AVE 1.2.2 Install

EMC AVAMAR
VIRTUAL EDITION 1.2
SYSTEM INSTALLATION GUIDE

P/N 300-008-597 REV A04
EMC CORPORATION COPORATE HEADQUARTERS: HOPKINTON, MA 01748-9103 1-508-435-1000 WWW.EMC.COM
Copyright and Trademark Notices

This document contains information proprietary to EMC. Due to continuing product development, product specifications and capabilities are subject to change without notice. You may not disclose or use any proprietary information or reproduce or transmit any part of this document in any form or by any means, electronic or mechanical, for any purpose, without written permission from EMC. EMC has made every effort to keep the information in this document current and accurate as of the date of publication or revision. However, EMC does not guarantee or imply that this document is error free or accurate with regard to any particular specification. In no event will EMC be liable for direct, indirect, incidental or consequential damages resulting from any defect in the documentation, even if advised of the possibility of such damages. No EMC agent or employee is authorized to make any modification, extension or addition to the above statements. EMC may have patents, patent applications, trademarks, copyrights or other intellectual property rights covering subject matter in this document. The furnishing of this document does not provide any license to these patents, trademarks, copyrights or other intellectual property. The Avamar Agent for Microsoft Windows incorporates Open Transaction Manager (OTM), a product of Columbia Data Products, Inc. (CDP). CDP assumes no liability for any claim that may arise regarding this incorporation. In addition, EMC disclaims all warranties, both express and implied, arising from the use of Open Transaction Manager. Copyright 1999-2002 Columbia Data Products, Inc. Altamonte Springs. All rights reserved. Avamar, RAIN and AvaSphere are trademarks or registered trademarks of EMC in the US and/or other countries. All other product names and/or slogans mentioned herein may be trademarks or registered trademarks of their respective companies. All information presented here is subject to change and intended for general information. Copyright 2002-2009 EMC. All rights reserved. Protected by US Patents No. 6,704,730, 6,810,398 and patents pending. Printed in the USA.
TABLE OF CONTENTS
Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Scope and Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Product Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Your Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Typeface Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Notes, Tips and Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 5 5 6 6
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Appropriate Environments for AVE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Limits and Thresholds. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Important Terms and Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Avamar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 VMware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Preinstallation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Virtual Machine Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Additional Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Benchmark Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Preparing the Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running ave-part-XX.sh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running netconfig . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running dpnnetutil . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing VMware Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running Benchmark Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ending Benchmark Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Analyzing Benchmark Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Read and Write Test Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Seek Test Results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Finalizing Benchmark Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 19 20 21 23 23 24 25 25 25 27
Avamar Virtual Edition Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Install and Configure Server Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installation Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Run avqinstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL 28 28 29 29 29 3
TABLE OF CONTENTS Run ave-post-1.2.sh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Update the Message Of The Day (MOTD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Post-Install Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Setting Up Enterprise Authentication (Optional) . . . . . . . . . . . . . . . . . . . 34

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Supported Components and Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Avamar Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 External Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Back Up Configuration Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Configure LDAP Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Configuring LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Configure NIS Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Configure Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 LDAP Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 NIS Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Authentication Failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Debugging Login Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Restoring ldap Configuration After Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Postinstallation Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Obtain and Install a Server License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Modify the Default Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Configure Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Back Up Configuration Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Change Avamar Passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Configure and Enable the Email Home Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Modify mcserver.xml Email Home Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Configure and Enable the High Priority Events Profile . . . . . . . . . . . . . . . . . . . . . . . 64 Add a Custom Security Notification to Web Login Pages . . . . . . . . . . . . . . . . . . . . . . . . 65 Review AVE Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
System Readiness Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Start Scheduled Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Install and Test Avamar Windows Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Install and Test Avamar Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Install and Test Avamar Linux Client (Contingent) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Install and Test Avamar Solaris Client (Contingent). . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Install and Test Avamar HP-UX Client (Contingent) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Install and Test Avamar AIX Client (Contingent) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 The Following Day . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Appendix A Logging into the Avamar Server . . . . . . . . . . . . . . . . . . 70

Logging in Using the admin User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Switching to the root User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Switching to the dpn User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Appendix B Installation Supplemental Reference . . . . . . . . . . . . . . . 72

avqinstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 avw_install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 avw-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL
FOREWORD
Scope and Intended Audience
Scope. This publication describes how to remotely set up, configure and install all supported configurations of Avamar Virtual Edition v1.2. Intended Audience. The information in this publication is intended primarily for persons responsible for configuring and installing new Avamar Virtual Edition servers for use at customer sites. That person must have knowledge of VMware administration (ESX Server, in particular), including the creation of a Virtual Machine Disk Format (VMDK) environment.
Product Information
For current documentation, release notes, software updates, as well as information about EMC products, licensing and service, go to the EMC Powerlink web site at http://Powerlink.EMC.com.
Your Comments
Your suggestions will help us continue to improve the accuracy, organization and overall quality of the user publications. Please send your opinion of this document to: SSGDocumentation@emc.com Please include the following information: Product name and version Document name, part number and revision (for example, A01) Page numbers Other details that will help us address the documentation issue
Notes, Tips and Warnings FOREWORD
Typeface Conventions
The following table provides examples of standard typeface styles used in this publication to convey various kinds of information.
EXAMPLE DESCRIPTION
Click OK. - or Select File > Close.
Bold text denotes actual Graphical User Interface (GUI) buttons, commands, menus and options (any GUI element that initiates action). Also note in the second example that sequential commands are separated by a greater-than (>) character. In this example, you are being instructed to select the Close command from the File menu.
Type: cd /temp --logfile=FILE
Bold fixed-width text denotes shell commands that must be entered exactly as they appear in this publication. All caps text often denotes a placeholder (token) for an actual value that must be supplied by the user. In this example, FILE would be an actual filename. Regular (not bold) fixed-width text denotes command shell messages. It is also used to list code and file contents.
Installation Complete.
Notes, Tips and Warnings

The following kinds of notes, tips and warnings appear in this publication: IMPORTANT: This is a warning. Warnings always contain information that if not heeded could result in unpredictable system behavior or loss of data.
TIP: This is a tip. Tips present optional information intended to improve your productivity or otherwise enhance your experience with our product. Tips never contain information that will cause a failure if ignored.
NOTE: This is a general note. Notes contain ancillary information intended to clarify a topic or procedure. Notes never contain information that will cause a failure if ignored.
INTRODUCTION
EMC Avamar Virtual Edition (AVE) is a single-node non-RAIN (Redundant Array of Independent Nodes) Avamar server that runs as a virtual machine in a VMware ESX Server (3x) environment. It integrates the latest version of Avamar software with Red Hat Enterprise Linux RHEL4.6 as a VMware virtual machine. AVE is similar to existing single-node Avamar offerings on physical machines in the following ways: Runs autonomously as a target for all Avamar client backups. Perfoms replication to a physical Avamar system or another AVE. The AVE virtual machine cannot be configured as an access or accelerator node. Configurations. AVE is available in three configurations: 0.5 TB, 1 TB and 2 TB licensed capacity. It is not scalable; that is, expansion to a multinode Avamar server is not supported. You can increase storage capacity by deploying additional AVEs and dividing backups among them. See the EMC Avamar Compatibility and Interoperability Matrix on the EMC Powerlink web site at http://Powerlink.EMC.com for a complete list of supported ESX Server/AVE configuration scenarios. Installation. Installation of AVE is intended to be done by EMC-trained personnel. Server hardware and the virtual environment must meet resource capability benchmarks according to results from the AVE Performance Assurance Tool (PAT). This tool also simulates the load imposed on the ESX Server so that the customer can gauge the potential impact on the targeted ESX Server. IMPORTANT: The AVE PAT must be run for a minimum of 24 hours prior to sale. Also, this tool must be run at the beginning of the installation process. It is included in the product installation package. For presales purposes, download it from the following Avamar FTP site. ftp://ave_user:avamar@ftp.avamar.com/AVD-1.0
Appropriate Environments for AVE INTRODUCTION Compatibility. AVE supports VMware guest, console and VCB backup clients. Integration with VMware VMotion is supported. Direct Attached Storage (DAS) and Storage Area Network (SAN) are supported. Tapeout is not supported. Typical Avamar software upgrades are supported except in those cases that require a new operating system. In such cases, migration is required.
Appropriate Environments for AVE

The following factors have the most direct impact on the long-term reliability, availability and supportability of the AVE server: I/O performance capability of the AVE storage subsystem Amount of data added daily to the AVE server (change rate) Capacity utilized within the AVE server Specifications in this section and Virtual Machine Requirements (page 14) describe minimum or maximum requirements for these factors. AVE generally performs better when I/O performance is higher, and change rate and utilized capacity are lower. To maximize the capacity that can be utilized within the AVE server, the daily change rate of the data being protected by AVE must be balanced with adequate I/O performance. The first step in determining the proper implementation of AVE is to establish which kind of customer environment AVE will be used to protect.
Appropriate Environments for AVE INTRODUCTION Use the following change rate and capacity data to make this determination:
CUSTOMER ENVIRONMENT CONFIGURATION FILE SERVER MIXED
0.5 TB AVE Required average amount of data added daily (Max. Change Rate)
Less than 2 GB per day For example, this change rate corresponds to 650 GB of 100% file server data capacity or 0.3% daily change rate. See note that follows.
Less than 5 GB per day For example, this change rate corresponds to 500 GB of less than 20% Microsoft Exchange or SQL Server database data and greater than 80% file server data capacity. That is 3% daily change rate for Exchange and SQL Server data, 0.3% for file server data or 1% overall. See note that follows. Less than 10 GB per day For example, this change rate corresponds to 1.0 TB of less than 20% Microsoft Exchange or SQL Server database data and greater than 80% file server data capacity. That is 3% daily change rate for Exchange and SQL Server data, 0.3% for file server data or 1% overall. See note that follows. Less than 20 GB per day
Less than 4 GB per day For example, this change rate corresponds to 1.3 TB of 100% file server data capacity or 0.3% daily change rate. See note that follows.
Less than 8 GB per day
NOTE: Actual results depend on retention policy and actual data change rate. If the daily change rate is greater than 5 GB per day for a 0.5 TB configuration, 10 GB per day for a 1.0 TB configuration or 20 GB for a 2.0 TB configuration, deployment of a single-node AVE or Avamar software on a qualified physical server node is required.
Appropriate Environments for AVE INTRODUCTION
Limits and Thresholds

The Avamar software in AVE is initially configured with a read-only limit about one-third lower than the threshold associated with the licensed capacity. The following information describes how your server will behave as it crosses various consumed storage thresholds. 100% The Server Read-Only Limit. When server utilization reaches 100% of total storage capacity, it automatically becomes read-only. This is done to protect the integrity of the data already stored on the server. Before you reach this point, you should contact EMC Technical Support to discuss measures that can be taken to prolong data storage on your Avamar server. This might include changing retention policies or migrating data. 95% The Health Check Limit. Although an Avamar server could be allowed to consume 100% of available storage capacity (that is, hit the server read-only limit), it is not a good practice to actually let that occur. Consuming all available storage can prevent certain server maintenance activities from running, which might otherwise free additional storage capacity for backups. For that reason, a second limit is established called the health check limit. This is the amount of storage capacity that can be consumed and still have a healthy server. This health check limit is derived by subtracting some percentage of server storage capacity from the server read-only limit. The default health check limit is 95%. You can customize this setting to meet your specific site requirements but setting this limit higher than 95% is not recommended. When server utilization reaches the health check limit, existing backups are allowed to complete, but all new backup activity is suspended. Notifications are also sent in the form of a pop-up alert each time you log into Avamar Administrator and a system event will require acknowledgment before any future backup activity can resume. 80% Capacity Warning Issued. When server utilization reaches 80%, a pop-up notification will inform you that the server has consumed 80% of its available storage capacity. Avamar Enterprise Manager capacity state icons are yellow. Refer to the Avamar System Administration Manual for additional information about customizing capacity limits and acknowledging system events.
10
Important Terms and Concepts INTRODUCTION
Important Terms and Concepts

The Avamar server in an AVE is installed on a virtual machine rather than specific rack-mountable hardware. Given this context, certain industry terms and concepts are defined as follows:
Avamar
Node. The primary building block in any Avamar system is a node. Each node is a self-contained, network-addressable server that runs Avamar software and the Linux operating system on a virtual machine. Single-Node Server. Single-node Avamar servers combine all the features and functions of Avamar software on a single node. Multinode implementations of Avamar servers are capable of subdividing these features into utility and storage nodes. AVE does not support this type of scalable multinode configuration.
VMware
COS. Console Operating System refers to the core VMware ESX Server operating system and root console. COS may also refer to the ESX Service Console. ESX Server Farm. storage. A logical grouping of VMware ESX Servers that share
RDM. Raw disk mapping is a construct that maps a virtual disk to a pass-through SCSI device. VIN. Virtual infrastructure node is a VMware licensing bundle that includes licenses for ESX Server, VMotion and VSMP, and a VirtualCenter node license. VMware ESX Server. VMware ESX Server is the foundation for delivering virtualization-based distributed service to IT environments. A core building block of VMware Infrastructure, ESX Server is a virtualization layer that abstracts processor, memory, storage and networking resources into multiple virtual machines running side-by-side on the same server. VMware Virtual Machine File System (VMFS). VMware VMFS (Virtual Machine File System) is a high-performance cluster file system for ESX Server virtual machines. Each virtual machine is encapsulated in a small set of files and VMFS is the default storage system for these files on physical SCSI disks and partitions. VirtualCenter Management Server. VirtualCenter delivers centralized management, operational automation, resource optimization and high availability to IT environments. VMware Virtual Machine. Representation of a physical machine by software. A virtual machine has its own set of virtual hardware (such as RAM, CPU, NIC and hard disks) upon which an operating system and applications are loaded. The operating system sees a consistent, normalized set of hardware regardless of the actual physical hardware components. VMware virtual machines contain advanced AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL 11
Important Terms and Concepts INTRODUCTION hardware features such as 64-bit computing and virtual symmetric multiprocessing. Virtual machines are designated to a particular Host, Cluster or Resource Pool and a Datastore when they are created. A virtual machine consumes resources like a physical appliance consumes electricity. While in powered-off, suspended or idle state, it consumes no resources. Once poweredon, it consumes resources dynamically by using more as the workload increases and returning them as the workload decreases. Virtual Infrastructure Client (VI Client). An interface that allows administrators and users to connect remotely to the VirtualCenter Management Server or individual ESX Server installations from any Windows platform. Virtual Infrastructure Web Access. A web interface for virtual machine management and remote consoles access. VMware Consolidated Backup. VMware Consolidated Backup provides an easy to use, centralized facility for LAN-free backup of virtual machines. A set of drivers and scripts enable virtual machine disk contents to be backed up from a centralized Windows Server 2003 proxy server rather than directly from the ESX Server. Host. The virtual representation of the computing and memory resources of a physical machine that runs the ESX Server. Cluster. The aggregate computing and memory resources when one or more physical machines are grouped together to work and be managed as a whole. Machines can be dynamically added or removed from a cluster. Resource Pool. Computing and memory resources from hosts and clusters can be finely partitioned into a hierarchy of resource pools. Datastore. Virtual representations of combinations of underlying physical storage resources in the data center. These physical storage resources can be provisioned from the local SCSI disks of the server, Fibre Channel SAN disk arrays, iSCSI SAN disk arrays or Network Attached Storage (NAS) arrays. Networks. In the virtual environment, networks connect virtual machines to each other or to the physical network outside of the virtual data center.
12
PREINSTALLATION REQUIREMENTS
The Avamar Virtual Edition (AVE) consists of a single-node Avamar server (nonRAIN) with 0.5 TB, 1.0 TB or 2.0 TB licensed capacity that runs on a VMware ESX Server virtual machine. The 0.5 TB AVE is installed into four partitions: One operating system partition (60 GB) Three storage partitions (250 GB each) The 1.0 TB AVE is installed into seven partitions: One operating system partition (60 GB) Six storage partitions (250 GB each) The 2.0 TB AVE is installed into 13 partitions: One operating system partition (60 GB) 12 storage partitions (250 GB each) NOTE: 1 GB is defined here as 230 bytes = 10243 bytes. AVE is a single-node implementation that must be installed in a customerprovided location. Before installation, ensure the preinstallation requirements in this chapter are met.
Hardware Requirements
The following table lists the physical hardware requirements that must be fulfilled before installation of Avamar Virtual Edition:
REQUIREMENT DESCRIPTION
System
Sized and configured such that AVE does not negatively impact the system. That requires a multiprocessor CPU (3.0 GHz or higher). At least 1 GbE capability 13
Network Connection
Virtual Machine Requirements PREINSTALLATION REQUIREMENTS
Virtual Machine Requirements

