use security audit logging. NetWorker clients send security audit
messages to the nsrlogd daemon. NetWorker records messages in the security audit log
file when the severity level of the message is equal to or greater than the auditing severity
level defined in the Security Audit Log properties. Severity levels are informational,
warning, notification, error, critical and severe. The default value is error. Examples of
auditable security events include authentication attempts and privilege changes.
Any client host in the datazone can be configured to run nsrlogd. By default, nsrlogd runs
on the NetWorker server. The nsrlogd receives audit messages from the NMC gstd, the
nsrexecd on each client including the NMC, and the daemons running on the NetWorker
server. Administrators can view the properties of the security audit log attribute from the
Server window of the NetWorker server. The attributes of the security audit log resource
can be modified by members of the Security Administrators user group and the NetWorker
server’s Administrator attribute. Changes made to the resource are automatically copied
to each client in the datazone supporting audit logging.
The security audit log file contains the timestamp, the category, the program name, and
the unrendered message for each security audit message. On the NetWorker server, the
security audit log file is …nsr\logs\networker_server_sec_audit.raw.
The Security Audit Logging topic in the NetWorker Security Configuration Guide contains
examples of security audit log configurations and also a list of resources and attributes
monitored by the security audit log.
Listed on the table above are some of the most often used logs.
For troubleshooting tasks, the daemon.raw log on the NetWorker server is especially helpful.
The installation log files on the Console software are useful when troubleshooting a problem
with the Console software and for tracking decisions made during installation, such as the
HTTP service port chosen for the web interface.
All other log files, as well as messages displayed in the NetWorker Console, use the locale in
which the service that is generating the log messages is running. Use a text viewer to view
the content of these logs.
Review the NetWorker Command Reference Guide for command options and more
examples.
Firewall support enables you to back up NetWorker clients that are separated from the
NetWorker server by a packet filtering firewall. It is first necessary to determine which
TCP/IP ports will be utilized by the NetWorker server and which ports will be used by the
NetWorker client. The firewall must then be configured to allow packets to be sent to the
appropriate range of ports on the destination hosts.
If a storage node must communicate through the firewall with either the NetWorker server
or a NetWorker client, it is also necessary to calculate the range of ports that the storage
node will use. Then, configure the firewall appropriately to allow communication between
the storage node and the other NetWorker hosts.
The port numbers used by the NetWorker processes or services, except for nsrexecd, are
assigned from the service port range that is set in the NetWorker software.
Note that nsrexecd on every type of NetWorker host will always try to listen on ports 7937
and 7938. The ports will be used no matter what the value of the range in the NetWorker
software, unless another process is already listening on those ports when NetWorker is
started. NetWorker requires the port 7938 for rpcbind (portmapper) to be running and
available through the firewall, or NetWorker will cease to function correctly.
Permitted port ranges are stored in the NSR system port ranges resource in the resource
database, /nsr/res/nsrladb on each NetWorker host. The resource is used and managed
by nsrexecd. Whenever NetWorker daemons/services are started, nsrexecd is always the
first process to start. It is important that whenever NetWorker server processes are started
manually, nsrexecd is started first. Failure to do so might cause the ports to be assigned
randomly or outside the desired range. Note that the ports in the Excluded service ports
attribute are ports that are reserved for other services. Specified ports will be excluded
from RPC service ports.
The table displayed here lists the standard NetWorker services, the ports required for each
and the function(s) for which the process is used: either server, storage node, client, or the
audit log server. Library and device related processes are discussed on the next slide.
Additional applications and features may use additional ports, therefore it is important to
identify the features and components that will be used in your environment and determine
the port requirements specific to that unique environment.
A standard NetWorker client requires at least four TCP service ports; snapshot services
require an additional two ports. The NetWorker server requires a minimum of 15 TCP
service ports.
For the most detailed information regarding NetWorker services and port requirements refer
to the NetWorker Security Configuration Guide.
The number of ports required by the nsrmmd processes is determined by the type of devices you
are using and how you have them configured.
In enterprise environments where unattended firewall ports need to be restricted for security
reasons, the storage node settings for mmds for disabled devices and Dynamic nsrmmds
unselected (static mode) offer more control because they cause all available nsrmmd firewall
ports to be attended by running nsrmmd services. This is particularly useful in cases where
security will not allow ports to be open and unused. When these options are configured
correctly it can keep an active process running for all devices even when they are not in use or
disabled. For more information on both of these settings refer to the NetWorker Administration
Guide.
