Your SlideShare is downloading. ×
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Ibm information archive architecture and deployment sg247843
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Ibm information archive architecture and deployment sg247843

953

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
953
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Front coverIBM Information ArchiveArchitecture and DeploymentUniversal storage repository for alltypes of contentHigh security with Enhanced TamperProtectionSupport for multiple accessmethods Bertrand Dufrasne Frank Boerner Andreas Feldner Roland Hoppe Kai Nunnemann Daniel Wendler Rene Wuellenweberibm.com/redbooks
  • 2. International Technical Support OrganizationIBM Information Archive: Architecture and DeploymentAugust 2010 SG24-7843-00
  • 3. Note: Before using this information and the product it supports, read the information in “Notices” on page ix.First Edition (August 2010)This edition applies to the IBM Information Archive V1.2 (program number 5608-IAF).© Copyright International Business Machines Corporation 2010. All rights reserved.Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP ScheduleContract with IBM Corp.
  • 4. Contents Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .x Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi The team who wrote this book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Now you can become a published author, too! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Comments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Stay connected to IBM Redbooks publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Chapter 1. Introduction to archiving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1 The business need for archiving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2 IBM Smart Archive Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 Introducing IBM Information Archive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.3.1 Information Archive key objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.3.2 Information Archive key features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.3.3 Information Archive value proposition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.4 Archiving reference architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Chapter 2. IBM Information Archive overview and components . . . . . . . . . . . . . . . . . . 9 2.1 Information Archive overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.1.1 Information Archive archiving concepts and features . . . . . . . . . . . . . . . . . . . . . . 10 2.1.2 Information Archive security and data retention compliance features. . . . . . . . . . 11 2.1.3 Information Archive hardware and software overview . . . . . . . . . . . . . . . . . . . . . 12 2.2 Hardware components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.2.1 Rack and intelligent power distribution unit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.2.2 Cluster nodes (2231-S2M) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.2.3 Information Archive Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.2.4 RSM server for Information Archive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.2.5 Information Archive Storage Controller (2231-D1A) and expansion drawer (2231-D1B) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.2.6 Information Archive SAN switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.2.7 Information Archive Ethernet switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 2.2.8 Console kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 2.3 Software components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 2.3.1 IBM Tivoli Storage Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 2.3.2 IBM System Storage Archive Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 2.3.3 General Parallel File System (GPFS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.3.4 Remote Support Manager for Information Archive . . . . . . . . . . . . . . . . . . . . . . . . 25 2.3.5 DS Storage Manager for Information Archive . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.3.6 IBM Systems Director . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.3.7 Integrated Solutions Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.4 Storage configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 2.4.1 Storage controller configuration and management . . . . . . . . . . . . . . . . . . . . . . . . 27 2.4.2 Storage configuration and partitioning for Storage Controller . . . . . . . . . . . . . . . . 29 2.4.3 Enhanced Remote Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 2.5 Cabling / SAN zoning / TCP/IP addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 2.5.1 KVM cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 2.5.2 SAN cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 2.5.3 Ethernet connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37© Copyright IBM Corp. 2010. All rights reserved. iii
  • 5. 2.5.4 TCP/IP addresses assigned . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Chapter 3. Planning and installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 3.1 Determining how many collections you need . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 3.2 Hardware configuration planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 3.2.1 Planning for Information Archive cluster nodes. . . . . . . . . . . . . . . . . . . . . . . . . . . 45 3.2.2 Disk storage and capacity planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 3.2.3 Planning the network connection type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 3.2.4 Planning tape attachment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 3.2.5 High availability with additional cluster nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 3.2.6 Planning Enhanced Remote Mirroring configuration. . . . . . . . . . . . . . . . . . . . . . . 49 3.3 Integration planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 3.3.1 Before creating any collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 3.3.2 Document protection levels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 3.3.3 System Storage Archive Manager Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 3.3.4 Enhanced Tamper Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 3.3.5 LDAP considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 3.3.6 Time server requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 3.3.7 Backing up the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 3.4 Preparing for installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 3.4.1 General planning considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 3.4.2 Initial configuration worksheet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 3.4.3 Alerting and monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 3.4.4 Enhanced Remote Mirroring configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 3.5 Physical installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 3.5.1 Hardware installation (performed by IBM service representative) . . . . . . . . . . . . 57 3.5.2 Running the Initial Configuration Wizard (ICW) . . . . . . . . . . . . . . . . . . . . . . . . . . 58 3.5.3 Assigning administrative user roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 3.5.4 Changing RSM server passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 3.5.5 Configuring the call home feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 3.5.6 Activating SAN switch ports 8 through 15 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 3.5.7 Attaching tape drives and tape libraries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 3.5.8 Configuring the Enhanced Remote Mirroring feature . . . . . . . . . . . . . . . . . . . . . . 70 Chapter 4. System administration and operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 4.1 Information Archive administration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 4.1.1 User and group management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 4.1.2 Changing the passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 4.1.3 Software updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 4.1.4 System monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 4.1.5 RSM management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 4.1.6 DS Storage Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 4.2 Operations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 4.2.1 Accessing the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 4.2.2 Shutting down the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 4.2.3 Starting up the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 4.2.4 Rebooting the servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 4.2.5 Maintenance mode for cluster node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 4.2.6 Suspending a collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 4.2.7 Resuming a collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 4.2.8 Retrieving error logs and traces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 4.3 Information Archive Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 4.3.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110iv IBM Information Archive: Architecture and Deployment
  • 6. 4.3.2 Accessing the Information Archive CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 4.3.3 CLI command categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 4.3.4 Using the Information Archive CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111Chapter 5. System Storage Archive Manager Collections . . . . . . . . . . . . . . . . . . . . . 1155.1 System Storage Archive Manager Collection overview. . . . . . . . . . . . . . . . . . . . . . . . 1165.2 IBM System Storage Archive Manager overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 5.2.1 IBM System Storage Archive Manager architecture overview . . . . . . . . . . . . . . 119 5.2.2 IBM System Storage Archive Manager basic concepts . . . . . . . . . . . . . . . . . . . 1275.3 IBM System Storage Archive Manager features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 5.3.1 Access control and authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 5.3.2 Archive copy group retention parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 5.3.3 Chronological archive retention. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 5.3.4 Event-based retention policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 5.3.5 Deletion hold and release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 5.3.6 Data retention protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 5.3.7 Expiration processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 5.3.8 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 5.3.9 Data shredding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 5.3.10 Data deduplication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 5.3.11 Archive process of a System Storage Archive Manager Collection . . . . . . . . . 1425.4 Creating and maintaining a System Storage Archive Manager Collection . . . . . . . . . 143 5.4.1 Creating a System Storage Archive Manager Collection . . . . . . . . . . . . . . . . . . 144 5.4.2 What is preconfigured with System Storage Archive Manager Collection . . . . . 148 5.4.3 System Storage Archive Manager collection administration . . . . . . . . . . . . . . . . 161 5.4.4 Granting client nodes access to a System Storage Archive Manager Collection 1655.5 Supported archive applications for System Storage Archive Manager Collections. . . 1665.6 Differences between System Storage Archive Manager Collections and File Archive Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166Chapter 6. File Archive Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1676.1 File Archive Collections overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1686.2 Network File System (NFS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 6.2.1 Archive process with File Archive Collections (NFS) . . . . . . . . . . . . . . . . . . . . . 169 6.2.2 Policy-based document retention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 6.2.3 Metafiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 6.2.4 Initial disk storage and secondary disk storage category . . . . . . . . . . . . . . . . . . 178 6.2.5 Additional considerations for File Archive Collections. . . . . . . . . . . . . . . . . . . . . 1816.3 Hypertext Transfer Protocol (HTTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1826.4 Creating and maintaining a File Archive Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . 182 6.4.1 Creating a File Archive Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 6.4.2 What is preconfigured with the File Archive Collections . . . . . . . . . . . . . . . . . . . 192 6.4.3 File Archive Collection administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 6.4.4 Sharing directories and granting client nodes access. . . . . . . . . . . . . . . . . . . . . 211 6.4.5 Using the data share and the metafile share of a File Archive Collection. . . . . . 2186.5 Archive applications supporting File Archive Collections . . . . . . . . . . . . . . . . . . . . . . 226Chapter 7. LDAP environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2277.1 Introduction to directories and LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 7.1.1 Directory components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 7.1.2 Directory and directory services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2287.2 LDAP usage within Information Archive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 7.2.1 LDAP servers used in our scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 7.2.2 Names used in our scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 Contents v
  • 7. 7.3 Configuring Information Archive with IBM Tivoli Directory Server. . . . . . . . . . . . . . . . 230 7.3.1 Configuring the server instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231 7.3.2 Configuring the LDAP objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 7.3.3 Using the ITDS LDAP server from Information Archive . . . . . . . . . . . . . . . . . . . 241 7.4 Tivoli Directory Services in IBM i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242 7.4.1 Basic configuration for IBM Tivoli Directory Server on IBM i. . . . . . . . . . . . . . . . 242 7.4.2 Starting and stopping the Tivoli Directory Server . . . . . . . . . . . . . . . . . . . . . . . . 246 7.4.3 Populating the LDAP directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 7.4.4 Using the IBM Tivoli Directory Server on IBM i with Information Archive . . . . . . 248 7.5 Configuring Information Archive with OpenLDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 7.5.1 Configuring the LDAP objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 7.5.2 Using the OpenLDAP server from Information Archive. . . . . . . . . . . . . . . . . . . . 252 7.6 Configuring Information Archive with Microsoft Active Directory. . . . . . . . . . . . . . . . . 253 7.6.1 Preparing Microsoft Active Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 7.6.2 Configuring the LDAP objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 7.6.3 Using the Active Directory server from Information Archive . . . . . . . . . . . . . . . . 259 Chapter 8. Integrating IBM Information Archive with archiving applications . . . . . . 261 8.1 IBM Enterprise Content Management portfolio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262 8.1.1 IBM Content Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 8.1.2 IBM Content Manager OnDemand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264 8.1.3 IBM FileNet P8 Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265 8.2 System Storage Archive Manager-based Integration with Information Archive . . . . . 266 8.2.1 Integrating IBM Tivoli Storage Manager backup-archive client with a System Storage Archive Manager Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 8.2.2 Integrating IBM Tivoli Storage Manager API with a System Storage Archive Manager Collection (using dapismp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 8.2.3 Integrating Content Manager with Information Archive System Storage Archive Manager Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 8.2.4 Integrating Content Manager OnDemand with System Storage Archive Manager Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 8.2.5 Integrating IBM FileNet P8 with a System Storage Archive Manager Collection 322 8.3 File archiving-based integration in Information Archive. . . . . . . . . . . . . . . . . . . . . . . . 342 8.3.1 Integrating IBM i with an Information Archive File Archive Collection . . . . . . . . . 342 8.3.2 Granting access to the File Archive Collection in Information Archive . . . . . . . . 343 Chapter 9. Monitoring and call home . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 9.1 Status monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352 9.1.1 Health Monitor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352 9.1.2 Event notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355 9.2 Tivoli Storage Manager Health Monitor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 9.2.1 Configuring the Tivoli Storage Manager Health Monitor . . . . . . . . . . . . . . . . . . . 362 9.2.2 Detailed health information for a server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363 9.3 Using IBM Systems Director in Information Archive . . . . . . . . . . . . . . . . . . . . . . . . . . 365 9.3.1 Configuring IBM Systems Director . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365 9.3.2 Working with IBM Systems Director . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370 9.4 RSM server for Information Archive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381 9.4.1 Configuring the RSM server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381 9.4.2 Working with the Information Archive RSM server . . . . . . . . . . . . . . . . . . . . . . . 389 9.5 Reporting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393 9.5.1 Tivoli Common Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393 9.5.2 Document status information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396 9.5.3 IBM Tivoli Storage Manager reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398vi IBM Information Archive: Architecture and Deployment
  • 8. 9.5.4 IBM Tivoli Storage Productivity Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3989.6 Logging and tracing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398 9.6.1 Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 9.6.2 Tracing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400Chapter 10. Tape attachment with IBM Information Archive. . . . . . . . . . . . . . . . . . . . 40310.1 Information Archive tape attachment overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40410.2 Tape device support for Information Archive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40610.3 Using tape for Information Archive data migration . . . . . . . . . . . . . . . . . . . . . . . . . . 40610.4 Using tape for Information Archive data backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407 10.4.1 System Storage Archive Manager Collections backup . . . . . . . . . . . . . . . . . . . 407 10.4.2 File Archive Collections backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40810.5 Planning for tape attachment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409 10.5.1 IBM System Storage Archive Manager and Information Archive Tivoli Storage Manager tape pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409 10.5.2 Database backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41010.6 Configuring tape libraries and drives for use with Information Archive . . . . . . . . . . . 411 10.6.1 Attaching IBM TS3500 library to the internal SAN switches . . . . . . . . . . . . . . . 411 10.6.2 Device driver and device attachment verification . . . . . . . . . . . . . . . . . . . . . . . 412 10.6.3 Defining LTO4 tape drives and TS3500 library in the System Storage Archive Manager server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 10.6.4 Integrating LTO4 drives and TS3500 library into the storage hierarchy . . . . . . 420 10.6.5 Modifying tape migration thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43110.7 Tape drive encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433 10.7.1 Tape drive encryption methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433 10.7.2 Encryption method setup for TS3500 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434 10.7.3 Drive encryption setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43510.8 Persistent naming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435 10.8.1 Linux device manager udev . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437 10.8.2 Defining udev rules for tape devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438 10.8.3 Defining udev rules for medium changer commands . . . . . . . . . . . . . . . . . . . . 439Chapter 11. Information Archive data backup and restore . . . . . . . . . . . . . . . . . . . . . 44111.1 System Storage Archive Manager Collections backup and restore . . . . . . . . . . . . . 442 11.1.1 Backing up System Storage Archive Manager Collections . . . . . . . . . . . . . . . . 442 11.1.2 Restoring a System Storage Archive Manager Collection . . . . . . . . . . . . . . . . 447 11.1.3 Verifying data integrity of storage pool volumes . . . . . . . . . . . . . . . . . . . . . . . . 45111.2 File Archive Collection backup and restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452 11.2.1 File Archive Collection backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453 11.2.2 Restoring File Archive Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456Chapter 12. Enhanced Remote Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46112.1 Enhanced Remote Mirroring overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462 12.1.1 Data replication process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463 12.1.2 Primary and secondary logical drives setup . . . . . . . . . . . . . . . . . . . . . . . . . . . 464 12.1.3 Mirror repository logical drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464 12.1.4 Mirror relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46412.2 Enhanced Remote Mirroring configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464 12.2.1 Enhanced Remote Mirroring requirements and feature codes . . . . . . . . . . . . . 465 12.2.2 Connecting the Fibre Channel cables for Enhanced Remote Mirroring . . . . . . 465 12.2.3 Establishing SSH-tunnel connection between the mirrored appliances . . . . . . 467 12.2.4 Defining an Information Archive to be the secondary appliance for Enhanced Remote Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468 12.2.5 Synchronizing data between the primary and secondary appliances . . . . . . . . 470 Contents vii