The virtual machine requirements in this section refer to two kinds of data protection environments defined in the Introduction (page 7): File/Print Server and Mixed. Requirements vary depending on which kind of environment AVE is intended to protect. The following table describes the minimum required virtual machine environment:
Processor Memory
2 CPUs
0.5 TB CONFIGURATION
3072 MB
4096 MB
16384 MB IMPORTANT: There must be enough physical memory on the ESX host to accommodate minimum requirements for the AVE, as well as the memory requirements for other guests, including the hypervisor and console services.
14
Virtual Machine Requirements PREINSTALLATION REQUIREMENTS

REQUIREMENT DESCRIPTION FILE SERVER ENVIRONMENT MIXED ENVIRONMENT
Minimum Storage I/O Performance NOTE: These metrics are measured by the benchmark tool, which must have been run satisfactorily before AVE installation. Refer to Benchmark Testing (page 17).
Sequential Read: 60 MB/sec Sequential Write: 30 MB/sec Seek (4 threads/LUN): Throughput: 400 seeks/sec Minimal throughput: 320 seeks/sec
Sequential Read: 150 MB/sec Sequential Write: 120 MB/sec Seek (4 threads/LUN): Throughput: 500 seeks/ sec Minimal throughput: 400 seeks/sec Network Connection VMware Environment 1 GbE network connection
Sequential Read: 150 MB/sec Sequential Write: 120 MB/ sec Seek (4 threads/LUN): Throughput: 500 seeks/ sec Minimal throughput: 400 seeks/sec
See the EMC Avamar Compatibility and Interoperability Matrix on the EMC Powerlink web site at http://Powerlink.EMC.com for a complete list of supported ESX Server/AVE configuration scenarios. VMware Tools installed (during AVE installation) VMotion supported
15
Additional Requirements PREINSTALLATION REQUIREMENTS
Additional Requirements
Before installation, obtain the following items:
Applications Files Licensing data Customer-supplied information
PuTTY, WinSCP and VMware Virtual Infrastructure Client AVE Package, operating system security patches (if applicable) Customer Number (Customer ID), Reference ID (Asset Reference ID) Hostnames, IP addresses for: Avamar node to be installed Network Time Protocol (NTP) server Domain Name System (DNS) server SMTP server
Gateway, netmask and domain of the Avamar node to be installed Firewall openings (if appropriate) NOTE: Refer to the Avamar Product Security Manual for basic client-server data port usage and firewall requirements.
16
BENCHMARK TESTING
Before installation of Avamar Virtual Edition (AVE), a benchmark test must be run to ensure that AVE can function at an acceptable level in the virtual environment. This chapter describes how to set up, start and end the testing. There are two purposes for this test: To ensure AVE runs in an environment with acceptable I/O performance. To stress virtual machine resources to determine whether the impact of running AVE is acceptable to other applications on the ESX Server. IMPORTANT: Before running the benchmark test, warn the customer that the test will induce a high load on the host ESX Server. Also, occasionally monitor the ESX Servers performance while the tool is running to determine whether the stress on resources continues to be acceptable. If not, end the test immediately by following the instructions in Ending Benchmark Testing (page 24).
Task List Evaluating the virtual environment requires the following tasks:
Preparing the Virtual Machine (page 18) Running ave-part-XX.sh (page 19) Running netconfig (page 20) Running dpnnetutil (page 21) Installing VMware Tools (page 23) Running Benchmark Testing (page 23) Ending Benchmark Testing (page 24) Analyzing Benchmark Results (page 25) Finalizing Benchmark Testing (page 27)
17
Preparing the Virtual Machine BENCHMARK TESTING
Preparing the Virtual Machine

1. Extract the AVE package. 2. Open the Virtual Infrastructure Client.
User=admin
3. Log in as admin user. 4. Click File > Virtual Appliance > Import. 5. Select Import from File and browse to the AVE virtual machine file (OVF extension). Use the wizard to complete installation of the OVF file. A "Completed Successfully" message indicates the end of the installation process.
ESX Server User=root
6. Select the AVE virtual machine you imported. 7. Right-click the AVE virtual machine and choose Edit Settings. The Virtual Machine Properties window appears. 8. Create additional 250 GB hard drives (VMDKs) for the AVE virtual machine. (a) Click Add. The Add Hardware Wizard appears. (b) Select Hard Disk. (c) Click Next. (d) Select Create a new virtual disk. (e) Click Next. (f) Enter 250 GB for Disk Size. (g) Set a Location, either Store with virtual machine or Specify a datastore. (h) If you set Store with virtual machine, go to step k. If not, click Browse and go to step i. (i) In the Browse for Datastore window, navigate to the desired datastore location. (j) Click OK. (k) Click Next. (l) Select Independent for Mode (use the default setting for Persistent). (m)Click Next. (n) Verify the configuration and click Finish.
18
Running ave-part-XX.sh BENCHMARK TESTING (o) Repeat steps a through n. For a 0.5 TB configuration, repeat two more times (for a total of three 250GB hard drives). For a 1.0 TB configuration, repeat five more times (for a total of six 250GB hard drives). For a 2.0 TB configuration, repeat 11 more times (for a total of 12 250 GB hard drives). (p) Click OK. (q) In the Recent Tasks status area (bottom of screen), observe the progress of the hard drive creation. When the status of the Reconfigured Virtual Machine is Completed, go to step 9. 9. In the Commands section of the Virtual Infrastructure Client, click Power On. This command boots the virtual machine. NOTE: An insufficient licensing message at this point might indicate either a shortage of ESX Server licenses or an inability to connect to a license server. Resolve this problem with your network administrator. 10. Read the Virtual Machine Message that appears. 11. Select Create and click OK.
Running ave-part-XX.sh
1. In the Virtual Infrastructure Client, click the Console tab. TIP: Sometimes, the Console tab must be "activated." Do this by clicking in the middle of the Console to put it into command mode. Press CTRL+ALT to regain mouse control.
IMPORTANT: All remaining instructions in this procedure assume that you are logged in to the guest, and not to the ESX Server.
Guest User=root
2. Log in to the guest as user root. When prompted for a password, enter the root password and press ENTER.
19
Running netconfig BENCHMARK TESTING 3. Configure the virtual hard drives by entering the following: /root/ave-part-XX.sh 2>&1 | tee /tmp/ave-part.log Where XX is either: HT - 0.5 TB installation 1TB - 1.0 TB installation 2TB - 2.0 TB installation 4. Wait until all actions are completed. The following actions are performed on each hard drive created in the previous procedure: Partitions the hard drives Creates the filesystems Labels the filesystems Mounts the filesystems Modifies /etc/fstab Creates symbolic links After these actions are completed, Script Completed appears in your command shell.
Running netconfig
IMPORTANT: All instructions in this procedure assume that you are logged in to the guest and not the ESX Server.
Guest User=root
1. On the Virtual Infrastructure Client Console tab, log into the guest as root user. When prompted for a password, enter the root password and press ENTER. 2. Configure the basic networking capabilities of the node (eth0 network interface) by entering the following on a single command line: /usr/sbin/netconfig --ip=STATIC-IP-ADDR --netmask=NETMASK --hostname=HOSTNAME --domain=DOMAIN --device=eth0 --gateway=GATEWAY Where STATIC-IP-ADDR, NETMASK, HOSTNAME, DOMAIN and GATEWAY are the static IP address, netmask, hostname, domain and gateway settings for this node, respectively, as provided by the customer. 3. Restart the network service by entering: service network restart 4. Verify the preceding data by entering: ifconfig
20
Running dpnnetutil BENCHMARK TESTING 5. Verify basic network configuration of eth0 by entering: ping STATIC-IP-ADDR Where STATIC-IP-ADDR is the static IP address you defined in step 2.
Running dpnnetutil
IMPORTANT: All instructions in this procedure assume that you are logged in to the guest, and not to the ESX Server.
Guest User=root
1. From the Virtual Infrastructure Client, login to the guest console. When prompted for a password, enter the root password and press ENTER. 2. Start the dpnnetutil utility by entering: dpnnetutil The following information might appear in your command shell:
Use existing dpnnetutil configuration file "/usr/local/avamar/var/ dpnnetutil.conf" dated DATE?
Where DATE is the actual dpnnetutil.conf file modification date. This command runs the dpnnetutil interactive utility. Navigation tips for dpnnetutil dialog boxes: The TAB key and the arrow keys can be used to navigate among buttons, text data entry fields, checkboxes and any other selectable elements in a dialog box. The spacebar or the ENTER key can be pressed in order to select an element such as YES, NO, OK, CANCEL and checkbox. Pressing the ENTER key in a text data entry field is a shortcut for navigating to and then selecting the OK button. 3. Choose NO. The following information appears in your command shell:
Is this a single-node server?
4. Choose YES. The following information appears in your command shell:

Please enter the new IP address for single-node server OLD-IP-ADDRESS.
Where OLD-IP-ADDRESS is the current IP address assigned to this server. 5. Enter the new IP address for this server and choose OK. The following information appears in your command shell:
Please enter the new host name (without the dotted domain) for the single-node server whose new IP address is NEW-IP-ADDRESS and whose old IP address is OLDIP-ADDRESS.
21
Running dpnnetutil BENCHMARK TESTING 6. Enter the new hostname for this server and choose OK. The following information appears in your command shell:
Please enter the name of the parent domain.
7. Enter the correct DNS domain name for this server and choose OK. The following information appears in your command shell:
Please enter the IP address of the primary DNS resolver.
8. Enter the correct IP address for your primary DNS resolver and choose OK. The following information appears in your command shell:
Please enter the IP address of the secondary DNS resolver.
9. Enter the correct IP address for your secondary DNS resolver and choose OK. The following information appears in your command shell:
Please enter the network mask to be used for network interface eth0.
10. Enter the correct network mask for the server eth0 NIC and choose OK. The following information appears in your command shell:
Please enter the default network gateway address.
11. Enter the correct IP address for the default network gateway this server will be using and choose OK. The following information appears in your command shell:
Accept settings and proceed to fix up the network configurations?
12. Choose YES. 13. Read the displayed message and choose OK. 14. Monitor the progress of changes being applied to the node by entering: tail -f /usr/local/avamar/var/log/dpnnetutilbgaux.log Wait until the log entry "INFO: Done" appears. 15. Reboot the guest virtual machine by entering: reboot NOTE: Check and update as necessary the configurations of the external network infrastructure elements (switches and firewalls) to ensure that the node will remain reachable after they have been assigned new IP addresses or new default network gateways. In particular, VLANs and ACLs might need to be updated.
22
Running Benchmark Testing BENCHMARK TESTING
Installing VMware Tools

1. In the Virtual Infrastructure Client, click Inventory > Virtual Machine > Install VMware Tools. 2. Click OK. IMPORTANT: All remaining instructions in this procedure assume that you are logged in to the guest, and not to the ESX Server.
Guest User=root
3. On the Console tab, log in as user root. 4. Finish installing the VMware Tools by entering the following: mount /dev/cdrom /mnt rpm -ivh /mnt/VMwareTools-VERSION.rpm cd umount /mnt vmware-config-tools.pl Where VERSION is the version of ESX Server VMware Tools on your computer. A sequence of information will appear. Accept the default prompts for all queries except the following: The configuration file /etc/X11/xorg.conf can not be found. Do you want to create a new one? (yes/no) [yes] no Select no. 5. Reboot the virtual machine by entering the following: reboot
Running Benchmark Testing

Guest User=root
1. On the Virtual Infrastructure Client Console tab, log in to the guest as root user. IMPORTANT: All remaining instructions in this procedure assume that you are logged in to the guest, and not to the ESX Server.
23
Ending Benchmark Testing BENCHMARK TESTING 2. Run the benchmark testing by entering: /root/24hr-benchmark.sh The test runs for 24 hours unless you manually end it (see next section). This command also copies operational status data to a log file. IMPORTANT: Occasionally while the test is running, monitor the hosting ESX Servers performance. If the stress on resources is unacceptable, end the test with the instructions in the next section. 3. Save test results by entering: cd /root tar cvf CUSTOMERNAME_benchmark-results.tar YYYYMMDD_benchmark Where YYYYMMDD_benchmark is the directory that was automatically created in step 2.
Ending Benchmark Testing

IMPORTANT: You do not need to manually end the benchmark program described in the previous section because it ends naturally after 24 hours. Only in those cases where the stress on resources is unacceptable should you use the procedure outlined in this section. All instructions in this procedure assume that you are logged in to the guest, and not to the ESX Server.
Guest User=root
1. To end the benchmark test, enter the following on the Virtual Infrastructure Client Console tab. /root/kill-benchmark.sh 2. Wait for at least 30 seconds, and then enter: ps -ax | grep benchmark Blank output indicates the test has been stopped. 3. Delete data from the directory created in step 2 of the previous section.
24
Analyzing Benchmark Results BENCHMARK TESTING
Analyzing Benchmark Results

Test results are written to the /DIRECTORY/dt_std_HOSTNAME_summary and /DIRECTORY/seektest_only_summary_1 files, where HOSTNAME is the hostname of the virtual machine and DIRECTORY is the directory in step 2 of Running Benchmark Testing (page 23). In the sample output from each file that follows, significant data is displayed in bold text.
Read and Write Test Results

To review sequential read and write test results, open dt_std_HOSTNAME_summary. Typical output follows:
RESULTS FOR: dt_ax150test1_results ax150test1__data01_dt.log:Tue Sep 11 14:38:05 2007 ax150test1__data02_dt.log:Tue Sep 11 14:38:02 2007 ax150test1__data03_dt.log:Tue Sep 11 14:38:02 2007 ax150test1__data04_dt.log:Tue Sep 11 14:38:05 2007 ax150test1__data05_dt.log:Tue Sep 11 14:37:57 2007 ax150test1__data06_dt.log:Tue Sep 11 14:37:41 2007 ax150test1__data01_dt.log:Tue Sep 11 14:51:19 2007 ax150test1__data02_dt.log:Tue Sep 11 14:48:58 2007 ax150test1__data03_dt.log:Tue Sep 11 14:49:23 2007 ax150test1__data04_dt.log:Tue Sep 11 14:51:17 2007 ax150test1__data05_dt.log:Tue Sep 11 14:51:37 2007 ax150test1__data06_dt.log:Tue Sep 11 14:51:44 2007 24.9601 MB / Second written 25.0557 MB / Second written 25.0428 MB / Second written 24.9315 MB / Second written 25.1910 MB / Second written 25.7286 MB / Second written 25.8599 MB / Second read 31.4723 MB / Second read 30.2847 MB / Second read 25.9244 MB / Second read 25.2861 MB / Second read 25.0609 MB / Second read
TOTAL MINIMAL WRITE THROUGHPUT (24.9315 * 6): 149.589 MB / Second write TOTAL MINIMAL READ THROUGHPUT (25.0609 * 6): 150.3654 MB / Second write TOTAL WRITE THROUGHPUT (SUM): 150.9097 MB / Second write TOTAL READ THROUGHPUT (SUM):
163.8883 MB / Second read
Seek Test Results

To review seek test results, open seektest_only_summary_1. Ignore other similarly-named files with alternate last digits. The part of the files contents that you need to analyze is "FOR 4 THREADS." Typical output follows:
seektest.ax150test1.devsda8.4threads.run:average seeks/sec = 67.643333 seektest.ax150test1.devsda7.4threads.run:average seeks/sec = 108.650000 seektest.ax150test1.devsda6.4threads.run:average seeks/sec = 137.106667 seektest.ax150test1.devsda5.4threads.run:average seeks/sec = 144.833333 seektest.ax150test1.devsda3.4threads.run:average seeks/sec = 124.143333 seektest.ax150test1.devsda2.4threads.run:average seeks/sec = 87.016667 TOTAL SEEK MINIMAL THROUGHPUT FOR 4 THREADS (67.643333 * 6): 405.859998 TOTAL SEEK THROUGHPUT FOR 4 THREADS (SUM): 669.393333
25
Analyzing Benchmark Results BENCHMARK TESTING 0.5 TB Configuration. Minimum acceptable benchmark results are:
FILE SERVER DATA VALUE MIXED DATA VALUE
CONDITIONS
Total Minimal Read Throughput Total Read Throughput Total Minimal Write Throughput Total Write Throughput Total Seek Minimal Throughput for 4 Threads Total Seek Throughput for 4 Threads 1.0 TB Configuration.
60 MB/sec 60 MB/sec 30 MB/sec 30 MB/sec 320 seeks/sec 400 seeks/sec
Minimum acceptable benchmark results are:

CONDITIONS
Total Minimal Read Throughput Total Read Throughput Total Minimal Write Throughput Total Write Throughput Total Seek Minimal Throughput for 4 Threads Total Seek Throughput for 4 Threads 2.0 TB Configuration.
Minimum acceptable benchmark results are:

CONDITIONS
Total Minimal Read Throughput Total Read Throughput Total Minimal Write Throughput Total Write Throughput Total Seek Minimal Throughput for 4 Threads Total Seek Throughput for 4 Threads
From the previous tables, determine whether the I/O performance is sufficient for the file server or mixed environment. If benchmark testing does not yield satisfactory results, attempt to resolve I/O issues.
26
Finalizing Benchmark Testing BENCHMARK TESTING
Finalizing Benchmark Testing

Guest User=root Assuming satisfactory data results from the benchmark testing, you must clean up
the data on the virtual machine. To do this, enter the following command in the Virtual Infrastructure Client Console tab as user root: /usr/local/avamar/bin/dtsh --cleanup
If minimum acceptable benchmark results cannot be achieved, you must delete the virtual machine by performing the following. IMPORTANT: Do not perform the following procedure if benchmark results are satisfactory. In that case, continue installing AVE in Avamar Virtual Edition Installation (page 28).
Guest User=root
1. Log in as root user. 2. On the Virtual Infrastructure Client Console tab, enter: poweroff 3. In left pane, right-click the virtual machine you want to remove. 4. Click Delete from Disk.
27
AVAMAR VIRTUAL EDITION INSTALLATION

This chapter describes the Avamar Virtual Edition (AVE) installation process. Before installing AVE, the virtual machine environment must be tested. Refer to Benchmark Testing (page 17) for additional information.
Install and Configure Server Software

The procedure that follows uses the avqinstall command-line program that assists with software installation and configuration on new Avamar Virtual Edition servers. IMPORTANT: Only use avqinstall when performing server software installation on a new server that has never been deployed at a customer site. Running avqinstall against an operational server could result in permanent loss of data. The avqinstall program replaces avw_install as the preferred method for installing Avamar server software. Unlike avw_install which requires user interaction, avqinstall uses a configuration file. Refer to Installation Configuration File (page 29) for more information. Use avqinstall to install all versions of Avamar Virtual Edition. The dpnavqinstall package contains avqinstall and auxiliary files.
Requirements
To run the avqinstall program, you must have OS admin, root and dpn user privileges. The dpnid key must be available to avqinstall. The avqinstall program uses sudo to run various operations non-interactively as the OS user dpn. The default sudo configuration in Red Hat Enterprise Linux is adequate to permit avqinstall to use sudo because avqinstall runs as the OS root user.
28
Install and Configure Server Software AVAMAR VIRTUAL EDITION INSTALLATION
Log File
The avqinstall program logs activity to the /usr/local/avamar/var/log/ avqinstall.log file. This log file contains time-stamped information, including: How avqinstall invokes other programs. Standard output and standard error messages from programs invoked by avqinstall. Informational messages about decision-making processes applied by avqinstall. The accuracy of time stamps depends on the accuracy of the system clocks on the Avamar Virtual Edition node. Time stamps on lines of output from other programs usually indicate the completion time of those programs. Output from other programs is first written to a temporary file and then appended to the install.log file. Time stamps are provided in UTC time zone, using a format identical to that used by various server-side tools.
Installation Configuration File

The avqinstall program uses the configuration file /usr/local/avamar/var/ install.conf, a US-ASCII text file. The syntax includes: Comment symbols (#) precede comment lines. Attribute/value pair formats are attribute=value. Blank lines are interpreted as comments. For more information about the attributes in the install.conf file, refer to Configuration File Attributes (page 74). You can use the default version of install.conf without modifying it. EMC, however, recommends updating the local_time_zone and time_servers attributes.
Run avqinstall
Guest User=root
1. Log into the guest as user root on the Virtual Infrastructure Client Console tab. When prompted for a password, enter the root password and press ENTER. 2. Extract and uncompress the Avamar software package by entering: cd /usr/local/avamar/src/ tar -zxvf v4.*.gz 3. To install dpnavqinstall, enter: rpm -ivh RHEL4_64/dpnavq*.rpm Information similar to the following might appear in your command shell:
root@ave:/usr/local/avamar/src/#: rpm -ivh RHEL4_64/dpnavq*.rpm Preparing... 1:dpnavqinstall ########################################### [100%] ########################################### [100%]
dpnavqinstall: INFO: please use a text editor to update /usr/local/avamar/var/ install.conf
29
Install and Configure Server Software AVAMAR VIRTUAL EDITION INSTALLATION 4. Set up the install configuration file: (a) Edit install.conf by using a text editor (vi or emacs): emacs -nw /usr/local/avamar/var/install.conf (b) Set the value for each parameter that applies to your configuration. If a parameter does not apply to your configuration, leave the comment symbol (#). (c) Save the file and exit the editor. Refer to Installation Configuration File (page 29) for more details on the parameters used in the install.conf file. 5. Enter the following command: avqinstall If errors occur during the installation, review the /usr/local/avamar/var/ log/avqinstall.log to determine why the installation did not complete successfully. Resolve any problems, and then rerun avqinstall. 6. Disable the NTP service by performing the following steps. (a) Enter the following commands: chkconfig ntpd off service ntpd stop (b) Verify NTP service has been stopped by entering the following command: service ntpd status
Run ave-post-1.2.sh
Guest User=root
1. On the Virtual Infrastructure Client Console tab, log in as user root. 2. Run the following script: /root/ave-post-1.2.sh 2>&1 | tee /tmp/ave-post.log The following information appears in your command shell:
Setting disk readonly value...DONE Setting disk warning value...DONE Moving original morning_cron_run...DONE Creating morning_cron_run maintenance script...DONE Moving original evening_cron_run...DONE Creating evening_cron_run maintenance script...DONE Checking permissions on /usr/local/avamar/bin/morning_cron_run...DONE Checking permissions on /usr/local/avamar/bin/evening_cron_run...DONE Removing user accounts...DONE Changing permissions on messages file...DONE Changing permissions on mcserver.log.0...DONE Changing permissions on mcserver.log.0.1...DONE Script complete.
3. Exit the command environment.
30
Update the Message Of The Day (MOTD)

Guest User=root
1. On the Virtual Infrastructure Client Console tab, log in as user root. 2. Issue the following commands: cd /etc cp -p motd x-motd_YYYYMMDD Where YYYYMMDD is the current date. 3. Using a Unix text editor, change the MOTD in the /etc/motd_YYYYMMDD file. The standard text is the following:
This is an Axion-E Node Please read the documentation before performing any administrative functions on this node. For help, email support@avamar.com, go to www.avamar.com, or call 866-928-2627 (866.9.AVAMAR) Avamar: A new breed of Storage Technology
Change the first line of text to one of the following:

0.5 TB File Server Environment 0.5 TB Mixed Environment 1.0 TB File Server Environment 1.0 TB Mixed Environment 2.0 TB Environment (File Server and Mixed)
This is a 0.5 TB AVE for the "File Server" environment.
This is a 0.5 TB AVE for the "Mixed" environment.
This is a 1.0 TB AVE for the "File Server" environment.
This is a 1.0 TB AVE for the "Mixed" environment.
This is a 2.0 TB AVE for any environment.
Determination of whether AVE is suitable for a "File Server" or "Mixed" environment is made based on the results of the benchmark test. 4. Exit the command environment. 5. Log in again to the command environment to confirm that the MOTD is correct. 6. Exit the command environment.
Post-Install Tasks
After a successful Avamar server software installation, complete the system setup tasks: 1. Define backup schedules. 2. Register clients. 3. Install client packages (vVERSION-client.tar.gz), if any exist in /usr/local/avamar/src/.
31
Troubleshooting
This section addresses potential problems when running avqinstall.
Slow Response Times During Startup

If a subsystem control process takes a long time to complete, investigate the cause before assuming that avqinstall is the problem. Some causes of slow response times might include any of the following: RAID group re-initialization in progress Network connectivity problems Problems with external name resolution (for example, the primary DNS server is unreachable) There are many reasons why a server might be slow to respond. To investigate reasons for slow server response times, review the following log files: avqinstall primary log file,/usr/local/avamar/var/log/avqinstall.log avqinstall temporary log capture files, /tmp/avqinstall* gsan logs on each storage node, /data01/cur/{err,gsan}.log MC server log file, /usr/local/avamar/var/mc/server_log/mcserver.log.0 EM server log file, /usr/local/avamar/var/em/server_log/emserver.log.0 Maintenance cron job, /usr/local/avamar/var/cron/*.log Log files maintained by vendor RAID monitoring software System log files The output of dmesg, which displays the kernel's log buffer
Reverting the Avamar Server

You can revert the system to its pre-installation state after installing the Avamar server software. Reversion requires reinstalling the OS and re-creating the filesystems. The avqinstall program, however, can be rerun if problems occur. The avqinstall program runs a number of clean-ups before installing or reinstalling Avamar server software. Most often, the clean-ups are adequate to avoid the need to reinstall the OS and recreate the filesystems.
Stopping avqinstall or Avamar Subsystems

If you stop avqinstall by using SIGINT (CTRL-C) or SIGTERM, various subsystem configuration and startup processes can remain running. Do not rerun avqinstall if any of the following conditions exist: Another instance of avqinstall is running. avqinstall ended abnormally and various avqinstall-initiated subsystem configuration and startup programs remain running. To address either of these conditions: 1. Check for instances of avqinstall and subsystem configuration and startup programs by entering: ps auxww
32
Install and Configure Server Software AVAMAR VIRTUAL EDITION INSTALLATION 2. If either avqinstall or subsystem configuration and startup processes are running: Wait for the processes to complete. Use SIGTERM (kill -TERM) to stop the subsystem configuration or startup program process ids.
33
SETTING UP ENTERPRISE AUTHENTICATION (OPTIONAL)

This chapter describes how to set up and configure an Avamar Virtual Edition server to use external authentication systems such as Windows Active Directory, OpenLDAP or NIS. This capability provides extra security and is available to authenticate users of Avamar Administrator, Avamar Enterprise Manager or Avamar Web Access.
Overview
Enterprise (or external) authentication provides a mechanism that allows users to log into multiple systems by using the same user ID and password. The Avamar Virtual Edition external authentication feature is not a single-user ID/password login, fully-integrated into an external authentication system on which users are created and managed. Instead, the same user ID must be created on both Avamar Virtual Edition and external systems while the password is set and managed externally. Avamar Login Manager provides access to the external authentication databases through the standard Pluggable Authentication Module (PAM) library of the Linux operating system. Login Manager uses the domains configuration file to identify the supported domains.
Task List To set up and configure Avamar external authentication, you must perform the
following tasks that are applicable for your site: Back Up Configuration Files (page 35) Configure LDAP Interface (page 36) Configure NIS Interface (page 39) Configure Users (page 42)
34
Back Up Configuration Files SETTING UP ENTERPRISE AUTHENTICATION (OPTIONAL)
Supported Components and Systems

External authentication is available only for specific Avamar components and two external systems.
Avamar Components
Avamar Administrator, Avamar Enterprise Manager and Avamar Web Access support external authentication. This capability is not available for Avamar serverlevel administration such as the following: Operating system user accounts: root, admin and dpn Special Avamar system administrative user accounts: MCUser and root
External Systems
The following categories of external authentication systems are supported:
CATEGORY DESCRIPTION
Lightweight Directory Access Protocol (LDAP) Network Information Service (NIS), SUN Yellow Pages (YP)
Hierarchical directory structure X.500 standard system such as: Microsoft Active Directory Service (MS ADS) Novell NDS and eDirectory Flat workgroup-based database structure of user IDs, passwords and other system parameters comparable to Microsoft Windows NT such as: Master NIS Server - Primary Domain Controller (PDC) Slave NIS Servers - Backup Domain Controllers (BDC)
Back Up Configuration Files

Before and after setting up external authentication, you should back up the current configuration files. You should also back up those files before installing future software upgrades because the process might overwrite them with default values. Refer to Back Up Configuration Files (page 52) for instructions.
35
Configure LDAP Interface SETTING UP ENTERPRISE AUTHENTICATION (OPTIONAL)
Configure LDAP Interface

Before beginning to configure an LDAP external authentication system, collect or locate the following server information and utilities:
CATEGORY ITEM
Information about external LDAP system
LDAP domain name IP address or fully-qualified domain/hostname of the LDAP authentication server Distinguished name (DN) of the user used for LDAP queries Password of DN used for LDAP queries
Information about the Avamar server
root user password for Linux operating system admin user password for Linux operating system Avamar system admin username (normally "MCUser") and password
Utilities for testing and troubleshooting
ldapbrowser GetMyDN (Windows utility from Softerra) ldapsearch (/usr/bin directory)
NOTE: If you cannot find ldapsearch, download it from ftp.avamar.com/software. Log in as user "avamar_ftp" with password "anonymous".
Configuring LDAP
User=root
1. Log into the server as user root. When prompted for a password, enter the root password and press ENTER. 2. Open /etc/avamar/domains.cfg in a Unix text editor.
36
Configure LDAP Interface SETTING UP ENTERPRISE AUTHENTICATION (OPTIONAL) 3. Add the following entry in the Customer Specific Domains section, then save the file: DOMAIN=ID Where DOMAIN (format: example.com) is a unique customer-specific LDAP domain used for addressing PAM, and ID is an integer larger than 1. IDs 0 and 1 are reserved for Avamar internal use. IMPORTANT: Step 4 requires the creation of a symbolic link for DOMAIN=ID. Instead of DOMAIN=ID, an existing ldap=3 is available for use (by uncommenting the line). If ldap=3 is used, skip step 4 because the symbolic link already exists. The DOMAIN part of the entry (either ldap or a unique LDAP domain) appears in the Avamar Administrator Authentication System list. The entry of a unique DOMAIN clarifies which LDAP domain is used for external authentication. 4. Create a unique lm_ldap file and symbolically link to it by entering: ln -sf /etc/pam.d/lm_ldap /etc/pam.d/lm_NUMBER Where NUMBER is the LDAP domain ID in step 3. NOTE: Skip this step if ldap=3 was used in step 3.
User=admin
5. Log into the server as user admin. 6. Load the admin OpenSSH key by entering: ssh-agent bash ssh-add ~admin/.ssh/admin_key You are prompted to enter a passphrase. 7. Enter the admin user account passphrase and press ENTER. 8. Confirm the systemname and lmaddr are set up correctly by entering: avmaint config --avamaronly |grep systemname avmaint config --avamaronly |grep lmaddr These commands display the hostname and IP address of the server.
User=root
9. As user root, create a symbolic link from ldap.conf to ldap.conf.winad by entering: ln -sf /etc/ldap.conf.winad /etc/ldap.conf 10. Set correct group ownership and file permissions for ldap.conf by entering: chown root:root /etc/ldap.conf chmod 0600 /etc/ldap.conf
37
Configure LDAP Interface SETTING UP ENTERPRISE AUTHENTICATION (OPTIONAL) 11. Confirm the symbolic link is correctly set up by entering: ls -l /etc/ldap.conf The following information appears in your command shell:
/etc/ldap.conf -> /etc/ldap.conf.winad
12. In a Unix text editor, open /etc/ldap.conf. 13. Modify the following entries, then save the file: host HN-IPADD Where HN-IPADD is the fully-qualified hostname or IP address of your LDAP server. base dc=DOMAIN, dc=com Where DOMAIN is the first part of the LDAP domain name. For example: example.com would be displayed as dc=example, dc=com. binddn cn=PROXYUSER, ou=PROXYUNIT, ou=PROXYORG, dc=DOMAIN, dc=com Where PROXYUSER, PROXYUNIT, PROXYORG and DOMAIN comprise parts of the distinguished name of user used to bind with the LDAP server. Components include: cn - common name ou - organizational or unit name dc - domain For example: Distinguished name avamaruser.users.avamar.emc.com Components: cn=avamaruser, ou=users, ou=avamar, dc=emc, dc=com bindpw PWD Where PWD is the password of the user used to bind with the LDAP server. 14. Restart Login Manager by entering: service lm restart 15. Confirm configuration changes were accepted by entering: avmgr lstd All domains used in Avamar authentication are displayed. 16. Confirm the LDAP server can be queried by entering: ldapsearch -x -W -h HOSTNAME -b dc=DISTINGUISHED_NAME -D cn=VALID_USERNAME, cn=users,dc=DISTINGUISHED_NAME Where HOSTNAME is the hostname or IP address of the LDAP server, dc=DISTINGUISHED_NAME is the domain part of the distinguished name (the two "dc" components) and VALID_USERNAME is a valid user in the LDAP server domain.
38
Configure NIS Interface SETTING UP ENTERPRISE AUTHENTICATION (OPTIONAL) For example: ldapsearch -x -W -h 10.0.100.21 -b dc=aelab01,dc=com -D cn=administrator,cn=users,dc=aelab01,dc=com IMPORTANT: Your command must be entered on a single command line (no line feeds or returns allowed). Space limitations in this publication caused some of the previous commands to continue (wrap) to more than one line. A success message or referral result should be displayed. A failure in communication or authentication indicates a problem.
Configure NIS Interface