The actual configuration of the firewall is done by the firewall administrator, based on the
port information you provide. The number of ports that need to be opened in the firewall
depend on those NetWorker hosts that are separated by the firewall. In the example shown
here, the firewall should be configured to allow transmission of TCP/IP packets destined for
the following hosts/ports:
• NetWorker Server 7937-7955
• Storage Node 7937-7943
• Client A 7937-7940
• Client B 7937-7940
Note: The default port for the NetWorker Authentication Service is 9090. This example does
not take into account any nsrmmd related storage node or device configurations such as
nsrmmd's for disabled devices or dynamic nsrmmd's, as these settings may impact the ports
required.
The following administrative interfaces are available for configuring NetWorker port ranges:
• nsrports
• NetWorker Administration
• nsradmin
In order to change the port ranges on a host, the user must have update access to the NSR
system port ranges resource for that host. Unlike NetWorker resources that reside on the
NetWorker server and are managed by users belonging to the server’s Administrator list,
the NSR system port ranges resource has its own administrator list on each NetWorker
host. To give the user update privileges, add the user to the administrator list for this
resource on the host.
1.On the host, type: nsradmin -s server –p nsrexec where server is the host for
which ports are to be modified.
2.Use the print sub-command to list the NSR system port ranges resource.
3.Use the update sub-command to modify the administrator attribute.
4.Save the update and quit nsradmin.
nsrports can be run from any host. The -s option is used to specify a remote host whose
service port range will be modified.
If the -s option is not used, the port ranges on the local host will be modified.
The –S option is used to specify a new service port range for the host.
The -C option is used to specify a new connection port range for the host. By default,
NetWorker defines a range of 0-0 for connection ports.
If neither option is used, the current port ranges are displayed. Non-contiguous ranges may
be specified by including more than one range.
Note: This command is run for each host for which port changes are to be made.
One port, default 9000, is used for the web server. The second port, default 9001, is used
for RPC calls from the NMC Java client to the Console server. These ports are not taken
from the range configured using nsrports. Instead, they can be changed during the
installation of NMC server.
The third port is used for database queries and is 5432. This port cannot be changed.
The firewalls protecting the Console server and the client must be configured to allow
communication over these three ports. It is important that the range of ports used by
NetWorker on the host where the NMC server is installed do not overlap with these ports.
In addition to these ports, two more ports are required if using Data Domain within the
environment. SNMP requires the use of port 161 as well as 162 for capturing SNMP traps from
the Data Domain device.
It is important that the firewall rules be configured to accept packets with the SYN bit for
ports in the service ports range.
The nsrrpcinfo command is used to determine which ports are registered to NetWorker
processes. rpcinfo might be helpful in fine-tuning the exact number of ports needed for a
particular environment.
netstat is used to display a list of ports that are in use and, if appropriate, what
destination port they are connected to.
iperf is used as network testing tool that can create TCP and UDP data streams and
measure the throughput of the network. iperf allows the user to set various parameters
that can be used for testing a network or alternately for optimizing or tuning a network.
iperf works on various platforms.
To change whether the Console server captures events and gathers reporting data from a
managed NetWorker server, select the NetWorker server in the Console Enterprise
window, right-click NetWorker (the managed application) in the right pane, and select
Properties from the context menu.
Selecting Capture Events allows events such as license warnings and pending media
requests to be displayed in the Console Events window. Selecting Gather Reporting Data
allows the Console server to accumulate data retrieved from the NetWorker server jobs
database to be used when creating reports.
In order for the NMC to capture events from a specific server, the Capture Events options
must be selected for each server.
To customize the report, deselect one or more values from one or more of the parameters,
or restrict the time period for which the report is generated. The ‘<‘ button deselects an
individual value while ‘<<‘ deselects all selected values. The ‘>’ button selects an
unselected value while ‘>>’ selects all unselected values. A customized report can be saved
for later use.
Clicking the heading of a field causes the report to be sorted on that field. Clicking the
same heading again reverses the sort.
Right-clicking anywhere in a report pops up the context menu shown in the slide from which
you can choose the report format.
