Thursday, April 27, 2006

Interesting Command Update In TSM

I found this interesting update on the Tivoli website about the enhancements to the DISABLE/ENABLE SESSIONS command. Basically it discusses the change to the commands in TSM and how the command now disables sessions not only for client sessions, but admin and server-to-server sessions also. This would not be problem had a customer not revoked system authority from his SERVER_CONSOLE ID. This locked the customer out of his server entirely and his only recourse was to either rollback to 5.3.0 or to restore a DB Backup from before the disable was issued. Have many of you revoked SERVER_CONSOLE privileges? I never would consider it since it is a fail-safe in the event something bad happens. I understand security but if the person can get onto the server and start the program in the foreground you have bigger problems than the SERVER_CONSOLE ID having system authority.

Thursday, April 13, 2006

TSM Is Not A Security Tool!

I thought I would pass along some of the crazier things I have seen with TSM and get your input to see who has the wildest/stupidest story concerning TSM.  My most recent experience is when I was ask to setup scripts to alert security personnel when a specific file was changed and backed up. Reason? If the file was changed it showed that the servers had been compromised. I, of course, stated without reservation NO! TSM is not a security tool and will not be used as one. That’s what security-monitoring tools are for! Then there was the time we were asked to provide a hard copy list of every file in backup storage. (That means a printed list of every file on tape. I kid you not!) This insane request was from a customer who had no idea what they were asking. When told what the results would be they insisted on having the list provided. We were floored, what idiot is going to sift through the mounds of paper and identify every file? Of course there is always the requests that come in from people wanting data from the 70’s, 80’s, and a lot from the 90’s. If I had a REEL to REEL machine or older tape hardware, I still wouldn’t have the foggiest idea how to restore the data since the computers the data was from are long gone and what tools were used to backup the data are probably buried with the person who once used those archaic tools (You mainframe people crack me up!). Have you ever seen Real Genius?  If you haven’t then I suggest it for a good laugh. There is one character in particular that I love, Lazlo Hollyfeld.  Played by Jon Gries, Lazlo is a scientist at a MIT/CIT like school that lives in the closet of the dorm room of the lead characters who suffered from a breakdown and is not quit living in reality. I work with a Lazlo! I swear he looks like Lazlo and when he goes into his cube it reminds me of him. I say this because he is a “Mainframer” and laughs and scoffs at us Open Systems people. Even he didn’t have a clue how data from that long ago could be restored since none of the software or hardware was available. Then there are always the requests where the person needs data restored that is missing. What data? They are not sure! What was the name or do they know some portion of the name or extension? No! How long has it been gone? Not sure! They think it was from 4-5 years ago. These requests kill me! Even if I was willing to go look at the old archives of the systems I still wouldn’t have any idea what the customer was really looking for. These are just some of the things I have run into and I am sure you all have many more great stories! Please share and let others feel your pain and enjoy a good laugh.    

Monday, April 03, 2006

TSM Client Issue!

I have been informed by Tivoli support personnel that a critical issue has been identified in the TSM backup/archive client that could affect data integrity. The issue involves the RESOURCEUTILIZATION option and how it works when backing up to tape. If you have RESCOURCEUTIL set higher than the default and the client backs up directly to tape there is an identified issue of data not being backed up, or archived, and incorrect deletion of files that were not archived without an error message being issued.

If any of the following conditions are met you are NOT affected by the problem:

  • The RESOURCEUTILIZATION client option is either not explicitly set, or is set to 1 or 2. This option can be set either in the client option set or schedule on the server, or in the local client options.

  • Data for the client node is only stored in random-access disk storage pools (such as the preconfigured storage pool, BACKUPPOOL).

  • Image backup is used.

  • NDMP backup (initiated by client or server) is used.

  • Only the API client is used (including programs and products that use only the API client - i.e. TDP's).

A fix is scheduled for release at the end of April, in the meantime make sure you either set any client using a higher RESOURCEUTIL value to 2, or send the client's backup to disk. Also note that any backup to disk using the FILE devclass is impacted by this problem as it affects all sequential media backup types.

I have provided a link to the APAR listing at the Tivoli website.