User=root
1. Log into the server as user root. When prompted for a password, enter the root password and press ENTER. 2. Open /etc/avamar/domains.cfg in a Unix text editor. 3. Add the following entry in the Customer Specific Domains section, then save the file: DOMAIN=ID Where DOMAIN (format: example.com) is a unique customer-specific NIS domain used for addressing PAM, and ID is an integer larger than 1. IDs 0 and 1 are reserved for Avamar internal use. IMPORTANT: Step 4 requires the creation of a symbolic link for this entry. Instead of DOMAIN=ID, an existing nis=2 is available for use (by uncommenting the line). If nis=2 is used, skip step 4 because the symbolic link already exists. The DOMAIN part of the entry (either nis or a unique NIS domain) appears in the Avamar Administrator Authentication System list. Entering a unique DOMAIN clarifies which NIS domain is used for external authentication. 4. Create a unique lm_nis file and symbolically link to it by entering: ln -sf /etc/pam.d/lm_nis /etc/pam.d/lm_NUMBER Where NUMBER is the NIS domain ID in step 3. NOTE: If nis=2 was used in step 3, skip this step.
39
Configure NIS Interface SETTING UP ENTERPRISE AUTHENTICATION (OPTIONAL) 5. Set correct group ownership and file permissions for the lm_nis file by entering: chown root:root /etc/pam.d/lm_NUMBER chmod 0600 /etc/pam.d/lm_NUMBER Where NUMBER is the NIS domain ID in step 3. 6. Confirm the symbolic link is correctly set up by entering: ls -l /etc/pam.d/lm_NUMBER Where lm_NUMBER is the file created in step 4. The following information appears in your command shell:
/etc/pam.d/lm_NUMBER -> lm_nis
7. In a Unix text editor, open lm_NUMBER (created in step 4). 8. Modify the following entries, then save the file:
auth required /lib/security/pam_nis.so domain=NISDOMAIN domain=NISDOMAIN account required /lib/security/pam_nis.so
Where NISDOMAIN is the NIS domain in step 3.

User=admin
9. Log into the server as user admin. 10. Load the admin OpenSSH key by entering: ssh-agent bash ssh-add ~admin/.ssh/admin_key You are prompted to enter a passphrase. 11. Enter the admin user account passphrase and press ENTER. 12. Confirm the systemname and lmaddr are set up correctly by entering: avmaint config --avamaronly |grep systemname avmaint config --avamaronly |grep lmaddr These commands display the hostname and IP address of the server.
User=root
13. As user root, restart Login Manager by entering: service lm restart 14. With keys loaded, confirm configuration changes were accepted by entering: avmgr lstd All domains used in Avamar authentication are displayed. 15. Open /etc/sysconfig/network in a Unix text editor. 16. Add the following entry, then save the file: NISDOMAIN=DOMAINNAME Where DOMAINNAME is the NIS domain in step 3. 17. Open /etc/yp.conf in a Unix text editor.
40
Configure NIS Interface SETTING UP ENTERPRISE AUTHENTICATION (OPTIONAL) 18. Add the following entry: domain NISDOMAIN server NISSERVERNAME_IP Where NISDOMAIN is the NIS domain in step 3 and NISSERVERNAME_IP is the NIS server hostname or IP address. Examples: domain hq server 122.138.190.3 domain hq server unit.example.com 19. Set ypbind to automatically start by entering: /sbin/chkconfig ypbind on 20. Confirm the previous settings by entering: /sbin/chkconfig --list ypbind The following information appears in your command shell:
ypbind 0:off 1:off 2:off 3:on 4:on 5:on 6:off
Numbers 3, 4 and 5 should be "on". If not, enter: /sbin/chkconfig --level NUMBERS ypbind on Where NUMBERS is a comma-separated list of the numbers you want to set "on" (for example, /sbin/chkconfig --level 3,4 ypbind on). 21. Start the ypbind daemon by entering: service ypbind restart The following information appears in your command shell: Shutting down NIS services: [ OK or FAIL ] Binding to the NIS domain: [ OK ] Listening for NIS domain server: NOTE: Shutting down NIS services can fail if it has not started already. In that case, listening for the NIS domain server should fail because the default NIS domain has not yet been set up. A delay in the start() section is usually required between the ypbind and ypwhich (in next step) commands. 22. Confirm NIS configuration by entering: ypwhich This command displays the IP address or the fully-qualified domain name of the NIS server. ypcat -d NISDOMAIN passwd | grep USER-ID Where NISDOMAIN is the NIS domain in step 3 and USER-ID is the partial or whole name of a user registered in the external authentication system. These commands verify that data can be retrieved from the NIS domain server by returning user login data from the NIS server.
41
Configure Users SETTING UP ENTERPRISE AUTHENTICATION (OPTIONAL)
Configure Users
1. Start Avamar Administrator. Refer to the Avamar System Administration Manual for instructions on the use of this application. 2. Create the users who require login access to Avamar Virtual Edition. The username must match exactly the user ID on the LDAP or NIS server. Create external users in the proper LDAP or NIS server domain location (for example, the root "/" or other directory like "/clients/"). When creating users, the external domain appears in the Authentication System list. IMPORTANT: The Everyone option (which creates a user called "*") applies the selected permission to all users set up in the external authentication system. Ensure that this is your intention before using it. 3. Confirm the creation of the external users by logging into Avamar Administrator or Avamar Enterprise Manager as the external user. Log in according to the following rules: User ID is followed by @DOMAIN. Where DOMAIN is the LDAP or NIS server domain you specified in step 3 of the previous applicable section. For example: SueV@example.com User password is the same as entered in the external LDAP or NIS system. Domain path is where external users reside (for example, "/clients/"). 4. Back up your configuration files (page 52). IMPORTANT: This step can help avoid the need to reconfigure external authentication at a future date. For instance, an Avamar software upgrade might overwrite configuration files with default values. Resetting external authentication is easier if configuration files are backed up.
42
Troubleshooting SETTING UP ENTERPRISE AUTHENTICATION (OPTIONAL)
Troubleshooting
After configuring external authentication, confirm connectivity and name resolution to external authentication systems. If problems occur, use the following information to troubleshoot them.
LDAP Authentication
Ensure you are able to log in as the user ID that is used to query the LDAP directory. That user ID is defined in the domains.cfg file. Ensure the "ou" part of the distinguished name that contains the user ID has no spaces (for example: ou=unit name). Use only supported characters within Avamar when creating and using the external user ID.
NIS Authentication
Use the following commands to check the service status of ypbind and to test whether the NIS database can be queried: service --status-all |grep yp chkconfig --list ypbind ypwhich ypcat Refer to Configure NIS Interface (page 39) for additional information about using these commands.
Authentication Failure
Determine the system in which authentication is failing. Avamar Virtual Edition Authentication failure is normally due to incorrect user ID or domain path. Login Manager Authentication failure is normally due to incorrect configuration. Refer to Debugging Login Manager (page 44) to confirm the external domain is properly defined.
43
Troubleshooting SETTING UP ENTERPRISE AUTHENTICATION (OPTIONAL) Use the following functional block diagram to analyze the flow of external authentication.
Refer to Restoring ldap Configuration After Upgrade (page 45) if external authentication failures occur after an Avamar software upgrade.
Debugging Login Manager

User=root
1. Log into the server as user root. When prompted for a password, enter the root password and press ENTER. 2. Stop Login Manager by entering: service lm stop 3. Troubleshoot Login Manager by entering: /usr/local/avamar/bin/lm --debug This command runs a script. 4. Collect troubleshooting information by performing the following: (a) In a separate command shell, enter: avmgr lstd (b) In Avamar Administrator, log in as the external user to capture the troubleshooting output. 5. Stop running the lm --debug command by pressing CTRL + C.
44
Troubleshooting SETTING UP ENTERPRISE AUTHENTICATION (OPTIONAL) 6. Restart Login Manager by entering: service lm start 7. Exit the command shell.
Restoring ldap Configuration After Upgrade

Upgrading Avamar application software might overwrite two configuration files that enable external authentication (/etc/ldap.conf.winad and /usr/local/avamar/etc/domains.cfg). To restore LDAP external authentication, perform the following:
User=root
1. Log into the server as user root. When prompted for a password, enter the root password and press ENTER. 2. Replace the new ldap.conf.winad file with the rpmsave verion by entering: cd /etc cp -p ldap.conf x-ldap.conf cp -p ldap.conf.rpmsave ldap.conf y The last entry overwrites the file. 3. Replace the new domains.cfg file with the rpmsave version by entering: cd /usr/local/avamar/etc cp domains.cfg x-domains.cfg cp domains.cfg.rpmsave domains.cfg y The last entry overwrites the file. 4. Stop and restart Login Manager by entering: service lm restart 5. Exit the command shell. 6. Log in to confirm that external authentication is restored.
45
POSTINSTALLATION CONFIGURATION
Following installation of the Avamar Virtual Edition, the following postinstallation tasks must be performed:
Task List
Obtain and Install a Server License (page 46) Modify the Default Schedule (page 51) Configure Replication (page 51) Back Up Configuration Files (page 52) Change Avamar Passwords (page 52) Configure and Enable the Email Home Feature (page 62) Add a Custom Security Notification to Web Login Pages (page 65) Review AVE Best Practices (page 66)
Obtain and Install a Server License

When you deploy a new Avamar server, you have a 30-day grace period in which to obtain a valid server license key. IMPORTANT: In order to generate a license key file, you must be able to log into your AvaSphere Customer Support Portal user account with a browser that supports cookies.
User=root User=admin
1. Log into the guest as user root on the Virtual Infrastructure Client Console tab. 2. Log into the server as user admin. 3. Load the admin OpenSSH key by entering: ssh-agent bash ssh-add ~admin/.ssh/admin_key You are prompted to enter a passphrase. 4. Enter the admin user account passphrase and press ENTER.
46
Obtain and Install a Server License POSTINSTALLATION CONFIGURATION 5. Enter: gathergsankeydata The following information appears in the console:
Enter your customer account number (as found on your EMC Purchase Order Confirmation):
6. Enter your EMC Customer Number and press ENTER. Your EMC Customer Number can be found on your EMC Purchase Order Confirmation. Valid Customer Numbers conform to the following format: CN-YYMMDDNNNNN Where YY is a two-digit year, MM is a two-digit month, DD is a two-digit day of the month and NNNNN is a five-digit numerical sequence. The following information appears in the console:
Enter your Avamar system asset ID number (as found on your EMC Purchase Order Confirmation):
7. Enter your system Reference ID and press ENTER. The system Reference ID is found on your EMC Purchase Order Confirmation. Valid system Reference IDs conform to the following format: A-YYYYNNNNNN Where YYYY is a four-digit year and NNNNNN is a six-digit numerical sequence. The following information appears in the console:
Please enter the Internet Domain for this Account: [***********]
8. Enter your corporate internet domain and press ENTER. The following information appears in the console:
Your answers were: Customer account ID: [CN-************] Customer asset ID: [A-**********] Internet Domain: [***********] Is this correct? [y(es), n(o), e(xit)]:
9. Enter y and press ENTER. At this point, the gsankeydata.xml license key information file should be present in the local directory, from which gathergsankeydata was run in step 5. 10. Open your web browser and log into your AvaSphere Customer Support Portal user account.
47
Obtain and Install a Server License POSTINSTALLATION CONFIGURATION The EMC Avamar Support main page appears.
11. Click Avamar Key Generation. The EMC Avamar Support key generation page appears.
12. Click Browse... The Choose File dialog box appears. 13. Locate the license key information file.
48
Obtain and Install a Server License POSTINSTALLATION CONFIGURATION 14. Double-click the license key information file or select the license key information file and click Open. The Choose File dialog box closes. 15. Switch to EMC Avamar Support key generation page and enter the email address to which you want the license key file sent. IMPORTANT: This must be an email account from which you can save the attached license key file and copy it to the Avamar server. 16. Click Generate Key. The EMC Avamar Support enter terabytes page appears. This page allows you to specify the number of Capacity Terabyte Licenses you want to allocate to this Avamar server.
17. Enter the number of Capacity Terabyte Licenses you want to allocate to this Avamar server in the Terabyte field. 18. Click Generate Key. The EMC Avamar Support final key generation page appears, confirming that your license key has been emailed to the address you entered in step 15.
49
Obtain and Install a Server License POSTINSTALLATION CONFIGURATION 19. Open your email program and access the email account you entered in step 15. The license key file is an email attachment with the following naming convention: ASSET-NAME.xml Where ASSET-NAME is typically the Avamar server hostname as defined in corporate DNS. 20. Open the Avamar Key Information email message and save the ASSET-NAME.xml email attachment to a convenient temporary directory or folder. 21. Use WinSCP or an equivalent program to copy the ASSET-NAME.xml license key file from the temporary directory or folder to the Avamar server /tmp directory. IMPORTANT: In order to activate your license using the avmaint license command, the Avamar server data server subsystem (also known as GSAN) must be running.
User=admin
22. Switch to your command shell session and ensure that you are still logged in as user admin and that the admin OpenSSH key is still loaded. 23. Verify that the data server subsystem (also known as GSAN) is running by entering: dpnctl status gsan The following information appears in your console:
dpnctl: INFO: gsan status: ready
24. Change file permissions on the ASSET-NAME.xml license key file and activate the license by entering: chmod 644 /tmp/ASSET-NAME.xml avmaint license /tmp/ASSET-NAME.xml --avamaronly Where ASSET-NAME.xml is the license key file you downloaded in steps 20 thru 22. 25. Verify that the server license is correctly installed by entering: avmaint license --avamaronly License information appears in the console.
50
Configure Replication POSTINSTALLATION CONFIGURATION
Modify the Default Schedule

The earliest start time of the Default Schedule should be 8 P.M. Check and, if necessary, modify the Default Schedule as follows. NOTE: Refer to the Avamar System Administration Manual and Operational Best Practices Guide for additional information about checking and editing schedules in Avamar Administrator. 1. Start Avamar Administrator. 2. Choose Tools > Manage Schedules. The Manage All Schedules window appears. 3. Click Default Schedule. In the Properties list, locate Start Time. If the value for Start Time is 10:00 PM, edit the default schedule as follows: (a) Click Edit. The Edit Schedule dialog box appears. (b) Change Earliest start time to 8:00 P.M. in the local time zone of the Avamar server. Backup window duration should change to 10.0 hours. (c) Click OK. The Edit Schedule dialog box closes. 4. Click OK. The Manage All Schedules window appears.
Configure Replication
If applicable, configure replication according to instructions in the Avamar System Administration Manual.
51
Change Avamar Passwords POSTINSTALLATION CONFIGURATION
Back Up Configuration Files

User=root
1. Ensure that you are logged into the server as user root. 2. Create a backup of all updated configuration files by entering: cd /root /usr/local/avamar/bin/backup_upgrade_files mv /tmp/backups_DATE_TIME /root/ cd /root tar czvf backups_DATE_TIME.tgz backups_DATE_TIME/ scp backups_DATE_TIME.tgz root@NODE00:/root/ scp backups_DATE_TIME.tgz root@NODE01:/root/ Where DATE_TIME is a timestamp, and NODE00 and NODE01 are the IP addresses of other Avamar server nodes in the customers environment, respectively (such as the replication source or target, if applicable). The DATE_TIME timestamp is automatically generated (YYYYMMDD_HHMMSS format) by the backup_upgrade_files script. TIP: Change to the /tmp directory to determine the tarball filename.
Change Avamar Passwords

Before you complete the installation, you should change various Avamar passwords from the factory defaults to the passwords that will be used by the customer. This procedure describes how to use the change-passwords interactive utility to change various passwords for the operating user account and Avamar server user account, as well as create new OpenSSH keys. The change-passwords utility will interactively prompt and guide you through any or all of the following operations: Changing operating system login passwords for the admin, dpn and root accounts Creating new admin and dpnid OpenSSH keys Changing internal Avamar server passwords for the root and MCUser accounts To change any operating user account passwords, Avamar server user account passwords or create new OpenSSH keys, perform the following: 1. In the Virtual Infrastructure Client, click the Console tab.
Guest User=dpn
2. Log into the guest as user dpn.
52
Change Avamar Passwords POSTINSTALLATION CONFIGURATION 3. Enter: change-passwords The following information appears in your command shell:
Identity added: /home/dpn/.ssh/dpnid (/home/dpn/.ssh/dpnid) Identity added: /home/dpn/.ssh/dpnid.prev (/home/dpn/.ssh/dpnid.prev) Identity added: /home/dpn/.ssh/dpnid.orig (/home/dpn/.ssh/dpnid.orig) Do you wish to specify one or more additional SSH passphrase-less private keys that are authorized for root operations? Answer n(o) here unless there are known inconsistencies in ~root/.ssh/authorized_keys2 files among the various nodes (as might be evident if you had been prompted for a root password in a previous run of this program). Note that the following keys will be used automatically (there is no need to re-specify them here): /home/dpn/.ssh/dpnid y(es), n(o), h(elp), q(uit/exit): --------------------------------------------------------
4. Enter n and press ENTER. The following information appears in your command shell:
The following is a test of OS root authorization with the currently loaded SSH key(s). If during this test you are prompted for an OS root password, then you might be missing an appropriate "dpnid" key for one or more nodes. -> In that event, re-run this program and, when prompted, specify as many SSH private key files as are necessary in order to complete root operations on all nodes. Starting root authorization test with 600 second timeout... End of root authorization test. -------------------------------------------------------Change OS (login) passwords? y(es), n(o), q(uit/exit):
Change Operating System User Account Passwords?