By default, reports are displayed in a tabular format in portrait orientation. You can use the
context menu to change the orientation to landscape.
To return to the default tabular view, select Interactive from the context menu.
In a stacking bar chart, multiple pieces of information are displayed in each bar.
The context menu also has an Export selection which allows you to export the displayed
information to a file in PDF, HTML or Postscript format. Reports displayed in a tabular
format also allow exporting to be performed in CSV format.
In a drilldown report, you can double-click items within the report to view more detailed
information. The types of information displayed when drilling down and the order in which
they appear are listed at the top of the report above the query parameters in a section
called Drill Down Sequence.
Note: You can reverse the drilldown sequence by right-clicking in a report and selecting
Back from the context menu.
To save the customized query parameters, right-click the report that you customized in the
left pane and select Save As from the context menu.
After you specify a name for the report, the customized report will be filed in the left pane
below the preconfigured report.
By default, a customized report is stored as private for the user who created it and only
appears in that user’s list of reports. The owner, or the NetWorker administrator, may
choose to share the report with others by right-clicking the report name in the left pane and
choosing Share from the context menu. Once enabled for sharing, the report appears in
the list of reports for all users.
Command line reports may only be printed or run to generate exported output. They
cannot be saved or shared. Drill-down reports cannot be run from the command line.
Note: Support of command line reporting requires JRE version 7 or later. Uncomment and
change the SET JAVA_HOME statement in the gstclreport.bat file to the Java location
prior to running the command.
Statistical Data consists of all save set data, retrieved from a NetWorker server’s media
database, for use in generating backup statistics reports. Once retrieved from a NetWorker
server and stored in the NMC database, the save set data is retained, by default, for a
period of one year.
Recover Statistics consists of all recovery operations performed by NetWorker servers. This
information is kept in the console database for one year, by default.
Audit Data is kept in the NMC database for one year, by default. This information consists
of a complete record of all activities performed by all NMC users.
Completion Data is kept for one month, by default. Completion data includes information
about all backed up save sets.
Completion Messages include the success/failure status of each backup. By default, this
information is retained for two weeks.
You can configure it using either the Server tab in NetWorker Administration or the
nsradmin command. ConnectEMC provides an email report of only RAP database
information. The following are not included:
• Log data
• Backup summary information and backup data
• Non-NetWorker configuration information
• Passwords and other security sensitive information
• Any options specified in the Exclude attributes or Exclude resources fields
Note: Both ConnectEMC and Report Home can be used to provide the same information to
EMC Support. ConnectEMC is the preferred option and care should be taken to ensure that
both options are not configured.
There are numerous preconfigured NetWorker notifications, so that when a particular event
occurs at a specific priority, it can perform some action to either correct the situation or
somehow notify the NetWorker administrator that the condition exists.
Lastly, the Action attribute specifies the command that is executed when a selected event
at a specified priority occurs. For a NetWorker server running Microsoft Windows,
NetWorker provides the following commands that are commonly used in notifications:
• nsrlog which directs the message contents to a specified log file
• nsrlpr can be used to send the message contents to a printer
• smtpmail is used to email message contents to a specified email address
A Linux NetWorker server already has the utilities necessary for logging information (the
syslog facility and the logger command), printing (lp or lpr), and sending email (mail or
mailx).
To customize a NetWorker environment, you can either modify the action performed for an
existing notification or you can create a customized notification. This may involve creating a
new notification or copying an existing notification and modifying the action, resulting in
multiple actions being performed for the same event.
Note: Any path name specified in the Action attribute that contains a space character
must be enclosed in double quotes.
Server parallelism defines the number of simultaneous data streams that the NetWorker
server allows. Each storage node that you enable and connect to the NetWorker server
increases the maximum parallelism value. The default value with one storage node is 32.
Typically, it is recommended that this value be set as high as possible without overloading
the NetWorker server.
Action parallelism defines the maximum number of concurrent activities that can occur on
all clients in a group that is associated with the workflow that contains the action. For a
backup action, the default parallelism value is 100, for clone actions it is 10, and all other
action types have a default value of 0, meaning unrestricted.
Pool parallelism defines the maximum number of simultaneous sessions that can be sent to
a particular NetWorker pool. The default value is 0, meaning unrestricted.