  • 9. 12.3 Using tape drives in an Enhanced Remote Mirroring environment . . . . . . . . . . . . . . 472 12.4 Site failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473 12.4.1 Running a planned site failover or failback . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473 12.4.2 IBM Information Archive disaster recovery with Enhanced Remote Mirroring . 476 12.4.3 Failing components in one of the IBM Information Archives with Enhanced Remote Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478 12.4.4 Connection issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478 12.5 Administrative tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479 12.5.1 Suspending the data mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479 12.5.2 Resuming the data mirroring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481 12.5.3 Removing the mirroring relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482 12.5.4 Restoring a removed mirrored relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483 12.6 Tips for synchronizing appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484 12.6.1 Changing synchronization priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484 12.6.2 Test the mirror communication in the DS Storage Manager . . . . . . . . . . . . . . . 485 12.6.3 Checking the Enhanced Remote Mirroring status. . . . . . . . . . . . . . . . . . . . . . . 487 Chapter 13. DR550 migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489 13.1 Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490 13.1.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490 13.1.2 Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491 13.1.3 Sizing and duration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492 13.1.4 Verifying the data after migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492 Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493 IBM Redbooks publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493 Other publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493 Online resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493 How to get Redbooks publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494 Help from IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495viii IBM Information Archive: Architecture and Deployment
  • 10. NoticesThis information was developed for products and services offered in the U.S.A.IBM may not offer the products, services, or features discussed in this document in other countries. Consultyour local IBM representative for information on the products and services currently available in your area. Anyreference to an IBM product, program, or service is not intended to state or imply that only that IBM product,program, or service may be used. Any functionally equivalent product, program, or service that does notinfringe any IBM intellectual property right may be used instead. However, it is the users responsibility toevaluate and verify the operation of any non-IBM product, program, or service.IBM may have patents or pending patent applications covering subject matter described in this document. Thefurnishing of this document does not give you any license to these patents. You can send license inquiries, inwriting, to:IBM Director of Licensing, IBM Corporation, North Castle Drive, Armonk, NY 10504-1785 U.S.A.The following paragraph does not apply to the United Kingdom or any other country where suchprovisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATIONPROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS ORIMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer ofexpress or implied warranties in certain transactions, therefore, this statement may not apply to you.This information could include technical inaccuracies or typographical errors. Changes are periodically madeto the information herein; these changes will be incorporated in new editions of the publication. IBM may makeimprovements and/or changes in the product(s) and/or the program(s) described in this publication at any timewithout notice.Any references in this information to non-IBM websites are provided for convenience only and do not in anymanner serve as an endorsement of those websites. The materials at those websites are not part of thematerials for this IBM product and use of those websites is at your own risk.IBM may use or distribute any of the information you supply in any way it believes appropriate without incurringany obligation to you.Information concerning non-IBM products was obtained from the suppliers of those products, their publishedannouncements or other publicly available sources. IBM has not tested those products and cannot confirm theaccuracy of performance, compatibility or any other claims related to non-IBM products. Questions on thecapabilities of non-IBM products should be addressed to the suppliers of those products.This information contains examples of data and reports used in daily business operations. To illustrate themas completely as possible, the examples include the names of individuals, companies, brands, and products.All of these names are fictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.COPYRIGHT LICENSE:This information contains sample application programs in source language, which illustrate programmingtechniques on various operating platforms. You may copy, modify, and distribute these sample programs inany form without payment to IBM, for the purposes of developing, using, marketing or distributing applicationprograms conforming to the application programming interface for the operating platform for which the sampleprograms are written. These examples have not been thoroughly tested under all conditions. IBM, therefore,cannot guarantee or imply reliability, serviceability, or function of these programs.© Copyright IBM Corp. 2010. All rights reserved. ix
  • 11. TrademarksIBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business MachinesCorporation in the United States, other countries, or both. These and other IBM trademarked terms aremarked on their first occurrence in this information with the appropriate symbol (® or ™), indicating USregistered or common law trademarks owned by IBM at the time this information was published. Suchtrademarks may also be registered or common law trademarks in other countries. A current list of IBMtrademarks is available on the web at http://www.ibm.com/legal/copytrade.shtmlThe following terms are trademarks of the International Business Machines Corporation in the United States,other countries, or both: AIX® IBM® System i® DB2® InfoSphere™ System Storage™ Domino® Lotus Notes® System Storage DS® DS4000® Lotus® System x® Electronic Service Agent™ Notes® System z® FileNet® OmniFind® Tivoli Enterprise Console® GPFS™ Optim™ Tivoli® i5/OS® Redbooks® TotalStorage® IBM Systems Director Active Energy Redpaper™ WebSphere® Manager™ Redbooks (logo) ® z/OS®The following terms are trademarks of other companies:FileNet, and the FileNet logo are registered trademarks of FileNet Corporation in the United States, othercountries or both.SnapLock, NetApp, and the NetApp logo are trademarks or registered trademarks of NetApp, Inc. in the U.S.and other countries.Novell, SUSE, the Novell logo, and the N logo are registered trademarks of Novell, Inc. in the United Statesand other countries.QLogic, and the QLogic logo are registered trademarks of QLogic Corporation. SANblade is a registeredtrademark in the United States.SAP R/3, SAP, and SAP logos are trademarks or registered trademarks of SAP AG in Germany and in severalother countries.Java, and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, othercountries, or both.Microsoft, Windows, and the Windows logo are trademarks of Microsoft Corporation in the United States,other countries, or both.Intel Xeon, Intel, Intel logo, Intel Inside logo, and Intel Centrino logo are trademarks or registered trademarksof Intel Corporation or its subsidiaries in the United States and other countries.UNIX is a registered trademark of The Open Group in the United States and other countries.Linux is a trademark of Linus Torvalds in the United States, other countries, or both.Other company, product, or service names may be trademarks or service marks of others.x IBM Information Archive: Architecture and Deployment
  • 12. Preface This IBM® Redbooks® publication can help you understand, configure, monitor, and use IBM Information Archive. As you address your information retention needs, whether keeping valuable content for long periods of time, meeting industry retention regulations, or addressing corporate governance, you need an archiving solution that is secure, scalable, but also cost-effective. IBM Information Archive is the next-generation information retention solution designed as a universal archiving repository for all types of content to help midsize and enterprise clients reduce cost, manage risk, and address clients’ complete information retention needs: business, legal, or regulatory. This highly versatile, smart business system can be a useful tool for clients in their efforts to support regulatory compliance by providing a storage repository with robust security features designed to prevent the alteration or deletion of the storage repository in which information is stored until their business-designated retention period has elapsed. This book is a comprehensive document intended for customers and field personnel who want to understand, deploy, use, and monitor IBM Information Archive.The team who wrote this book This book was produced by a team of specialists from around the world working at the International Technical Support Organization, San Jose Center. Bertrand Dufrasne is an IBM Certified Consulting I/T Specialist and Project Leader for IBM System Storage™ disk products at the International Technical Support Organization, San Jose Center. He has worked at IBM in various I/T areas. He has authored many IBM Redbooks publications and has also developed and taught technical workshops. Before joining the ITSO, he worked for IBM Global Services as an Application Architect. He holds a Master’s degree in Electrical Engineering. Frank Boerner is an IT Specialist working for IBM Germany. He has 20 years of experience as a customer engineer, software engineer, and solution support specialist. He works in the Archive Solution Competence Center in Leipzig and provides worldwide support for DR550 and IBM Information Archive. Andreas Feldner is an accredited Product Support Professional and region specialist for DR550 and SAN products and is located in Frankfurt, Germany. He works for IBM Global Technology Services and has more than 16 years experience in product support. His areas of expertise include implementation and maintenance of DR550, IBM System p® servers, disk subsystems, and tape storage solutions.© Copyright IBM Corp. 2010. All rights reserved. xi
  • 13. Roland Hoppe is a Product Service Professional in Germany. He has 20 years of experience as a customer engineer and support specialist. He works in the Archive Solution Competence Center in Leipzig and provides worldwide support for DR550 and IBM Information Archive. Kai Nunnemann is a Senior Consultant and Category Leader for Information Management at becom - A Divison of Computacenter, in Germany. He has 14 years of experience with IBM hardware and software. His areas of expertise include IBM Tivoli® Software, IBM Content Management software, and related storage hardware. He holds a degree in Mechanical Engineering. Kai is one of becom’s IBM Certified Deployment Professionals Tivoli Storage Manager, and an IBM Certified Solution Advisor Tivoli Storage. Daniel Wendler is an IT Specialist within the IBM MTS Group in Germany. After studying computer science and graduating at the University of applied science Wiesbaden, Daniel joined IBM in 2005. He wrote his final thesis in the eRMM Software Development department at IBM about automated policy-based management of removable storage media. Since then, Daniel is working in the European Storage Competence Center as a product field engineer for RMSS products. He provides post-sales support for enterprise tape libraries, Open System virtualization engines and enterprise tape encryption solutions. Rene Wuellenweber is an accredited Product Service Professional working for IBM in Germany. He has 12 years of experience as a customer engineer, supporting DASD Midrange products and working as solution support specialist. Rene works in the Archive Solution Competence Center in Leipzig and provides worldwide support for DR550 and IBM Information Archive. Thanks to the following people for their contributions to this project: BJ Klingenberg, Bonnie Pulver, Mike Griese, Neeta Garimella, Erick Kissel, Greg McBride, Bryan Jen, Braynt Lee, Jason Auvenshine, Linda Benhase, Tony Ciaravella, Chris Zukowski, Roger Wofford, Michael Griese, Jim Saunders, Manuel Avalos Vega, Carlos Sandoval, Don A Hantzsche, Brian Ashmore, Kelly Axup, Matthias Jung, Nils Haustein, Stefan Roth, Stefan Bender, Alexander Safonov and Harald Uebele.xii IBM Information Archive: Architecture and Deployment
  • 14. Now you can become a published author, too! Heres an opportunity to spotlight your skills, grow your career, and become a published author - all at the same time! Join an ITSO residency project and help write a book in your area of expertise, while honing your experience using leading-edge technologies. Your efforts will help to increase product acceptance and customer satisfaction, as you expand your network of technical contacts and relationships. Residencies run from two to six weeks in length, and you can participate either in person or as a remote resident working from your home base. Find out more about the residency program, browse the residency index, and apply online at: ibm.com/redbooks/residencies.htmlComments welcome Your comments are important to us! We want our books to be as helpful as possible. Send us your comments about this book or other IBM Redbooks publications in one of the following ways: Use the online Contact us review Redbooks form found at: ibm.com/redbooks Send your comments in an email to: redbooks@us.ibm.com Mail your comments to: IBM Corporation, International Technical Support Organization Dept. HYTD Mail Station P099 2455 South Road Poughkeepsie, NY 12601-5400Stay connected to IBM Redbooks publications Find us on Facebook: http://www.facebook.com/IBMRedbooks Follow us on twitter: http://twitter.com/ibmredbooks Look for us on LinkedIn: http://www.linkedin.com/groups?home=&gid=2130806 Explore new Redbooks publications, residencies, and workshops with the IBM Redbooks publications weekly newsletter: https://www.redbooks.ibm.com/Redbooks.nsf/subscribe?OpenForm Stay current on recent Redbooks publications with RSS Feeds: http://www.redbooks.ibm.com/rss.html Preface xiii
  • 15. xiv IBM Information Archive: Architecture and Deployment
  • 16. 1 Chapter 1. Introduction to archiving In this chapter we introduce the concept of archiving and its business requirements. We explain the need for retention managed data and briefly present the IBM Smart Archive Strategy. This strategy can help you realize the business value of your information while driving down costs and risks as well as ensuring that critical business content is properly retained and protected. As an element of the IBM Smart Archive Strategy, we highlight the features of the IBM Information Archive (Information Archive) and position them in this context.© Copyright IBM Corp. 2010. All rights reserved. 1
  • 17. 1.1 The business need for archiving Information or data is essential to any business and for the most part can be considered a company asset. Examples of such data include contracts, CAD/CAM designs, aircraft build and maintenance records, and email, including attachments, instant messaging, insurance claim processing, presentations, transaction logs, web content, user manuals, training material, digitized information (such as check images, medical images, historical documents, and photographs), and much more. With that understanding, companies see a potential value in aggregating large amounts of data. In addition to the sheer growth of data, the laws and regulations governing the storage and secure retention of business and client information are increasingly becoming part of the business landscape, making data retention a major challenge to any institution. Regulated information can include email, instant messages, business transactions, accounting records, contracts, or insurance claims processing, all of which might need to be retained for varying periods of time. Some of this data might be kept several years. Some data might also be kept forever. Moreover, some data must be kept just long enough and not any longer. Indeed, content is an asset when it needs to be kept; however, if kept past its mandated retention period, it can also become a liability. Furthermore, the retention period can change due to factors such as litigation. The characteristics of archived data can vary greatly in their representation, size, and industry segment. It becomes apparent that the most important attribute of this kind of data is that it needs to be retained and managed, so it is called retention-managed data. Retention-managed data is data that is written once and is read rarely (sometimes never). Other terms abound to describe this type of data, such as reference data, archive data, content data, or other terms implying that the data cannot be altered. Retention-managed data is data that needs to be kept (retained) for a specific (or unspecified) period of time, usually years. Retention-managed data applies to many types of data and formats across all industries. The file sizes can be small or large, but the volume of data tends to be large (multi-terabyte to petabyte). It is information that might be considered of high value to an organization, therefore, it is retained near-line for fast access. It is typically read infrequently and thus can be stored on economical disk media such as SATA disks. Depending on its nature, it can be migrated to tape after some period. It is also important to recognize what does not qualify as retention-managed data. It is not the data that changes regularly, known as transaction data (account balance, inventory status, and orders today, for example). It is not the data that is used and updated every business cycle (usually daily), or the backup copy of this data. The data mentioned here changes regularly, and the copies used for backup and disaster recovery are there for exactly those purposes, meaning backup and disaster recovery. They are there so that you can restore data that was deleted or destroyed, whether by accident, a natural or human-made disaster, or intentionally. All these factors mandate tight coordination and a controlled, intelligent approach to archiving. This is what the IBM Smart Archive Strategy is aimed at.2 IBM Information Archive: Architecture and Deployment
  • 18. 1.2 IBM Smart Archive Strategy The IBM Smart Archive Strategy is a comprehensive cross-brand approach that combines IBM software, systems, and service capabilities designed to help customers extract value and gain new intelligence from information by collecting, organizing, analyzing, and leveraging that information. This approach, depicted in Figure 1-1, delivers a comprehensive set of solutions, products, and services in a unified and integrated strategy that helps you realize the business value of your information while driving down costs and risks and ensuring that critical business content is properly retained and protected. With the IBM Smart Archive Strategy, you can simplify the archiving infrastructure and reduce overall storage and power needs as well as administrative requirements with the help of integrated appliances and multiple delivery options. Implementing an IBM Smart Archive solution can eliminate unnecessary junk content, helping to improve system and process efficiency and productivity. Reducing discovery costs and legal fees are key objectives, as well as enhancing response capabilities by providing authorized legal staff quick access to and analysis of case-relevant information. IBM Information Archive Figure 1-1 The IBM Smart Archive Strategy The IBM Smart Archive Strategy offers the following capabilities: Optimized and unified ingestion: – Enables a deeper understanding of what information to archive through discovery-based and analytics-based assessment technologies. – Eliminates point solution complexity and cost by unifying data and content archiving through common collection (ingest) and classification technologies. The following examples from the IBM Product portfolio fit that category: – IBM InfoSphere™ Content Assessment software – IBM InfoSphere Content Collector family of offerings, including integration with IBM Optim™ Data Growth Solution software Chapter 1. Introduction to archiving 3