5. Do one of the following:
IF DO THIS
You want to change the admin, dpn or root operating system user account passwords. You do not want to change the admin, dpn or root operating system user account passwords.
Enter y and press ENTER. Enter n and press ENTER. Proceed to step 16.
The following information appears in your command shell:

-------------------------------------------------------Change OS password for "admin"? y(es), n(o), q(uit/exit):
53

Change admin Login Password?

IF DO THIS
You want to change the admin operating system user account password. You do not want to change the admin operating system user account password.

Please enter a new OS (login) password for user "admin". (Entering an empty (blank) line twice quits/exits.)
7. Enter the new admin operating system user account password and press ENTER. The following information appears in your command shell:
Please enter the same OS password again. (Entering an empty (blank) line twice quits/exits.)
8. Reenter the new admin operating system user account password and press ENTER. The following information appears in your command shell:
Accepted OS password for "admin". -------------------------------------------------------Change OS password for "dpn"? y(es), n(o), q(uit/exit):
Change dpn Login Password?

IF DO THIS
You want to change the dpn operating system user account password. You do not want to change the dpn operating system user account password.
Please enter a new OS (login) password for user "dpn". (Entering an empty (blank) line twice quits/exits.)
10. Enter the new dpn operating system user account password and press ENTER. The following information appears in your command shell:
11. Reenter the new dpn operating system user account password and press ENTER. The following information appears in your command shell:
Accepted OS password for "dpn". -------------------------------------------------------Change OS password for "root"? y(es), n(o), q(uit/exit): y
54

Change root Login Password?

IF DO THIS
You want to change the root operating system user account password. You do not want to change the root operating system user account password.

Please enter a new OS (login) password for user "root". (Entering an empty (blank) line twice quits/exits.)
13. Enter the new root operating system user account password and press ENTER. The following information appears in your command shell:
14. Reenter the new root operating system user account password and press ENTER. The following information appears in your command shell:
Accepted OS password for "root". ======================================================== Change SSH keys? y(es), n(o), q(uit/exit): y
Create New OpenSSH Keys?

IF DO THIS
You want to create new admin or dpnid OpenSSH keys. You do not want to create new admin or dpnid OpenSSH keys.

-------------------------------------------------------Change SSH key for "admin"? y(es), n(o), q(uit/exit):
55

Create New admin OpenSSH Key?

IF DO THIS
You want to create a new admin OpenSSH key. You do not want to create a new admin OpenSSH key.

Please enter a new SSH key passphrase for user "admin". (Entering an empty (blank) line twice quits/exits.)
17. Enter the new admin OpenSSH passphrase and press ENTER. The following information appears in your command shell:
Please enter the same SSH key again. (Entering an empty (blank) line twice quits/exits.)
18. Reenter the new admin OpenSSH passphrase and press ENTER. The following information appears in your command shell:
Accepted SSH key for "admin". -------------------------------------------------------Redo passphrase-less elevated-privilege SSH key "dpnid"? y(es), n(o), h(elp), q(uit/exit):
Create New dpnid OpenSSH Key?

IF DO THIS
You want to create a new dpnid OpenSSH key. You do not want to create a new dpnid OpenSSH key.
Enter y and press ENTER. Enter n and press ENTER.

======================================================== Change Avamar Server passwords? y(es), n(o), q(uit/exit):
Change Internal Avamar Server User Account Passwords?

IMPORTANT: The remainder of this procedure requires knowledge of the internal Avamar server root user account password.
56
Change Avamar Passwords POSTINSTALLATION CONFIGURATION 20. Do one of the following:

IF DO THIS
You want to change the MCUser or root internal Avamar server user account passwords. You do not want to change the MCUser or root internal Avamar server user account passwords.
Enter y and press ENTER.
Enter n and press ENTER. Proceed to step 26.

Please enter the CURRENT Avamar Server password for "root" (Entering an empty (blank) line twice quits/exits.)
21. Enter the current internal Avamar server root user account password (not the operating system root password) and press ENTER. The following information appears in your command shell:
Checking Avamar Server root password (300 second timeout)... Avamar Server current root password accepted. -------------------------------------------------------Change Avamar Server password for "MCUser"? y(es), n(o), q(uit/exit): y
Change Internal Avamar Server MCUser Password?

IF DO THIS
You want to change the internal Avamar server MCUser password. You do not want to change the internal Avamar server MCUser password.

Please enter a new Avamar Server password for user "MCUser". (Entering an empty (blank) line twice quits/exits.)
23. Enter the new internal Avamar server MCUser password and press ENTER. The following information appears in your command shell:
Please enter the same Avamar Server password again. (Entering an empty (blank) line twice quits/exits.)
24. Reenter the new internal Avamar server MCUser password and press ENTER. The following information appears in your command shell:
Accepted Avamar Server password for "MCUser". -------------------------------------------------------Change Avamar Server password for "root"? y(es), n(o), q(uit/exit):
57

Change Internal Avamar Server root Password?

IF DO THIS
You want to change the internal Avamar server root password. You do not want to change the internal Avamar server root password.
Please enter a new Avamar Server password for user "root". (Entering an empty (blank) line twice quits/exits.)
26. Enter the new internal Avamar server root password and press ENTER. The following information appears in your command shell:
Please enter the same Avamar Server password again. (Entering an empty (blank) line twice quits/exits.)
27. Reenter the new internal Avamar server root password and press ENTER. The following information appears in your command shell:
Accepted Avamar Server password for "root". -------------------------------------------------------Do you wish to proceed with your password changes on the selected node? Answering y(es) will proceed with password updates. Answering n(o) or q(uit) will not proceed. y(es), n(o), q(uit/exit): y
Accept Changes?
IF DO THIS
You want to accept changes made to passwords or OpenSSH keys during this utility session. You want to exit this utility session without making changes to passwords or OpenSSH keys.
Enter y and press ENTER.
Enter n and press ENTER.

Changing OS passwords... [Logging to /usr/local/avamar/var/change-passwords.log...] Done changing OS passwords... Changing Avamar Server passwords... Checking Administrator Server Status... Stopping Administrator Server... Starting process of updating Administrator configuration... Running script to update Administrator configuration on node 0.s... [Logging to /usr/local/avamar/var/change-passwords.log...] Done with updating Administrator configuration on node 0.s... Starting process of updating client configurations... Running script to update client configuration on 0.s... [Logging to /usr/local/avamar/var/change-passwords.log...] Updating client configuration on node 0.0...
58

Done updating client configuration on 0.0... Checking Administrator Server Status... Starting Administrator Server... Starting process of changing SSH keys... Running script to update SSH keys on node 0.s... [Logging to /usr/local/avamar/var/change-passwords.log...] Done with updating SSH keys on node 0.s... -------------------------------------------------------Done. NOTES: - If you had custom public keys present in the authorized_keys2 files of any Avamar OS users (admin, dpn, root) be aware that you may need to re-add your custom keys. - Please be sure to resume schedules via the Administrator GUI.
Update Avamar Enterprise Manager Server

After the change-passwords interactive utility has finished modifying various passwords, you must update the Avamar Enterprise Manager server by performing the following: 1. Open your web browser and log into Avamar Enterprise Manager. The Dashboard page appears. 2. Choose Configure. The Configure page appears. 3. Click the server name to edit. An Edit block appears below the systems list.
4. Enter the new MCUser password in the Password field and click Save.
59
Change Avamar Passwords POSTINSTALLATION CONFIGURATION 5. In the Virtual Infrastructure Client, click the Console tab.
Guest User=admin
6. Log into the guest as user admin. 7. Load the admin OpenSSH key by entering: ssh-agent bash ssh-add ~admin/.ssh/admin_key You are prompted to enter a passphrase. 8. Enter the admin user account passphrase and press ENTER. 9. Enter: dpnctl stop ems emserver.sh --renameserver --uselocalmcs dpnctl start
Manually Update Avamar Administrator CLI

IMPORTANT: The change-passwords utility does not currently change internal Avamar server MCUser password for the Avamar Administrator Command Line Interface (Avamar Administrator CLI) feature. Therefore, after running change-passwords, the Avamar Administrator CLI feature will no longer function. The Avamar Administrator CLI is used to generate events whenever cron maintenance activities are run. In order to change the Avamar Administrator CLI internal Avamar server MCUser password, you must manually edit several preferences files. 1. Open a command shell.
User=admin
2. Log in to the server as user admin. 3. In a Unix text editor, open mcclimcs.xml in the following path: ~admin/.avamardata/var/mc/cli_data/prefs/ 4. Locate the following entries:
<MCSConfig> <MCS mcsprofile="local" mcsaddr="AVAMARSERVER" mcsport="7778" mcsuserid="MCUser" mcspasswd="PASSWORD" />  </MCSConfig>
NOTE: This example has been simplified for clarity.
60
Change Avamar Passwords POSTINSTALLATION CONFIGURATION 5. Change the mcspasswd="PASSWORD" entry to agree with the new internal Avamar server MCUser password that you previously set by using the change-passwords utility. 6. Save your changes.
User=dpn
7. Switch user to the dpn user account by entering: su - dpn When prompted for a password, enter the dpn password and press ENTER. 8. Load the dpn OpenSSH key by entering: ssh-agent bash ssh-add ~dpn/.ssh/dpnid 9. In a Unix text editor, open mcclimcs.xml in the following path: ~dpn/.avamardata/var/mc/cli_data/prefs/ 10. Repeat steps 4 thru 6. 11. Switch back to the admin user account by entering: exit exit
User=admin
User=root
12. Switch user to root by entering: su When prompted for a password, enter the root password and press ENTER. 13. In a Unix text editor, open mcclimcs.xml in the following path: ~root/.avamardata/var/mc/cli_data/prefs/ IMPORTANT: The mcclimcs.xml file might not be present on all servers. If this is the case, skip step 14. 14. Repeat steps 4 thru 6.
User=admin
15. Switch back to the user admin account by entering: exit
61
Configure and Enable the Email Home Feature POSTINSTALLATION CONFIGURATION
Configure and Enable the Email Home Feature

When fully configured and enabled, the email home feature automatically emails the following information to EMC Technical Support twice daily: Status of the daily data integrity check Selected Avamar server warnings and information messages Any Avamar server errors Notification Schedule. By default, these email messages are sent at 6:00 A.M. and 3:00 P.M. each day. The timing of these messages is controlled by the Notification Schedule. Refer to your Avamar System Administration Manual for additional information about schedules. Mail Settings. In order to properly configure the Email Home feature, you need the following information:
Outgoing SMTP Mail Server Name
This is the corporate outgoing SMTP mail server that will be used to send Email Home messages.
IMPORTANT: In most cases, some arrangement must be made to allow emails originating from the Avamar server to be forwarded though the outgoing SMTP mail server to EMC Technical Support through the Internet.: In order for Email Home messages to be received by EMC Technical Support, they must be sent using a valid email address with access to your corporate outgoing SMTP mail server.
Administrative Mail Sender Address
IMPORTANT: If you do not configure the Email Home feature to send messages from a valid email address, messages generated by the Email Home feature will be rejected by the EMC incoming email server. Furthermore, EMC Technical Support will be completely unaware that these programmatically-generated messages were rejected, and because a valid sending email account is not known, programmaticallygenerated warnings to the sender that these messages could not be sent will never be viewed by anyone who can correct the problem.
Task Overview. must:

Task List
To fully configure and enable the email home feature, you
Modify mcserver.xml Email Home Settings (page 63) Configure and Enable the High Priority Events Profile (page 64)
62
Modify mcserver.xml Email Home Settings

Guest User=admin
1. Log into the guest as user admin by clicking on the Console tab in the Virtual Infrastructure Client. 2. Load the admin OpenSSH key by entering: ssh-agent bash ssh-add ~admin/.ssh/admin_key You are prompted to enter a passphrase. 3. Enter the admin user account passphrase and press ENTER. 4. Change directories by entering: cd /usr/local/avamar/var/mc/server_data/prefs 5. Open mcserver.xml in a Unix text editor. 6. Find the com.avamar.asn.module.mail node (shown below).
<root type="system"> <node name="com"> <node name="avamar"> <node name="asn"> <node name="module"> <node name="mail"> <entry key="smtpHost" value="mail"/> <entry key="admin_mail_sender_address" value=""/>
NOTE: Substantial portions of mcserver.xml have been omitted for clarity. 7. Change the smtpHost entry (mail) to the name of your outgoing SMTP mail server as defined in corporate DNS (for example, smtp.example.com). 8. Change the admin_mail_sender_address entry to a valid email address. For example: jsmith@example.com. 9. Save your changes. 10. Restart the administrator server by entering: dpnctl stop mcs dpnctl start 11. Close the command shell.
63
Configure and Enable the High Priority Events Profile

NOTE: You must be logged into the root domain with the role of Administrator in order to perform this procedure. Refer to your Avamar System Administration Manual for additional information about allowable operations for various roles. 1. Start Avamar Administrator. 2. Choose Tools > Manage Profiles... The Manage All Profiles dialog box appears. IMPORTANT: The existing (factory default) High Priority Events profile is read-only. You can enable it using the factory settings but you cannot modify any of the settings. If you require custom High Priority Events profile settings, you must copy it, then modify the copy. 3. Do one of the following:
IF DO THIS
You want to use the (unmodifiable) factory default settings. You want to use new custom settings.
Select the existing High Priority Events profile. Perform step 4, then go directly to step 9. Skip steps 5 through 8 because the default High Priority Events profile is not modifiable. Create a copy of the existing High Priority Events profile by select it and clicking Copy. 1. The Save As dialog box appears. 2. Enter a name for this new profile in the Save As field and click OK. 3. The Save As dialog box closes. 4. Select the High Priority Events profile copy you just created.
4. Unset the Disabled option. IMPORTANT: The Manage Event Codes tab is used to select which event codes will trigger an email notification. However, the High Priority Events profile has been preconfigured to only send notifications for specific high priority events. EMC Technical Support recommends that you use the default settings. 5. Select the High Priority Events profile copy you created in step 3 and click Edit. The Edit Profile Custom Profile High Priority Events dialog box appears. AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL 64
Add a Custom Security Notification to Web Login Pages POSTINSTALLATION CONFIGURATION 6. Click the Email Notification tab. 7. Enter:
FIELD SETTING
Email Subject Header
Avamar Administrator Notification High Priority Events IMPORTANT: Unless you have a good reason to change this field, EMC Technical Support recommends that you use the default email header.
Recipient Email List
Ensure that emailhome@avamar.com is listed. TIP: To add additional recipients, enter a valid Internet email address in the Enter Recipient field and click +. To remove a recipient, select that recipient in the Recipient Email List and click -.
8. Click OK. The Edit Profile Custom Profile High Priority Events dialog box closes. 9. Switch to Manage All Profiles dialog box and click OK. The Manage All Profiles dialog box closes.
Add a Custom Security Notification to Web Login Pages