Save streams cannot be multiplexed when server parallelism is set to 1 because the
NetWorker server only allows one save set at a time to be backed up. Save sets are backed
up on a first-come, first-serve basis until the parallelism value is reached.
Note: This slide is for illustration purposes only, it is never recommended to set the server
parallelism to a value of 1.
The number of save streams assigned to a device is determined by the value of the device
resource’s Target sessions attribute. When a device is receiving the number of save
streams specified by its Target sessions value, the NetWorker server attempts to direct
additional save sets to other available devices. If there are no other devices available to
receive additional save streams, the NetWorker server can direct the save streams to the
device already receiving its target number of save streams. Thus, Target sessions is not a
hard limit; the NetWorker server can override the value if necessary.
Each device resource also has an attribute called Max sessions. This attribute is a hard
limit on the number of save streams that may be directed to the device.
Note: This slide is for illustration purposes only, it is never recommended to set the server
parallelism to a value of 2.
The following steps explain how the backup illustrated in the slide occurs.
1. Client oboe backs up its /usr and /mail save sets. The save streams are directed to the
first device because its Target sessions value is set to 2.
2. Client clarinet’s /mail and /tmp save sets are directed to the second device because the
first device is already receiving the number of save streams specified by its Target
sessions value. At this point, both devices are now receiving their desired number of
save streams.
3. Since server parallelism is 8, the NetWorker server will start four additional save
sessions. Since a device’s Target sessions is a soft limit, the server overrides the
value and directs the streams to the two devices.
Although the slide depicts the save streams being directed to the devices in a round-robin
fashion, each additional save stream is directed to the least utilized device as determined
by the device resource’s Accesses attribute.
Note: The slide assumes that both devices contain a volume from the same pool and that
all save sets can be written to that pool. If multiple pools are used for the save sets, the
behavior of the backups may be considerably different.
This feature is enabled for scheduled file system backups by checking the Parallel save
streams per save set client resource property.
Optionally, support is provided to specify the number of streams to use per save set. This
can be done by defining the PSS:streams_per_ss variable under the Save operations
attribute of the client properties Apps & Modules tab.
Note: When using the PSS:streams_per_ss variable, it is recommended to set the client
parallelism to 4 or a value higher than the PSS:streams_per_ss variable. Failure to do so
could result in failure of PSS backups.
• Known Hosts — Provides information about the configured hosts and their certificates,
NetWorker version, operating system, and performed software operations. You can also
determine whether the host is eligible for an upgrade.
• Software Inventory — Displays information about the software packages that are
installed on the host, and provides the option to upgrade the software and monitor the
upgrade in the Software Operations pane.
Right-click Known Hosts to use the context menu to perform tasks such as displaying host
details, performing an inventory, upgrading software and configuring local ports.
Upgrade Software on the context menu provides the option to upgrade the software and
monitor the upgrade in the Software Operations pane.
Add to Repository on the context menu provides the option to add software packages to
the software repository.
By default, NetWorker will use the location NetWorker install\repository for the
software repository. If you want to use an alternate location, create the directory that you
want to use. Then, use Add to Repository from the Software Repository pane to specify
the location of the repository and to add NetWorker software packages into the repository.
On an on-going basis, manage the repository by adding and deleting software, as needed.
Note: The EMC NetWorker Updating to NetWorker 9.0 from a Previous NetWorker Release
Guide describes how to use Package Manager to update NetWorker software.
Perform Inventory provides information about the current software version, operating
system and performed software operations for the selected host(s).
Software Inventory displays information about the NetWorker software that is installed
on known hosts in the datazone. The information that appears in this view is based on
information that is gathered during the last inventory operation. You can only run an
inventory operation after you add software into the software repository.
The slide shows an example of using NetWorker Host Management to upgrade the client
package on the client, nwwindows.emc.edu, from NetWorker version 8.2 to version 9.
Note: Before upgrading, ensure that all NetWorker scheduled backups have been stopped.
Multiple resources, such as clients, devices, and storage nodes, etc., can be assigned with a
Restricted Data Zone for better utilization. Restricted Data Zones are a standard feature in
NetWorker version 8.0 and higher, therefore no additional licenses are required for use.
The Restricted Data Zone feature results in autonomy for tenants in a hosted or service
provider environment, and a simplified experience for NetWorker administrators.