  • 19. – IBM InfoSphere Classification Module software – IBM InfoSphere Discovery with Optim Data Growth Solution software Flexible and secure infrastructure: – Enables cost-optimized retention with unified, flexible, secure and policy-aware infrastructure. – Speeds time to value through modular, integrated solutions including choice of management and delivery models based on a common information lifespan and policies. These solutions and services include traditional on-premise software, preconfigured appliance, software-as-a-service, cloud-ready and hybrid options. The following examples from the IBM product portfolio fit that category: – IBM Enterprise Content Management (ECM) repositories – IBM Information Archive solution (the focus of this book) – IBM Managed Information Archive Cloud Services – IBM Global Technology Services – Storage and Archive Services Integrated Compliance, Records Management, Analytics, and eDiscovery: Reduce risk, respond more quickly to legal inquiries, establish trust and leverage information using integrated compliance, analytics, records management, and eDiscovery software. The following examples from the IBM product portfolio fit that category: – IBM InfoSphere Enterprise Records software – IBM InfoSphere Discovery Manager and Discovery Analyzer software1.3 Introducing IBM Information Archive IBM Information Archive (Information Archive) is one of the enablers for the IBM Smart Archive Strategy, as one of its possible infrastructure elements. Information Archive is the next-generation information retention solution designed as a universal archiving repository for all types of content to help midsize and enterprise clients reduce cost, manage risk, and address clients’ complete information retention needs: business, legal, or regulatory. Information Archive is a universal, scalable, and secure storage repository for structured and unstructured information. Information Archive application support includes IBM ECM and Optim with policy harmony. Information Archive replaces the IBM System Storage DR550 and offers significant enhancements over the DR550. This highly versatile, cloud-ready, smart business system can be a useful tool for users in their efforts to support regulatory compliance by providing a storage repository with robust security features designed to prevent the alteration or deletion of the storage repository in which information is stored until your business-designated retention period has elapsed. Information Archive is an integrated, appliance-based solution for retaining archived information in a compliant storage environment. Information Archive connects to application servers, receives files and documents from these applications, and stores them in a hierarchy of disk and tape storage. The information is stored in a collection, which is the basic storage repository within Information Archive. You can use Information Archive as the target storage for your archiving applications or you can move information from your application or existing storage domain to Information Archive.4 IBM Information Archive: Architecture and Deployment
  • 20. You can manage archived information from a single, simple to use graphical user interface (GUI). Information Archive scales in capacity by adding more disk storage to the collections and scales in performance by adding more file system nodes. Using hierarchical storage management techniques, Information Archive helps move archived information across a hierarchy of lower cost storage devices, including tape. This can help you to match the value of your archived information to the cost of the infrastructure on which it is stored. Information Archive is designed to provide a quick time-to-value so you can begin to realize its benefits very soon after.1.3.1 Information Archive key objectives The key objectives of Information Archive are as follows: To provide a universal storage repository for all types of content, structured and unstructured, compliant or non-compliant data To eliminate complex installation and configuration To scale easily for both capacity and performance To support efficient policy-driven retention and tiered storage management To support standard interfaces into the system for easy integration with applications To protect data integrity for the entire lifespan of the information To offer low Total Cost of Ownership (TCO) by allowing use of mixed media (disk and tape) To support existing retention policies or enable administrators to define customized policies To incorporate current DR550 capabilities and much more1.3.2 Information Archive key features The Information Archive solution offers the following key features and characteristics: Provides a single platform for archiving compliant, non-compliant, structured and un-structured data thus reducing the need multiple systems. Provides customizable data protection features to meet the industrys most stringent data retention mandates. Enables data archiving across multiple tiers of storage, including disk, tape and, other near-line or offline storage, to provide massive scalability and a more cost-effective, energy efficient archive system. Enables specified information protection levels for archive collections. With Information Archive, IBM has introduced a unique 3x3 architecture that allows businesses to configure up to three archive collections on a single system with up to three servers. It allows the flexibility for each collection to be configured with the following information protection levels: – Basic Protection enables the greatest flexibility for managing an organization’s data retention needs. – Intermediate Protection allows IT administrators to increase and decrease retention periods as needed, but information deletion is only allowed after the retention period has expired. – Maximum Protection helps IT administrators manage information with strict business, legal, or regulatory retention needs. Chapter 1. Introduction to archiving 5
  • 21. Enforces data retention polices that maintain data as non-erasable and non-rewritable (NENR) until deletion is permitted by retention policy. Enables users to archive and retrieve directly from or to their workstations as well as enterprise content management applications. Offers Enhanced Disaster Recovery based on advanced copy services to increase the availability of archived documents and to prevent data loss in the event of a disaster. Implements Enhanced Tamper Protection, a patent-pending feature that prevents root access to the appliance to avoid modification or deletion of archived data. Supports data deduplication, which helps to store a single instance of data on disk and reduces the file size of documents in the archive collections. Data deduplication can reduce the effective data size on disk by 20 to 80%. Provides Hierarchical Storage Management, which automatically distributes and manages data on disk, tape, or both, with the objectives of minimizing access time to data and maximizing available media capacity.1.3.3 Information Archive value proposition The Information Archive value proposition can be summarized as follows: Manage risk: – Offers policy-based or general purpose archiving capabilities to help address compliance and non-compliance requirements: business, legal, and regulatory – Provides enhanced security with encryption for both disk and tape storage – Enforces retention polices that meet some of the industrys most stringent data retention mandates. – Introduces new patent-pending tamper protection technology – Locks data into non-erasable, non-rewriteable formats based on specific business needs. Reduce cost: – Information Archive uses a true storage mix of disk and tape technologies combining fast accessible disk with low cost of tape within a single archive pool. – It can thus maximize your total cost of ownership over the life of the archived data. Improve productivity and efficiency: – Simple to implement (pre-integrated, pre-configured) and manage Industry standard interface (NFS) supports immediate archiving (no custom APIs required) – Easily scales, can dynamically add and remove storage and scales to 1 billion objects across petabytes of storage, from multiple content types – High performing system based on the IBM patented GPFS™ file system technology6 IBM Information Archive: Architecture and Deployment
  • 22. 1.4 Archiving reference architecture A reference model describes an abstraction of the key concepts and their relationships. The reference model referred to in this book consists of a three layer architecture as depicted in Figure 1-2. Layer 1 describes the application layer. Applications in Layer 1 run on computer systems that generate, analyze, and process information and store this information as data. Typical examples of such applications are email clients, IBM Lotus® Domino® server, Microsoft® Exchange server, or Picture Archiving and Communication Systems (PACS). Layer 1 applications communicate to Layer 2 components through proprietary or open interfaces (depending on the application). Layer 2 is the archive management layer or Document Management System (DMS), sometimes also referred to as Content Management. Archive management components are usually running on hardware systems other than Layer 1 and Layer 3 components. The DMS or Content Management systems are collecting, managing, storing and retaining data and finally transmitting the data and related information to the archive storage system (Layer 3). The Information Archive appliance is in Layer 3. In Chapter 8, “Integrating IBM Information Archive with archiving applications” on page 261, you can find descriptions and practical illustrations of how Layer 2 applications integrated with Information Archive. Applications Layer 1 ` ` ` LAN Layer 2 Document Management System Archive Layer 3 Appliance Figure 1-2 Reference architecture for digital archiving Chapter 1. Introduction to archiving 7
  • 23. 8 IBM Information Archive: Architecture and Deployment
  • 24. 2 Chapter 2. IBM Information Archive overview and components The IBM Information Archive (Information Archive) hardware and software are preinstalled and delivered in a base rack (2231-IA3) and one optional expansion rack (2231-IS3). The base and expansion racks (or frames) are available in various configurations and capacity options. In this chapter we present an overview of the Model 2231-IA3 and the optional Model 2231-IS3. First, we review the system as whole and its intended usage, followed by a description of each of the elements, hardware, and software, with detailed information about how they are initially packaged, installed, and configured.© Copyright IBM Corp. 2010. All rights reserved. 9
  • 25. 2.1 Information Archive overview The Information Archive appliance is an integrated data retention solution. It is the IBM follow-on and replacement product for the IBM System Storage DR550. The appliance includes preinstalled servers, disk storage, and the Information Archive software.2.1.1 Information Archive archiving concepts and features Information Archive brings together off-the-shelf IBM hardware and software products. The hardware comes premounted in a secure rack. The software is preinstalled and to a large extent preconfigured. It is designed to be easy to deploy. Information Archive can be used to store and manage multiple billions of documents over its deployment lifetime. Information Archive provides policy-managed storage for compliance, archiving, and content management applications. These applications can retrieve files using standard communication protocols, such as Network File System (NFS) and HTTP, and can archive files using NFS or the System Storage Archive Manager API in logical containers, called collections. The Information Archive solution includes time-based and event-based retention options, compression and deduplication of stored data, and compatibility with customer applications that can be used by the former DR550 appliance. Optional features of Information Archive include remote replication for disaster recovery, high-availability server configurations, and tape library support. Figure 2-1 shows a general overview of the conceptual Information Archive architecture. It depicts how applications can store documents into Information Archive over an Ethernet LAN. The documents are archived in collections that reside on disk. The collections can be of two types: System Storage Archive Manager collections and File Archive Collections (archive over NFS). A maximum of three collections (in any combination of System Storage Archive Manager Collections or File Archive Collections) is supported. The Information Archive software includes an administrative Graphical User Interface, the Information Archive Administration GUI (Information Archive GUI). IBM IA Admin GUI Applications LAN One Namespace NFS NAS NFS NAS NAS SSAM Disk Disk Disk Disk Disk Disk Disk Collection 1 Collection 2 Collection 3 Collection 1 Collection 2 Collection 3 Clustered Clustered IBM Information Archive Tape or other devices © 2 00 9 IBM Corp or atio n Figure 2-1 Information Archive architecture10 IBM Information Archive: Architecture and Deployment
  • 26. The Information Archive GUI lets you administrate, operate, and monitor the Information Archive appliance, and generate reports. The system offers the option to migrate and back up data to tape. Although optional, tape attachment is highly desirable.2.1.2 Information Archive security and data retention compliance features Information Archive is primarily intended to provide a storage solution for archiving and data retention compliance. Thus, it offers the following retention and document protection features. Document retention The Information Archive appliance provides a number of ways to specify how long documents are retained.You can configure document retention policies, which provide both time-based and event-based retention options. Document protection settings After a document is ingested into archival storage, it cannot be modified until its retention period expires. You can use document protection settings to further restrict the actions that can be taken on archived documents. Document protection levels can be set independently for each collection in the appliance. There are three levels of document protection available for File Archive Collections. System Storage Archive Manager collections only support the maximum level of document protection, which does not allow the deletion of documents or the reduction of retention periods. Enhanced Tamper Protection Enhanced Tamper Protection prevents root access to the servers in the Information Archive appliance. Root access can potentially be used to modify or delete archived data. Enhanced Tamper Protection is a system-wide setting that affects all the collections in the appliance. This feature can be enabled during the initial configuration of the appliance, or at a later time. After being enabled, it cannot be turned off. If you do not enable Enhanced Tamper Protection, you must use other methods to prevent tampering and you must securely manage the root passwords on all servers in the appliance. Access protection Authentication is required for access to archived documents and the Information Archive GUI. For File Archive Collections, user accounts for administrators and archive users can be managed using an external Lightweight Directory Access Protocol (LDAP) server. Access for users, user groups, or host systems must be granted through the Information Archive administrative interface. Also see Chapter 7, “LDAP environments” on page 227. Two predefined user accounts are provided with the appliance: iaadmin and iscadmin. These user accounts have limited authority, and are intended to be used for a specific set of tasks. You must change the default passwords for these user accounts during the initial configuration of the appliance. Compliance features Information Archive provides a number of features to enable you meet your legal, regulatory, or policy compliance requirements for data archiving. Chapter 2. IBM Information Archive overview and components 11
  • 27. 2.1.3 Information Archive hardware and software overview The Information Archive, seen in Figure 2-2, is available in several configurations with storage from 8 TB (one collection) up to 440 TB of raw capacity for up to three collections. Similar to the DR550, Information Archive is also available as primary and secondary systems for a Disaster Recovery Protection configuration, based on remote disk mirroring. Figure 2-2 Photograph of the IBM 2231-IA3 rack The Information Archive appliance includes Fibre Channel (FC) ports for external tape attachment but does not include cables or tape drives or tape libraries. You must acquire and attach tape drives to be able to back up your configuration and collection data (see Chapter 10, “Tape attachment with IBM Information Archive” on page 403). The backup and restore process is described in detail in Chapter 11, “Information Archive data backup and restore” on page 441. The software bundle includes Information Archive Version 1.2, the IBM Tivoli Storage Manager 6.x, the IBM System Storage Archive Manager Version 6.x, Information Archive Cluster Version, the IBM System Director Version 6.1.0, and DS Storage Manager for Information Archive, customized for additional protection.12 IBM Information Archive: Architecture and Deployment
  • 28. 2.2 Hardware components Figure 2-3 shows a diagram that depicts the hardware components and their placement in the base Information Archive frame (2231-IA3). A standard Information Archive 2231-IA3 base frame consists of: One 2231-IA3 rack (7014 T00 rack - 36U) At minimum, one cluster node (which is an IBM System x® 3560 M2). It is a 4-EIA (2U), 19-inch rack mounted server. It is configured as a two quad-core Intel® processor system. The default system memory is 24 GB and can be up to 64 GB. It also includes standard dual power supplies. One Management Console server (IBM System x 3550 M2) for 2231-IA3 One RSM server (IBM System x 3550 M2) for 2231-IA3 One console kit (1735 3LX with Keyboard, Video, Mouse) and KVM switch Two optional IBM SAN switches (2498-B24 FC switch) Two IBM Ethernet switches (SMC 8126 L2 26 port Ethernet switches) One Storage Controller 2231-D1A (IBM System Storage DS4200) Up to six optional Expansion Drawers 2231-D1B (IBM System Storage EXP420) RSM Server Expansion Drawers Management KVM Switch Console SAN Managem ent Node Switches Ethernet Cluster Node 1 Switches Cluster Node 2 Cluster Node 3 Expansion Drawers Storage Controller 1 Front View Rear View © 2009 IBM Corporatio Figure 2-3 Component locations in 2231-IA3 Chapter 2. IBM Information Archive overview and components 13
  • 29. The base frame 2231-IA3 can be complemented with one expansion frame 2231-IS3 (shown in Figure 2-4) to provide storage for up to two additional collections. The optional Information Archive 2231-IS3 Expansion frame consists of the following components: One 2231-IS3 rack (7014 T00 rack - 36U) Up to two 2231-D1A Storage Controllers (IBM System Storage DS4200) Up to ten Expansion Drawers 2231-D1B (IBM System Storage EXP420) Disk Expansion 2.5 Disk Expansion 1.5 Disk Expansion 2.4 Disk Expansion 1.4 Disk Expansion 2.3 Disk Expansion 1.3 Disk Expansion 2.2 Disk Expansion 1.2 Disk Expansion 2.1 Disk Expansion 1.1 Disk Controller 2 Disk Controller 1 1 © 2009 IBM Corporation Figure 2-4 Component location in the optional Information Archive 2231-IS32.2.1 Rack and intelligent power distribution unit This section provides details about the Information Archive rack (base and expansion frames), as well as the integrated intelligent power distribution unit (iPDU). Rack specifications The Information Archive rack is a 7014-T00 rack that stacks all the components vertically. The rack comes with doors in the front and back, and includes the Rack Security Kit to secure physical access to any of the Information Archive appliance components. The Information Archive 2231-IA3 (base frame) and the Information Archive 2231-IS3 rack (expansion frame) have a height of 36U and each contains two iPDUs. The servers and (optional) SAN and Ethernet switches are placed in the middle of the rack. The storage units start from the bottom, populating toward the top as the storage capacity installed increases (also see Figure 2-3 and Figure 2-4. The hardware specifications provide detailed information for the rack, including dimensions, electrical, power, temperature, environment, and service clearances. For more information, see: http://publib.boulder.ibm.com/infocenter/powersys/v3r1m5/index.jsp?topic=/iphad/f7 014t00rack.htm14 IBM Information Archive: Architecture and Deployment
  • 30. Specifications for the iPDU (PDU+) The intelligent power distribution unit (iPDU), also called power distribution unit plus (PDU+), has power-monitoring capabilities. The iPDU is an intelligent AC power distribution unit that monitors the amount of power being used by the devices that are plugged into it. Figure 2-5 shows a schematic representation of the iPDU. Figure 2-5 The iPDU - Power distribution unit with Ethernet ports All the cabling from the iPDUs to the various Information Archive components is done by manufacturing.2.2.2 Cluster nodes (2231-S2M) Information Archive includes one, or optionally up to three, Information Archive cluster nodes (2231-S2M). Each node consists of an IBM System x (x-3650 M2, Machine Type 7947), running a Linux®-based operating system. Cluster nodes process all the documents that have been saved to Information Archive and perform management operations on the documents that have been archived. All cluster nodes have identical hardware, and they are configured as GPFS cluster nodes. Important: Always order the same amount of memory for each server. Physically, the System x x3550-M2 is a 2-EIA (2U), 19-inch, rack-mounted server. Up to two quad- or dual-core Intel Xeon® 5550 Series processors with QuickPath Interconnect (QPI) technology, up to 2.93 GHz, and up to a 1333 MHz front-side bus are available. This server has a new energy-efficient design with low 675 W and up to 92% efficient power supplies, six cooling fans, altimeter monitored by the Integrated Management Module (IMM) and by IBM Systems Director Active Energy Manager™. Up to 128 GB of high-performance, new-generation DDR-3 memory are available. It includes ultimate internal storage flexibility with up to twelve 2.5" hot-swap SAS/SATA/SSD HDD bays. The x3650 M2 provides four x8 (“by 8”) 8 GBps PCIe (PCI Express) Gen 2 high performance I/O slots. It also includes two integrated Broadcom 5709C Gigabit Ethernet controllers standard. In Information Archive, this server is equipped with a dual quad-core processors, and has 24 GB memory installed (maximum 64 GB possible). There are also two dual-port 4 Gb FC HBAs and two 146 GB 15k rpm SAS internal disks configured as RAID 1. One FC Ethernet dual port card is optionally available. Chapter 2. IBM Information Archive overview and components 15
  • 31. Figure 2-6 shows the front view of the 2231-S2M server. Figure 2-6 Cluster Node 2231-S2M - front view Cluster nodes: The Information Archive Model 2231-IA3 must contain at least one cluster node with a maximum of up to three cluster nodes. Figure 2-7 shows the Cluster Node rear panel. Figure 2-7 Cluster Node 2231-S2M - rear view The minimum configuration supports a single collection with one cluster node 2231-S2M, but this does not allow a cluster node failover. The maximum configuration consists of three cluster nodes and supports three collections. In this configuration, all collections support cluster node failover, but there will be a performance degradation when more than one collection runs on a single cluster node. Each collection needs a dedicated Storage Controller 2231-D1A (DS4200). Consequently, for more than one collection, the configuration requires the 2231-IS3 expansion frame to mount the second and third 2231-D1A storage controllers.16 IBM Information Archive: Architecture and Deployment
