Manuals / HP / Computer Equipment / Projector

HP B6960-96035 manual Cells, Data Protector users accounts

Models: B6960-96035

1 422

Download 422 pages 49.56 Kb

Page 74

Data Protector security features

The following features allow and restrict access to Data Protector and the backed up data. The items in this list are described in detail in the following sections.

•Cells

•Data Protector user accounts

•Data Protector user groups

•Data Protector user rights

•Visibility and access to backed up data

Cells

Starting sessions

Data Protector security is based on cells. Backup and restore sessions can only be started from the Cell Manager unless you have the Data Protector Manager-of-Managers functionality. This ensures that users from other cells cannot back up and restore data from systems in your local cell.

Access from a specific Cell Manager

Additionally, Data Protector allows you to explicitly configure from which Cell Manager a client system can be accessed, that is, configuring a trusted peer.

Restrict pre- and post-execution

For security reasons, various levels of restrictions can be configured for pre-exec and post-exec scripts. These optional scripts allow a client system to be prepared for the backup by, for example, shutting down an application to obtain a consistent backup.

Data Protector users accounts

Anyone using any Data Protector functionality, administering Data Protector, or restoring personal data, must have a Data Protector user account. This restricts unauthorized access to Data Protector and backed up data.

Who defines user accounts?

An administrator creates this account specifying a user login name, systems from which a user can log in, and the Data Protector user group membership that defines the user rights.