• You can also associate an RDZ resource to an individual resource (for example, to a
client, protection policy, protection group, and so on) from the resource itself.
• Non-default resources, that are previously associated to the global zone and therefore
unusable by an RDZ, are now shared resources that can be used by an RDZ.
The Global Administrator performs the role of an administrator over the entire datazone as
well as setup and configuration of restricted Data Zones.
The Tenant Administrator can view all resources in a Restricted Data Zone but can only
modify resources designated to them for modification.
Restricted Data Zones are complex. When attempting to utilize the Restricted Data Zone
capabilities in an existing NetWorker environment, changes have to be made in order to fit
Restricted Data Zones. If an environment is considering using Restricted Data Zones, it is
best to start the process on the initial NetWorker install with a new environment rather than
trying to modify an existing NetWorker environment to use Restricted Data Zones.
For a complete list of rules and a more detailed discussion of Restricted Data Zones, please
refer to the EMC NetWorker Administration Guide.
Configuration is performed by adding users and roles along with their associated privileges
to the user configuration. Next, select the resources available within the NetWorker
datazone that you are granting the Restricted Data Zone permission to use.
For more information about configuring Restricted Data Zones, refer to the EMC NetWorker
Administration Guide.
You can use NetWorker BMR for recovery of both physical and virtual hosts. NetWorker
Windows BMR supports file system backup and recovery. Additional backup and recovery
software, such as NetWorker Module for Microsoft (NMM), and procedures are required for
backup and restore of application data.
The DISASTER_RECOVERY:\ save set includes all critical volumes, the WINDOWS ROLES
AND FEATURES save set, the System Reserved partition, and the UEFI partition, if
available. The WINDOWS ROLES AND FEATURES save set contains data associated with the
roles and features installed on the Windows server and metadata that represents the
volume data which the ALL or DISASTER_RECOVER:\ save set backs up. Note that block
based backups do not support this save set.
Critical volumes are volumes that contain files for an installed Windows service, any non-
critical volume that has a critical volume mounted on it, a non-critical volume that serves as
a parent to a critical volume, and all volumes on a dynamic disk if at least one volume is
critical. Note that files that are associated with application VSS writers are not backed up as
part of the DISASTER_RECOVERY:\ save set and cannot be recovered unless they are
backed up by an application backup program, such as NMM. The DISASTER_RECOVERY:\
save set does not include data for clusters, Active Directory, DFS-R, and Windows Failover
Cluster.
Refer to the NetWorker Administration Guide for a complete discussion of the components
of the DISASTER_RECOVERY:\ save set.
• The source and target hosts use the same operating system architecture and processor
architecture.
• The startup hard disk capacity must at least as large as that of the source host.
• The number of disks on the target host is greater than or equal to the number of disks
there were on the source host. The disk LUN numbering on the target host must match
the disk LUN numbering on the source host.
• The RAID configuration on the target computer cannot interfere with the disk order of
the hard disks. The disk or RAID drivers used on the source system are compatible with
the disk or RAID controllers in the target system. The recovery process restores the
backup to the same logical disk number that was used by the source host. You cannot
restore the operating system to another hard disk.
• Windows BMR supports IDE, SATA, or SCSI hard disks. You can make the backup on one
type of hard disk and recover on another type of hard disk. For example, SAS to SATA is
supported.
• NIC drivers that match the NIC in the target host. These drives are installed after the
recovery and reboot completes.
In order to perform a BMR, a valid backup of the DISASTER_RECOVERY:\ save set must
exist. This can be verified by performing a save set query from the NetWorker
Administration Media window. Next, ensure you have configuration information such as
driver software if the new host has different hardware than the source host, network name
and IP address of the target host and the NetWorker server and storage node, the default
gateway and name of the DNS server, and the NetWorker volumes that contain the backup
save sets.
You use the Windows BMR image available from http://support.emc.com to create a
bootable CD or deploy this image for a network boot operation. The Windows BMR image
contains the Windows PE operating system, NetWorker binaries and a wizard which controls
the recovery process. When the Windows host is booted using the Windows BMR image, the
recovery process starts the NetWorker BMR wizard which will guide the user through the
recovery process. The BMR process restores the operating system that was installed on the
source host. If recovering to a different host with different hardware, after the recovery and
reboot completes, Windows prompts the user to install the required drivers. As mentioned
previously, data from non-critical volumes including user files and application database files
must be recovered after performing the disaster recovery.