  • 32. 2.2.3 Information Archive Management Console The Information Archive also includes one Management Console (IBM System x, x-3550 M2, M/T 7946) also running a Linux-based operating system. This is your Information Archive appliance utility server running the Information Archive Administration GUI based on the Integrated Solutions Console (ISC). It is also used for monitoring through the preinstalled IBM Systems Director, which provides all core RAS systems management and call home requirements. The Management Console provides a single point of access for all functions. The Management Console (M/T 7964 is a member of the IBM System x family (x-3550-M2). Physically, it is a 1-EIA (1U), up to two quad-core or dual-core Intel Xeon 5500 Series processors with QuickPath Interconnect (QPI) technology, up to 2.93 GHz, and up to 1333 MHz front-side bus, including the following features: New energy-efficient design with low 675 W Up to 92% efficient power supplies, six cooling fan modules, altimeter monitored by IMM, and IBM Systems Director Active Energy Manager Up to 128 GB of high-performance, new-generation DDR-3 memory Ultimate internal storage flexibility with up to six 2.5" hot-swap SAS/SATA/SSD HDD bays The system includes two PCI-Express (x16) Gen 2 slots: one half-length, full-height; and one low-profile, as well as two integrated Broadcom 5709 Gigabit Ethernet controllers, standard. In the Information Archive appliance, the Management Console has 4 GB of memory and two 146 GB 15k rpm SAS internal disks configured as RAID 1. Figure 2-8 and Figure 2-9 show the front view and rear view, respectively, of the Information Archive Management Console server. Figure 2-8 Information Archive Management Console - front view Figure 2-9 Information Archive Management Console - rear view Chapter 2. IBM Information Archive overview and components 17
  • 33. 2.2.4 RSM server for Information Archive The IBM Remote Support Manager (RSM) is the solution for alerting and call home support for the IBM DS4000/DS5000 family of products, including the DS4200, which is the Storage Controller used in Information Archive. The IBM Remote Support Manager is an application that is installed on an IBM System x server running Novell® SUSE® Linux Enterprise Server 10, and provides problem reporting and remote access. A special version of the RSM server to ensure compliance of the appliance is installed in Information Archive (the same version that was used in the DR550). We refer to that special version as the RSM server for Information Archive. The RSM server hardware used in Information Archive is also an IBM System x server M/T7946 (x3550 M2) as used for the Management Console, but equipped with only 2 GB of memory. For further information about monitoring and call home using the RSM server for IA, see 9.4, “RSM server for Information Archive” on page 381.2.2.5 Information Archive Storage Controller (2231-D1A) and expansion drawer (2231-D1B) The Storage Controller (2231-D1A) used in Information Archive is the IBM System Storage DS4200. Additional storage capacity is increased by adding Information Archive expansion drawers (2231-D1B). The Information Archive expansion drawer is an IBM System Storage EXP420. Each Storage Controller and expansion drawer used with the Information Archive includes eight or sixteen 1 TB or 2 TB Serial ATA (SATA) disk drives. The Information Archive base frame (2231-IA3) can consist of one Information Archive Storage Controller (2231-D1A) and up to six Information Archive expansion drawers (2231-D1B). In the expansion frame (2231-IS3) there is space for two optional storage controllers and five optional expansion drawers for each of these storage controllers (a maximum of ten expansion drawers). Each Storage Controller has two 4 GB FC ports by default that are used to attach the Information Archive cluster node servers. Another, optional, two 4 GB FC ports for remote mirroring can be included. The Information Archive Storage Controller supports online controller firmware upgrades to help provide better performance and functionality. For further information about the IBM DS4200 Storage Controller, see: http://www.ibm.com/servers/storage/disk/ds4000/ds4200/index.html References: The foregoing link is only meant for general DS4200 related documentation. For Information Archive specific software and firmware downloads, you must strictly refer to the Information Archive support web page: http://www-03.ibm.com/systems/storage/disk/archive/index.html18 IBM Information Archive: Architecture and Deployment
  • 34. The storage units are equipped with Serial Advanced Technology Attachment (SATA) diskdrives. With Information Archive, users get the advanced features of the Storage Controllerwith the cost-effective advantage of SATA disks that are well-suited for fixed content, sparinglyaccessed storage applications.Figure 2-10 shows the front view of the Information Archive Storage Controller (2231-D1A).The 2231-D1B (EXP 420) looks identical from the front except for the label on the front bezel.Figure 2-10 Information Archive Storage Controller (2231-D1A) - front viewFigure 2-11 shows the rear view of the Information Archive Storage Controller. Ctrl A 21 1 2 Ctrl B Ethernet Ports Host Side connectionsFigure 2-11 Information Archive Storage Controller (2231-D1A) - rear view Chapter 2. IBM Information Archive overview and components 19
  • 35. The 2231-D1B (EXP 420) has two hot-swappable Environmental Service Modules (ESMs), two power supplies, and two fan units that provide for sufficient redundancy and availability. The 2231-D1A and the 2231-D1B also have hot-swappable drives. The hot-swap drive bays are preinstalled in drive trays. This drive and carrier assembly, called a customer replaceable unit (CRU), includes the drive tray, SATA drive, and hard disk drive interposer card; they are installed in the 16 drive bays on the front of the unit. Each of these can be replaced as a unit. Figure 2-11 shows the rear view of Information Archive 2231-D1B. Reserved SFP interface connectors Serial Port Dv e Ch a n n e l r i Dr e Ch a n n e l v i 2 B 2 A 1 B 1 A G/s b Gb / s DC 2 4 4 4 OK 2 1 2 1 DDi I / a g OK ESM A AC AC ESM B OK DDi I / a g 1 2 1 2 DC 4 4 4 2 OK Gb / s G/s b 1 A 1 B 2 A 2 B Dv e Ch a n n e l r i Dv e Ch a n n e l r i SFP interface connectors Reserved connectors for ESM indicator lights future use Figure 2-12 Information Archive Expansion Drawer (2231-D1B) - rear view The minimum capacity in the Information Archive appliance is 8 TB of raw disk space that is built with eight (half a drawer) 1 TB disks in the Information Archive Storage Controller (2231-D1A) enclosure. The storage is configured as RAID 6, whereby a half drawer, if it is the only storage drawer, is formatted 5+2 with a global spare; Otherwise it is formatted as 5+2P and 6+2P with one or two global spares (depending on how many expansion drawers are used, there is an additional global spare defined starting with the third expansion drawer). Information Archive comes in configurations with 1 TB or 2 TB disks. When equipped with 1 TB disks, the raw capacity varies in increments of 8 TB up to 112 TB for the first collection, and from 8 TB up to 96 TB for the second and third collections. When using 2 TB disks, the capacity varies in 16 TB increments up to 224 TB for the first collection and from 16 TB up to 192 TB from the second and third collections.20 IBM Information Archive: Architecture and Deployment
  • 36. Figure 2-13 shows the location of the storage within the Information Archive appliance. 2231 IA3 2231 IS3 36 R SM S e rv e r (F C 5 6 0 1 ) M a n d a to r y 36 D 1 B D is k E xp # 2 -5 O p t io n a l 35 D 1 B D is k E xp # 1 -6 O p t io n a l 35 ( o p tio n a l) 34 ( o p tio n a l) 34 6+2P; 6 + 2 P 33 6 +2 P ; 6 +2 P 33 D 1 B D is k E xp # 1 -5 O p t io n a l 32 D 1 B D is k E xp # 1 -5 O p t io n a l 32 ( o p tio n a l) 31 ( o p tio n a l) 31 6+2P; 6 + 2 P 30 6 +2 P ; 6 +2 P 30 D 1 B D is k E xp # 2 -4 O p t io n a l 29 D 1 B D is k E xp # 1 -4 O p t io n a l 29 ( o p tio n a l) 28 ( o p tio n a l) 28 6+2P; 6 + 2 P 27 6 +2 P ; 6 +2 P 27 D 1 B D is k E xp # 1 -4 O p t io n a l 26 D 1 B D is k E xp # 1 -3 O p t io n a l 26 ( o p tio n a l) 25 ( o p tio n a l) 25 6+2P; 6 + 2 P 24 5+2P ; S ; 6+2P 24 D 1 B D is k E xp # 2 -3 O p t io n a l 23 23 ( o p tio n a l) 22 22 5 + 2 P; S ; 6 + 2 P 21 K e y b d , M o n ito r , KV M M a n d a to r y 21 D 1 B D is k E xp # 1 -3 O p t io n a l 20 T wo 24 por t B roc a de S A N 24 B 4 O p t io n a l 20 ( o p tio n a l) 19 F C s witc hes (o ption al b ut pai red ) O p t io n a l 19 5 + 2 P; S ; 6 + 2 P 18 M g m t S e rv e r ( F C 5 6 0 0 ) M a n d a to r y 18 D 1 B D is k E xp # 2 -2 O p t io n a l 17 T wo S M C 812 6L 2 26 p or t M a n d a to r y 17 ( o p tio n a l) E th er net 1 0/100 /1G S w 16 M a n d a to r y 16 6+2P; 6 + 2 P ( 46M 217 5) 15 S 2 M S e rv e r M a n d a to r y 15 D 1 B D is k E xp # 1 -2 O p t io n a l 14 14 ( o p tio n a l) 13 S 2 M S e rv e r O p t io n a l 13 6+2P; 6 + 2 P 12 (opt 1) 12 D 1 B D is k E xp # 2 -1 O p t io n a l iP D U iP DU iP D U iP D U 11 S 2 M S e rv e r O p t io n a l 11 ( o p tio n a l) 10 (o p t 2 ) 10 6+2P; 6 + 2 P 9 D 1 B D is k E xp # 1 -2 O p t io n a l 9 D 1 B D is k E xp # 1 -1 O p t io n a l 8 ( o p tio n a l) 8 ( o p tio n a l) 7 6 +2 P ; 6 +2 P 7 6+2P; 6 + 2 P 6 D 1 B D is k E xp # 1 -1 O p t io n a l 6 D 1 A D is k C tr lr # 2 O p t io n a l 5 ( o p tio n a l) 5 ( o p ti o na l ) 4 6 + 2 P; 6 5 + 2 P 4 5 + 2 P; S ; 6 + 2 P 3 D 1 A D is k C tr lr # 1 M a n d a to r y 3 D 1 A D is k C tr lr # 1 M a n d a to ry 2 2 1 5+2P ; S ; 6+2P 1 5 + 2 P; S ; 6 + 2 P 1 1 2 T B R a w (1 T B H D D s ) 1 9 2 T B R a w (1 T B H D D s ) 8 2 T B U s e r (R A ID 6 ) M a n d a to r y 1 4 0 T B U s e r (R A ID 6 ) M a n d a to ry Figure 2-13 Rack population for 2231-IA3 and 2231-IS32.2.6 Information Archive SAN switches The SAN switches used in Information Archive are IBM System Storage SAN Switch 2498-B24. They are used to interconnect the cluster nodes with the Storage Controller and optionally, Fibre Channel-based tape solutions. The SAN switches are optional, but must be installed in pairs. For Enhanced Remote Mirroring configurations (with Remote Mirroring to a secondary Information Archive), the SAN switches are required. SAN switches are also required when Information Archive is configured with three cluster nodes, or for three collections (that is three storage servers). Indeed, for those configurations, a direct connection is no longer possible. Chapter 2. IBM Information Archive overview and components 21
  • 37. Each SAN switch is a 24-port high performance auto-sensing Fibre Channel switch. With next generation switch technology, these switches are designed to provide improved availability capabilities, fully non-blocking performance, and advanced intelligence features. The Information Archive SAN Switch provides 1, 2, or 4 Gbps link speed. The port speeds can be set to any of these values or can be set to auto-negotiate the highest speed that the attaching devices support. In Information Archive, the cluster nodes and the Storage Controller ports operate at 4 Gbps. Figure 2-14 shows the SAN switch. System Status LED FC ports (24) RS-232 console FC status LEDs port USB port AC Receptacle Power indicator LED Ethernet port Figure 2-14 Information Archive SAN switch (IBM System Storage SAN Switch 2498-B24) The required Fibre Channel cabling between the cluster nodes and the storage controllers is done by manufacturing for the 2231-IA3 frame. If you ordered an optional 2231-IS3 frame with additional storage controllers, your IBM Support representative will perform the required interconnection cabling. The customer does not have to perform any reconfiguration at installation time. In addition, the zoning definitions are also done at manufacturing time. Security: Although technically possible, it is best not to share the Information Archive fabric or fabrics with other fabrics for attaching non-IA components, such as external servers or storage devices. Doing so compromises the security of the Information Archive appliance and can have implications on third-party compliance certifications.2.2.7 Information Archive Ethernet switches Information Archive has all the required internal Ethernet connections preconfigured and wired. Information Archive includes an internal Ethernet network for some connections between the cluster nodes, the storage controllers, the RSM server for IA, the management node, and the iPDUs. These connections are realized through two Ethernet switches. Those are SMC 8126 L2 26 port Ethernet switches. TCP/IP addresses: Do not change the internal TCP/IP addresses. What specific port is being used for connecting to the internal Ethernet switch is important.22 IBM Information Archive: Architecture and Deployment
  • 38. Figure 2-15 shows a picture of the Information Archive Ethernet switch. Status LEDs RJ45 ports (26) Console port SFP slots Figure 2-15 Information Archive Ethernet switch The Information Archive Ethernet switch is an intelligent layer 2 switch with 26 10/100/1000 BASE-T port. Ports 21 up to 23 are available twice (combo ports). It is possible to plug in Small Form Factor Pluggables (SFPs) to the bottom rightmost four ports, so that you can use GB Ethernet fibre for long distance. The SFP slots are shared with four of the RJ-45 ports (ports 21 to 23). If an SFP transceiver is present in a slot and has an active link, the corresponding RJ-45 port is disabled and cannot be used.2.2.8 Console kit The Information Archive console kit is an IBM 1735-3LX rack-mounted flat panel console kit and consisting of the following components: One 17.0 inch (337.92 x 270.332 mm) backlit panel technology, with a maximum resolution of 1280 x 1024 at 75 Hz One rack keyboard tray IBM keyboard with integrated pointing device One Keyboard Video Mouse (KVM) switch The KVM switch is packaged as a 1U kit and is mounted in the rack along with the other Information Archive components. The KVM switch is mounted in the same rack space, located behind the flat panel monitor. The keyboard is configured for English. An integrated mouse is included in the keyboard. The cluster nodes, the RSM server for Information Archive, and the Management Console are connected to the KVM switch, so that the monitor and keyboard can access all of the servers in the Information Archive appliance. Chapter 2. IBM Information Archive overview and components 23
  • 39. 2.3 Software components The following major software components are installed in Information Archive by manufacturing: IBM Tivoli Storage Manager IBM System Storage Archive Manager General Parallel File System (GPFS) IBM Systems Director RSM for Information Archive DS Storage Manager Client for Information Archive Important: Do not upgrade any of the software components manually or individually. In Information Archive, such an upgrade must always be done as part of the overall Information Archive software upgrade. The various software components are described in subsequent sections.2.3.1 IBM Tivoli Storage Manager IBM Tivoli Storage Manager is a client/server program that provides centralized, automated data protection and storage management solutions to customers in a multivendor computer environment. IBM Tivoli Storage Manager provides a policy-managed backup, archive, and space-management facility for file servers, workstations, applications, and application servers. The Tivoli Storage Manager in Information Archive serves two purposes: It provides tiered storage for Information Archive collections where files might be migrated and compressed to disk and tape. This is accomplished by deploying IBM Tivoli Storage Manager Hierarchical Storage Management (HSM) clients on the GPFS cluster nodes. It helps retain compatibility with IBMs previous archiving product, the IBM DR550, by using a dedicated, special version of the IBM Tivoli Storage Manager server, known as the IBM System Storage Archive Manager.2.3.2 IBM System Storage Archive Manager The IBM System Storage Archive Manager is designed to provide archive services, prevent the loss of critical data, and protect data from being erased or overwritten. The IBM System Storage Archive Manager is used to provide and manage retention (archiving) of data. It is not meant to be a backup solution. For applications that use the IBM Tivoli Storage Manager API, policy-based data management capabilities are already available. With IBM System Storage Archive Manager, you can also prevent data deletion before retention criteria are met. Content management and archive applications can use the IBM System Storage Archive Manager client API to apply business policy management for ultimate deletion of archived data at the appropriate time. Tip: IBM System Storage Archive Manager is the same software as the IBM Tivoli Storage Manager, but with the archiveretentionprotection attribute set to on.24 IBM Information Archive: Architecture and Deployment
  • 40. 2.3.3 General Parallel File System (GPFS) The General Parallel File System (GPFS) is a high performance shared-disk file management solution that provides fast, reliable access from nodes in a cluster environment. Parallel and serial applications can readily access shared files using standard UNIX® file system interfaces, and the same file can be accessed concurrently from multiple nodes. GPFS is designed to provide high availability through logging and replication, and can be configured for failover from both disk and server malfunctions. GPFS scalability and performance are able to meet the needs of data intensive applications. GPFS provides high-performance enterprise file management with the following features: Seamless capacity expansion to handle the explosive growth of digital information and improve efficiency through enterprise wide, interdepartmental information sharing High reliability/availability to eliminate production outages and provide disruption-free maintenance and capacity upgrades Performance to satisfy the most demanding applications Policy-driven automation to ease information life cycle management Extensible management and monitoring infrastructure to simplify file system administration Cost-effective disaster recovery and business continuity GPFS is used as a core Information Archive system software and runs on the Information Archive cluster node servers. The overall Information Archive solution benefits from the high performance, scalability, and robustness of the GPFS while hiding its internal complexities from the Information Archive appliance users and administrators.2.3.4 Remote Support Manager for Information Archive The IBM Remote Support Manager for Information Archive, also called RSM server for Information Archive, is an application installed on the RSM server (iarsm1) running Novell SUSE Linux Enterprise Server 10. The version used in Information Archive differs from the standard version to fulfill compliance requirements. The problem reporting feature provided by RSM for Information Archive automatically creates an entry in the IBM call management system for the 2231-IA3 with details to the 2231-D1A that reports a problem. This is the equivalent of placing a voice call to IBM Service for a problem. When problems are in the system, they are responded to with the same priority as specified by the maintenance agreement in place for the product. Management and configuration tasks are explained in “RSM server for Information Archive” on page 381.2.3.5 DS Storage Manager for Information Archive The DS Storage Manager for Information Archive software (here after referred to as DS Storage Manager) is installed on the Management Console. This special version of DS Storage Manager is used to support centralized management of the storage controllers in Information Archive. Chapter 2. IBM Information Archive overview and components 25
  • 41. Generally speaking, DS Storage Manager enables administrators to quickly configure and monitor their Information Archive Storage Controller from either a command line interface or a Java™-based graphical user interface. It is designed to enable storage administrators to customize and change settings, configure new volumes, define mappings, handle routine maintenance, and dynamically add new enclosures and capacity to existing volumes without interrupting user access to data. It is also used to configure, monitor, and maintain Enhanced Remote Mirroring. Failover drivers, performance-tuning routines, and cluster support are also standard features of the DS Storage Manager. Important: Do not upgrade the Storage Controller firmware manually. In the Information Archive appliance, such an upgrade must be done as part of the overall Information Archive software upgrade.2.3.6 IBM Systems Director The IBM Systems Director is an integrated, easy-to-use suite of tools that provide customers with flexible systems management capabilities to help realize maximum system availability and help lower IT costs. With IBM Systems Director, IT administrators can view and track the hardware configuration of remote systems in detail and monitor the usage and performance of critical components, such as processors, disks, and memory. Generally speaking, the IBM Systems Director provides the following capabilities: Unifies the essential management of IBM servers, storage, and network devices delivering a consistent look and feel for common management tasks that reduces operational complexity Integrates the IBM best-of-breed virtualization capabilities to provide new ways to simplify the management of physical and virtual platform resources Reduces energy costs and usage by monitoring and managing the energy and cooling needs of various servers and storage Easy integration with enterprise service management tools from Tivoli as well as other third-party providers.2.3.7 Integrated Solutions Console Integrated Solutions Console provides a single, common interface for system administration. It provides the main platform on which IBM and non-IBM products can build administrative user interfaces as individual plug-ins to a common console framework. Standardizing product administration functions to run on the Integrated Solutions Console platform gives them a more common look and feel and a more consistent behavior, thereby reducing the learning curve and adoption as new management components are introduced. Administrators can interact with multiple IBM and non-IBM products from a single browser-based console. Consistency across administrative interfaces Integrated Solutions Console provides a common appearance (for example, theme, layout and banner) and behavior (for example, navigation and authentication) to enable consistent user interaction for administering software products.26 IBM Information Archive: Architecture and Deployment
