Table of Contents

System Requirements
Software Requirements
Security Requirements
- Sudo User Settings
- Listing the Commands
Disk Space Requirements
Remote Monitoring Requirements
- Java Runtime Environment
- SSH/WMI Connection

Getting Started

Requirements

Table of Contents

System Requirements
Software Requirements
Security Requirements
- Sudo User Settings
- Listing the Commands
Disk Space Requirements
Remote Monitoring Requirements
- Java Runtime Environment
- SSH/WMI Connection

System Requirements

HP Data Protector KM for PATROL supports the following operating systems:

Operating System	Version
HP-UX	11 and higher
Linux	All distributions
Oracle Solaris	8 and higher
Windows	2008 and higher

Software Requirements

HP Data Protector KM for PATROL supports:

Software	Version
HP Data Protector	4 and higher
BMC PATROL Agent	Any version
BMC PATROL Console	Any version
BMC ProactiveNet Performance Management	9.5 and higher
BMC TrueSight Operations Management	10 and higher
BMC Helix Operations Management	20 and higher
Java	1.8 and higher

When running the KM on…	Fix
Linux managed nodes	Korn shell binary (`/bin/ksh`). Alternatively a soft link from `/bin/ksh` to `/bin/bash` will be needed.
BMC PATROL Agent 11.0.00 on Windows	BMC patch 11.0.00.01: Patch 1 for BMC PATROL Agent 11.0.00 must be installed.

For the Access Control List (ACL)

The KM stores all configuration information in the PATROL Agent configuration database (pconfig), under the /HPO/<node-id> and /Runtime/HPO/<node-id> paths. PATROL Agent user (default: patrol) should be able to read and write to these pconfig variables any time. If Access Control List (ACL) is used to control which users are authorized to connect to a PATROL Agent, please make sure that the mode for PATROL Agent user includes “C” in the PATROL Agent variable /AgentSetup/accessControlList. Please refer to the PATROL Agent Reference Manual for more details.

To support bash shell platforms when ksh is not installed

To collect Data Protector stats when ksh was not installed on UNIX/Linux servers, you need to create a soft link for /bin/ksh to /bin/bash:

ln -s /bin/bash /bin/ksh

Security Requirements

A user account with administrative privileges must be configured in BMC PATROL or BMC TrueSight Operations Management to read and execute HP Data Protector application programs and access file systems. Depending on the operating systems used, several options will be available.

The following user accounts can be used:

On UNIX/Linux platforms:
- a root user
- a non-root user, such as patrol, that has Sudo privileges on Data Protector to execute application programs and access file systems
- a non-root account, such as patrol, configured in Data Protector application to administer the Data Protector application.
On Windows platforms:
- an administrator user
- a non-administrator account, such as patrol, configured in Data Protector application to administer the Data Protector application. Refer to the Data Protector System Administrator’s Guide for details on how to set up this type of account.

The user login details are configured in the KM. The password is encrypted and stored in the PATROL Agent.

This user needs read & execute permission to executable and library files under the paths listed below. The HP Data Protector installation path INSTALL_PATH, referenced in the tables below is usually:

/opt/omni (on UNIX/Linux)
C:\Program Files\OmniBack (on Microsoft Windows)

Here are the executable and library paths accessed by the KM User:

UNIX/Linux	Microsoft Windows
`INSTALL_PATH/bin`	`INSTALL_PATH\bin`
`INSTALL_PATH/sbin`
`INSTALL_PATH/lbin`
`INSTALL_PATH/lib`	`INSTALL_PATH\lib`

If the KM is enabled to failover in a clustered environment, the login user needs execute permissions to the following cluster commands:

/opt/VRTSvcs/bin/hagrp (in Veritas Cluster Server)
vxdctl (in Veritas Cluster File System)
/usr/cluster/bin/clrg (in Oracle Solaris Cluster)
cluster (in Microsoft Cluster)

The HP Data Protector KM includes some scripts which should be executable by the PATROL Agent user and the HP Data Protector KM user. These scripts are stored under KM_HOME path, normally <PATROL_HOME>/lib/HPO.