For a complete discussion of Windows server disaster recovery operations with NetWorker,
please refer to the NetWorker Administration Guide. As with all recovery operations, it is
recommended that the process and procedures for Windows server disaster recovery be
tested without completing the entire recovery process (exit before formatting the drives
and performing the actual recovery) to ensure successful recovery when needed. Be aware
that running the wizard to completion will format the disks chosen to restore which erases
any existing data.
When using a clustering application, all nodes in a cluster share one or more disk resources.
In an active/passive cluster, only one of the nodes in the cluster is active at any given time.
The active node is responsible for managing the shared resources. All other nodes in the
cluster are passive nodes. If the active node fails for any reason, one of the passive nodes
will take control of the shared resources.
Clustering can involve more than two nodes and may also involve load balancing. Clustering
can also be configured in active/active arrangements where there are multiple shared
resources and each of the nodes is the active node for one or more resources. This module
covers a basic cluster environment of two nodes in an active/passive configuration.
A virtual service is not a physical host, but rather a shared resource that each node of the
cluster can access. Each shared resource may be comprised of multiple components, such
as files, processes, data, and so on, and is assigned its own hostname and IP address. It is
seen by hosts outside the cluster as a normal physical host.
During normal operation, the active node manages all communication between the virtual
services and other hosts on the network. If a planned shutdown or failure of the active node
occurs, control of the virtual services is transferred to the other node in the cluster, which
changes from the passive to the active node.
When the failed node is returned to a functional condition, it becomes the passive node and
is available for failover in the event of a failure of the current active node.
Creating a cluster-aware NetWorker application involves DNS preparation and also tasks
that must be run that are applicable to each type of supported cluster environment.
Clustering a NetWorker client involves installing NetWorker client software on each node in
the cluster and making the clients cluster-aware. In addition to creating NetWorker client
resources for each node, one or more client resources are created for each virtual service.
This course provides an overview of the generic steps for configuring NetWorker in a
clustered environment. Procedures for preparing the cluster and for creating cluster-aware
NetWorker clients differ by type of supported cluster environment. For this information,
please refer to the EMC NetWorker Cluster Integration Guide.
With most cluster types, you run a cluster configuration script to configure a cluster-aware
client. This slide shows the location of the script by type of cluster environment. Note that
there may be additional steps to create a cluster-aware client depending upon the cluster
type.
For MSFCS clusters, NetWorker supports backup and recovery of file system data on
Windows Server 2012 and Windows Server 2012 R2 file servers configured for Windows
Continuous Availability with Cluster Shared Volumes (CSV).
For detailed configuration steps for cluster-aware clients, please refer to the Configuring the
Cluster chapter in the EMC NetWorker Cluster Integration Guide.
Each physical node backs up data residing on its own local disks. You create NetWorker
client resources for the physical nodes as you would a non-clustered backup client.
A virtual client backs up the shared clustered data. If the cluster has multiple virtual
services which require multiple hostnames and IP addresses, it is necessary to create at
least one NetWorker client resource for each virtual service. Specify the root user or system
account for each physical node within the cluster in the Remote Access field. This allows
recoveries of the virtual client to be performed by the active node, regardless of which node
is currently active. Specify any environment variables in the Application Information field.
For example, you might optionally specify a preferred server order list for a CSV backup.
When creating the client resources, make sure that the Save set attribute of the virtual
client(s) and the nodes account for all data, shared and non-shared, on the systems.
Ensure that the virtual client is backing up all shared data and that the NetWorker client
resource of each node includes the local data on that host. Although the All save set is
supported for a virtual client, it is recommended that you use the All save set only for the
nodes. When All is specified for a node, it does not include the shared data.
As with any NetWorker client, multiple client resources may be configured for each node
and virtual service. Remember that each virtual client has its own hostname and IP address
and that all hosts must be listed in the appropriate name service database. It is important
that reverse lookups behave correctly.
Recovery of data backed up from a private disk on a physical node follows the same
procedures as for a non-clustered host. If a recovery of data from the shared resource is
required, whichever node is active can perform the recovery. Ensure that the Remote
Access attribute of the virtual client resource contains an entry for each physical cluster
node.