  • 42. A standards-based architecture Integrated Solutions Console provides a standards-based architecture for web administration. Each Integrated Solutions Console module consists of one or more web applications that have access to services within the Java 2 Enterprise Edition (J2EE) environment provided by IBM WebSphere® Application Server. The help interface is implemented using the Eclipse open standard. Console modules are developed using the Java Portlet Specification. Easy deployment of product administration consoles The Integrated Solutions Console framework provides an XML-based interface for deploying console modules to a console installation. XML descriptors provide the information needed to deploy the portlet, resources, and set up the page layout and navigation in the console. A console module can be easily removed without impact to the remaining console modules.2.4 Storage configuration This section describes the Information Archive Storage Controller and expansion drawers.2.4.1 Storage controller configuration and management The DS Storage Manager will be used to administrate storage controllers and is used for monitoring and repair. The Information Archive is shipped with a special version of the DS Storage Manager for Information Archive (SMclient) installed on the Information Archive Management Console. The SMclient has been modified to provide additional security to protect against deletion of archived data either by accident or by malicious intent, using the SMclient. Figure 2-16 shows that the delete logical drive and delete array functions, for example, are not visible in the menu because these functions have been disabled. Figure 2-16 DS Storage Manager - No delete logical drive or array function Chapter 2. IBM Information Archive overview and components 27
  • 43. There are two possibilities to start the SMclient graphical user interface: The interface can be started directly local at the Management Console. Connect the flat panel monitor to the Management Console by pressing the Print Screen key (alternatively, by pressing Ctrl twice) on the keyboard and selecting the appropriate entry from the window. Log in to Management Console as iaadmin. Then open a terminal window (xterm) and enter sudo SMclient. The other way is to start the SMclient remote. For this, you need an X-Server at your remote computer, then open an ssh client such as putty to make a connection to the Management Console as shown in Figure 2-17. Enter sudo SMclient to start the DS Storage Manager. For detailed information, also see 4.2.1, “Accessing the system” on page 95. Figure 2-17 Start of the DS Storage Manager After a few seconds, the DS Storage Manager main window (Figure 2-18) is displayed. To open the subsystem management window, left-click a subsystem in the navigation panel on the left (for example, Storage Subsystem iastorage1a), right-click, and select Manage Device from the menu (or just double-click the Storage Controller name). Figure 2-18 DS Storage Manager - Main Window28 IBM Information Archive: Architecture and Deployment
  • 44. 2.4.2 Storage configuration and partitioning for Storage Controller This section introduces common management concepts and basics associated with storage configuration using Storage Controller (2231-D1A). In parallel, we explain the preconfigured configuration used for Information Archive. Storage configuration for the Storage Controller (2231-D1A) is accomplished by means of storage arrays and logical drives. An array is a set of drives that the controller groups logically together to provide capacity for logical drives accessed by an application host or cluster. A logical drive (or volume) is a logical structure that you create on the controller. Creating arrays and logical drives is one of the most basic steps and is required before you can start using the physical disk space, that is, you divide your disk drives into arrays and create one or more logical drives inside each array. For Information Archive, those activities are done by manufacturing. Arrays and volumes: The Information Archive Machine Type 2231 Models ordered with Storage Controller (2231-D1A) come with the arrays and volumes predefined. RAID levels and array configuration Redundant Array of Independent Disks (RAID) is a method of configuring multiple disk drives in a storage subsystem for high availability or high performance, or a combination of both. These goals are sometimes mutually exclusive and are attained by technologies called striping (performance enhancer) and mirroring (redundancy and availability). There are various RAID levels that implement combinations of these technologies. For reasons of performance, fault tolerance, capacity, and storage efficiency, the Information Archive appliance is configured with RAID 6 arrays. RAID 6: The Information Archive uses only RAID 6 arrays. RAID 6, by definition, means that for each array preconfigured in the Information Archive appliance, two physical drives are reserved for parity (see Figure 2-19 and Figure 2-20). Hot-spare drive Hot-spare drives provide additional protection that might be essential in case of a disk drive fault. A hot-spare drive is similar to a standby replacement drive. The data from the failed disk drive is automatically rebuilt by the controller to the hot-spare drive, and the spare takes the place of the failed one. When the failed drive is eventually replaced with a new one, the data from the hot-spare drive is copied back to the new drive, and the hot-spare drive goes back to its role as a replacement drive. It is important to note that the DS4000® series (such as the DS4200 used in the Information Archive appliance) uses global hot-spares, meaning that they can take over for any failed drive regardless of its enclosure. For Information Archive, there is one global hot-spare defined in the first array of each storage controller, and the first array of any additional third expansion drawer. Upgrades: At the time of writing, there is no possibility for field capacity upgrades. Any specific capacity configuration must be ordered as such from manufacturing. Chapter 2. IBM Information Archive overview and components 29
  • 45. Figure 2-19 shows the possible 1 TB disk configurations in Information Archive (remember that each collection, with a maximum of three, must have its dedicated storage controller). Mixing 1 TB and 2 TB drives within one enclosure is not supported. If you have any 2 TB drives in your system, you can only add 2 TB drives in the future. First Collection Second and third collection Disks Usable capacity Disks Usable capacity D1A w 8 drives 8 4 8 5 D1A w 16 drives 16 10 16 11 D1B #1 w 8 drives 24 16 24 17 D1B #1 w 16 drives 32 22 32 23 D1B #2 w 8 drives 40 28 40 29 D1B #2 w 16 drives 48 34 48 35 D1B #3 w 8 drives 56 39 56 40 D1B #3 w 16 drives 64 45 64 46 D1B #4 w 8 drives 72 51 72 52 D1B #4 w 16 drives 80 57 80 58 D1B #5 w 8 drives 88 63 88 64 D1B #5 w 16 drives 96 69 96 70 TB D1B #6 w 8 drives 104 75 1 © 2009 IBM Corporation D1B #6 w 16 drives 112 81 TB Figure 2-19 Disk calculation with 1 TB disks Figure 2-20 shows the possible disk configuration and capacities with 2 TB disks. First Collection Second and third collection Disks Usable capacity Disks Usable capacity D1A w 8 drives 16 9 16 10 D1A w 16 drives 32 21 32 22 D1B #1 w 8 drives 48 33 48 34 D1B #1 w 16 drives 64 35 64 46 D1B #2 w 8 drives 80 57 80 58 D1B #2 w 16 drives 96 69 96 70 D1B #3 w 8 drives 112 79 112 80 D1B #3 w 16 drives 128 91 128 92 D1B #4 w 8 drives 144 103 144 104 D1B #4 w 16 drives 160 115 160 116 D1B #5 w 8 drives 176 127 176 128 D1B #5 w 16 drives 192 139 192 140 TB D1B #6 w 8 drives 208 151 1 D1B #6 w 16 drives 224 163 TB © 2009 IBM Corporation Figure 2-20 Disk calculation with 2 TB disks30 IBM Information Archive: Architecture and Deployment
  • 46. Volume mapping As you can see from the DS Storage Manager for Information Archive mappings view in Figure 2-21, all volumes (LUNs) are mapped to the host group iagroup. This means that all logical drives created on the arrays are available to all cluster nodes attached to the Storage Controller (2231-D1A). The LUN utilfs is used to store the configuration and log data. The LUNs iadata 85_1 and iadata 85_2 are used for (user) archive data, and are configured as a GPFS file system. Depending on your configuration (number of storage servers and expansion, there can be additional iadata_85_x LUNs). The LUN iarecovery (30 MB) is used to bootstrap GPFS in a Disaster Recovery / Enhanced Remote Mirroring configuration. Figure 2-21 DS Storage Manager - volume mapping Preferred path: The Storage Controller (2231-D1A) has two disk controllers (A and B) for redundancy. All logical drives created on the Information Archive Storage Controller are accessible from either of the two controllers, as installed. Each FC HBA has one or more paths to Controller A of the Information Archive Storage Controller. Similarly, the other FC HBA has one or more paths to Controller B. In case of a path failure, meaning either a FC HBA failure, switch failure, SFP, fiber link failure, or even a Storage Controller failure, the logical drives are accessible on the remaining paths. For performance reasons, the preferred paths are distributed between the controllers automatically.2.4.3 Enhanced Remote Mirroring The Enhanced Remote Mirroring option is available as a feature of Information Archive. This option is used for online, real-time replication of data between data retention subsystems at various locations. In the event of a disaster or an unrecoverable error at one data retention subsystem, you can promote the second data retention subsystem to take over responsibility for normal I/O operations. See Chapter 12, “Enhanced Remote Mirroring” on page 461 for details.2.5 Cabling / SAN zoning / TCP/IP addressing When ordering an Information Archive, components in the rack are already wired (internal Ethernet and SAN fabric, power connections, and so on). SAN zoning, TCP/IP addresses, net masks, and other network parameters are also preconfigured in manufacturing. Chapter 2. IBM Information Archive overview and components 31
  • 47. The settings and cabling done by manufacturing depend on the exact configuration ordered (storage capacity, number of cluster nodes, optional SAN switches, Enhanced Remote Mirroring, and so on). The following sections show the most typical configurations. Important: Cabling diagrams are shown here for information only. Customers must not change any of the cabling or other settings done by manufacturing.2.5.1 KVM cabling The KVM switch allows you to access directly various Information Archive components (while being physically located at the Information Archive appliance). It allows you to attach the keyboard, mouse, and monitor to the Management Console and any of the cluster nodes or the RSM server. The cabling for a 3-node cluster is depicted in Figure 2-22. Slot 1 1 Slot 2 2 1 RSM SM E3 E4 E1 E2 Video Serial U1 U2 P P Server KVM Switch S S VID 1 3 5 7 ARI (to P W= U1 2 4 6 8 Servers) CF K M M ACI U2 Slot 1 1 Slot 2 2 1 Management SM E3 E4 E1 E2 Video Serial U1 U2 P P Console Slot 1 2 1 Slot 3 2 1 Slot 2 2 1 Slot 4 2 1 Cluster Node P P #1 SM E3 E4 E1 E2 Video Serial U1 U2 Slot 1 2 1 Slot 3 2 1 Cluster Node Slot 2 2 1 Slot 4 2 1 #2 P P SM E3 E4 E1 E2 Video Serial U1 U2 Slot 1 2 1 Slot 3 2 1 Cluster Node Slot 2 2 1 Slot 4 2 1 #3 P P SM E3 E4 E1 E2 Video Serial U1 U2 Figure 2-22 IBM 2231-IA3 - cabling the KVM switch with cluster nodes32 IBM Information Archive: Architecture and Deployment
  • 48. 2.5.2 SAN cabling The Information Archive appliance includes two SAN switches or none. The SAN switches allow an internal SAN fabric interconnecting the Information Archive cluster nodes to the Information Archive storage controllers (up to three). The SAN switches also provide connectivity for Remote Mirroring (DR configuration) and external tape attachment (for backup or archive migration from disk). System diagrams Figure 2-23 shows the cabling from the cluster nodes to the SAN switches. SAN Cabling - IA Cluster Nodes to Disk Mgmt Eth SAN Switch # 2 Mgmt Eth SAN Switch # 1 Slot 1 2 1 Slot 3 2 1 Cluster Node #1 Slot 2 2 1 Slot 4 2 1 P P SM E3 E4 E1 E2 Video Serial U1 U2 Slot 1 2 1 Slot 3 2 1 Cluster Node #2 Slot 2 2 1 Slot 4 2 1 P P SM E3 E4 E1 E2 Video Serial U1 U2 Slot 1 2 1 Slot 3 2 1 Cluster Node #3 Slot 2 2 1 Slot 4 2 1 P P SM E3 E4 E1 E2 Video Serial U1 U2 Figure 2-23 Cabling from the cluster nodes to the SAN switches for disk Chapter 2. IBM Information Archive overview and components 33
  • 49. Port 1 from the FC HBA in slot 2 of each cluster node is connected to SAN switch #2, while port 1 from the second FC HBA in slot 3 of each cluster node is connected to SAN switch #1. This provides a redundant path to the storage controllers from any single cluster node. Figure 2-24 shows the cabling from the SAN switches to the disk controllers. As previously mentioned, all the cabling is done by manufacturing. SAN Cabling - Disk Side Mgmt Eth SAN Switch # 2 Mgmt Eth SAN Switch # 1 2 1 2 1 CtrlB CtrlA 1 2 DS4200 #2 1 2 2 1 2 1 2 1 2 1 CtrlB CtrlB CtrlA CtrlA 1 2 1 2 DS4200 #1 1 2 DS4200 #1 1 2 IA3 Rack IS3 Rack Figure 2-24 Cabling from the SAN switches to the storage controller Figure 2-25 shows FC cabling for tape, between cluster nodes and SAN switches. Port 2 from the FC HBA in slot 2 of each cluster node is connected to SAN switch #2, while port 2 from the second FC HBA in slot 3 of each cluster node is connected to SAN switch #1. This provides a redundant path to optional tape devices from any single cluster node Note that for tape, cabling to switch is NOT mandatory. Direct connection to customer tape or external switch is permitted.34 IBM Information Archive: Architecture and Deployment
  • 50. SAN Cabling - IA Cluster Nodes to Tape Mgmt Eth SAN Switch # 2 Mgmt Eth SAN Switch # 1 Slot 1 2 1 Slot 3 2 1 Cluster Node #1 Slot 2 2 1 Slot 4 2 1 P P SM E3 E4 E1 E2 Video Serial U1 U2 Slot 1 2 1 Slot 3 2 1 Cluster Node #2 Slot 2 2 1 Slot 4 2 1 P P SM E3 E4 E1 E2 Video Serial U1 U2 Slot 1 2 1 Slot 3 2 1 Cluster Node #3 Slot 2 2 1 Slot 4 2 1 P P SM E3 E4 E1 E2 Video Serial U1 U2Figure 2-25 FC cabling for tapeFigure 2-26 shows SAN ports reserved on the switches for attachment of tape devices, or fora DR configuration (Enhanced Remote Mirroring). S witch ports 12: to rem ote mirror s witch ports 1 2 S witch ports 9 and 1 1: to ex terna l ta pe drives & libra ries X3 X5 S w# 2 IA3 E IA 20 X1 X4 X6 S w #1 IA3 EI A 19 X2Figure 2-26 IBM 2231-IA3 SAN switch external cabling Chapter 2. IBM Information Archive overview and components 35
  • 51. For more information, see Chapter 10, “Tape attachment with IBM Information Archive” on page 403. Zoning Zoning for the SAN switches in Information Archive is preconfigured as shown in Figure 2-27 for the server to disk configurations. Fibre Switch Zones FC Switch# FC Switch# [=Domain#] Device Port [=Domain#] Zone Name Server Port (cable) (port#) (cable) (port#) Use Switch Zone Ports IA3 D1A#1 Left H1 (C1) Sw #2 (port 4) IS3 D1A#1 Left H1 Server HBA to S1L S2M#1 port 1 slot 2 (S1) Sw #2 (port 0) Sw #2 (port 5) Disk Storage Ports 0, 4, 5, 6 Sw#2 (C3) IS3 D1A#2 Left H1 Sw #2 (port 6) (C5) IA3 D1A#1 Right H1 Sw #1 (port 4) (C2) IS3 D1A#1 Right H1 Server HBA to S1R S2M#1 port 1 slot 3 (S2) Sw #1 (port 0) Sw #1 (port 5) Ports 0, 4, 5, 6 Sw#1 (C4) Disk Storage IS3 D1A#2 Right H1 Sw #1 (port 6) (C6) IA3 D1A#1 Left H1 Sw #2 (port 4) (C1) IS3 D1A#1 Left H1 Server HBA to S2L S2M#2 port 1 slot 2 (S3) Sw #2 (port 1) (C3) Sw #2 (port 5) Disk Storage Ports 1, 4, 5, 6 Sw#2 IS3 D1A#2 Left H1 Sw #2 (port 6) (C5) IA3 D1A#1 Right H1 Sw #1 (port 4) (C2) IS3 D1A#1 Right H1 Server HBA to S2R S2M#2 port 1 slot 3 (S4) Sw #1 (port 1) (C4) Sw #1 (port 5) Disk Storage Ports 1, 4, 5, 6 Sw#1 IS3 D1A#2 Right H1 Sw #1 (port 6) (C6) IA3 D1A#1 Left H1 Sw #2 (port 4) (C1) IS3 D1A#1 Left H1 Server HBA to S3L S2M#3 port 1 slot 2 (S5 Sw #2 (port 2) (C3) Sw #2 (port 5) Disk Storage Ports 2, 4, 5, 6 Sw#2 IS3 D1A#2 Left H1 (C5) Sw #2 (port 6) IA3 D1A#1 Right H1 Sw #1 (port 4) (C2) IS3 D1A#1 Right H1 Server HBA to S3R S2M#3 port 1 slot 3 (S6) Sw #1 (port 2) Sw #1 (port 5) Disk Storage Ports 2, 4, 5, 6 Sw#1 (C4) IS3 D1A#2 Right H1 Sw #1 (port 6) (C6) Figure 2-27 SAN switch zones - server to disk36 IBM Information Archive: Architecture and Deployment
  • 52. 2.5.3 Ethernet connectivity All of the Information Archive components are connected over an internal, private Ethernet network. This IP network is used for management of the cluster nodes, RSM server, Management Console, storage controllers, switches, and power. Figure 2-28 shows the internal Ethernet network connecting the Information Archive cluster nodes, RSM server, and Management Console to the internal Ethernet switches. Slot 1 1 Slot 2 2 1 SM E3 E4 E1 E2 Video Serial U1 U2 P P Slot 1 1 Slot 2 2 1 SM E3 E4 E1 E2 Video Serial U1 U2 P P Ethernet Ports: 10/100/1000 RJ45 Ethernet 1 3 5 7 9 11 13 15 17 19 21 23 25 26 Console Switch # 2 2 4 6 8 10 12 14 16 18 20 22 24 21 22 23 24 Ethernet Ports: 10/100/1000 RJ45 Ethernet 1 3 5 7 9 11 13 15 17 19 21 23 25 26 Console Switch # 1 2 4 6 8 10 12 14 16 18 20 22 24 21 22 23 24 Slot 1 2 1 Slot 3 2 1 Cluster Node #1 Slot 2 2 1 Slot 4 2 1 P P SM E3 E4 E1 E2 Video Serial U1 U2 Slot 1 2 1 Slot 3 2 1 Cluster Node #2 Slot 2 2 1 Slot 4 2 1 P P SM E3 E4 E1 E2 Video Serial U1 U2 Slot 1 2 1 Slot 3 2 1 Cluster Node #3 Slot 2 2 1 Slot 4 2 1 P P SM E3 E4 E1 E2 Video Serial U1 U2 Figure 2-28 Ethernet connectivity - 3 node cluster, RSM server, and Management Console Chapter 2. IBM Information Archive overview and components 37
  • 53. The Ethernet connections to each of the storage controllers (Ctrl A and Ctrl B) are depicted in Figure 2-29 for an Information Archive configuration with three storage controllers (one in the base frame, the other two in the expansion frame. Ethernet Cabling - Storage controllers Ethernet Ports: 10/100/1000 RJ45 Ethernet 1 3 5 7 9 11 13 15 17 19 21 23 25 26 Console Switch # 2 2 4 6 8 10 12 14 16 18 20 22 24 21 22 23 24 Ethernet Ports: 10/100/1000 RJ45 Ethernet 1 3 5 7 9 11 13 15 17 19 21 23 25 26 Console Switch # 1 2 4 6 8 10 12 14 16 18 20 22 24 21 22 23 24 2 1 2 1 CtrlB CtrlA 1 2 DS4200 #2 1 2 2 1 2 1 2 1 2 1 CtrlB CtrlB CtrlA CtrlA 1 2 1 2 DS4200 #1 1 2 DS4200 #1 1 2 IA3 Rack IS3 Rack Figure 2-29 Ethernet connectivity to storage controllers38 IBM Information Archive: Architecture and Deployment
  • 54. The internal Ethernet network is also use for power control of the various components. Theconnections as well as the ports used on the internal Ethernet switches are shown inFigure 2-30. Slot 1 1 Slot 2 2 1 SM E3 E4 E1 E2 Video Serial U1 U2 P P Slot 1 1 Slot 2 2 1 SM E3 E4 E1 E2 Video Serial U1 U2 P P Ethernet Ports: 10/100/1000 RJ45 Ethernet 1 3 5 7 9 11 13 15 17 19 21 23 25 26 Console Switch # 2 2 4 6 8 10 12 14 16 18 20 22 24 21 22 23 24 Ethernet Ports: 10/100/1000 RJ45 Ethernet 1 3 5 7 9 11 13 15 17 19 21 23 25 26 Console Switch # 1 2 4 6 8 10 12 14 16 18 20 22 24 21 22 23 24 Slot 1 2 1 Slot 3 2 1 Cluster Node #1 Slot 2 2 1 Slot 4 2 1 P P SM E3 E4 E1 E2 Video Serial U1 U2 Slot 1 2 1 Slot 3 2 1 Cluster Node #2 Slot 2 2 1 Slot 4 2 1 P P SM E3 E4 E1 E2 Video Serial U1 U2 Slot 1 2 1 Slot 3 2 1 Cluster Node #3 Slot 2 2 1 Slot 4 2 1 P P SM E3 E4 E1 E2 Video Serial U1 U2Figure 2-30 Ethernet network for components power control (iPDUs not shown) Chapter 2. IBM Information Archive overview and components 39
  • 55. Adapters used for Ethernet connectivity to the external network for archiving applications to communicate with the cluster nodes, or for remote Information Archive administration (RSM server and Management Console) are depicted in Figure 2-31. External Ethernet – Administration and Data Ez3 (Fiber) Ez4 (Fiber) 2 1 1 Slot 1 Slot 2 P P U1 U2 SM E3 E4 E1 E2 RSM server RSA Video Serial Ey3 (copper) Ey4 (copper) Ez1 (Fiber) Ez2 (Fiber) 2 1 2 1 Slot 1 Slot 2 P P Management SM E3 E4 E1 E2 U1 U2 RSA Serial Console Video Ey1 (copper) Ey2 (copper) Ew1 (Fiber) Ew2 (Fiber) Slot 1 2 1 Slot 3 2 1 Slot 2 2 1 Slot 4 2 1 SM E3 E4 E1 E2 U1 U2 P P IA Node Video Serial Ex1 Ex2 Figure 2-31 External Ethernet – Administration and Data You have a choice between copper connection or fiber connection, as indicated: If you need fiber attachment, you must order a separate “Host Fibre Ethernet Adapter,” which is an optional feature. Such an adapter is required for all cluster nodes, the management node, and the RSM server. If you want to use copper-based cables, with the RJ45 interface, the onboard Ethernet connectors of the servers will be used and no additional hardware is required. The customer must provide the Ethernet cables required to connect the appliance to their network. You can use standard 10/100/1000 copper Ethernet cables (Cat 5e or higher) or fiber Ethernet cables. The number of cables required depends on the number of cluster node servers in the appliance: One cluster node server: six cables Two cluster node servers: eight cables Three cluster node servers: ten cables Additional network cables are required to configure the remote replication feature and to connect an optional storage-expansion rack, or tape library.40 IBM Information Archive: Architecture and Deployment
  • 56. 2.5.4 TCP/IP addresses assigned The Information Archive appliance uses a range of public TCP/IP addresses to communicate with the archive client applications and web browsers. The appliance also uses a second pool of private TCP/IP addresses to communicate among its internal components such as cluster nodes and storage hardware. The number of public TCP/IP addresses that the appliance reserves is based on the configuration of the appliance. The following hardware options affect the number of TCP/IP addresses: The number of cluster nodes The number of storage controllers The number of File Archive Collections The number of System Storage Archive Manager collections Using a Disaster Recovery (Enhanced Remote Mirroring-based) configuration The public TCP/IP addresses that the appliance uses are created and configured during the Initial Configuration Wizard (ICW). After running the Initial Configuration Wizard, you can change the IP addresses at any time in the appliance. See 3.5.2, “Running the Initial Configuration Wizard (ICW)” on page 58. Attention: The private network that Information Archive uses cannot be customized. It always uses the TCP/IP range of 172.31.0.1 to 172.31.7.255 (172.30.0.1 for secondary) with a subnet mask of 255.255.248.0. These TCP/IP addresses are reserved for internal appliance communications among the components. Table 2-1 summarizes the various IP addresses assigned to the Information Archive components. Table 2-1 IP addresses assigned to Information Archive components Primary Secondary Description 172.31.3.1 172.30.3.1 iarsm1 172.31.3.2 172.30.3.2 iaconsole1 172.31.1.1 172.30.1.1 ianode1 172.31.1.2 172.30.1.2 ianode 2 172.31.1.3 172.30.1.3 ianode 3 172.31.1.N 172.30.1.N ianodeN 172.31.0.100 172.30.0.100 disk_ctrl_1_a 172.31.0.101 172.30.0.101 disk_ctrl_1_b 172.31.0.102 172.30.0.102 disk_ctrl_2_a 172.31.0.103 172.30.0.103 disk_ctrl_2_b 172.31.0.104 172.30.0.104 disk_ctrl_3_a 172.31.0.105 172.30.0.105 disk_ctrl_3_b 172.31.0.30 172.30.0.30 SAN switch 1 172.31.0.31 172.30.0.31 SAN switch 2 172.31.0.40 172.30.0.40 Ethernet Switch 1 Chapter 2. IBM Information Archive overview and components 41
  • 57. Primary Secondary Description 172.31.0.41 172.30.0.41 Ethernet Switch 2 172.31.0.50 172.30.0.50 IPDU Frame 1left 172.31.0.51 172.30.0.51 IPDU Frame 1 right 172.31.0.52 172.30.0.52 IPDU Frame 2 left 172.31.0.53 172.30.0.53 IPDU Frame 2 right 172.31.3.101 172.30.3.101 IMM-iarsm1 172.31.3.102 172.30.3.102 IMM-iamconsole1 172.31.1.102 172.30.1.102 IMM-ianode1 172.31.1.103 172.30.1.103 IMM-ianode2 172.31.1.104 172.30.1.104 IMM-ianode3 172.31.1.10N 172.30.1.10N IMM-ianodeN 10.0.0.100 10.0.0.200 tcp/ip addresses on MCs for ERM ssh tunnel42 IBM Information Archive: Architecture and Deployment
  • 58. 3 Chapter 3. Planning and installation In this chapter we provide planning and installation information for the IBM Information Archive (Information Archive). This information can help you determine which Information Archive hardware configuration is needed to meet your business requirements. We also discuss various planning aspects and Information Archive configuration settings that you need to prepare for. Those settings must be defined ahead of time when filling out the configuration worksheet required during the initial configuration. Finally, we explain the hardware installation steps and the initial configuration tasks.© Copyright IBM Corp. 2010. All rights reserved. 43
  • 59. 3.1 Determining how many collections you need It is possible to define up to three collections for one Information Archive (which, as we have seen, presumes at least an Information Archive appliance equipped with as many storage controllers as the number of collections required). Use the information in this section to determine if you need to create more than one collection to meet your business needs. The Information Archive supports two archive collection types: File Archive Collection: Create a File Archive Collection to archive and retrieve documents using the Network File System (NFS) protocol. Documents can also be retrieved using the Hypertext Transfer Protocol (HTTP). System Storage Archive Manager Collection: Create a System Storage Archive Manager Collection to transfer files using IBM Tivoli Storage Manager archive clients or API clients. You can configure any combination of those collection types in Information Archive. This means that it is possible to configure three System Storage Archive Manager Collections, or two System Storage Archive Manager Collections and one File Archive Collection, and so on. Details about collections can be found in Chapter 5, “System Storage Archive Manager Collections” on page 115 and Chapter 6, “File Archive Collections” on page 167. For practical examples, also see Chapter 8, “Integrating IBM Information Archive with archiving applications” on page 261. If your archiving needs meet any of the following conditions, you might need to define a second or even a third collection: If you want to have a System Storage Archive Manager Collection in addition to a File Archive Collection, then you must define a second collection. Each collection represents one collection type. If the volume of data that you need to archive is larger than the storage capacity available on one storage controller, you must define a second collection (which also requires another storage controller). For details about usable capacity, see Figure 2-19 and Figure 2-20 on page 30. If you require other collection-wide settings such as auto-commit on or off, you need a second collection or third collection.3.2 Hardware configuration planning The Information Archive consists of the following hardware components: 2231-IA3 Base frame (default): The base frame holds the following components: – 2231-S2M cluster nodes (one minimum, three maximum) – 2231-D1A Disk controller (one) – 2231-D1B Disk expansion drawer (zero to six) – Management Console (default) – RSM server (default) – SAN switches (optional two) – Ethernet switches (default two)44 IBM Information Archive: Architecture and Deployment
  • 60. 2231-IS3 Expansion frame (optional): The expansion frame holds the following components: – 2231-D1A Disk controller (one or two) – 2231-D1B Disk expansion drawer (zero to ten) The 2231-IS3 expansion frame is required if you want to have more than one document collection in your IA. The number of collections required also impacts the number of cluster nodes and storage controllers required. For more information about hardware components, see Chapter 2, “IBM Information Archive overview and components” on page 9 At the time of writing, field upgrades are not possible for an Information Archive appliance that is already deployed. Contact your IBM sales representative for the latest information.3.2.1 Planning for Information Archive cluster nodes Use the following guidance to determine the number of cluster nodes and amount of memory required. Number of cluster nodes You can have up to three 2231 S2M cluster nodes in your Information Archive appliance. The minimum configuration is one cluster node. The amount of required cluster nodes depends on the number of document collections required. At a minimum, you must have the same number of cluster nodes as document collections. You can also have more cluster nodes than document collections for high availability configurations (a failing node can failover to another working node). These are possible configurations: One collection  One, two, or three cluster nodes Two collections Two or three cluster nodes Three collections Three cluster nodes All cluster nodes are installed in the Information Archive base frame (2231-IA3). Cluster node memory All cluster nodes have a default memory configuration of 24 GB. If you expect a high workload on your Information Archive appliance, you can expand the main storage to up to 64 GB per cluster node (memory expansion feature #4200). Important: Each of the cluster nodes in one Information Archive appliance must have the same amount of memory installed.3.2.2 Disk storage and capacity planning A collection is a logical object that manages archived data, and each collection is represented by a file system that requires its own 2231-D1A disk controller. The 2231-D1A disk controller and the optional expansion drawers provide the storage for the collection file system. Chapter 3. Planning and installation 45
  • 61. Disk storage The minimum storage configuration for a collection consists of a 2231-D1A storage controller that contains eight disk drives. A pack of eight disk drives can be added to the 2231-D1A controller for a total of 16 disk drives. You can add additional disk drives to the collection in eight drive packs. However, for every 16 drives added to the configuration, you must add a 2231-D1B expansion drawer, which, like a controller, can be half-populated with eight disk drives or fully filled with 16 disk drives. You can add multiple expansion drawers to the controller for a maximum of six 2231-D1B expansion drawers in a IA3 frame, or a maximum of five expansion drawers for each storage controller installed in an 2231-IS3 frame. See 2.4, “Storage configuration” on page 27 for details. The base 2231-IA3 appliance frame supports only one storage controller and therefore only one collection. An expansion frame (2233-IS3) must be attached to the base frame to support two more collections. The expansion frame can host a maximum of two storage controllers (fully or half populated) and a maximum of 10 expansion drawers. The expansion drawers must be evenly distributed between the two controllers allowing for a maximum of five expansion drawers per collection. Each of the expansion drawers can also be half-populated (8 disks) or fully populated (16 disks). Capacity planning Determine space requirements for your collection(s). You can find valuable information to calculate the required space in the section, “Estimating space requirements” in the IBM Archive Introduction and Planning Guide, SC27-2324. Tip: Carefully consider your future storage requirements when ordering an Information Archive appliance. If you need to modify the configuration later, it might be necessary to shut down the appliance while the change is being made. For example, the appliance must be taken offline to upgrade hardware components, add storage, or to enable support for some optional features. The disks operate in a Redundant Array of Independent Disks, RAID 6 configuration to maintain data integrity even in the event of a disk failure. A RAID 6 array can recover from single and dual disk drive failures. Because of the RAID 6 configuration, two of every eight drives are reserved for parity. Also a spare drive is set aside in the first and seventh of eight drives. Therefore, the usable capacity is reduced by the space which is required for parity disks and hot spare disks. The remaining usable capacity can vary from 50% up to 70% of the physical capacity, depending on the hardware configuration. For details, and a comparison between raw and usable capacity, see Figure 2-19 and Figure 2-20 on page 30. The Information Archive V1.1 was delivered with 1 TB disk drives. With Information Archive V1.2, the disk subsystems are equipped with 2 TB disk drives by default. A collection with 2 TB disk drives cannot be expanded with 1 TB disk drives.46 IBM Information Archive: Architecture and Deployment
  • 62. 3.2.3 Planning the network connection type Information Archive can be connected to copper or fibre cable-based Ethernet network switches. If you need fibre attachment, you must order a separate “Host Fibre Ethernet Adapter”, which is an optional feature. Such an adapter is required for all cluster nodes, the management node, and the RSM server. If you want to use copper-based cables, with the RJ45 interface, the onboard Ethernet connectors of the servers will be used and no additional hardware is required.3.2.4 Planning tape attachment In this section we provide an overview of tape attachment capabilities for Information Archive. For tape attachment details, see Chapter 10, “Tape attachment with IBM Information Archive” on page 403. Why we use tapes Depending on the nature of the data or documents archived, it is usually desirable, and often required to be able to restore the data, in case it is damaged by corruption or disaster. To be prepared for such situations, you need a copy or a backup of the data, kept at a separate location. The backup of archived documents to tape has the following advantages: You can schedule a periodic backup of all archived documents You can transport and store backup media at off-site locations You can keep multiple generations of the IBM Tivoli Storage Manager/System Storage Archive Manager database In addition, tapes can also be used to extend the storage capacity of your Information Archive appliance, by migrating documents from disk to tape overtime. Important: It is highly desirable to have a tape copy or a backup of all archived documents. Even if you plan to use the Enhanced Remote Mirroring feature, it is a safe practice to use tape devices to back up the archived data. Collection capabilities to use tape drives System Storage Archive Manager Collections and document collections have various capabilities in using tape drives. Table 3-1 outlines the major differences. Table 3-1 Tape drive usage capabilities Use tape drives for: File Archive Collection System Storage Archive Manager Collection Backing up archived data No Yes Migrating documents to tape to extend Yes Yes storage capacity Creating an off-site copy of data No Yes Attention: You cannot use tape drives to back up file document collections. The only supported method to back up objects in File Archive Collections is to use an external IBM Tivoli Storage Manager server. Chapter 3. Planning and installation 47
  • 63. Supported tape drives and libraries Information Archive supports the same Fibre Channel tape devices as the Linux Tivoli Storage Manager server except for StorageTek ACSLS and IBM 3494, because those libraries are not Fibre Channel and require additional software and configuration. Tape attachment methods There are multiple ways to attach tape devices to the appliance. The method that you use depends on the number of tape devices you are attaching, how the devices are shared among the collections, and the configuration of your network. Select the attachment method that fits into your environment to determine which features are needed to use tape and library attachment. Consider the following options for more information about the requirements: Direct attach: In this configuration, a tape device is attached directly to the tape ports of the appliance cluster nodes. Each cluster node has two ports for tape attachment. Tape drives cannot be shared with other nodes. Internal switch attach: In this configuration, you connect all of the cluster nodes to the appliance Fibre Channel switches and then connect the tape devices to the Fibre Channel switches. To use this method, you must order and install feature code 1906 (Fibre Channel switch kit) and feature code 4520 (activate 8 ports on both Fibre Channel switches). Each SAN switch has two FC ports reserved for tape, so the maximum number of tape devices that you can connect to the appliance is four. External switch attach: In this configuration, you connect the cluster nodes to a customer-supplied external Fibre Channel switch. Tip: Use the internal switch attachment method if you do not need to use more than four tape devices. Tape zoning: In an Enhanced Remote Mirroring configuration, Information Archive provides predefined tape zoning between primary and secondary sites. These zones enable the usage of tape drives across the sites. WORM protected tapes Use WORM protected tapes for your archived data to meet certain compliance requirements. It is allowed to use RW tapes for IBM Tivoli Storage Manager/System Storage Archive Manager database backups. Tape encryption Consider your security requirements for data copied or moved to tape. If tapes will be moved to off-site locations, use encrypted tapes for security and compliance. This requires tape drive hardware that is encryption capable. For details about tape attachment and other tape related information, see Chapter 10, “Tape attachment with IBM Information Archive” on page 403.48 IBM Information Archive: Architecture and Deployment
  • 64. 3.2.5 High availability with additional cluster nodes You can enhance Information Archive availability by adding additional cluster nodes. In a single cluster node configuration with only one collection, you are not protected against hardware errors at the cluster node, and the collection might go offline in such a case. If you want to reduce this potential risk, you can configure a second cluster node. This node will act as a standby node and automatically take over the document collection in case of a hardware error on the primary cluster node. Nodes needed: In a three node cluster configuration, you need at minimum two nodes up and running to satisfy the quorum and keep access to all data. In a two node cluster configuration, only one node is required to keep access to all data.3.2.6 Planning Enhanced Remote Mirroring configuration For Information Archive, the optional Enhanced Remote Mirroring feature synchronizes the Information Archive appliance with a second Information Archive appliance that can assume the I/O responsibility if the primary appliance becomes unavailable. The secondary appliance contains a copy of all the files that were archived on the primary appliance so that all files remain accessible during the outage. Enabling the feature reduces the chances of data loss and system down time. Figure 3-1 depicts the Enhanced Remote Mirroring configuration. Figure 3-1 Enhanced Remote Mirroring overview Remote replication is enabled by purchasing the Enhanced Remote Mirroring feature key. The feature must be installed on each of the 2231-D1A storage subsystem in the appliance. Chapter 3. Planning and installation 49
  • 65. Therefore, if one storage subsystem is mirrored, all of the other storage subsystems in the Information Archive appliance must be mirrored too. If you order this optional upgrade, several additional components are included in both the primary and secondary appliances. These components include shortwave or longwave SFP transceivers in the SAN switches and additional Fibre Channel cables. You must determine which SFP type (SW or LW) is required in your environment. You have to purchase the Enhanced Remote Mirroring enablement for the disk subsystems and the Ports on Demand feature to enable eight additional ports in the Fibre Channel switch. Hardware: The hardware, including disk subsystems and cluster nodes for the primary and secondary appliance, must be configured identically.3.3 Integration planning This section discusses planning topics that pertain to the integration and deployment of Information Archive in a customer environment.3.3.1 Before creating any collection The Information Archive supports a maximum of three collections, depending on the number of disk controllers in the appliance. Protection: A collection’s document protection settings might prevent you from making changes after it has been created. Therefore, it is important to determine your collection requirements before creating any collection. Keep these considerations in mind before creating any collection on the Information Archive appliance: The type of collection: As previously explained, there are two types of collections (File Archive Collections or System Storage Archive Manager Collections) supported by Information Archive. The type must be specified when you create the collection. A collection cannot be converted from one type to another. Migrating from a DR550 System Storage Archive Manager archive: Create a System Storage Archive Manager Collection to transfer files using IBM Tivoli Storage Manager archive clients or API clients into Information Archive. Important: If you are migrating files from an existing IBM System Storage DR550 to Information Archive, do not create a System Storage Archive Manager Collection until you are directed to do so by the IBM service team that will perform the migration (see Chapter 13, “DR550 migration” on page 489 for more details).3.3.2 Document protection levels When you create a File Archive Collection, you must select a document protection level. The document protection level determines whether documents stored in the collection can be deleted before the end of their retention period and whether document retention periods can50 IBM Information Archive: Architecture and Deployment
  • 66. be reduced. Select a document protection level that is appropriate for your regulatory compliance and legal discovery requirements. The level of protection affects all documents and policies that are contained within the collection. The protection levels are as follows: Base: You can delete documents before their retention period has expired and you can change the document retention period at any time. Intermediate: Documents cannot be deleted until after their retention period has expired, but you can change the document retention period. Maximum: You cannot delete documents until after their retention period has expired and the document retention period cannot be reduced. Maximum protection: All System Storage Archive Manager Collections use the maximum level of document protection. You cannot select another document protection level for those collections.3.3.3 System Storage Archive Manager Collections Be sure to review this section if you plan to use applications that depend on System Storage Archive Manager Collections. API client Information Archive Version 1.2 supports the use of IBM Tivoli Storage Manager API client versions 5.5 and 6.1. Requirements for data retention Information Archive gives you a wide range of options to define the retention criteria and retention period. Consider the data retention requirements for the various application servers and type of data that you will archive in your environment. This will facilitate the definition of the System Storage Archive Manager policies. See “System Storage Archive Manager policy concepts” on page 130 for more information about retention policies. Security In order to make the archived data more secure, the System Storage Archive Manager API client implements an encryption function, which allows you to encrypt data before it is sent to the Information Archive System Storage Archive Manager Collection. Consider this option if your security rules require an encrypted data transfer between clients and Information Archive. You can find more information about System Storage Archive Manager encryption in 5.3.8, “Encryption” on page 139.3.3.4 Enhanced Tamper Protection The Enhanced Tamper Protection feature prevents root access to servers in the Information Archive appliance. Root access can potentially be used to circumvent document retention settings and modify or delete archived data. Chapter 3. Planning and installation 51
  • 67. Consider which level of security is really needed for your environment. Enable Enhanced Tamper Protection if your policy, local, or regulatory compliance requirements call for a level of data protection that includes root access prevention. You can enable the Enhanced Tamper Protection feature during initial configuration of the appliance, using the Initial Configuration Wizard (ICW). Important: After being enabled, Enhanced Tamper Protection cannot be disabled. If you do not enable Enhanced Tamper Protection, you must use other methods to prevent tampering and you must securely manage the root passwords on all servers in the appliance. Tip: If you are planning to test the appliance before using it in a production environment, consider enabling Enhanced Tamper Protection after you have completed testing. This can make it easier to remove test data from the appliance and to resolve problems that you might encounter during testing. If there is a need to gain root authority and Enhanced Tamper Protection is enabled, you have to call your local IBM support representative.3.3.5 LDAP considerations For user access management, you can integrate Information Archive into an existing LDAP environment. For Information Archive V1.1, a LDAP server is required for File Archive Collections. With Information Archive V1.2, the LDAP user management is optional for any collection type. A user-registry server (LDAP directory server) is not included with the appliance, and must be separately procured, configured, and managed. The following user-registry servers are currently supported: IBM Tivoli Directory Server Version 6 Microsoft Windows® Server 2003-2008 R2 (Active Directory) OpenLDAP (for example SLES 10 SP2) For more information about LDAP configuration, see Chapter 7.1, “Introduction to directories and LDAP” on page 228.3.3.6 Time server requirements A Network Time Protocol (NTP) server is used to maintain accurate time in the Information Archive appliance. A time server is required to enforce retention policies and to correctly apply time stamps to audit log events. A time server is included in the appliance, and can be used by external clients. You can also use an external time server that is maintained by your company and is accessible through your intranet, or a web-based time server (such as time.nist.gov) that is available on the Internet.52 IBM Information Archive: Architecture and Deployment
  • 68. 3.3.7 Backing up the appliance Information Archive provides several options to enable the recovery of archived data in the event of a disaster. Depending on the option you choose, some additional planning and site preparation might be required. Important: Do not use the Enhanced Remote Mirroring feature to replace collection backups. Back up all archived data to tape. Regularly backing up the appliance reduces the risk of data loss. You might have to use write-once-read-many (WORM) tapes to meet compliance requirements. For detailed information about the backup and restore procedures for Information Archive data and collections, see Chapter 11, “Information Archive data backup and restore” on page 441. The requirements for backing up archived data differ depending on the types of document collections you create, as described next. File Archive Collections The only supported method to back up the data in File Archive Collections is to use an external IBM Tivoli Storage Manager server. You can use an existing Tivoli Storage Manager server or you must install the Tivoli Storage manager on a separate server. The external IBM Tivoli Storage Manager server must run at a version which supports the IBM Tivoli Storage Manager client 6.1, which is version installed on the Information Archive appliance. All data stored in the File Archive Collection will be backed up to the external IBM Tivoli Storage Manager server. Data that is migrated to second storage area, or migrated to tape, will be recalled to the primary storage area and then backed up to the external IBM Tivoli Storage Manager server. System Storage Archive Manager Collections Data stored in System Storage Archive Manager Collections can be backed up directly to an external tape device. An additional Tivoli Storage Manager server is not required for these collections. For more information, see 11.1.1, “Backing up System Storage Archive Manager Collections” on page 442.3.4 Preparing for installation This section provides information in preparation for the appliance installation.3.4.1 General planning considerations Adequate site planning before the hardware is delivered can help to reduce the risk of physical installation issues. Site planning has to cover equipment location specifications, air-conditioning and electrical requirements, raised and non-raised floor determinations, and determination of cable lengths. Delivery requirements: Ensure that your loading dock and receiving area can support the weight and dimensions of the shipments. Chapter 3. Planning and installation 53
  • 69. Check the section “Delivery Requirements” in Chapter 2 of the Introduction and Planning Guide, SC27-2324. Installation requirements: Ensure that your planned installation location meets space and floor load requirements. You can find rack measurements and information about service clearance in the section “Installation Requirements” in Chapter 2 of the Introduction and Planning Guide, SC27-2324. Power requirements: Determine the correct power outlet requirements, input voltage requirements, power connector requirements and power consumption for the Information Archive appliance. Each Information Archive rack requires two power connectors. The plug type of the power cable depends on the local power standards and requirements. For details, refer also to the “Power Requirements” section in Chapter 2 of the Introduction and Planning Guide, SC27-2324. Network cable requirements: Obtain the Ethernet cables required to connect the appliance to your network. These cables are not included with the appliance. You can use standard 10/100/1000 copper Ethernet cables (Cat 5e or higher) or fiber Ethernet cables, depending on your order. The number of cables required depends on the number of cluster node servers in the appliance: – Two cables for the RSM server – Two cables for the Management Console – Two cables for each cluster node Example: – One cluster node server: Six cables – Two cluster node servers: Eight cables – Three cluster node servers: Ten cables TCP/IP addresses requirements: All of the TCP/IP addresses must be on the same network or virtual LAN. You will need one TCP/IP address for each server and, in addition, a service IP address for each collection. For example, for a two cluster node configuration with two collections, you need: RSM Server = 1 IP address Management Console = 1 IP address Two cluster nodes = 2 IP addresses Two collections = 2 IP addresses In summary = 6 IP addresses are required.3.4.2 Initial configuration worksheet Fill out the initial configuration worksheet before the installation to make sure that all necessary configuration parameters are defined and that resources will be available when they are needed. Note the following settings in the initial configuration worksheet: Appliance name Time server (NTP) Type of first collection Enhanced Tamper Protection54 IBM Information Archive: Architecture and Deployment
  • 70. TCP/IP addresses for RSM server, Management Console and cluster nodes TCP/IP addresses for collections Netmask Gateway address DNS server LDAP settings (required for File Archive Collections) Email notification settings SNMP notification settings You can find the Initial Configuration work sheet in Appendix B in the Introduction and Planning Guide, SC27-2324.3.4.3 Alerting and monitoring This section lists the requirements to enable the Information Archive call home feature, for the RSM server and the IBM Systems Director server. For more information about the RSM server and IBM Systems Director server included with the Information Archive appliance, as well as their respective call home features, see Chapter 9, “Monitoring and call home” on page 351. RSM server for Information Archive The RSM server provides two possibilities to establish a connection to IBM for call home and remote support access. You can use a modem line or an SSH connection. Preparing the modem connection The optional Modem Card for RSM server (feature code #5622) is required for this connection type. To use the optional modem connection, you must provide an analog telephone line dedicated to the RSM server. Preparing the SSH connection Depending on how RSM for Storage is configured, the following ports might have to be open in an external firewall: Input: The internal firewall on the RSM for Storage server allows no inbound connections except for this one: nn SSHD Where nn is the port number (port 22 is the default). This port is used by the IBM Support Center to remotely access the Information Archive appliance. To make this port available, you must enable remote support and configure SSH access. A non-standard port number can also be configured. 443 HTTPS (used to manage RSM for Storage from within the client’s network) Output: The internal firewall allows outbound connections on any TCP port, but limits those connections to the devices that are listed in the RSM for Storage configuration and under specific conditions, such as when a device is reporting a problem. The following ports are routinely used: 25 SMTP (used to send RSM for Storage alerts and notifications) 53 DNS (used to send RSM for Storage email notifications) Chapter 3. Planning and installation 55
  • 71. 22 SSH 80 HTTP 443 HTTPS To use SSH for remote support, it might also be necessary to configure port mapping between the external firewall and the IP address and inbound port of the RSM server. If a user name and password are required to authenticate to the firewall, these credentials must be provided to IBM. RSM server configuration parameters During the setup of the RSM server, you will be prompted for several parameters. Prepare this setup procedure by filling out the RSM for Storage work sheet. You can find the RSM for Storage work sheet in Appendix C of the Introduction and Planning Guide, SC27-2324. IBM Systems Director The IBM Systems Director, which is included with Information Archive, provides the call home feature for the appliance nodes. Complete the IBM Systems Director work sheet for the IBM service representative to install and configure your Information Archive appliance. You can find the IBM Systems Director worksheet in Appendix D of the Introduction and Planning Guide, SC27-2324.3.4.4 Enhanced Remote Mirroring configuration When planning an Enhanced Remote Mirroring configuration, you must supply the FC cables that connect the primary and secondary appliance. All optical adapters or SFPs are equipped with LC connectors. SAN switch connection SAN switches are a required feature of Information Archive if you plan to use Enhanced Remote Mirroring. You must prepare two fibre cables for the Inter-Switch Link (ISL) connection between primary and secondary side. Each SAN switch will have one ISL connection which runs at 4 Gbps. The fibre cable type depends on the SFP type that was ordered. For mirroring distances over 10 km, you can implement extension technology such as that available from Brocade or other vendors. These technologies include Dense wavelength division multiplexing (DWDM), and Coarse wavelength division multiplexing (CWDM). If you need such extenders, ensure that they are 4 Gbps capable to get the expected performance. Ethernet switch connection When two Information Archive appliances are remotely replicated, the connection is running using the customer network with an SSH protocol communication between primary and secondary appliance. For this, TCP/IP port 22 needs to be open between the sites.3.5 Physical installation The following sequence of steps is required to set up the Information Archive appliance: 1. Perform hardware installation (performed by an IBM service representative).56 IBM Information Archive: Architecture and Deployment
  • 72. 2. Run the Initial Configuration Wizard. 3. Assign administrative user roles. 4. Change RSM server passwords. 5. Configure call home feature. 6. Configure Enhanced Remote Mirroring feature, if ordered. 7. Attach tape devices, if applicable. 8. Define management classes for System Storage Archive Manager Collections.3.5.1 Hardware installation (performed by IBM service representative) Most of the tasks for installing the Information Archive appliance are completed at your location by an IBM service representative. As part of the basic services engagement, an IBM service representative will perform the following tasks: Unpack and position the appliance. Optionally connect an IS3 storage expansion rack. Ensure that all iPDU power connection cords are connected. Connect the appliance to your Ethernet network. Start the appliance components in a specified order. Run the script verify_wellness to verify the correct status of all installed hardware components. Example 3-1 illustrates a typical output generated by the verify_welness script Example 3-1 Output of verify_wellness script iaadmin@IA-Primary:~> sudo /opt/tivoli/tiam/bin/verify_wellness Performing Verification of Wellness! Checking for SAN switch 1 Checking for SAN switch 2 Checking for ethernet switch 1 Checking for ethernet switch 2 Checking for ipdu 1 Checking for ipdu 2 Checking for ipdu 3 Checking for ipdu 4 Checking for DS4200 1 Checking for DS4200 2 Checking for DS4200 3 ... ... ... Performing software verification check. =============================== INFO: The output from this script has been captured in the /opt/tivoli/tiam/log/setupcheck.Jan_19_10_110844.log file =============================== The system has passed the wellness verification! Chapter 3. Planning and installation 57
  • 73. The output from this script has been captured in the /opt/tivoli/tiam/log/verify_wellness.Jan_19_10_110749 file Tip: An extended services engagement is also available, which can include migrating data from an IBM System Storage DR550 to the Information Archive appliance, as well as other configuration tasks.3.5.2 Running the Initial Configuration Wizard (ICW) The Initial Configuration Wizard guides you through the initial setup of the Information Archive appliance software. Before starting with the Initial Configuration Wizard, make sure that you have completed the planning worksheet as mentioned in 3.4.2, “Initial configuration worksheet” on page 54. In an Enhanced Remote Mirroring configuration, you have to run the Initial Configuration Wizard on both primary and secondary appliances. If you plan to use File Archive Collections and require a secure LDAP (LDAPS) connection for their LDAP server, copy the server certificate file from the LDAP server to a USB flash drive. You will be asked to mount this USB flash drive later in the procedure. The verify_wellness script, which runs at the end of the hardware installation, must be completed successfully and without any errors before you can start the initial configuration of your Information Archive appliance. Before actually launching the ICW, you must accept the RSM server license. RSM server license acceptance You must accepted the license agreement for the SUSE Linux Enterprise Server (SLES) operating system on the IBM Remote Support Manager for Storage server. The Initial Configuration Wizard will not start until this license agreement is accepted. You must perform the following steps from the console screen at the machine. 1. Click Print Screen and select the iarsm1 from the KVM menu to switch the console screen to the RSM server. 2. Log in with the user account license and password license. 3. The license terms will automatically appear at the screen. Click the Accept button to accept. 4. The RSM server will reboot automatically. Starting the Initial Configuration Wizard The initial configuration will set IP addresses and names for your appliance. You must run the Initial Configuration Wizard locally at the Information Archive appliance. After you complete the wizard, you can perform subsequent tasks remotely using a web browser. You must perform the following steps from the local monitor and keyboard at the appliance: 1. Click Print Screen and select the iamconsole1 from the KVM menu to switch the console screen to the management node. 2. Log in with userid iaadmin and the default password iaadmin.58 IBM Information Archive: Architecture and Deployment
  • 74. 3. After login, the Firefox web browser opens. The IBM Integrated Solution Console (ISC) logon window is displayed.4. Log on to the ISC with userid iscadmin and password iscadmin as shown in Figure 3-2.Figure 3-2 ISC logon5. In the navigation tree on the left side of the ISC main window, select Information Archive Management  Getting Started. An Information Archive administrative interface page, shown in Figure 3-3, opens with a message indicating that the system must be configured.Figure 3-3 ISC Welcome -REPLACE6. This step is only required, if you want to configure secure LDAP connections. If you do not want to use this feature, proceed with the next step. If you have copied the certificate file from the client LDAP server to a USB flash drive, complete the following steps to mount the drive: a. Insert the flash drive into an open USB port on the Management Console server. b. Go to the desktop of the Management Console server and open a terminal window. c. At the Management Console server prompt, enter the following command to obtain the device name of the USB flash drive: ls /dev/sd*. d. Enter the following command to mount the device: sudo mount_usb.py -d /dev/device_name. e. The USB flash drive is mounted as a read-only device at /media/usb. Chapter 3. Planning and installation 59
  • 75. Tip: To unmount the device after you complete the Initial Configuration Wizard, use the following command: sudo umount_usb.py -d /dev/sdb1. 7. Click Configure System (see Figure 3-4) to start the Initial Configuration Wizard. Figure 3-4 ISC Getting Started 8. On the welcome page for the Initial Configuration Wizard (Figure 3-5), click Next to continue. Figure 3-5 Initial Configuration Wizard Welcome 9. Select the radio button I accept to accept the license terms that are displayed for the Information Archive software, and click Next to continue.60 IBM Information Archive: Architecture and Deployment
  • 76. 10.In the General dialog window, enter the appliance name, the time server name, or IP address, and your local time zone. Use the values from the Initial Configuration Planning Worksheet (Figure 3-6).Figure 3-6 Initial Configuration Wizard General dialog (part 1) At the bottom of the same General dialog, select the appropriate check boxes for the document collection types (file collection or System Storage Archive Manager Collection) to be enabled. You must select one collection type, at minimum (Figure 3-6). Click Next when finished.Figure 3-7 Initial Configuration Wizard General dialog (part 2)11.Now the Enhanced Tamper Protection page is displayed. Select the radio button on or off according to your planning worksheet and click Next to continue (Figure 3-8). You can find a detailed description of Enhanced Tamper Protection in 3.3.4, “Enhanced Tamper Protection” on page 51. Chapter 3. Planning and installation 61
  • 77. Tip: Keep Enhanced Tamper Protection off at this time. You can turn on after you have completed all implementation and test tasks and before placing Information Archive into production. Figure 3-8 Initial Configuration Wizard Enhanced Tamper Protection 12.In the Security panel that is displayed (Figure 3-9), change the default passwords for the user iaadmin and iscadmin. Enter the new passwords and click Next to continue. Figure 3-9 Initial Configuration Wizard Security panel62 IBM Information Archive: Architecture and Deployment
  • 78. 13.Enter the IP settings for Information Archive on the panel shown in Figure 3-10. All IP addresses must be in the same subnet. You can enter a starting address and click Assign. Then the system will number all nodes and document collections sequentially beginning with the specified starting IP address. You can also enter the IP addresses individually. On the right side you must enter domain name, subnet mask, gateway address and primary DNS server. A secondary DNS server is optional. Click Next, after you have filled out this panel.Figure 3-10 Initial Configuration Wizard TCP/IP Settings14.If you have enabled File Archive Collections in step 10, you now see an LDAP settings window, as displayed in Figure 3-11, “Initial Configuration Wizard - select LDAP”. Select the appropriate radio button for your LDAP server type and enter the LDAP server IP address and choose the protocol, LDAP or LDAPS. If you choose LDAPS, you have to upload the certificate. The certificate file is on the USB flash drive that is already mounted. Enter /media/usb/<filename of certificate_file> in the input field and click Upload, Now, you have to enter the search distinguished base, the bind distinguished name and the bind password. The format of the input depends on the selected LDAP server type. Chapter 3. Planning and installation 63
  • 79. Figure 3-11 Initial Configuration Wizard - select LDAP Figure 3-12 and Figure 3-13 provide illustrations of possible alternative implementations: – Figure 3-12, “LDAP Settings Active Directory” shows a sample configuration for Microsoft Active Directory Service. Figure 3-12 LDAP Settings Active Directory64 IBM Information Archive: Architecture and Deployment
  • 80. – Figure 3-13, “LDAP Settings Open LDAP” shows a sample for the open LDAP configuration.Figure 3-13 LDAP Settings Open LDAP For further information about preparing LDAP servers for use with Information Archive, see Chapter 7, “LDAP environments” on page 227. Attention: If you have selected “None (Use Static UID and GID Assignment)”, you need to administrate locally and manually on the shared file system, users, and groups that need access. Click Next, after you have completed your input.15.In the next ICW dialog window, you can enter the notification method used to monitor Information Archive. You can activate these notification methods in any combination: – Select the check box Send events by email, if you want email notification. Then enter the TCP/IP address and the port address of your mail (SMTP) server and define the mail addresses of the recipients, as illustrated in Figure 3-14. Chapter 3. Planning and installation 65