74	Planning your backup strategy

Image 74

HP B6960-96035 manual Cells, Data Protector users accounts

Contents

HP Data Protector A.06.10 Concepts guide Page Contents Planning your backup strategy Types of incremental backups Media management and devices 133 Users and user groups 183 Service management 205 Data Protector internal database 187How Data Protector operates 219 Integration with database applications 237Synthetic backup 257 Direct backup 243Disk backup 253 This chapter 265 Overview Supported configurations 269Snapshot concepts 275 Microsoft Volume Shadow Copy service 289Backup scenarios 297 Further information 331Glossary 345 Index 403 Figures 149 Backup session information flow multiple sessions Page Page Tables Page Page Part number Guide edition Product Publication historyEdition history Publication history Documentation set About this guideIntended audience GuidesHP Data Protector disaster recovery guide HP Data Protector installation and licensing guideHP Data Protector troubleshooting guide HP Data Protector integration guidesHP Data Protector zero downtime backup integration guide HP Data Protector zero downtime backup concepts guideHP Data Protector zero downtime backup administrators guide HP Data Protector integration guide for HP ReporterHP Data Protector Media Operations users guide HP Data Protector command line interface referenceOnline Help This guide fulfills a similar function for Media OperationsGuide Documentation mapAbbreviations Map Abbreviation GuideIntegrations Integration Guide Convention Element Document conventions and symbolsDocument conventions Provides helpful hints and shortcuts Data Protector graphical user interfaceProvides additional information General information HP technical support Data Protector graphical user interfaceDocumentation feedback Subscription serviceHP websites For additional information, see the following HP websitesAbout Data Protector About backup and Data ProtectorThis chapter High Availability Support Page This section explains basic backup and restore concepts Introducing backups and restoresWhat is a backup? What is a restore? Backing up a network environmentDirect backup Data Protector architectureData Protector cell physical view and logical view Cell ManagerOperations in the cell Systems with backup devicesInstallation Server Systems to be backed upHow does it work? Backup sessionsWhat is a backup session? Restore sessions What is a restore session?Enterprise environments What is an enterprise environment?When to use an enterprise environment Splitting an environment into multiple cellsWhy split large environments into multiple cells? MoMManager-of-Managers environment Media management functionality What is a media pool?Media management Backup devices User interfaces Data Protector GUIPage Data Protector Java GUI Original Data Protector GUIData Protector Java GUI architecture Benefits of Java GUI Differences from the Original Data Protector GUIOverview of tasks to set up Data Protector Install and configure your Data Protector environment Clustering on Planning your backup strategyDisaster recovery on Restoring data onWhat is backup strategy planning? Backup strategy planningDefining the requirements of a backup strategy Page Factors influencing your backup strategy Preparing a backup strategy planPage Planning cells One cell or multiple cells?Page Creating cells in the Unix environment Installing and maintaining client systemsInstallation Servers and the Cell Manager Mapping a Data Protector cell into a Windows domain Creating cells in the Windows environmentWindows domains Windows workgroups Creating cells in a mixed environmentGeographically remote cells Considerations for geographically remote cellsInfrastructure Network versus local backupsUnderstanding and planning performance MoM environmentDevice performance Network or server versus direct backupsDevices When to use parallelism Advanced high performance configurationUsing hardware in parallel High performance hardware other than devicesHardware compression Configuring backups and restoresSoftware compression Object distribution to media Full and incremental backupsDisk image versus filesystem backups Disk fragmentation Disk image backupsDisk performance CompressionSAN performance What is security?Planning security Online database application performanceCells Data Protector users accountsData Protector user groups Data Protector user rightsHow Data Protector AES 256-bit encryption works Visibility of backed up dataData encryption Hiding data from other usersBackup session with AES 256-bit encryption How Data Protector drive-based encryption worksWho owns a backup session? What is backup ownership?Restore from encrypted backups Clustering Backup ownership and restoreWhat is a cluster? Cluster conceptsCluster network Cluster nodesShared disks What is a failover? What is a package or group?What is a virtual server? High availability of the Data Protector Cell Manager Automatic restart of backupsCluster support Load balancing at failoverExample cluster environments Cell Manager installed outside a clusterThis section gives three example cluster configurations Cell Manager installed outside a cluster Virtual server backupResult Backup behaviorCondition Virtual server backup Condition Result