Table of Contents

Requirements

System Requirements

IBM Spectrum Protect KM for PATROL supports the following operating systems:

Operating System Version
AIX 5.1 and higher
HP-UX 11 and higher
Linux All distributions
Oracle Solaris 8 and higher
Windows 2008 and higher

Software Requirements

IBM Spectrum Protect KM for PATROL supports:

Software Version
IBM Spectrum Protect (Tivoli Storage Manager) 5.1 and higher
IBM Spectrum Protect Administrative Client (Tivoli Storage Manager Backup-Archive Client) 5.1 and higher
BMC PATROL Agent Any version
BMC PATROL Console Any version
BMC ProactiveNet Performance Management 9.5 and higher
BMC TrueSight Operations Management 10 and higher
BMC Helix Operations Management 20 and higher
Java 1.8 and higher
When running the KM on… Fix
Linux managed nodes Korn shell binary (/bin/ksh).
Alternatively a soft link from /bin/ksh to /bin/bash will be needed.
BMC PATROL Agent 11.0.00 on Windows BMC patch 11.0.00.01: Patch 1 for BMC PATROL Agent 11.0.00 must be installed.

For the Access Control List (ACL)

The KM stores all configuration information in the PATROL Agent configuration database (pconfig), under the /TSM/<node-id> and /Runtime/TSM/<node-id> paths. PATROL Agent user (default: patrol) should be able to read and write to these pconfig variables any time. If Access Control List (ACL) is used to control which users are authorized to connect to a PATROL Agent, please make sure that the mode for PATROL Agent user includes “C” in the PATROL Agent variable /AgentSetup/accessControlList. Please refer to the PATROL Agent Reference Manual for more details.

To support bash shell platforms when ksh is not installed

To collect Spectrum Protect stats when ksh was not installed on UNIX/Linux servers, you need to create a soft link for /bin/ksh to /bin/bash:

ln -s /bin/bash /bin/ksh

Security Requirements

A user account with administrative privileges must be configured in BMC PATROL or BMC TrueSight Operations Management to read and execute IBM Spectrum Protect application programs and access file systems. Depending on the operating systems used, several options will be available.

The following user accounts can be used:

  • On UNIX/Linux platforms:

    • a root user
    • a non-root user, such as patrol, that has Sudo privileges on Spectrum Protect to execute application programs and access file systems
    • a non-root account, such as patrol, configured in Spectrum Protect application to administer the Spectrum Protect application.

  • On Windows platforms:

    • an administrator user
    • a non-administrator account, such as patrol, configured in Spectrum Protect application to administer the Spectrum Protect application. Refer to the Spectrum Protect System Administrator’s Guide for details on how to set up this type of account.

The user login details are configured in the KM. The password is encrypted and stored in the PATROL Agent.

This user needs read & execute permission to executable and library files under the paths listed below. The IBM Spectrum Protect installation path INSTALL_PATH, referenced in the tables below is usually:

  • /usr/tivoli/tsm or /opt/tivoli/tsm (on UNIX/Linux)
  • C:\Program Files\Tivoli\TSM (on Microsoft Windows)

If the KM is enabled to failover in a clustered environment, the login user needs execute permissions to the following cluster commands:

  • /opt/VRTSvcs/bin/hagrp (in Veritas Cluster Server)
  • vxdctl (in Veritas Cluster File System)
  • /usr/cluster/bin/clrg (in Oracle Solaris Cluster)
  • cluster (in Microsoft Cluster)

The IBM Spectrum Protect KM includes some scripts which should be executable by the PATROL Agent user and the IBM Spectrum Protect KM user. These scripts are stored under KM_HOME path, normally <PATROL_HOME>/lib/TSM.

Here are the paths and files accessed by the PATROL Agent User:

UNIX/Linux Microsoft Windows
DSM_DIR (INSTALL_PATH/client/ba/bin or bin64) DSM_DIR (INSTALL_PATH\baclient)
DSM_LOG (KM_TEMP) DSM_LOG (KM_TEMP)
DSM_DIR/dsmadmc DSM_DIR\dsmadmc.exe
DSM_CONFIG (DSM_DIR/dsm.opt) DSM_CONFIG (DSM_DIR/dsm.opt)
/var/adm/messages (on Solaris)
/var/adm/syslog/syslog.log (on HP-UX)
/var/log/messages (on AIX and Linux)

On Windows platforms the IBM Spectrum Protect installation is identified by checking the Microsoft Windows Registry: HKEY_LOCAL_MACHINE\SOFTWARE\IBM\ADSM\

The configured login user should have sufficient privileges to run regedit command on the managed node.

Sudo User Settings

If a non-root user with sudo privileges is preferred as the KM user, configure the account as a sudoer through the visudo utility using the entry below. The KM accepts any non-root user with the following or equivalent sudo configuration in the sudoers file.

User_Alias TSMKMUSERS = <tsm-km-user>
Defaults:TSMKMUSERS !lecture,!authenticate,!requiretty,env_keep+="PATH INSTALL_PATH KM_HOME KM_TEMP",env_reset
TSMKMUSERS ALL=/bin/cat,/usr/bin/du

<tsm-km-user> must be replaced with username used by the KM.

This KM user should be able to execute required Operating System commands on the command line with just the sudo prefix to the command, without any sudo authentication. The KM uses the Spectrum Protect Admin-Client API (dsmadmc) for most of the monitoring. Therefore, the OS user may not require the sudo priviledges above, if the user has full access to the paths above and permissions to SSH to the server for remotely monitored servers.

Admin Interface User Access

IBM Spectrum Protect KM for PATROL requires that an administrator account (standard administrator with no other privileges) be added to the IBM Spectrum Protect server for use by PATROL and the IBM Spectrum Protect KM.

This account is used to query the configuration details and resource utilization of the server through the Spectrum Protect Administrative Client interface. No changes are made by this user on the Spectrum Protect server - the IBM Spectrum Protect KM operates in “read-only” mode.

The suggested name for this DSMADMC user account is patrol and it can be created as part of the configuration procedure described in Configuring the KM user account. Alternatively, the user account can be set up directly in Spectrum Protect server, and the details simply entered during KM configuration in the same way that the OS login details are entered. The password is stored in the PATROL Agent in an encrypted format.

DSMADMC command binary is executed using an OS user account matching the DSMADMC login. If this account does not exist, the PATROL Agent user account will be used. Therefore it is recommended to create an operating system user account matching the DSMADMC username with the same password to avoid invalid user login attempts and to improve the performance. This user should be able to access required paths and binaries of DSMADMC. This includes an execute permission to the DSM_CONFIG path and the dsmadmc (or dsmadmc.exe) file and a write permission to the DSM_LOG path and dsmerror.log file.

To list all DSMADMC commands used by the IBM Spectrum Protect KM, execute the following PSL code from the PATROL Console, using the PSL Task menu, after installing and loading the KM.

i=0;
foreach var (grep("^/Runtime/TSM/.*CommandControls/",pconfig("LIST")))
{
  ctl=pconfig("GET", var);
  typ=ntharg(grep("CommandType",ctl),"2-"," =");
  if(typ != "DSMADMC") { next; }

  fields=lines(ntharg(var,"1-","/"));
  old_host=host;
  host=(fields == 5)? ntharg(var,"3","/") : "localhost";
  if(host!=old_host)
  {
    printf("\n\nOn %s:\n\n", host);
    i=0;
  }

  cmd=nthargf(grep("CommandText",ctl),"2-","=","=");
  printf("(%2d) %-25s: %s\n",i++,ntharg(var,fields,"/"),cmd);
}

Disk Space Requirements

IBM Spectrum Protect KM requires approximately:

  • 2.5 MBytes of available disk space on each monitored PATROL Agent system
  • 3.5 MBytes of available disk space on each PATROL Console system
  • 600 KBytes of available disk space on each PATROL Central Console Server system
  • 1.4 MBytes of available disk space on each PATROL Central Web Server system

It is installed under the PATROL installation path.

When monitoring a standard installation of IBM Spectrum Protect, the PATROL Agent will generate approximately 500 KBytes of history data per day. An enterprise installation of IBM Spectrum Protect on a server with multiple storage agents, clients, automated libraries, and manual drives will generate more history data (as per other KMs used by the PATROL Agent). These history data files are recycled by PATROL depending on the PATROL Agent history retention period.

During execution, the KM creates and maintains temporary files under KM_TEMP(default: <PATROL_HOME>/lib/TSM/tmp) and KM_DEBUG (default: <PATROL_HOME>/log) paths, where <PATROL_HOME> path is usually /opt/bmc/Patrol3/ (on UNIX/Linux) or C:\Program Files\BMC Software\Patrol3\ (on Microsoft Windows). Please make sure you have sufficient space under these paths. These folders should have read, write and execute permissions for the PATROL Agent user.

Remote Monitoring Requirements

IBM Spectrum Protect KM supports the monitoring of multiple IBM Spectrum Protect Server and Storage Agent instances locally and remotely without the need to run multiple PATROL Agents. The KM can be installed on any PATROL Agent node to monitor Spectrum Protect servers remotely. Therefore, the Spectrum Protect Administrative Client software needs to be installed on the PATROL Agent node. Follow the Administrative Client installation procedure to install and configure the API before installing the KM.

Upon the initial discovery, IBM Spectrum Protect KM will discover the Spectrum Protect Administrative Client installation on the PATROL Agent node and search for the Admin Client binary file path (dsmadmc) under the default installation paths. If the file is not detected, a message will be displayed in the SOW (System Output Window) and in the TSM_&lt;port&gt;.log file. This path is shared between all Spectrum Protect server instances monitored from the PATROL Agent node. It is possible to manually configure the path, if the Spectrum Protect Administrative Client is installed under a custom path, using the KM Command IBM Spectrum Protect > KM Commands > Configuration > Spectrum Protect Admin Client Path.

In order to remotely access a Spectrum Protect server, you need to configure a specific OS login account by setting the Login Configuration options: Right-click a server instance TSM Setup: <node-id> > KM Cmd > Configuration > Login.

Remote monitoring is required for all servers on which no PATROL Agent can be installed. This feature is also interesting if you lack resources or time to deploy a PATROL Agent and IBM Spectrum Protect KM on several servers since it allows to monitor multiple hosts from one agent.

Remote monitoring is not possible from a UNIX/Linux PATROL Agent system to a Windows-based Spectrum Protect server.

Please refer to the sections below to find out the remote monitoring requirements:

Java Runtime Environment

IBM Spectrum Protect KM requires Java 1.8 or higher and a Java Runtime Environment (JRE) to be installed on the same system that runs the PATROL Agent.

The KM will automatically detect the JRE path if it has been installed in the default location or under the BMC PATROL Agent installation path. If it has been installed in a different location, you will have to set JAVA_HOME for the PATROL Agent default account before starting the PATROL Agent.

You can download the Java Runtime Environment along with the KM on Sentry Software Web site.

SSH/WMI Connection

An SSH (UNIX/Linux platforms) or a WMI (Windows platforms) connection is required to monitor remote Spectrum Protect servers. When using an SSH connection, the SSH host key authentication, which is enabled by default on most Spectrum Protect servers, must be disabled on the remote host.

To disable the SSH host key authentication:

  1. Open the global SSH configuration file (ssh_config) stored in the /etc/ssh/ directory on the remote host
  2. Add the line StrictHostKeyChecking no
  3. Save the file.
Keywords:
storage tsm km patrol
No results.