Avamar Enterprise Manager and the Avamar Web Access features allow you to include a custom security notification to users on the their respective login pages. These notifications typically notify visitors to these login pages that only authorized users of that system are permitted access, and explains the penalties of unauthorized access. The actual mechanism for implementing these notifications involves adding the following plain-text files to the /usr/local/avamar/var/em/server_data/ directory: disclaimer_EM.txt disclaimer_Web_Restore.txt The disclaimer_EM.txt file stores the custom security notification for the Avamar Enterprise Manager login page; disclaimer_Web_Restore.txt stores the custom security notification for the Avamar Web Access login page. To customize security notification language for your site, simply create these files in a text editor, add your content and save them to the /usr/local/avamar/var/em/server_data/ directory. Either file can contain plain text or HTML content. If you later decide not to display additional security notifications at your site, simply remove these files and no security notifications will appear. It is also permissible for these files to be empty.
65
Review AVE Best Practices POSTINSTALLATION CONFIGURATION
Review AVE Best Practices

Review and understand common Avamar best practices. Refer to the Avamar Operational Best Practices Guide for additional information. IMPORTANT: Do not skip this step. This is extremely important to ensuring that AVE operation is reliable and supportable.
66
SYSTEM READINESS TESTING

Readiness testing ensures that the newly installed and configured Avamar Virtual Edition system is ready for normal day-to-day operation in the customer environment. Detailed instructions for performing many of these readiness tests can be found in the following publications: Avamar Backup Clients Installation Guide and Reference Manual Avamar System Administration Manual
Start Scheduled Operations

1. From Avamar Administrator, choose Navigation > Policy or click the Policy launcher button. The Policy window appears. 2. Choose Tools > Manage Schedules The Manage All Schedules window appears. 3. Click Resume All.
Install and Test Avamar Windows Client

1. Install software on one client. 2. Launch application. 3. Register and activate client. 4. Perform on-demand backup.
67
Install and Test Avamar HP-UX Client (Contingent) SYSTEM READINESS TESTING
Install and Test Avamar Administrator

1. Install software on one client. 2. Launch application and log into the Avamar server. 3. Add at least one user to the Windows client. 4. Schedule a group backup and verify that it occurs at the proper time. 5. Perform a redirected restore by using the Avamar Administrator.
Install and Test Avamar Linux Client (Contingent)

Perform this procedure only if you intend to deploy the Avamar Linux Client at this customer site. 1. Install software on one client; register client during software installation. 2. Perform on-demand backup by using the Avamar Administrator. 3. Perform redirected restore by using the Avamar Administrator.
Install and Test Avamar Solaris Client (Contingent)

Perform this procedure only if you intend to deploy the Avamar Solaris Client at this customer site. 1. Install software on one client; register client during software installation. 2. Perform on-demand backup by using the Avamar Administrator. 3. Perform redirected restore by using the Avamar Administrator.
Install and Test Avamar HP-UX Client (Contingent)

Perform this procedure only if you intend to deploy the Avamar HP-UX Client at this customer site. 1. Install software on one client; register client during software installation. 2. Perform on-demand backup by using the Avamar Administrator. 3. Perform redirected restore by using the Avamar Administrator.
68
The Following Day SYSTEM READINESS TESTING
Install and Test Avamar AIX Client (Contingent)

Perform this procedure only if you intend to deploy the Avamar AIX Client at this customer site. 1. Install software on one client; register client during software installation. 2. Perform on-demand backup by using the Avamar Administrator. 3. Perform redirected restore by using the Avamar Administrator.
The Following Day

Refer to your Avamar System Administration Manual for additional information about performing these tasks. 1. Verify that the normal server checkpoints, performed as part of the evening and morning cron jobs, actually occurred. 2. Verify that the HFS check passed. 3. Install client software on the remaining clients.
69
APPENDIX A LOGGING INTO THE AVAMAR SERVER

Use the following information to connect to the Avamar Virtual Edition server. In all cases, you must first click on the Console tab in the Virtual Infrastructure Client.
Logging in Using the admin User Account

The best practice is to always log in using the admin user account, then change to other user accounts (for example, root, dpn) as necessary.
Log in as admin
1. Enter admin and press ENTER. You are prompted to enter a password. 2. Enter the standard admin password and press ENTER. A command prompt appears. 3. In most cases, immediately load the admin OpenSSH key by entering: ssh-agent bash ssh-add ~admin/.ssh/admin_key You are prompted to enter a passphrase. 4. Enter the admin user account passphrase.
Switching to the root User Account

In some cases, you will need to switch user to root.
Switch User to root
1. Switch user to root by entering: su - root When prompted for a password, enter the root password and press ENTER.
70
Switching to the dpn User Account APPENDIX A LOGGING INTO THE AVAMAR SERVER 2. Enter the root password and press ENTER. If you need to switch back to user admin, use the exit command to close the root subshell.
Switch User to admin
3. Switch back to user admin by entering: exit
Switching to the dpn User Account

In some cases, you will need to switch to the dpn user account.
Switch User to dpn
1. Switch to the dpn user account by entering the following: su - dpn When prompted for a password, enter the dpn password and press ENTER. 2. Load the dpnid OpenSSH key by entering: ssh-agent bash ssh-add ~dpn/.ssh/dpnid NOTE: The dpnid OpenSSH key does not require a passphrase.
Switch User to admin
3. Switch back to user admin by entering: exit
71
APPENDIX B INSTALLATION SUPPLEMENTAL REFERENCE

This appendix contains information for the avqinstall (page 72), avw_install (page 79) and avw-time (page 100) commands.
avqinstall
avqinstall is a command-line program that assists with software installation and configuration on new Avamar servers. IMPORTANT: Only use avqinstall when performing server software installation on a new server that has never been deployed at a customer site. Running avqinstall against an operational server could result in permanent loss of data. The avqinstall program replaces avw_install as the preferred method for installing Avamar server software. Unlike avw_install which requires user interaction, avqinstall uses a configuration file usr/local/avamar/var/install.conf (page 74). Use avqinstall to install Avamar server software releases 3.6, 3.7, 4.0 and 4.1. The avqinstall program logs activity to the /usr/local/avamar/var/log/ avqinstall.log file. This log file contain time-stamped information, including: How avqinstall invokes other programs. Standard output and standard error messages from programs invoked by avqinstall. Informational messages about decision-making processes applied by avqinstall. The dpnavqinstall package, which is included with customer tarballs, contains avqinstall and auxiliary files.
72
avqinstall APPENDIX B INSTALLATION SUPPLEMENTAL REFERENCE
Synopsis
avqinstall [--(no)check] [--help] [--(no)require_clean_system] [--(no)unpack] [--version=X.Y.Z.B]
Command Options
--help --(no)check Shows help, then exits. Does not perform certain sanity checks. Default is --check. --(no)require_clean_system Does not require a system without backup data. Default is --require_clean_system. --(no)unpack Does not unpack/install Avamar server tarball. Default is --unpack. --version=X.Y.Z.B Selects server tarball version X.Y.Z.B.
Requirements
The avqinstall program requires access to a command-line shell on each node. You must have OS admin, root and dpn user privileges. The dpnid key must be available to avqinstall. To run various operations noninteractively across multiple nodes as either the OS root or the OS admin user, avqinstall and other utilities must load the dpnid OpenSSH private key into an ssh-agent environment. In addition to using OpenSSH, avqinstall uses sudo to run various operations non-interactively on the utility node or single-node server as the OS user dpn. The default sudo configuration in Red Hat Enterprise Linux is adequate to permit avqinstall to use sudo because avqinstall runs as the OS root user. The avqinstall program requires the following hardware and software: A qualified hardware platform (for example, ADS). A pre-configured version of Red Hat Enterprise Linux (for example, RHEL 4.6). Packages, files and directories under /usr/local/avamar/, /etc/ and /data01/, which are pre-installed by the Avamar-supplied OS installation.
73
Configuration File Attributes

The following table describes the install.conf file attributes.
ATTRIBUTE DESCRIPTION
gsan_encrypt_at_rest
Specifies whether or not to encrypt gsan backup data at rest. 1 Sets encryption at rest, which can cause a performance penalty. 0 (default)
gsan_key_account_id
Specifies an account id to be included with gsan license key source data. NOTE: For 4.x and later releases, the Avamar server runs without a license for a 30-day grace period. This attribute value can be left unspecified during the 30-day grace period. After the grace period, you must obtain a license key. The default is a synthesized value of the form CN-YYYYMMDD.
gsan_key_asset_reference_id
Specifies an asset reference id to be included with gsan license key source data. NOTE: For 4.x and later releases, the Avamar server runs without a license for a 30-day grace period. This attribute value can be left unspecified during the 30-day grace period. After the grace period, you must obtain a license key. The default id is a synthesized value, the unqualified hostname.
gsan_hfs_port
Specifies the gsan TCP contact port for nonSSL communications. If a port number is specified, the usersettings.cfg file is updated. Default is 27000.
gsan_other_options
Specifies a list of space-separated commandline options for start.dpn, to be appended to the installation tool's list of options. No options are necessary under ordinary circumstances. There is no default value.
gsan_password
Specifies the gsan root user password. If a password is specified, the usersettings.cfg file is updated. Default is the password specified by the --password setting in the usersettings.cfg file. The password is typically a factory default, such as 8*******.
74

gsan_rain
Specifies whether the gsan uses RAIN. 0 Disables RAIN on a multi-node server. IMPORTANT: Disabling RAIN is not recommended. RAIN is a feature of multinode systems that enables backup data to survive an unrecoverable loss of one storage node. 1 (default) Enables RAIN. Setting this value is meaningful only for servers of three or more nodes. Servers with two or fewer nodes are always configured to be non-RAIN. Default is 1.
gsan_ssl_port
This is a start.dpn parameter. Specifies the gsan TCP contact port for SSL communications. Default is 29000.
gsan_systemname
Specifies the gsan systemname parameter value. This value need not be the same as the hostname of the utility node or single-node server. The default is the unqualified hostname of the utility node or single-node server, specified in uppercase.
local_time_zone
Specifies the name of a local time zone for the utility node or single-node server. If specified, name one of the existing time zone files relative to the directory /usr/share/zoneinfo. For example, US/Pacific. Default is UTC.
mcs_mcuser_password
Specifies the password for the gsan MCUser user id. Setting a password value for this attribute updates the static Administrator preferences. The factory default is MCUser1.
mcs_nat_address
Specifies an externally-translated Internet Protocol version 4 (IPv4) address that backup clients use to contact the Avamar Administrator. Specify this value only if the address that must be used by client hosts is different from that assigned to network interface eth0 on the utility node or single-node server. There is no default value.
75

mcs_remote_hfs_port
Specifies the TCP contact port number on the remote Avamar server to use when authenticating Avamar Enterprise Manager logins. This attribute is meaningful only if mcs_remote_host is defined. Default is 27000.
mcs_remote_host
Specifies the name of a utility node or singlenode server running an instance of Avamar Administrator against which to authenticate Avamar Enterprise Manager logins. Default is Local host (utility node or singlenode server).
mcs_remote_mcuser_password
Specifies the password for the MCUser account on the remote Avamar server against which to authenticate Avamar Enterprise Manager logins. This attribute is meaningful only if mcs_remote_host is defined. There is no default value.
mcs_remote_rmi_port
Specifies the remote RMI (Java remote method invocation) TCP port on the remote Avamar server against which to authenticate Avamar Enterprise Manager logins. This attribute is meaningful only if mcs_remote_host is defined. Default is 7778.
mcs_smtp_server
Specifies the SMTP (mail) server name or IP address to which the Avamar server can post email. The specified SMTP server, intervening firewalls or both might have to be updated to permit the Avamar server to post mail to the SMTP server. Default is mail.
server_tarball_version
Specifies the version number of a server tarball to be installed. A customer tarball with the corresponding version must exist in /usr/local/avamar/src/. The version number, if specified, must be in a form compatible with the axion_install tool, such as 4.1.0.620. Default is the highest version numbered customer tarball in /usr/local/avamar/src/ appropriate for the OS (3.x for RHEL3, 4.x for RHEL4).
76

storage_node_ipv4_addresses
Specifies a list of storage node IPv4 addresses separated by whitespace. Specifying addresses for this attributes updates the probe.out file. If no addresses are specified, and there is no pre-existing probe.out file, avqinstall assumes a single-node server. The single-node server assumption fails (avqinstall quits with an error) unless the node type has been set correctly. TIP: Pre-configure the probe.out file by running dpnnetutil instead of specifying storage nodes addresses for this attribute. Default is addresses specified in /usr/local/ avamar/var/probe.out or $SYSPROBEDIR/ probe.out, if available.
time_servers
Specifies a list of hostnames or IPv4 addresses separated by whitespace for NTP time servers. If a hostname resolves to multiple addresses, then all addresses are used. There is no default value.
avqinstall Program Flow

The avqinstall program performs the following tasks: 1. Performs a limited check of the environment. The avqinstall program must run as root on a supported node type (utility node or single-node server). 2. Reads the configuration file /usr/local/avamar/var/install.conf. 3. Checks that no Avamar server processes are running. 4. Generates a probe.out file if necessary. 5. Verifies ssh connectivity and authorizations for all nodes using copies of the dpnid private key held by the admin and dpn users. 6. Checks for existing Avamar backup data and quits if any is found. NOTE: Use the --(no)require_clean_system option to override this check. 7. Performs clean-up tasks on the utility node or single-node server. For example, the program removes files from /tmp, deletes ems and mcs data, and removes client download packages. 8. Unpacks Avamar server software (axion_install). 9. Deletes any existing Avamar backup data.
77
avqinstall APPENDIX B INSTALLATION SUPPLEMENTAL REFERENCE 10. Gathers gsan license key data (gathergsankeydata) unless a gsan license key file already exists. 11. Checks for a gsan license key on Avamar 3.x servers and quits if a license key is not present. 12. Configures local time and network time service (avw-time). 13. Starts the Avamar login manager service (lm). 14. Updates usersettings.cfg. 15. Starts gsan (start.dpn). 16. Verifies that gsan has started (opstatus.dpn). 17. Starts the mcs (avsetup_mcs, mcserver.sh --init, mcserver.sh -start, avsetup_webstart and avsetup_mccli). 18. Starts the EMS (avsetup_ems, emserver.sh --init, emserver.sh -start and emwebapp.sh --start). 19. Creates a checkpoint (cp_cron). 20. Validates the checkpoint (hfscheck_cron). 21. Enables maintenance tasks (mcserver.sh --installcron). 22. Starts the web server (website create-cfg, website init, website restart and gen-ssl-cert). 23. Updates dpnctl's version tracking file. 24. Checks Avamar subsystem status. 25. Removes the dpnavqinstall package by using an at job.
78
avw_install APPENDIX B INSTALLATION SUPPLEMENTAL REFERENCE
avw_install
avw_install is a program that provides a web-based wizard that assists with software installation and configuration on new Avamar servers. IMPORTANT: The information presented in this topic is for reference purposes only and should not be used in lieu of proper installation documentation. Instead, when performing any Avamar server software installation, use the correct Avamar server software installation publication for your specific server hardware platform.
IMPORTANT: Only use avw_install when performing server software installation on a new server that has never been deployed at a customer site. Running avw_install against an operational server could result in permanent loss of data.
NOTE: If avw_install is left unattended for a long period of time (for example, over night), be advised that nightly log rotation restarts the web server. This could interfere with your avw_install session. Therefore, it is best to plan enough time to completely finish your avw_install session in one sitting.
Detailed Technical Information