FC/SCSI MUX Virtual server backup Failover before a backup starts Incremental backup Full and incremental backupsComparison of full and incremental backup Synthetic backup Full backupsIncremental backups Full backup Incremental backupTypes of incremental backups Conventional incremental backupEnhanced incremental backup Incr1-9 backup never references an existing Incr backup Level that is still protected. For example, an Incr1 backupBackup saves all changes since the last Incr4 backup. An Incremental backups Relative referencing of backup runsExamples Considering restoreHow to read on TIP Media needed to restore from leveled incremental backups Data protection What is data protection?Keeping backed up data and information about the data Data Protector Internal DatabaseWhat is logging level? Browsing files for restoreWhat is catalog protection? Catalog protectionOverwriting backed up files with new data Enabling the browsing of files and quick restoreEnabling the restore of files, but not browsing Backing up data Exporting media from a cellWhat is a backup specification? Creating a backup specificationSelecting backup objects How to create a backup specificationExamples of backup options What is a media set? Backup types and scheduled backupsWhat is an object mirror? Object mirrorsBackup session Scheduling, backup configurations, and sessionsBackup configuration Optimizing backup performanceOptimizing for restore When to schedule backupsStaggering full backups Staggered approachFull backup with daily simple incremental backups ExampleFull backup with daily level 1 incremental backups Considerations for unattended backups Automated or unattended operationPage Object copy Object mirror Media copy Smart Media Copy Duplicating backed up dataData Protector data duplication methods What is object copy? Copying objectsScheduled object copying Post-backup object copyingStart of object copy session Object copy session performance Selection of devicesSelection of the media set to copy from Freeing media Why use object copy?Vaulting Freeing media Demultiplexing of mediaDisk staging Consolidating a restore chainMigration to another media type What is object mirroring? Object mirroringBenefits of object mirroring Object mirror operationBackup performance Object mirroringWhat is the result? What is media copying?How to copy media Copying mediaAutomated media copying What is automated media copying?Post-backup media copying Scheduled media copyingWhat happens after the backup? Smart media copying using VLSWhat is smart media copying? Automated smart media copyingRestoring data Restore durationFactors affecting restore duration Selection of devices Selection of restore chainSelection of the media set Media set selection algorithmWhat needs to be done Operators are allowed to restoreWhen to use this policy Disaster recovery End users are allowed to restorePage Disaster recovery methods Recovery using third-party tools for Windows Alternative disaster recovery methodsRecovery methods supported by operating system vendors 132 Planning your backup strategy Media pools on Media management and devicesMedia management on Media life cycle on Devices onMedia life cycle Typical media life cycle consists of the following stepsConcepts guide 135 Media poolsSee Calculating media condition on Media pools and dcbf directories How to use media poolsMedia pool property examples Default media pools Free poolsFree pool benefits What is a free pool?When is a free pool used? Free pool limitations Free pool propertiesMedia quality calculation Media pool usage examples Simple one device/one media pool relationConfiguration of media pools for large libraries Multiple devices, single media pool What is a media rotation policy? Implementing a media rotation policyAutomatic media rotation and media handling Media rotation and Data ProtectorMedia needed for rotation Estimating the quantity of needed mediaInitializing or formatting media Media management before backups beginWhat is initializing formatting media? Labeling Data Protector mediaLocation field How are labels used?Media management during backup sessions Selecting media for backupsMedia usage policy Adding data to media during backup sessionsMedia condition Distributing objects over mediaMultiple objects and sessions per medium, sequential writes Media condition factors Writing data to several media sets during backupCalculating media condition Vaulting Media management after backup sessionsWhat is vaulting? Implementing vaulting Vaulting usage exampleRestoring from media in a vault Using devices with Data ProtectorDevices Concepts guide 153Library management console support TapeAlertDevice lists and load balancing Device streaming and concurrency What is device streaming?How to configure device streaming How load balancing worksIncreased performance Segment sizeDisk agent concurrency Multiple data streamsBlock size Data formatDevice names Number of disk agent buffersDevice locking and lock names Preventing collision Standalone devicesPhysical device collision What are standalone devices?Small magazine devices Handling of media Configuring a libraryLarge libraries Size of a libraryBarcode support Sharing a library with other applicationsEnter / eject mail slots Advantages of barcodesSharing a library with multiple systems Cleaning tape supportWhat is library sharing? Connecting drives to multiple systems Control protocols and Data Protector Media AgentsDrive control protocol Drive controlRequired Data Protector Media Agent for drive control Ndmp ScsiADIC/GRAU Exemplary configurationsRequired Data Protector Media Agent for robotic control Scsi Ndmp ACS168 Media management and devices Sharing a Scsi library robotics attached to an Ndmp Server Data Protector and Storage Area Networks Sharing an ADIC/GRAU or StorageTek ACS libraryStorage Area Networks Fibre Channel Storage Area NetworkPoint-to-point topology Loop topologySwitched topology Loop initialization protocolConcepts guide 175 Configuring multiple paths to physical devicesDevice sharing in SAN Why use multiple paths Path selectionDevice locking with multiple applications Device lockingBackward compatibility Device locking within Data ProtectorIndirect and Direct Library Access Indirect Library AccessDirect Library Access Indirect Library AccessDevice sharing in clusters Static drivesFloating drives Concepts guide 181182 Media management and devices Increased security for Data Protector users Access to backed up dataUsers and user groups Visibility of backed up dataPredefined user groups Default administratorsUsers and user groups User group Access rights Using predefined user groupsFollowing default groups are provided by Data Protector Data Protector predefined user groups186 Users and user groups Data Protector internal database About the IDBIDB location IDB on the Windows Cell ManagerIDB size and growth consideration IDB formatIDB in the Manager-of-Managers environment IDB architectureIDB on the Unix Cell Manager Mmdb records Media Management Database MmdbUnderlying technology Mmdb location Catalog Database CDBMmdb size and growth CDB recordsCDB location Detail Catalog Binary Files DcbfSize and growth for CDB objects and positions Dcbf informationSmbf records Session Messages Binary Files SmbfDcbf location Smbf size and growthServerless Integrations Binary Files Sibf During backupIDB operation Exporting media During restoreDuring object copying or object consolidation Removing the detail catalog IDB configurationOverview of IDB management Filenames purgeIDB growth and performance IDB maintenanceIDB recovery Key IDB growth and performance factorsIDB growth and performance key tunable parameters Logging level as an IDB key tunable parameter Concepts guide 199Impact on performance Logging level and browsing for restoreLogging level and restore speed Recommended usage of logging level and catalog protection Catalog protection and restoreCatalog protection as an IDB key tunable parameter Expired catalog protectionSpecifics for small cells Use different logging levels in the same cellDifferent logging levels for object copies On the Windows Cell Manager IDB size estimationSpecifics for large cells 204 It is organized as follows Overview on Service managementOverview Data Protector and service management Concepts guide 207 Native Data Protector functionalityKey functions What Is ARM? Application Response Measurement version 2.0 ARM 2.0 APIARM functionality Monitor Integration with HP Operations Manager softwareSnmp traps Functionality of the Data Protector OM integrationReporting and notification Event logging and notification Reporting and notification examplesData Protector log files Windows application logJava-based online reporting Central management, distributed environment Data Protector checking and maintenance mechanismUsing the data provided by Data Protector What can I do with the data?Data Protector OM-R integration Service management integrationsBackup Session Reports Concepts guide 215 Data Protector Reporter example Operational error status report Data Protector OM SIPDirect SIP integration example Systems, the system inet daemon Inetd starts the Data Data Protector processes or servicesHow Data Protector operates Protector Inet processMMD Backup sessionsCRS RDSScheduled backup session Scheduled and interactive backup sessionsBackup session data flow and processes Interactive backup sessionBackup session information flow How many sessions can run concurrently?Pre-exec and post-exec commands On page 223 shows multiple sessions running concurrentlyQueuing of backup sessions Mount requests in backup sessionsRestore sessions Backing up with disk discoveryRestore session data flow and processes What happens in a restore session?Queuing of restore sessions How many restore sessions can run concurrently?What is a parallel restore? Mount requests in a restore sessionParallel restores How does it compare to a standard restore?Fast multiple single file restore Object copy sessionsAutomated and interactive object copy sessions Object copy session data flow and processesHow many sessions can run concurrently? Queuing of object copy sessions Mount requests in an object copy sessionObject consolidation session data flow and processes Object consolidation sessionsAutomated and interactive object consolidation sessions Queuing of object consolidation sessions Media management session data flow Media management sessionsMount requests in an object consolidation session How many sessions can run? Integration with database applications Overview of database