The HP Data Protector data path DATA_PATH, referenced in the tables below is usually:

/var/opt/omni (on UNIX/Linux)
C:\ProgramData\OmniBack (on Microsoft Windows)

Here are the paths accessed by the PATROL Agent User when monitored locally and KM User when monitored remotely:

UNIX/Linux	Microsoft Windows
`DATA_PATH/server/db80`	`DATA_PATH\server\db80`
`DATA_PATH/log`	`DATA_PATH\log`
`DATA_PATH/server/log`	`DATA_PATH\log\server`

On Windows platforms the HP Data Protector installation is identified by checking the Microsoft Windows Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\OpenView\OmniBackII\

The configured login user should have sufficient privileges to run regedit command on the managed node.

Sudo User Settings

If a non-root user with sudo privileges is preferred as the KM user, configure the account as a sudoer through the visudo utility using the entry below. The KM accepts any non-root user with the following or equivalent sudo configuration in the sudoers file.

User_Alias HPOKMUSERS = <hpo-km-user>
Defaults:HPOKMUSERS !lecture,!authenticate,!requiretty,env_keep+="PATH INSTALL_PATH KM_HOME KM_TEMP",env_reset
HPOKMUSERS ALL=/bin/cat,/usr/bin/du,/opt/omni/bin/*,/opt/omni/sbin/*

<hpo-km-user> must be replaced with username used by the KM.

If there is a secure_path defined in the sudoers file, all binary paths listed in the sudoers file above should be listed:

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/opt/omni/bin:/opt/omni/sbin

This KM user should be able to execute required Data Protector and Operating System commands on the command line with just the sudo prefix to the command, without any sudo authentication. For example, the following commands show how to test the sudo settings:

[patrol@rt-netbck-vtl ~]$ export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/opt/omni/bin:/opt/omni/sbin
[patrol@rt-netbck-vtl ~]$ sudo omnirpt -report list_sessions -timeframe 48 48 -tab
# Session Type	Specification	Status	Mode	Start Time	Start Time_t	End Time	End Time_t	Queuing	Duration	GB Written	# Media	# Errors	# Warnings	# Pending DA	# Running DA	# Failed DA	# Completed DA	# Objects	# Files	Success	Session Owner	Session ID
Backup	Spec 1	Failed	incr1	8/31/2022 12:00:32 PM	1661940032	8/31/2022 12:01:15 PM	1661940075	0:00	0:00	0.00	1	4	1	0	0	1	0	1	0	0%	RT-SPECTRUM-WIN\ADMINISTRATOR@rt-spectrum-win.internal.sentrysoftware.net	2022/08/31-3

Here the KM user patrol is able to run the Data Protector command omnirpt using sudo without a password prompt and keep the user's PATH settings inside the sudo.

This PSL code can be used to list all commands used by HP Data Protector KM once the KM is installed. The commands that require sudo privileges are listed separately, if you prefer to restrict the sudoers entry to only those commands.

Warning! This non-root sudo user configured in the KM will be able to execute HP Data Protector commands. To prevent unauthorized access, ensure this user is only used within the KM and not made public for general use.

Warning! Entering the non-root sudo user with ‘Use Sudo’ option selected into the login configuration dialog, before updating the sudoers file, will generate sudo errors. Also if the sudo user is configured differently, the KM may run sudo commands using incorrect sudo settings, which may expose the sudo user password.

Listing the Commands

To list all OS and Data Protector commands used by the HP Data Protector KM, execute the following PSL code from the PATROL Console, using PSL Task menu, after installing and loading the KM.