avw_install calls several sub-programs. Each sub-program performs a specific set of software installation and configuration tasks: 1. avw_login (page 80) 2. avw_intro (page 80) 3. avw_check_node_type (page 80) 4. avw_verify_down (page 81) 5. avw_verify_atd (page 81) 6. avw_axion_install (page 81) 7. avw_run_probe (page 82) 8. avw_verify_os (page 83) 9. avw_verify_avtar_config (page 83) 10. avw_clean_data (page 83) 11. avw_gathergsankeydata (page 85) 12. avw_configure_time (page 86) 13. avw_lm_start (page 87)
79
avw_install APPENDIX B INSTALLATION SUPPLEMENTAL REFERENCE 14.avw_check_dpn (page 87) 15. avw_start_dpn (page 88) 16. avw_avsetup_mcs (page 90) 17. avw_avsetup_ems (page 92) 18. avw_checkpoint (page 93) 19. avw_crontab_dpn (page 93) 20. avw_website_create_cfg (page 94) 21. avw_finale (page 94) 22. avw-cleanup.php (page 95)
1. avw_login
(1) Log In - Authorized Users Only This page is a protective measure that is intended to prevent avw_install from being run by an unauthorized user. Enter the factory-default Avamar root server password for this server. If this is a new server, it should be the factory default root password (8RttoTriz). However, if the root password has been changed and another password is recorded in usersettings.cfg, then enter that password instead.
2. avw_intro
(2) avw_install VERSION Where VERSION is the specific version of avw_install you will be running. NOTE: The avw_install version might not directly correlate to the specific Avamar server software release you will be installing. This is because avw_install supports multiple server software tarballs being present on the same Avamar server. If avw_install was previously run, one or more option check boxes are provided that allow re-running specific tasks. Furthermore, clicking Start will automatically bypass any successfully completed tasks. This page also offers configuration tips for Mozilla Firefox users.
3. avw_check_node_type
(3) Check for Correct Node Type This page is a protective measure that is intended to prevent avw_install from being run on an unsupported node type (for example, storage node). If avw_install determines that this node is an unsupported type, an error message appears and avw_install will terminate.
80
4. avw_verify_down
(4) Check for System Activity If the dpnctl utility is available, this page runs dpnctl status as a background operation in order to ensure that the Avamar server has been completely shutdown before proceeding with the actual software installation. TIP: Click TASK LOG to monitor progress or review results of this task.
5. avw_verify_atd
(5) Verify That the atd Service Is Running This page indicates whether or not the atd service is running. atd is used by avw_install for starting various processes without commingling those process groups with that of the Apache web server. Without the atd service, some processes would die as soon as the web server is restarted. If atd is not running, an attempt is made to start it. If atd is not running and cannot be started, an error is returned and avw_install exits.
6. avw_axion_install
(6.1) Select Avamar Software Release If there is only one customer tarball, then it is presented in a text box. If there is more than one customer tarball, then select the correct one from the menu. In most cases, this should be the latest release. The customer tarball with the highest version number is presented as the default setting. (6.2) Unpack and Install Avamar Software This page runs the following commands as a root user background task: cd /usr/local/avamar/src tar xzvf TARBALL RHEL3/axion_install RHEL3/axion_install --version =VERSION --nochecks Where TARBALL is the actual customer tarball filename and VERSION is the specific Avamar server software release being installed in this avw_install session. TIP: Click TASK LOG to monitor progress or review results of this task.
81
7. avw_run_probe
(7.1) Enumerate Avamar Nodes (Probe) Enter the names of all utility nodes to be probed. Separate multiple utility node names with white space. The first name must be that of this host (the node on which avw_install is running). The text box is pre-populated with that hostname. (7.2) Verify Utility Node Addresses Edit utility node names and corresponding IP addresses. Any names entered in the previous page that did not resolve will be denoted with Enter.IP.Address.Here instead of an actual IP address. The first name must match that of this host. The reason for this restriction is to ensure that modules are not probed in the wrong order. If the first name does not match that in the usersettings.cfg --server entry, then the --server entry is updated. If avw_install determined that you are installing software on a multi-node server and DHCP is present, the Do DHCP Client Node Discovery (probe): option will be shown. Setting this option will run either the probe command on multi-node configurations or the probesingle command on single-node configurations, which will automatically populate the list of storage addresses. TIP: Click TASK LOG to monitor progress or review results of this task.
Manual Entry
(7.3) Manually Enter Storage Node Addresses If the Do DHCP Client Node Discovery (probe): option was not set on page 7.2, then enter storage node addresses and/or address ranges into the text box, prefixed with the name of the corresponding utility node. /usr/local/avamar/var/probe.out file is updated with the utility node addresses from page 7.2 and the storage node addresses from this page.
Run probe
(7.3) Run Probe Command If the Do DHCP Client Node Discovery (probe): option was set on page 7.2, then the probe or probesingle command is run against the list of utility nodes specified on page 7.2 in order to update the /usr/local/avamar/var/probe.out. If the name of a utility node does not resolve, or an IP address supplied on page 7.2 conflicts with the address returned by gethostbyname(), then the user-supplied IP address from page 7.2 is explicitly used as an argument to probe or probesingle. This is to avoid problems either with probe or probesingle resolving names to undesired addresses, or with lack of name resolution altogether. TIP: Click TASK LOG to monitor probe progress.
82
avw_install APPENDIX B INSTALLATION SUPPLEMENTAL REFERENCE (7.4) Verify Probe File This page runs mapall date as an admin user background task. All nodes in the probe.out file must respond. TIP: Click TASK LOG to monitor progress or review results of this task.
8. avw_verify_os
(8) Verify Operating System Version This page runs the following command as a background operation: mapall --all 'cat /etc/redhat-release' The output is examined for any inconsistent entry among the operating system release strings. All nodes in the probe.out file must respond. This is intended to ensure that all nodes are running the same version of the operating system. This does not necessarily ensure that all nodes are running the correct version of the operating system, only that the version is consistent across all nodes. TIP: Click TASK LOG to monitor progress or review results of this task.
9. avw_verify_avtar_config
(9) Verify Local Avtar Configuration Files This page examines various settings in ~admin/.avamar and /usr/local/avamar/etc/usersettings.cfg to verify that they are correct.
10. avw_clean_data
(10.1) Check for Pre-Existing Avamar Data This page runs a mapall command in the background to determine if any gsan.log files exist underneath /data0?/cp.* or /data0?/cur on the storage nodes. TIP: Click TASK LOG to monitor progress or review results of this task.
Clean Servers
(10.2) Clean Up: Enter Files and Directories to Preserve If the server was determined to be clean, this page offers a text box in which you can enter additional objects to preserve in the storage node data directories.
83
avw_install APPENDIX B INSTALLATION SUPPLEMENTAL REFERENCE Default pre-defined list of objects to preserve is as follows: avamar home local lost+found ugprep vardir Most of these objects are typically found only on /data01, but the previous find command does not discriminate as to where they are found. The main intention is to clean up directories that might have been created by previous dt operations.
Dirty Servers
(10.2) Clean Up: Enter Files and Directories to Preserve If the server was determined to be dirty, this page is used to set several options and enter a specific automatically-generated confirmation phrase that will cause this server to be cleaned (all Avamar data will be permanently deleted).
FIELD/OPTION DESCRIPTION
Yes, DESTROY Existing Avamar Data Yes, REALLY Destroy Existing Avamar Data Acknowledgement Phrase
In order to permanently delete (clean) any preexisting data from this Avamar server, you must set this option. In order to permanently delete (clean) any preexisting data from this Avamar server, you must set this option. In order to permanently delete (clean) any preexisting data from this Avamar server, you must enter the entire confirmation phrase (for example, I-wishto-destroy-utterly-all-Avamar-data-on-thissystem.-XXXX) into this field and change all hyphens (-) to spaces. There are two methods for doing this: 1. Manually enter the entire acknowledgement phrase by way of the computer keyboard and replace all hyphens (-) with spaces as you type. 2. Copy the entire acknowledgement phrase (for example, I-wish-to-destroy-utterly-allAvamar-data-on-this-system.-XXXX) onto your computer clipboard. Then, paste the entire acknowledgement phrase (including the random four-character sequence at the end) into this field. Finally, replace all hyphens (-) with spaces.
Directories and Files
Enter additional objects to preserve in the storage node data directories.
84
avw_install APPENDIX B INSTALLATION SUPPLEMENTAL REFERENCE (10.3) Clean Data Directories This page runs the following command: export SYSPROBEUSER=root && mapall /usr/bin/find /data0?/* ! -name OBJECT1 ... -maxdepth 0 -exec /bin/rf -rf {} \; Any object not named in the pre-defined list of objects to preserve is removed. TIP: Click TASK LOG to monitor progress or review results of this task.
11. avw_gathergsankeydata
(11.1) Enter Source Data For Avamar Server License This page is used to enter the following:
FIELD DESCRIPTION
Account ID
This is the EMC Customer Number, which is found on the EMC Purchase Order Confirmation. Valid Customer Numbers conform to the following format: CN-YYMMDDNNNNN Where YY is a two-digit year, MM is a two-digit month, DD is a two-digit day of the month and NNNNN is a five-digit numerical sequence.
Asset Reference ID
The asset reference ID is found on the EMC Purchase Order Confirmation. Valid asset reference IDs conform to the following format: A-YYYYNNNNNN Where YYYY is a four-digit year and NNNNNN is a six-digit numerical sequence.
Internet Domain Name
Corporate internet domain name.
(11.2) Gather License Source Data This page runs the following command as a background operation: gathergsankeydata --nointeractive --output='/usr/local/avamar/var/gsankeydata.xml' --account_id=CUSTOMER-ID --asset_reference_id=ASSET-ID TIP: Click TASK LOG to monitor progress or review results of this task. (11.3) Review License Key Source Data This page displays the XML data produced by gathergsankeydata and provides some instructions for generating a valid license key. AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL 85
12. avw_configure_time
(12.1) Enter Time Configuration Information This page is used to enter the following:
FIELD DESCRIPTION
Specify NTP Servers
Enter the IP addresses of NTP (port 123/udp) time servers. If ntp resolves to one or more IP addresses, then the text box will be pre-populated with those addresses. Otherwise, the text box is blank.
Change System Time Choose a Local Time Zone
Enter a new system time if the displayed system time is not accurate. Select a local time zone from the pull-down menu. Refer to Time Zone Application Notes (page 36) for additional information about specifying a usable local time zone.
(12.2) Install Time Configuration This page runs avw-time, which is essentially a non-interactive version of asktime, as a background task. Things in common with asktime: avw-time creates and distributes ntpd configuration files to each node by way of mktime.custom, dpn-time-config and timedist. The timedist function shuts down and restarts ntpd by way of timesyncmon. timedist also installs a local cron job, ntpd_keepalive_cron that periodically attempts to revive ntpd if ntpd has quit. Differences from asktime: avw-time does not know about US public Internet time servers. avw-time does not support dedicated Avamar subnets. Therefore, configuring any additional nodes that might be added at a later date requires an update to the NTP configurations on #.s and #.0 (the internal time servers). Use asktime to perform this update. Answering yes at the asktime Do you have a dedicated subnet? prompt allows all time clients in a given subnet to query the internal time servers, but it requires knowing about all of the relevant subnets. avw-time reads an asktime-compatible answers file, but does not write to the answers file. Maintenance of the answers file is presently done by way of avw_configure_time sub-program. TIP: Click TASK LOG to monitor progress or review results of this task.
86
13. avw_lm_start
(13) Start Login Manager This page runs the following commands as root: service lm stop service lm start IMPORTANT: avw_install only starts the login manager (lm) process, it does not configure any external authentication systems (for example, Windows Active Directory, OpenLDAP, and so forth) for use with your Avamar server. Refer to the Setting Up Enterprise Authentication topic in your Avamar System Installation and Upgrade Manual for additional information.
TIP: Click TASK LOG to monitor progress or review results of this task.
14.avw_check_dpn
(14.1) Run Pre-Startup System Checks This page runs the check.dpn command. TIP: Click TASK LOG to monitor progress or review results of this task. (14.2) Review System Check Results After check.dpn has successfully completed and Review System Check Results >> is clicked from the previous page, this page lists check.dpn results.
87
15. avw_start_dpn
(15.1) Enter Avamar Server Startup Parameters This page is used to enter or set the following:
Server Root Password Server Name HFS Port SSL Port Use Non-RAIN Configuration (not recommended)
This field is pre-populated with the password from usersettings.cfg. This field is pre-populated with a name based on this hostname. Default value is 27000. Default value is 29000. This option only appears on multi-node servers with more than two storage nodes (1x3 or larger servers). Set this option if you want to disable RAIN on this server.
Encrypt Data At Rest (incurs performance penalty)
Set this option if this capability is desired. An encryption salt value will be automatically generated. IMPORTANT: Setting the Encrypt Data At Rest (incurs performance penalty) option will provide additional security but will also impact server performance.
Use Options File
If set, startup parameters are read from avw_start_dpn_options.txt and passed to start.dpn. This field is optional. Beginning with version 4.0, when you deploy a new Avamar server, you have a 30 day grace period in which to obtain a valid server license key. For the sake of clarity and because we expect that most customers will elect to obtain licensing at a later date, the licensing procedure is documented separately from the avw_install session.
License Key
(15.2) Confirm Avamar Server Startup Parameters This page provides an opportunity to review settings made in the previous page before they are actually used to initialize and start the Avamar server. If the Use Non-RAIN Configuration (not recommended) option was set on page 15.1, this page is also used to set several options and enter a specific automatically-generated confirmation phrase that will cause this Avamar server to be initialized without RAIN. If the Use Options File option was set on page 15.1, this page lists the additional options read from avw_start_dpn_options.txt.
88
avw_install APPENDIX B INSTALLATION SUPPLEMENTAL REFERENCE This page is used to enter or set or set the following:
Yes, use a NonRAIN Configuration Yes, REALLY use a Non-RAIN Configuration Acknowledgement Phrase
In order to initialize this Avamar server without RAIN, you must set this option. In order to initialize this Avamar server without RAIN, you must set this option. In order to initialize this Avamar server without RAIN, you must enter the entire confirmation phrase (for example, I-understand-that-a-configurationwithout-RAIN-is-contraindicated.-XXXX) into this field and change all hyphens (-) to spaces. There are two methods for doing this: 1. Manually enter the entire acknowledgement phrase by way of the computer keyboard and replace all hyphens (-) with spaces as you type. 2. Copy the entire acknowledgement phrase (for example, I-understand-that-a-configurationwithout-RAIN-is-contraindicated.-XXXX) onto your computer clipboard. Then, paste the entire acknowledgement phrase (including the random four-character sequence at the end) into this field. Finally, replace all hyphens (-) with spaces.
TIP: Use the << Change and Confirm Avamar Server Startup Parameters >> buttons to review previous settings and return to this page, respectively. (15.3) Initialize and Start Avamar Server This page updates the /usr/local/avamar/etc/usersettings.cfg --password and --hfsport settings if changes are made from the factory default settings. If the Encrypt Data At Rest (incurs performance penalty) option was set, this page updates /usr/local/avamar/var/dpn_failsafe_data.txt with an obfuscated form of the automatically generated encryption salt, along with the MAC address of the eth0 NIC. Finally, this page runs the following command as a background task: start.dpn --clean --password=PASSWORD --systemname=NAME --sslport=PORT --lmaddr=ADDR --encryptatrest=SALT --expert --hfsport=PORT --paritygroups=none NOTE: The --paritygroups=none option is supplied if the non-RAIN conditions were satisfied on pages 14.1 and 14.2.
89
TIP: Click TASK LOG to monitor progress or review results of this task. (15.4) Check for Avamar Server errors This page runs the following command as a background task: mapall --noerror 'egrep "FATAL|ERROR" /data01/cur/gsan.log TIP: Click TASK LOG to monitor progress or review results of this task.
16. avw_avsetup_mcs
(16.1) Enter Avamar Administrator Startup Parameters This page is used to enter or set the following:
FIELD DESCRIPTION
MCUser Account Password Java Home Directory
This field is pre-populated with the factory default password MCUser1. This field is either a pull-down menu or a text box, the latter possibly pre-populated with the path of a candidate directory. The candidate name selection method should work for one or more of Sun Microsystems various types of Java releases (for example, jre1.5.0_12).
SMTP Server Host Name or IP Address Avamar Server IP Address for NAT
Enter the outgoing SMTP mail server hostname as defined in corporate DNS or IP address. If client computers must use a different externally translated address in order to contact the MCS, then enter that IP address here.
(16.2) Confirm Avamar Administrator Startup Parameters This page provides an opportunity to review settings made in the previous page before they are actually used to initialize and start the MCS. TIP: Use the << Change and Confirm Avamar Administrator Startup Parameters >> buttons to review previous settings and return to this page, respectively.
90
avw_install APPENDIX B INSTALLATION SUPPLEMENTAL REFERENCE (16.3) Initialize Avamar Administrator, Part 1 Runs the following command as a background task: avsetup_mcs --hfsaddr=AVAMARSERVER --localdns=AVAMARSERVER --hfsport=PORT --java=PATH --mcpass=PASSWORD [--natextaddr=IP-ADDR] --rootpass=PASSWORD --smtphost=SMTP-SERVER --noprompt The --java=PATH, --mcpass=PASSWORD, --smtphost=SMTP-SERVER and --natextaddr=IP-ADDR information is from page 14.1. The --hfsaddr=AVAMARSERVER, --localdns=AVAMARSERVER, --hfsport=PORT and --rootpass=PASSWORD information is derived from usersettings.cfg. If an --hfsport=PORT setting is unavailable, then the default of 27000 is used. TIP: Click TASK LOG to monitor progress or review results of this task. (16.4) Initialize Avamar Administrator, Part 2 This page runs mcserver.sh --init as an at job. TIP: Click TASK LOG to monitor progress or review results of this task. (16.5) Start Avamar Administrator This page runs mcserver.sh --start as an at job. TIP: Click TASK LOG to monitor progress or review results of this task. (16.6) Configure Administrator Web Interface This page runs the following command as root: avsetup_webstart NOTE: Because avsetup_webstart is run as a foreground task, a TASK LOG link does not appear on this page. (16.7) Configure Administrator Command Line Interface This page runs the following command: avsetup_mccli NOTE: Because avsetup_mccli is run as a foreground task, a TASK LOG link does not appear on this page.
91
17. avw_avsetup_ems
(17.1) Enter Avamar Enterprise Manager Startup Parameters This page is used to configure the Avamar Enterprise Manager application. Enter or set the following:
FIELD DESCRIPTION
(OPTIONAL) remote Avamar Server Host Name or IP Address remote Avamar MCUser Account Password remote Avamar Server Port This field is pre-populated with the factory default password MCUser1. This field is pre-populated with the factory default Avamar server data port 27000/tcp. This field is pre-populated with the factory default MCS data port 7778/tcp.
remote Avamar Administrator Port
(17.2) Initialize Avamar Enterprise Manager, Part 1 This page runs the following command as a background task: avsetup_ems TIP: Click TASK LOG to monitor progress or review results of this task. (17.3) Initialize Avamar Enterprise Manager, Part 2 This page runs one of the following commands as an at job, depending on the contents of the fields from page 15.1: emserver.sh --init --force --uselocalmcs - or emserver.sh --init --force --nouselocalmcs --mcshostname=SERVER --mcuserap=PASSWORD --hfsport=PORT --mcsport=PORT Where --mcshostname=SERVER, --mcuserap=PASSWORD, --hfsport=PORT and --mcsport=PORT information is all taken from the input fields on page1, if and only if a remote server name or IP address was specified. TIP: Click TASK LOG to monitor progress or review results of this task. (17.4) Start Avamar Enterprise Manager This page runs emserver.sh --start as an at job.
92
TIP: Click TASK LOG to monitor progress or review results of this task. (17.5) Start Jakarta Tomcat Service This page runs emwebapp.sh --start as an at job. TIP: Click TASK LOG to monitor progress or review results of this task. (17.6) Check Jakarta Tomcat Service This page runs the following command as a background task: curl -i -o /dev/null http://localhost:8080/cas/login.faces If the Tomcat service is not running, this will return an error. TIP: Click TASK LOG to monitor progress or review results of this task.
18. avw_checkpoint
(18.1) Create Checkpoint This page runs cp_cron as a background task. TIP: Click TASK LOG to monitor progress or review results of this task. (18.2) Validate Checkpoint This page runs hfscheck_cron as a background task. TIP: Click TASK LOG to monitor progress or review results of this task.
19. avw_crontab_dpn
(19) Install Maintenance Cron Jobs This page saves the old dpn crontab (if found) and installs a new one with the following command: crontab -u dpn /usr/local/avamar/etc/dpn_crontab TIP: Click TASK LOG to monitor progress or review results of this task.
93
20. avw_website_create_cfg
(20) Configure Avamar Web Application This page runs the following command as root: website create-cfg This performs all of the required configuration of Avamar web application, short of restarting the web server. NOTE: The website init and website restart operations are not performed here because those operations are unnecessary and performing those operations would interfere with avw_install.
TIP: Click TASK LOG to monitor progress or review results of this task.
21. avw_finale
(21) avw_install Completion This page shows Review (Optional) >> and Finish buttons. Clicking Review (Optional) >> within one minute displays a final review page that provides summary information about each avw_install task. TIP: Displaying the final review page by clicking Review (Optional) >> is not required. However, it is highly recommended that you do so in order to ensure that no unexpected results go unnoticed.
IMPORTANT: If you wait longer than one minute to click Review (Optional) >>, an error might occur because avw_install might be disabled. If this occurs, try pointing your browser at http://AVAMARSERVER or http://AVAMARSERVER/em. A MAIN LOG link to the avw-log-monitor.php application, which allows viewing and saving of the avw_install.log file. It is easy to re-enable avw_install if it is necessary to do so after disabling it. Refer to How Do I Reinstall avw_install? (page 99) for additional information.
94
22. avw-cleanup.php
This is run automatically one minute after the (21) avw_install Completion page appears. As root, gives at a job to be run at the top of the next minute. This at job does the following: 1. Creates /usr/local/avamar/var/avw-cleanup.log. 2. Verifies that /usr/local/avamar/var/avw_install-cleanup.enable exists. If it does not exist, then avw_install exits with an error. 3. Deletes the cleanup.enable file. 4. Deletes various temporary files in /tmp. 5. Runs the following command: rpm -e dpnavwinstall This deletes the package containing avw_install after applying various cleanups. 6. Renames /usr/local/avamar/var/avw_install.log to /usr/local/avamar/var/avw_install.log.N. Where N is a non-colliding integer. 7. Changes the ownership and permissions of the renamed log file to root:admin, 640.
Installation Directories
/usr/local/avamar/bin/ /usr/local/avamar/lib/avw_install/ /usr/local/avamar/lib/avw_install/html/ /usr/local/avamar/lib/avw_install/tasks/ /usr/local/avamar/lib/avw_install/classes/ /usr/local/avamar/lib/avw_install/conf/ /usr/local/avamar/lib/avw_install/pear/
95
Auxiliary Programs Called by avw_install