operationRelational database Filesystem backup of databases and applications Online backup of databases and applicationsData Protector integration with databases Concepts guide 241 242 Direct backup Requirements and support on Supported configurations onConfigurations on Backup types How direct backup worksDirect backup benefits Direct backup architecture EnvironmentAbout resolve About XCopyXCopy + Resolve Direct backup process flowBackup stages for data files Requirements and support RestoreThere are two restore options when using direct backup Supported configurations Three hosts CM, application, ResolveConcepts guide 251 Basic configuration single hostTwo Hosts Cell Manager/Resolve Agent and application 252 Disk backup Disk backup benefits on Data Protector disk-based devices onDisk backup benefits File jukebox device Data Protector disk-based devicesStandalone file device File library deviceData format Recommended disk-backup deviceConfiguration Backing up to a disk deviceSynthetic backup Concepts guide 257Synthetic backup brings the following benefits Synthetic backup benefitsHow Data Protector synthetic backup works Synthetic backup Restore and synthetic backup Synthetic backup and media space consumptionFull and incremental backups Regular synthetic backup Page 264 Split mirror concepts Split mirror backup concept Instant recovery ZDB to disk Backup clients and clustersZDB to tape and ZDB to disk+tape Replica set rotationLocal mirror dual host Concepts guide 269Local mirror single host Remote mirrorSplit mirror remote mirror LAN-free remote backup data HA Concepts guide 271Local/remote mirror combination Other configurations 274 Split mirror concepts Snapshot concepts Storage virtualizationSnapshot concepts RAIDSnapshot backup Snapshot backup types Types of snapshots Instant recoveryReplica set and replica set rotation Snapshots with the preallocation of disk spaceSnapshots without the preallocation of disk space SnapclonesBasic configuration single disk array dual host Other supported configurations Multiple disk arrays dual hostMultiple application hosts single backup host Disk arrays single host LVM mirroring HP StorageWorks Virtual Array only 286 Page 288 Microsoft Volume Shadow Copy service What is a shadow copy provider? What is a shadow copy?What is a writer? Data Protector and VSS Actors of the traditional backup model VSS benefits Data Protector Volume Shadow Copy integrationBenefits of using VSS VSS backup VSS restoreVSS filesystem backup and restore Backup and restore Considerations Backup scenariosThis appendix 298 Hardware and software environment of XYZ Company XYZEnvironment Current XYZ backup topology Problems with the current solution Backup strategy requirements RequirementsProposed environment Proposed solutionSolution overview Department Current Data Projected Data Devices 5 YearsProposed solution in detail Proposed XYZ backup topology Estimating the size of the IDBInput parameters Page Staggering approach Time Remote full backups to the HP DLT 4115 libraryDepartment Current Data/Backup Time ENG1BSAdmbs ENG2BSOthbs DbbsRestore options 312 Backup scenarios #UX Size of backup environmentCompany ABC Current ABC Cape Town backup topology Type of data Maximum downtime Problems with current solutionMaximum acceptable downtime for recovery Concepts guide 315Amount of data to be backed up How long data should be keptType of data Max data storage time LocationAmount of data to be backed up in five years ABC enterprise environment ABC cell configuration Why configure into seven cells?Why use the CMMDB? #UNIXWhy choose the Windows system? ABC Cape Town enterprise backup environment 322 Why use the HP StorageWorks DLT 4228w Library? How long does a full backup last? Why use the HP StorageWorks DLT 4115w Library?Why use the HP StorageWorks DAT24 Autoloader? Concepts guide 325 ABC’s Media Pool UsageMedia pool name Location Description Why use differential incr1 backups? Staggering Approach for ABC Cape TownSERVERSA...G ABC’s backup specification configurationName Cell Description Backup day Time USERSD...GBackup options Page 330 Further information Backup generationsWhat is a backup generation? Backup generations Examples of automated media copyingConfiguring backups Example 1 automated media copying of filesystem backupsIncr1 backup Configuring automated media copying Full backup Concepts guide 335336 Full backup and automated media copying Example 2 automated media copying of Oracle database backups Full database backup and automated media copying Internationalization LocalizationFile name handling BackgroundBrowsing file names File name handling during backupFile name handling during restore Unix incompatibility examplePage 344 AML GlossaryAcsls See library See also online redo logLotus Domino Server specific term Lotus Domino Server Backint See restore chainSee also Virtual Library System VLS and virtual tape See also backup specification, incremental backup, and full BackupBackups/templates. Default view Backup typesBackup view By Group according to the group to which backupManual and disaster and recovery Or development. When used for backup purposes, the originalOr BCV devices, are dedicated SLDs that are pre-configured SAP R/3 specific term An SAP R/3 backup tool that allowsNon-database files