In a UNIX cluster, the virtual client’s shared data is mounted on the active node. To recover
data belonging to the virtual client, a normal browsable or save set recovery is performed
from the active node. However, the virtual client is selected as the source client and the
data must be relocated to the directory on the active node where the shared data is
mounted.
To recover data to the virtual client in a Windows environment, the active node is the
administering client in the recovery and the virtual client is both the source and destination
clients.
To ignore path ownership rules and force a back up of file systems that a client does not
own, you can create an empty pathownerignore file in the directory containing the
NetWorker binaries. This file is created on each node. Its existence forces NetWorker to
back up all specified save sets regardless of ownership conflicts. It is important to realize
that creating the pathownerignore file is not recommended, but may be necessary if the
cluster resources are incorrectly configured. Remember that this file does not override the
path ownership rules, it simply ignores them. This may result in tracking information being
sent to an incorrect CFI, possibly causing problems when performing browsable recoveries.
To force save sets to be written to a specific CFI, it is necessary to modify the Backup
command attribute of the client whose data is being sent to the incorrect CFI. The
following command should be placed in this attribute: save –c client_name where
client_name is the hostname of the client being backed up.
If you are backing up an application server using a NetWorker module, make sure that you
are using the -c client_name arguments (or similar arguments) required by the NetWorker
module. Refer to the applicable module documentation for details on options for the backup
command used by each NetWorker module.
Note: Use the mminfo command to confirm that the backup information saves to the
correct client file index. (Details from the NetWorker Administration Monitoring window
indicate that backups correspond to the physical client where you configured the save sets.)
In the configuration shown on the slide, both cluster nodes are functional storage nodes.
The active node (Node A) backs up its local save sets to its own backup device, and the
passive node (Node B) backs up its local save sets to its own backup device. Save sets
belonging to the virtual client are backed up by the active node (Node A) to a device
controlled by the active node.
Additionally, clients outside the cluster can be configured to direct their save sets to any
NetWorker storage node residing within the cluster. Since the storage node is not a shared
resource, if either Node A or Node B fails, the storage nodes list of each physical or virtual
client backing up to the failed node will be consulted to determine where to redirect the
backup.
Although some clustering products have the ability to fail over backup devices between
nodes, it is beyond the scope of this course.
When you install the NetWorker server, the installation process creates the default Server
Protection policy for NMC and NetWorker server backup and maintenance activities. The
Server Protection policy includes the Server backup and NMC server backup default
workflows. You can edit and change the default policy and associated workflows and
actions, and also create your own policies and workflows for NetWorker and NMC server
protection.
Once you install the NMC server and connect to the NMC GUI for the first time, the Console
Configuration wizard prompts the administrator to configure the NetWorker server that
will back up the NMC server database.
The Server db backup action performs a bootstrap backup and a backup of the client file
indexes, by default. The data in the bootstrap backup enables you to perform a disaster
recovery of the NetWorker server. The bootstrap backup contains the media database,
authentication service database and the resource files (resource database and the Package
Manager database).
The Server Protection group is assigned to the Server backup workflow. This contains a
dynamically generated list of the client resources for the NetWorker server. By default, the
Server backup workflow is configured to back up to the Default pool. This should be
changed in the Server db backup action to a configured pool in your backup environment.
As a best practice, it is recommended to write all bootstrap and Client File Index backups to
a dedicated pool.
Notes:
The NMC server database backup only supports full and skip backup levels.
The Server backup Action report, displayed here, is generated when the Server db
backup action runs. The report shows the backup save sets and the Bootstrap backup
report, including the save set id and volumes for recent bootstrap save sets. This report is
included in the notification when the workflows and actions for the Server Protection
policy complete. By default, this notification is appended to the file,
policy_notifications.log in the …\nsr\logs directory, along with notifications sent to
that file by all other running policies.
To isolate the notifications about server protection, you can change the notification for the
Server Protection policy to go to another file or to go to email. You can also just show
information about the Server db backup action by configuring a notification at the action
level that will be created when the action completes. This is shown on the slide.
Any way you choose to receive the Server backup Action report, it is important to ensure
that you are regularly receiving the bootstrap information and filing it in a safe location for
later reference in case a recovery is necessary.
Another way to locate the bootstrap save set is with the mminfo – B command. This
command displays a list of bootstrap save sets with their save set ID and volume
information. The exact location (file and record number) of the save set on the volumes is
also displayed when tape media is used.
The slide summarizes the steps needed to perform a complete recovery of a NetWorker
server. The steps assume that the original server is no longer available and a new
NetWorker server is being configured.
1. Before installing NetWorker, verify the functionality of the server it is being installed
on.
2. To recover the bootstrap save set, NetWorker must already be installed. Thus, it is
necessary to perform a default installation of the NetWorker server. The original
default resource files will be installed, in addition to an empty media and jobs
database.
3. After starting all the NetWorker daemons/services, the only customization you must
perform to the default NW installation is to create a device resource for the device
used to recover the bootstrap save set.
4. Use nsrdr to recover the bootstrap save set and optionally recover the client file
indexes.
Note: Although recovery of the bootstrap save set is required during recovery of a
NetWorker server, recovery of individual client file index save sets is optional. A client file
index provides a browsable interface during recovery, as well as the ability to easily recover
to a particular point in time. If these benefits are not immediately necessary, you may
decide not to recover the CFI of individual (or all) clients, especially if an index is extremely
large. If you choose not to recover a client’s index, you must create an empty CFI prior to
the next backup of the client.
2. Configure a NetWorker device resource and insert the volume containing the bootstrap
save set into the device. Make sure you do not label the volume as you will erase all
data on it.
3. Using nsrdr is the only method of recovering the bootstrap save set.
nsrdr is interactive, prompting for the SSID of the bootstrap save set being recovered. It
also prompts you to replace the existing resource configuration database folder, to replace
the NetWorker Authentication Server database file, and to recover the client file indexes.
To insert missing volume or save set information into the media database, the scanner
command is used to scan a volume and insert information directly into the media database
(and optionally, client file indexes) while reading the volume.
The conditions shown in the slide are discussed on the following pages.
The daemon.raw file in the NetWorker server log directory may contain an entry showing
which volume the most recent bootstrap save set was written to.
If the previous method does not provide a volume name, another option is to use the
scanner command with the -B option to locate information about bootstrap save sets. This
method requires that you guess which volume contains the most recent bootstrap save set
and manually load it into a drive before running scanner.
scanner -B reads an entire volume and displays information about the most recent
bootstrap save set found. Depending on the size of the volume and the speed of the device,
this process can sometimes be lengthy. If the most recent bootstrap save set on the
volume is not the one you want, load another volume into the drive and run scanner again.
Note: scanner reads the volume directly without using nsrmmd. Therefore, it is not
necessary that NetWorker services be running.
By default, nsrdr will mark all disk volumes in the database as read-only and scan needed
to indicate that you must scan the save set information back into the media database
before you can use the volume. For tape volumes, if you suspect that backups or clones
were written to those volumes after the latest bootstrap was created, running the nsrdr
command with the –N option will cause the scan needed flag to be set on all volumes.
To find out if there are any volumes with save sets that need to be scanned, select Tape
Volumes or Disk Volumes from the NetWorker Administration Media window. You can
manually change the mode of a volume to scan needed by right-clicking the volume in the
right pane and selecting Mark Scan Needed > Scan is needed.
To clear the scan needed volume flag for disk volumes, first run the scanner –i device
command. For tape volumes, when the scan needed mode is set and you try to mount a
tape volume that has save sets newer than what is recorded in the media database, you will
receive a message with the last known file and record number in the media database. If
you suspect that there were save sets that were saved after the last bootstrap backup, use
this information with the scanner –f file –r record –I device command to scan the
volume from the last known record numbers. Then, to remove the scan needed flag from
the volume, from the NetWorker Administration Media window, right-click the volume and
select Scan is NOT needed from the Mark Scan Needed window.
See the NetWorker Command Reference Guide and the NetWorker Administration Guide for
more information.
To recover only specific CFIs, run nsrdr with the –I command line option to specify a list of
clients or use the –f option to specify an input file.
Important: When recovering an index that already contains entries, the entries being
recovered are merged with the existing entries.
For Linux hosts, if you did not install NMC server software in the default path /opt/lgtonmc,
add the NMC_install_dir/bin directory to the LD_LIBRARY_PATH environment variable.
Note: For more information on recoverpsm, please refer to EMC NetWorker Administration
Guide and the EMC NetWorker Command Reference Guide.