bin/avw-disable Strips out modifications to /etc/sudoers and /etc/httpd/conf.d/ssl.conf previously made by avw-enable. Optionally deletes temporary files. Restarts the httpd service. bin/avw-enable Verifies whether /etc/sudoers and /etc/httpd/conf.d/ssl.conf have already been modified, based on the presence or absence of a particular string. If modifications are required, then appends conf/sudoers-addition.txt to /etc/sudoers and patches /etc/httpd/conf.d/ssl.conf with conf.d/ssl.conf-diffs.txt. These modifications allow the apache user account to apply avw-run as the admin, dpn or root user. Saves original version s of the configuration files as sudoers.avw-enable_save and ssl.conf.avw-enable_save. Restarts the httpd service. Also offers the option of changing data ports. The avw-disable program later removes the modifications, either by deleting specially marked regions of text, or by replacing the modified file with a previously saved, un-modified, version of the file, whichever is most correct. avw-enable accepts the following command line arguments: --http_only and --https_port=PORT. These options reconfigure the web server to run avw_install on alternative ports (page 98) or support the lynx browser, which only supports HTTP. bin/avw-run Runs a specified command with the specified arguments within an ssh-agent environment. The specified command is invoked from a temporary Bash script that loads the dpnid key into the previously created ssh-agent environment. Optionally creates a .done file to indicate completion. Optionally creates a .status file to indicate exit status. Optionally prints a completion message with the exit status of the command. bin/avw-time This is essentially a non-interactive version of asktime. It installs time configuration files on all Avamar nodes based on the pre-existing contents of the asktime.answers file.
96
How avw_install Performs Privileged Work

The avw_install application depends on the following system configuration changes, which are applied automatically during installation of the dpnavwinstall package: The /etc/sudoers file is modified to allow the apache user to run the avw-run command as admin, dpn or root. The /etc/httpd/conf.d/ssl.conf file is modified to allow the avw_install application to listen on port 1234.
What to Expect When Running avw_install More Than Once

If it is necessary to re-run avw_install (for example, after handling an error condition), then you might be presented with various option check boxes on the avw_intro page (page 80). The check boxes allow you to re-run specific tasks if necessary. It is possible to perform all tasks by checking the first box, provided that the necessary cleanup has been done beforehand. For the most part, avw_install does not attempt to do cleanups for you. For example, out-of-bounds tasks might interfere somewhat with avw_install. Consult EMC Technical Support for help with cleanups.
97
Tips for Mozilla Firefox Users

If you are asked to accept a cookie, click on Accept for session only. By default the MAIN LOG and TASK LOG links open in another window. For maximum convenience, configure these links to open in a new browser tab using one of the following methods: 1. Right-click the link and select Open Link in New Tab each time. 2. Do one of the following:
IF DO THIS
You are using Firefox 1.5 or later on Windows. You are using Firefox 1.5 or later on Linux. You are using Firefox 1.0 on Windows.
1. Choose Tools > Options > Tabs. 2. Set the Force links that open new windows to open in: a new tab option. 1. Choose Edit > Preferences > Tabs. 2. Set the Force links that open new windows to open in: a new tab option. 1. Enable single window mode. To do this, enter about:config in the browser address field, then double-click the following preference item in order to set its value to true:
browser.tabs.showSingleWindowModePrefs
2. Choose Tools > Options > Advanced. 3. Set the Force links that open new windows to open in: a new tab option. You are using Firefox 1.0 on Linux. 1. Enable single window mode. To do this, enter about:config in the browser address field, then double-click the following preference item in order to set its value to true:
browser.tabs.showSingleWindowModePrefs
2. Choose Edit > Preferences > Advanced. 3. Set the Force links that open new windows to open in: a new tab option. If you use single window mode, watch for new tabs after clicking on the MAIN LOG and TASK LOG links.
Changing the avw_install Data Port

By default, avw-enable configures the web browser to run avw_install on port 1234 (for example, https://SERVER:1234). If you experience browser connectivity problems, perhaps related to TCP/IP filtering, firewalls, router access control lists, and so forth, then try configuring the web server, by way of avw-enable, to offer access to avw_install on a different port.
98
avw_install APPENDIX B INSTALLATION SUPPLEMENTAL REFERENCE The following table shows several example alternative port setups and the base URL used to access avw_install following the alternative configuration:
AVW-ENABLE SETUP COMMAND DESCRIPTION/BASE URL
avw-enable --https_port=443
Configures avw_install to run on standard HTTPS port 443. Base URL used to access avw_install in this configuration is: https://AVAMARSERVER
avw-enable --https_port=80
Configures HTTPS to run on standard HTTP port 80. Base URL used to access avw_install in this configuration is: https://AVAMARSERVER:80 NOTE: Port 80 must be explicitly supplied.
avw-enable --http_only
Runs on straight HTTP, not HTTPS http://AVAMARSERVER (or http://localhost) Base URL used to access avw_install in this configuration is: http://AVAMARSERVER or http://localhost
Troubleshooting
How Do I Verify that avw_install Has Been Disabled? avw_install should automatically remove itself and all supporting programs from your Avamar server. You can verify that this successfully occurred by performing the following: 1. Verify that the base URL does not serve a web page. The default base URL is https://SERVER:1234. If you changed the default avw_install data port (page 98), use the correct base URL for your specific configuration. 2. Log into the utility node as root and enter the following command: rpm -e dpnavwinstall Monitor results for error messages. 3. Using a text editor, verify that /etc/sudoers has been scrubbed of the avw_install mods section and that there are no special entries for the apache user. 4. Verify that the /etc/httpd/conf.d/ssl.conf file has been scrubbed of the avw_install mods section and that there is no Listen 0.0.0.0:1234 directive present anywhere in the file. How Do I Reinstall avw_install? the following command as root: You can reinstall avw_install by entering
rpm -ivh dpnavwinstall-VERSION.i386.rpm Only do this if something went drastically wrong with the installation and you must re-run avw_install. AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL 99
avw-time APPENDIX B INSTALLATION SUPPLEMENTAL REFERENCE
avw-time
avw-time is a simplified, non-interactive version of asktime. The avw-time is an auxiliary program called by avqinstall. The avw-time program is not intended for use by end users. Synopsis avw-time [--config=PATH] [--debug] [--help] [--indicate_completion=PATH] [--nodes=NODE-LIST] [--verbose]
Options
--config=PATH Specifies the path to the configuration file (asktime.answers). Default is /usr/local/avamar/var/time-configfiles/asktime.answers. --debug --help --indicate_completion=PATH --nodes=NODE-LIST Specifies a dry run. Shows help, then exits. Creates a file at PATH to indicate completion. Specifies a list of nodes on which to configure time. Default is all. --verbose Provides maximum information.
Notes
avw-time updates the following files:
FILE DESCRIPTION
/etc/sysconfig/clock /etc/ntp.conf /etc/ntp/step-tickers /etc/localtime
Red Hat Enterprise Linux system time zone configuration file. Configuration file for the University of Delaware ntpd service. Red Hat Enterprise Linux configuration file for ntpdate. Copy of the selected zone information file for the local time zone (for example, US/Pacific).
100
avw-time APPENDIX B INSTALLATION SUPPLEMENTAL REFERENCE avw-time relies on asktime.answers, a configuration file created by avqinstall. The following table contains the attributes inserted into the asktime.answers file by avqinstall:
asktime.external_time_servers
List of IPv4 addresses for NTP time servers taken from the time_servers attribute of avqinstall. Each address is separated by whitespace. The asktime.external_time_servers attribute is not present unless asktime.have_external_time_servers is equal to yes (y).
asktime.have_external_time_servers
Boolean y (yes) or n (no) depending on whether external time servers have been specified. Name of the local time zone file for the utility node or single-node server (for example US/Pacific) found in the /usr/share/zoneinfo/ directory. This name is taken from the local_time_zone attribute of avqinstall.
asktime.zoneinfo_filename
avw-time uses the same set of auxiliary programs that asktime uses (dpn-timeconfig, mktime, timedist and timesyncmon).
101

AVE 1.2.2 Install

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

AVE 1.2.2 Install

Transféré par

Droits d'auteur :

Formats disponibles

EMC AVAMAR

VIRTUAL EDITION 1.2

SYSTEM INSTALLATION GUIDE

EMC CORPORATION COPORATE HEADQUARTERS: HOPKINTON, MA 01748-9103 1-508-435-1000 WWW.EMC.COM

Copyright and Trademark Notices

Preinstallation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Benchmark Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Avamar Virtual Edition Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Setting Up Enterprise Authentication (Optional) . . . . . . . . . . . . . . . . . . . 34

System Readiness Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Appendix A Logging into the Avamar Server . . . . . . . . . . . . . . . . . . 70

Appendix B Installation Supplemental Reference . . . . . . . . . . . . . . . 72

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

Notes, Tips and Warnings FOREWORD

Click OK. - or Select File > Close.

Type: cd /temp --logfile=FILE

Notes, Tips and Warnings

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

Appropriate Environments for AVE

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

Less than 8 GB per day

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

Appropriate Environments for AVE INTRODUCTION

Limits and Thresholds

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

Important Terms and Concepts INTRODUCTION

Important Terms and Concepts

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

Virtual Machine Requirements PREINSTALLATION REQUIREMENTS

Virtual Machine Requirements

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

Virtual Machine Requirements PREINSTALLATION REQUIREMENTS

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

Additional Requirements PREINSTALLATION REQUIREMENTS

Applications Files Licensing data Customer-supplied information

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

Preparing the Virtual Machine BENCHMARK TESTING

Preparing the Virtual Machine

ESX Server User=root

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

4. Choose YES. The following information appears in your command shell:

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

Running Benchmark Testing BENCHMARK TESTING

Installing VMware Tools

Running Benchmark Testing

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

Ending Benchmark Testing

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

Analyzing Benchmark Results BENCHMARK TESTING

Analyzing Benchmark Results

Read and Write Test Results

Seek Test Results

AVAMAR VIRTUAL EDITION 1.2 SYSTEM INSTALLATION MANUAL

60 MB/sec 60 MB/sec 30 MB/sec 30 MB/sec 320 seeks/sec 400 seeks/sec

75 MB/sec 75 MB/sec 60 MB/sec 60 MB/sec 320 seeks/sec 400 seeks/sec

Minimum acceptable benchmark results are: