Backup, Enterprise Backup Frequently Asked Questions

For IT Pros: This page answers frequently asked questions about the Enterprise Backup service, which provides campus IT pros with regularly scheduled desktop and server backups.

Getting Started

Restoring Files

Upgrading or Changing or "Oops!"

Security


I need to start backups on my machine. How do I get started?

  1. First, fill out the Enterprise Backups signup form.
  2. After you submit the signup form, we'll review the information you've submitted. Then assuming everything is OK, we'll register your machine for backups and then send you an email confirming your machine has been authorized for backups. In this email confirmation, you will also receive your initial password for backups.
  3. Use our Downloads page to find the appropriate Tivoli Storage Manager client for your platform. Follow the instructions on the download page to download, install and configure the client on your machine.
top

I've signed up for backups, but when I try to do a backup, the server tells me that I am not registered. What's up?

Some machines only pass the machine's hostname to the backup server instead of passing the machine's fully qualified host name. If this happens, our backup server will reject the request to back up such a machine.

Solution

To correct this problem, specify your machine's nodename using the nodename option. You need to specify your nodename as your machine's fully qualified hostname. To specify your nodename In UNIX, edit your dsm.sys file; in Windows, edit your dsm.opt file. (Or if using the TSM client GUI, just click Edit > Preferences).

Here's an example of a nodename specified in a text file:

nodename blargh.cites.illinois.edu

If you specify your nodename and your machine still gets rejected, it's possible that we messed up and registered your machine incorrectly. Check the email that you received after signing up. If your fully qualified hostname shown in the email is incorrect, contact us. We'll correct it.

top

I am running the command line backup for the first time, and it's asking me for a USERID. What do I use?

When you are prompted to enter a userid, just press the Enter key to bypass it. If you bypass the userid request just this once, it wont ask you for it again. Also, when the software prompts you to enter a password, enter the password included in your confirmation email, which you received after signing up.

More Information

The userid is for clientowner access -- a function that we don't implement on our backup server.

top

I want my backups to happen "automagically". How do I make it happen?

It's easy to have scheduled backups set up for your machine. Here's how:

  • If you have already signed up for backups: email cites-tsm@illinois.edu and ask us to set up scheduled backups for your machine. Make sure to include your machine's fully qualified host name and indicate the earliest time at which backups should start.
  • If you have not signed up for backups: when you do sign up, make sure to select the "TSM scheduling" option in the sign up form, and select the earliest time at which backups should start.
top

I was told some time ago that I needed to periodically refresh my backups by doing a full backup. How do I do that? And is it necessary to do full backups?

When we backup to reliable media, periodic full backups are not needed. When data goes onto a tape, you can expect your data to be there when you read the tape some time in the future.

Before upgrading to this most reliable tape solution, we had trouble reading data from tapes; therefore we requested that our customers periodically do a full backup to refresh the data we were storing. But since upgrading our hardware a few years ago, we have not had one tape read failure. Also, your data is constantly being copied from tape to tape as it is being compressed and as tapes are being reclaimed. Thank the Gods we are no longer playing with toys!

Also, note that the first time you do a backup for your machine, it is a full backup. After that, our system only backs up files on your machine that have changed. This is refered to as Progressive Incremental (Incremental Forever) Backups. Once again, since all of your files have been backed up once to reliable media, there is no reason to periodically do full backups because you would just repeatedly back up a file that has never changed. By avoiding these unnecessary full backups, we save network bandwidth (among other things) when conducting backups.

top

What is the difference between an ARCHIVE and a BACKUP?

Archives have no concept of a version. When you do an archive, it is a snapshot of a file or set of files which we archive as a batch. That batch will expire or be deleted from the server in 60 days for the standard policy (desktop policy) regardless of whether the file still exists on your machine. It is typical to assume that you would archive a file, then remove it from your system. If you archive a file every day, then each day's archived file will be deleted from the server 60 days after it was archived.

Backups, in contrast, are done on a delta basis. A file will be backed up if it has changed since the last backup, or if it is "new" (i.e., the file does not yet exist in the TSM database). Once that file is deleted from your machine, and a new backup runs, that file is marked inactive and will be deleted from the system in 30 days for the standard policy.

top

Restoring Files

I am trying to restore a file on my Windows box using the TSM client, but when I list files to restore, the file does not show up.

To find those files, try this:

  • Use the view option in your TSM client to view both active and inactive files. If the file you are trying to restore has been deleted, it is will show up in this view as inactive.
  • Look at the local file button -- you should see your file tree. If you clicked on backup sets but you didn't use the backup set option, you don't have any.
You may also want to check if you are excluding certain files or directories using the exclude options. Some people don't want to include temporary directories or the WINDOWS directory for example.

 

top

I started a restore, then it crashed or aborted in the middle. Now when I go to restore, I get a message saying that there is a 'restore in progress' and it won't let me restore my files.

The TSM server and clients have what is called a Restartable Restore, which allows you to start an aborted or stopped restore where it left off.

Solutions

All of these options are available through the GUI or the dsmc command line provided with every TSM client:

  • To resume the restore from the point you left off, use the restart restore function.
  • To see a list of what restartable restores you have, use the query restore option.
  • If you don't want this particular restore, use the cancel restore option.
top

Upgrading or Changing or "Oops!"