foreach var (grep("^/Runtime/HPO/.*CommandControls/",pconfig("LIST")))
{
	ctl=get(var);
	opt=ntharg(grep("Option",ctl),"2-"," =");
	nsa=ntharg(grep("NoSudoAttempt",ctl),"2-"," =");
	sua=ntharg(grep("SingleUserAttempt",ctl),"2-"," =");
	typ=ntharg(grep("CommandType",ctl),"2-"," =");
	cmd=nthargf(grep("CommandText",ctl),"2-","=","=");
	if(osp=="") { osp=trim(nthargf(grep("OSPlatform",ctl),"2-","=","="), " "); }
	fields=lines(ntharg(var,"1-","/"));
	old_host=host;
	host=(fields == 5)? ntharg(var,"3","/") : "localhost";
	if(host!=old_host)
	{
		if((osp!="WINDOWS") && sudoers) { printf("\n\nCommands used with sudo:\n%s",sort(sudoers)); }
		printf("\n\nOn %s:\n\n", host);
		i=0; sudoers=""; osp="";
	}
	if((typ == "")||(typ == "OS"))
	{
		met="";
		if(opt == "NoLogin") { met = "(run as patrol user)"; }
		elsif(nsa == "YES") { met = "(run as configured user without sudo)"; }
		elsif(sua == "YES") { met = "(run as supplied user - used in menu)"; }
		else
		{
			scmd=cmd;
			s=index(scmd,"%sudo");
			if(s) { scmd=replace(substr(scmd,s,length(scmd)),"%sudo",""); }
			sudoers=union(sudoers,ntharg(ntharg(scmd,1,">|"),"1-"," "," "));
		}
		printf("(%2d) %-30s %-40s: %s\n",i++,ntharg(var,fields,"/"),met,cmd);
	}
}
if((osp!="WINDOWS") && sudoers) { printf("\n\nCommands used with sudo:\n%s",sort(sudoers)); }

Disk Space Requirements

HP Data Protector KM requires approximately:

2.5 MBytes of available disk space on each monitored PATROL Agent system
3.5 MBytes of available disk space on each PATROL Console system
600 KBytes of available disk space on each PATROL Central Console Server system
1.4 MBytes of available disk space on each PATROL Central Web Server system

It is installed under the PATROL installation path.

When monitoring a standard installation of HP Data Protector, the PATROL Agent will generate approximately 250 KBytes of history data per day. An enterprise installation of HP Data Protector on a master server with multiple media servers, clients, libraries, and standalone devices will generate more history data (as per other KMs used by the PATROL Agent). These history data files are recycled by PATROL depending on the PATROL Agent history retention period.

During execution, the KM creates and maintains temporary files under KM_TEMP(default: <PATROL_HOME>/lib/HPO/tmp) and KM_DEBUG (default: <PATROL_HOME>/log) paths, where <PATROL_HOME> path is usually /opt/bmc/Patrol3/ (on UNIX/Linux) or C:\Program Files\BMC Software\Patrol3\ (on Microsoft Windows). Please make sure you have sufficient space under these paths. These folders should have read, write and execute permissions for the PATROL Agent user.

Remote Monitoring Requirements

Remote monitoring is required for all servers or appliances on which no PATROL Agent can be installed. This feature is also interesting if you lack resources or time to deploy a PATROL Agent and HP Data Protector KM on several servers since it allows to monitor multiple hosts from one agent.

Remote monitoring is not possible from a UNIX/Linux PATROL Agent system to a Windows-based Data Protector server.

Please refer to the sections below to find out the remote monitoring requirements:

Java Runtime Environment
SSH/WMI Connection

Java Runtime Environment

HP Data Protector KM requires Java 1.8 or higher and a Java Runtime Environment (JRE) to be installed on the same system that runs the PATROL Agent.

The KM will automatically detect the JRE path if it has been installed in the default location or under the BMC PATROL Agent installation path. If it has been installed in a different location, you will have to set JAVA_HOME for the PATROL Agent default account before starting the PATROL Agent.

You can download the Java Runtime Environment along with the KM on Sentry Software Web site.

SSH/WMI Connection

An SSH (UNIX/Linux platforms) or a WMI (Windows platforms) connection is required to monitor remote Data Protector servers and appliances. When using an SSH connection, the SSH host key authentication, which is enabled by default on most Data Protector servers and appliances, must be disabled on the remote host.

To disable the SSH host key authentication:

Open the global SSH configuration file (ssh_config) stored in the /etc/ssh/ directory on the remote host
Add the line StrictHostKeyChecking no
Save the file.

Search Results for {{siteSearch | truncate:'50'}}

No results.