saved with Brbackup Restore files of the following typeSaved with Brbackup You can specify files, tablespaces, complete backups, logSee also Mmdb CAPCDB See also MoMSee also backup to IAP Microsoft Exchange Server and Lotus Domino Server specificReplication See also Exchange Replication Service and local continuousMicrosoft Exchange Server specific term Cluster continuous Informix Server specific term a Windows CMD script that isVLS HP StorageWorks EVA specific term The user interface thatCV EVA Oracle and SAP R/3 specific term An Oracle data file thatHP StorageWorks EVA specific term a logical grouping CSMOracle and SAP R/3 specific term a physical file created by Informix Server specific term An Informix Server physical See also backup typesSee also copy set DcbfSee also XCopy engine See also incremental backupMicrosoft SQL Server specific term a database backup that Veritas Volume Manager specific term The basic unit of data DR OS See also virtual full backupDMZ EMC Symmetrix Specific term See client backup with disk discoverySee Symmetrix Agent Syma See also importing media Microsoft Exchange Server specific term The MicrosoftSee also library See also CA+BC EVABi-directional transmission of large data files and can be Backup mediaVolume and each of these copies can have additional two Allows any server to perform replication activityFull backup Flash recoveryRun out of media. The media pools must be configured to use Backup Full ZDBGUI HSMEVA provider LdevReplica SMI-S EVAEMC Symmetrix specific term EMCs Symmetrix Integrated Microsoft Exchange Server specific term a backupIcda IDBPair. However, the standard devices are updated with Incremental restoreBCV control operations, an incremental restore reassigns a Devices are updated with only the data that was written toZDB to disk+tape See also replica, zero downtime backup ZDB, ZDB to diskSee formatting KMS See also Information Store and Site Replication ServiceIsql LBOLISTENER.ORA Microsoft Exchange Server specific term Local continuousService LVM Oracle and SAP R/3 specific term The format of the loginMicrosoft SQL Server specific term The name a user uses to See Wake OnlanCA HP StorageWorks Disk Array XP specific term, and HP Microsoft Exchange Server specific term a partMCU See MoMMedia allocation During a restore session, a Media Agent locates data onRobotics control of a library Or off-site storageStorageWorks Disk Array XP specific Term See also overwriteSymmetrix and HP StorageWorks Disk Array XP specific Term MSM MmdbSee also CMMDB, CDB HP StorageWorks Disk Array XP specific term Mirror UnitSee backup object See archived redo log See also zero downtime backup ZDB and online backupOnconfig Informix Server specific term An environment variable thatOraclesid See also zero downtime backup ZDB, and offline backupSee also archived redo log See also merging See also pre-exec Microsoft Exchange Server specific term The part See also post-execHP StorageWorks Disk Array XP specific term Standard HP HP StorageWorks Disk Array XP specific term The RAIDRDF1/RDF2 RCURdbms EMC Symmetrix specific term a type of Srdf device groupRman HP StorageWorks Disk Array XP specific term The RemoteRSM HP StorageWorks Disk Array XP VSS provider specific termRman Oracle Session See backup session,media management session, and restoreHP StorageWorks Disk Array XP specific term secondary Sibf Microsoft VSS specific term a volume that represents aMicrosoft VSS specific term a collection of shadow copies HP StorageWorks VA and HP StorageWorks EVA Specific term SMBSmbf See also snapshot HP StorageWorks Disk Array XP Specific termEMC Symmetrix specific term The EMC Symmetrix Remote See also ZDB to tape, ZDB to disk+tape, and replicaSrdf Syma See failoverEMC Symmetrix specific term The Data Protector software Putting stress on the production servers or the network. a Any number of incremental backupsCheckpoints and the quorum resource recovery log, which Synthetic fullZDB specific term Disaster recovery specific term a system after a computerSee ZDB to disk See also source R1 deviceTNSNAMES.ORA Oracle and SAP R/3 specific term a network configurationSee also Microsoft Volume Shadow Copy Service VSS Data Protector specific term Keep track of IDB changes.See lights-out operation Microsoft SQL Server specific term This is a SQL Server See also Command View CV EVASee also source volume and target volume VSS Adic and STK specific term a VOLume SERial number is aSee Microsoft Volume Shadow Copy Service Replica, secondary volume S-VOL, and replica set rotation ConfigurationInformix Server specific term ON-Bar and Data Protector ZDBRecovery, ZDB to disk+tape, and replica Arrays, split mirror restore can also be usedSee also zero downtime backup ZDB, ZDB to disk, instant Recovery402Glossary Index 404 Page Concepts Snapshot backup, 276 split mirror backup Hardware, 68, 70 softwareCRS 408 Supported configurations Selecting for restoreDirect Backup 324410 Failover, 81, 82 FC-AL 412 Size See IDB Internationalization, 340 IT managementSee also libraries 414 Media condition, 150 calculating, 150 fair Media pools, 135, 309, 325 default, 136 propertiesLoose, 147 strict Good416 RDS Data, 194 location Restores, 125SAN Backup, 43 Sharing libraries, 47, 162, 163, 164 Sibf dataSnmp RAIDHP, 33 technical support 422