I am upgrading my machine to a new operating system/platform, but I want to keep my existing backups for awhile.

This is relatively simple. We will change the name of your existing node/client, and register a new node for you. The new node will have a new password that we will supply to you. We would like the old node to go away in about 30 days, but we will extend that timeframe beyond 30 days if you request it. When you back up your new machine, it will be a full backup; you can still get access to your old files by changing the nodename stanza in your dsm.sys file. You will need to know the old password though.

top

I went to backup/restore my machine, but I've forgotten my password. What can I do?

Send a note to cites-tsm@illinois.edu with the hostname of your machine and request that the password be changed. You MUST be listed as the technical contact or machine owner for us to honor your request.

top

I want to restore files backed up on one of my machines to another machine. Can I do this?

Yes, you can. There are several ways to do it, and there are some restrictions.

Method 1 (recommended)

The first method is to create an 'authorization file' with the TSM client on the node that you want to restore from. You can authorize any node to access backed up files, and set restrictions for users as well. Bring up the TSM client on the node that you want to restore from and grant authorization to the client that you want to restore to. When you do the restore, use the -fromnode option on the command line or use the GUI options.

Method 2

If you no longer have access to the node you want to restore from, you will have to be a bit more tricky about the process. You need to know the 'access password' for the node you want to restore from. If you don't know this, or if the passwordaccess generate flag was set in the options file, a Enterprise Backup administrator will have to reset the password for you. Then, you change the nodename parameter on your restore to node to be the same as the restore from node. (if you have passwordaccess generate in your options file, comment it out for now) When you contact the server, the server will think you are coming from the old node. When you are done restoring, just change everything back the way it was.

Restrictions

If you have to get a password reset for the restore from node, you will have to prove to the Enterprise Backup admin that you own the node or have system admin access to it, for security reasons.

Some client backup formats are incompatible with one another. For instance, trying to restore files to a Windows machine from a Macintosh backup will not work.

top

Security

Are the backups secure? Where are my files kept? And who has access to my files?

After your client contacts the server, files are normally transmitted to a large disk pool. As this pool fills, all files for your client are placed on 3590 cartridges inside our 3494 automated library. The library is installed in 1440 DCL which is a secured area. Removal of onsite backup tapes can only be performed by unlocking and opening the door of the library, which will cause a emergency shutdown of the robot. Any movements around the library are on camera/video 24/7, and any operational interruption causes the primary Backups administrators to be paged. Service of the robotics is done by qualified IBM Customer Engineers while under supervision. And service of the tape drive equipment is performed from the rear of the library where there is no access to the physical media.

One word of caution: you DO have the ability as the client administrator to allow other nodes/users access to your files, by setting authorizations. Be very careful with this functionality! If you lose control over the machine you granted access to, the new administrator of that machine will still have access to your files! NOTE: the Backups server admins do not have the ability to do give other clients access to your data--only you have the ability to grant access to other clients.

Some useful info

  • The full offsite tapes are removed daily by Operations Center personnel, and taken to a locked tape vault.
  • There is no way that any client administrator or operator knows what tapes your files are on, nor is the data from your client on the tapes in any particular order. Getting a random tape, and doing a dd on it would not be very enlightening or amusing for most people, unless they get kicks from such things as taping together bits of shredded paper.
  • The tape(s) your data is on CAN NOT be read by another TSM server, without a full dump/restore of OUR TSM database.
  • Only the Enterprise Backup system administrators have direct access to a 3590 tape drive to read your data, if they knew exactly where it was, on exactly which tape(s). Yes, one could take the tape(s) somewhere else to have them read, but it gets to the point where it might be easier to break into your office and steal your machine.
  • You, the client administrator, CAN give any other TSM client/user access to your client's data through the TSM client interface. Use this feature with extreme caution!
  • Enterprise Backup server admins DO NOT have access to your data. We can find out on which tapes/disks your files live, but we can't see the data. There is no data dump or viewing capability for TSM server admins.
  • Enterprise Backup server admins CAN NOT give other clients access to your data.
  • Enterprise Backup system level admins CAN change the password for your client node, but will ONLY do this if needed by the owner or technical contact of your client machine.

If you are backing up sensitive data

If you consider your data to be sensitive in any way, it may be prudent to encrypt the data before backing it up. Encrypting your data makes your data more secure in storage, and also protects your data while its from being grabber over the network during the backup process.

We can also compress your data on your client for added security. To compress your data, you must contact us with your request because compression is turned off by default (we let the drives do the compression in hardware).

Note: There is now an encryption feature included with the newer TSM clients, however, as of this writing, no one is using it, or has experience with it. If you use the encryption feature, please let us know how it works, so we can include some pointers in this FAQ!

top



Keywords:Enterprise Backup, scheduled, backups, nodename, hostname, UNIX, TSM, tape, archive, restore, sensitive data, encryption   Doc ID:48188
Owner:Bob B.Group:University of Illinois Technology Services
Created:2015-03-04 09:56 CSTUpdated:2016-12-19 15:29 CST
Sites:University of Illinois Technology Services
Feedback:  0   0