  • 81. Figure 3-14 Initial Configuration Wizard email notification – Select the check box Send events by SNMP if you want to receive SNMP traps. Enter the SNMP listener address, the TCP port number and the community name in the appropriate input fields. See Figure 3-15. The values must match your SNMP server definitions. – Mark the check box Send a test notification to immediately send a test message to the configured destinations, if desired. Click Next to continue. Figure 3-15 I. initial configuration wizard SNMP notification 16.On the summary window, compare all parameters with your planning worksheet and, if correct, click Finish to complete the Initial Configuration Wizard, or click Back if you want to correct your input. All settings are applied immediately. A reboot is not required. At this point, you will be able to also access the Information Archive graphical user interface remotely through an Ethernet network connection. To do so, enter the following web location in a web browser at a remote workstation: https://<IP_of_management_node>/ibm/console/logon.jsp66 IBM Information Archive: Architecture and Deployment
  • 82. 3.5.3 Assigning administrative user roles Before you can create a new collection, you must define a user and give the appropriate permissions for that account to perform the create collection action. The default user iscadmin does not have the authority to create a new collection. Therefore, you must create a new administrative user. Within Information Archive, you can define various administrative users and assign them specific roles. User accounts: The default iscadmin user account is only intended for use during initial setup. Create a separate user account for each person who manages the appliance. If you have an LDAP environment, you must create users or user groups on an external LDAP server and configure LDAP authentication for administrators first. If you manage users locally within Information Archive, you have to create all user profiles in the ISC. If the user already exists in a LDAP environment, you can skip this step and go to the section, Assign administrative user roles. Creating a user To create administrative users and define their roles, perform the following steps: 1. Log on to the administrative interface with userid iscadmin 2. Expand Users and Groups in the navigation tree and click Manage Users. 3. Select Create and enter a user name and define a password. You can also create user groups at this time. See 4.1.1, “User and group management” on page 72 to get more information about users and groups. Assigning administrative user roles You can define user roles for locally defined users and also for LDAP users. From the Information Archive GUI: 1. Select Administrative User Roles. 2. Click Add. 3. Enter the userid that you have created before and select the desired roles. For a system administrative user, you have to select the following roles: – Administrator – tsmAdministrator – IAArchiveAdministator – IASystemAdministrator – adminsecuritymanager Hold the Strg key while selecting multiple user roles. Click Apply and Save when finished. Roles: Each role will enable another subset of functionality. If you want to use all functions, you have to select all available roles. Chapter 3. Planning and installation 67
  • 83. See 4.1.1, “User and group management” on page 72 for an overview of all user roles and their permissions. The administrative user roles that are assigned to a user or group determine which navigation items are displayed in the administrative interface.3.5.4 Changing RSM server passwords To better secure the appliance and for regulatory compliance, change the passwords for the IBM Remote Support Manager for Storage server (RSM Server) on a regular basis. You must manage the root password for this server, even if you enable the Enhanced Tamper Protection feature. At the Information Archive local console, follow these steps: 1. Press the Print Screen key to view a list of appliance components. Select iarsm1. 2. Log on to the RSM for Storage server using the root user account, using the default password. 3. At the RSM for Storage server prompt, enter the following commands. After each command, you are prompted to enter the current password and a new password: – passwd root – passwd admin – passwd lservice – rsm-passwd admin – rsm-passwd lservice Changing passwords: The passwd commands change the passwords that are used to log on to the RSM for Storage server command line. The rsm-passwd commands change the passwords that are used to log on to the RSM for Storage browser interface.3.5.5 Configuring the call home feature The call home feature is a communication link that is established between a product and a service provider. Information Archive provides this feature so that reports can be automatically sent to the IBM Support Center when critical hardware problems are detected. When the IBM Support Center receives a call home report, an IBM service representative contacts your company to work on resolving the problem. Within Information Archive, you have two components for which you must enable and configure the call home function: IBM Remote Support Manager (RSM) for Information Archive: The RSM server monitors the appliance disk subsystems and provides a remote support access (dial in) function. IBM Systems Director: IBM Systems Director monitors the following appliance components: – Cluster node servers (2231-S2M) – Management Console server (2231 feature code 5600) – RSM server (2231 feature code 5601) See 9.3.1, “Configuring IBM Systems Director” on page 365 for detailed configuration steps.68 IBM Information Archive: Architecture and Deployment
  • 84. 3.5.6 Activating SAN switch ports 8 through 15 Attention: If you have not ordered feature code #7200 - ports on demand, to attach tape drives or use an Enhanced Remote Mirroring configuration, you can skip this section. Use this section to install the port upgrade license that activates additional Fibre Channel switch ports on the internal Information Archive SAN switches. These Fibre Channel switch ports must be enabled before you can connect a tape library or connect the secondary appliance with the Enhanced Remote Mirroring feature. Before starting this procedure, check the actual status of the SAN switch ports: Go to the rear of the appliance and check the LEDs of ports 8 through 15. If SFPs are plugged in and all LEDs are off, then you must enable these ports before you can use them. If all LEDs from port 8 through 15 are off, you need to enter the license activation key. Locate the document Feature 7200 - Ports on Demand, which is part of the shipping group. There you will find the instructions on how to download the license activation key from IBM website and how to enter the activation key into SAN switch. Perform the same procedure for the secondary SAN switch as well. If all LEDs from port 8 through 15 are lit yellow, you need to enable these ports: After you have completed the feature activation, enable ports 8 through 15 by entering the command portenable N for each port where N is the port you want to activate. Example: To activate port 9, enter portenable 9. Repeat this procedure for the appliance secondary Fibre Channel switch. Ensure that the LED above the newly activated switch ports are lit. If they are not, check that you have entered the portenable command for the ports that are not lit.3.5.7 Attaching tape drives and tape libraries If you want to attach the tape drives to the internal SAN switches, make sure that the SAN switches ports 8 through 15 are enabled as described above in 3.5.6, “Activating SAN switch ports 8 through 15”. Now you can connect external tape drives. The ports where you connect the fibre cables depend on the connection method used (as explained in 3.2.4, “Planning tape attachment” on page 47). Refer also to Figure 3-16 on page 70. Chapter 3. Planning and installation 69
  • 85. The following types of attachment are possible: Direct attachment: To connect the tape device directly to the cluster nodes, plug in the cables according to the following steps (Figure 3-16): a. Connect a Fibre Channel cable from Slot 2, Port 2 of the cluster node to the Fibre Channel port on your tape device. b. Connect a Fibre Channel cable from Slot 3, Port 2 of the cluster node to the Fibre Channel port on your tape device. Internal attachment: To connect the tape device to the internal Fibre Channel switch, plug in the cables according to the following steps (Figure 3-16): a. Connect tape devices at Port 9 and 11 of SAN switch 2 (upper SAN switch). b. Connect tape devices at Port 9 and 11 of SAN switch 1 (lower SAN switch). External attachment: To connect the tape device to an external Fibre Channel switch, plug in the cables according to the following steps: a. Connect a Fibre Channel cable from Slot 2, Port 2 of the cluster node to your external Fibre Channel switch. b. Connect a Fibre Channel cable from Slot 3, Port 2 of the cluster node to your external Fibre Channel switch. Figure 3-16 Tape Attachment3.5.8 Configuring the Enhanced Remote Mirroring feature For details about configuring Enhanced Remote Mirroring, see 12.2, “Enhanced Remote Mirroring configuration” on page 464.70 IBM Information Archive: Architecture and Deployment
  • 86. 4 Chapter 4. System administration and operations In this chapter we explain and illustrate important system administration and operation tasks for the IBM Information Archive (Information Archive), using the Information Archive GUI and Information Archive CLI. Here you can find details about the user and group management, passwords management, software updates, system monitoring, as well as tasks related to RSM and DS Storage Manager. We also explain how to start and stop the Information Archive appliance, access the various Information Archive components, and configure collections. These tasks are normally performed by an Information Archive appliance administrator and operator.© Copyright IBM Corp. 2010. All rights reserved. 71
  • 87. 4.1 Information Archive administration tasks The tasks described in this section are normally performed by an Information Archive administrator. These tasks include configuring, managing, and monitoring Information Archive.4.1.1 User and group management The Information Archive includes a set of predefined user roles. These are used to assign various administrator authority levels. Administrative user roles can only be assigned by a user that has the adminsecuritymanager role. For example, the default iscadmin user is assigned this role. Users and groups can be assigned multiple administrative user roles. You must assign at least one role to each user or user group that will log on to the administrative interface. Logging on to the administrative interface is only possible as user or user within a user group. Authentication ensures that only the designated archive users can read and commit documents and that only the designated administrators can access the administrative interface. Tip: Users who only archive and retrieve documents do not need access to the Information Archive GUI. Administrative user roles are always assigned to a user account. In other words, you need to create a user first before you can assign administrative rights to that user. The procedure differs depending on whether you create local administrative user accounts or use an external Lightweight Directory Access Protocol (LDAP) server to authenticate access to the Information Archive GUI.72 IBM Information Archive: Architecture and Deployment
  • 88. Managing usersTo create administrative users locally at the Information Archive, logon (as iscadmin) to theManagement Console and complete the following steps:1. Expand Users and Groups in the navigation tree.2. If you want to create local user accounts, click Manage Users (see Figure 4-1) and click Create to add one or more administrative users. The Create a User dialog is displayed (Figure 4-2). If you are using LDAP, you can skip this step and proceed with “Assigning administrative user roles” on page 74.Figure 4-1 Manage Users3. Enter appropriate data in the corresponding field as illustrated in Figure 4-2, then click Create. Users can also be part of a user group. Use the Group Membership button to assign a user group. For more details about user group membership, see “Managing groups” on page 77. Figure 4-2 create a user Chapter 4. System administration and operations 73
  • 89. Assigning administrative user roles After you have created the administrative user accounts, you need to assign the proper administrative roles to those accounts. Initially you have to log in to Information Archive (through the Information Archive GUI) with the default predefined user account iscadmin. This user account is only intended for use during initial setup of the appliance. Use a separate user account for each person who manages the appliance or accesses audit logs. Administrative user roles can only be assigned by a user that has the adminsecuritymanager role assigned. Tip: The default iscadmin user account is only intended for use during initial setup. Create a separate user account for each person who manages the appliance. To assign these administrative roles, log on to the system and complete the following steps: 1. Expand Users and Groups in the navigation tree. 2. Click Administrative User Roles. 3. Click Add and enter the user account that you created in the step “Managing users” or, to use LDAP authentication, enter the name of a user or user group that is defined on the external LDAP server. 4. Select the required administrative roles for the specific user, as shown in Figure 4-3. Figure 4-3 Add administrative user roles Users and groups can be assigned multiple administrative user roles. Use the Ctrl and Shift keys to select multiple roles. The following roles are available: Administrator Operator Configurator Monitor Deployer74 IBM Information Archive: Architecture and Deployment
  • 90. adminsecuritymanager iscadmins suppressmonitor tsmAdministrator tsmUser reportAdministrator reportViewer IA Auditor IA Operator IA Archive Administrator IA System AdministratorFor a description of the various user roles, click the HELP button in the upper right corner onthe administrative interface. Tip: Consider assigning the suppressmonitor role to all users. Assigning this role reduces the number of navigation items shown in the Information Archive GUI that are not directly related to managing the Information Archive appliance.The user roles that are assigned to a user or group determine which navigation items aredisplayed in the administrative interface. For example, the collection overview panel is visibleonly to users having the Information Archive Administrator or Information Archive Operatorroles. Administrative user roles also determine which commands can be issued through theInformation Archive command line interface.The roles also determine which tasks administrators are authorized to perform. It is goodpractice to use various administrative user accounts to separate administrative tasks inInformation Archive. Mostly, you will need four separate user roles (IA Archive Administrator,IA System Administrator, IA Auditor, and IA Operator), as defined next. The IA Archive Administrator can perform general collection-related management operations and health reporting actions that include the following tasks: – Configure metadata fields – Configure, modify, and monitor collection properties, migration, and System Storage Archive Manager collections – Create and delete retention policies – Delete and manually commit documents – Grant access permissions – Grant audit log access to other users – Monitor documents in expired, retention hold, uncommitted, and ingestion failure states – Access the health monitor to view status for overall appliance, collections, and clusters The IA System Administrator can perform system and storage management operations that include the following tasks: – Configure user access to the Tivoli Storage Manager and System Storage Archive Manager servers and storage pools – Configure event notification conditions and actions – Configure logging and tracing, the call home feature, external IP addresses, virtual IP address ranges, the LDAP server, cluster node password, and the NTP server – Stop and restart cluster nodes Chapter 4. System administration and operations 75
  • 91. – Put cluster nodes into maintenance mode – Download component logs – Monitor collection resources – Monitor storage capacity, cluster nodes, and network interface servers – Monitor the overall status of collections, cluster nodes, interfaces, and storage – Suspend collections for maintenance The IA Auditor is authorized to perform the following tasks: – Download audit logs The IA Operator can access all pages in the administrative interface (in read-only mode) that are accessible to the archive administrator and system administrator roles to perform the following tasks: – Monitor collection resources and properties – Monitor documents in expired, retention hold, uncommitted, and ingestion failure states – Monitor the general and specific status of collections, clusters, storage, and interfaces – Monitor storage capacity, cluster nodes, and network interface servers In the illustrations shown in Figure 4-4 and Figure 4-5, you can compare the task views presented by the Information Archive GUI for an administrative account and an auditor account, respectively. The window left pane displays only those tasks that apply to the current user role.Figure 4-4 Information Archive GUI welcome panel for Information Archive administrator For example, the Administrator Account has the Tivoli Storage Manager, the User Management and the Information Archive Management tasks available. The task list for the Information Archive Operator shows only the Information Archive Management task.76 IBM Information Archive: Architecture and Deployment
  • 92. Figure 4-5 Information Archive GUI welcome panel for Information Archive auditor To modify assigned administrative user roles, log on to the administrative interface with a user account that has the adminsecuritymanager role assigned, and complete the following steps: 1. Expand Users and Groups in the navigation tree. 2. Click Administrative User Roles. 3. In the table, click the user name to modify. 4. Enter changes into the form, and click OK. Managing groups You can also define access rights at the user group level. The advantage of doing so is that the access rights will apply to all members of that group. You can work with user groups configured in LDAP (using File Archive Collections) or locally configured user groups (when using System Storage Archive Manager). To create groups locally on Information Archive, log on to the administrative interface (Information Archive GUI) and complete the following steps: 1. Expand Users and Groups in the navigation tree. 2. If you have only enabled support for System Storage Archive Manager collections, click Manage Groups (see Figure 4-6) and click Create to add one or more administrative user groups. Figure 4-6 create user groups Chapter 4. System administration and operations 77
  • 93. 3. The Manage Groups dialog is displayed (see Figure 4-7). If you have only enabled support for File Archive Collections, continue with “Administrative group roles” on page 79. 4. Enter appropriate data in the corresponding field as illustrated in Figure 4-2, then click Create. Figure 4-7 create groups dialog78 IBM Information Archive: Architecture and Deployment
  • 94. Administrative group rolesAfter you have created your administrative groups, you need to assign administrative roles tothose groups. Log on to the Information Archive GUI and complete the following steps:1. Expand Users and Groups in the navigation tree.2. Click Administrative Group Roles.3. Click Add to open the Administrative Group Roles window as shown in Figure 4-8. Figure 4-8 Administrative Group Roles window4. Select the administrative roles for the specific user group. User groups can be assigned multiple administrative user roles. Use the “CTRL” and “SHIFT” keys to select the roles. The roles available and configurable are listed in “Assigning administrative user roles” on page 74. Chapter 4. System administration and operations 79
  • 95. 5. After a user group is configured, you can add users to the group, or you can select a group while configuring a user: a. Expand Users and Groups in the navigation tree. b. Click Manage Users. c. In the table, click the user name to modify. The user properties window will be displayed as shown Figure 4-9. d. Click Groups in the upper right corner to open the User Group Window. Figure 4-9 User properties general e. Click Add to open the configuration panel as shown in Figure 4-10. Figure 4-10 User properties group80 IBM Information Archive: Architecture and Deployment
  • 96. f. Specify the search criteria to find the groups to which you want to assign that user (Figure 4-11). Figure 4-11 add a user to group window g. Select the user group or groups to which you want the user to belong. h. Click Add to confirm the selection. If successful. you get the message shown in Figure 4-12. Figure 4-12 user added to group message After administrative user groups are defined, you can modify and update the roles. Log on to the administrative interface with a user account that has the adminsecuritymanager role assigned, and complete the following steps: 1. Expand Users and Groups in the navigation tree. 2. Click Administrative Group Roles. 3. In the table, click the user group to modify. 4. Enter changes into the form, and click OK.4.1.2 Changing the passwords Access to most Information Archive appliance components requires authentication. Depending on your appliance configuration and company security policies, you might need to change the passwords on a regular basis. Chapter 4. System administration and operations 81
  • 97. Tip: A password change for the default account iaadmin in IBM Systems Director is not required because the password change for iaadmin in the Information Archive GUI is propagated to IBM Director automatically. See “Changing the iaadmin password” on page 82. Changing the RSM server passwords To ensure the security of the appliance, change the passwords for the IBM Remote Support Manager server on a regular basis. You must manage the root password for this server, even if you enable the Enhanced Tamper Protection feature. Log on to the RSM for Storage server using the root user account. At the RSM for Storage server prompt, enter the following commands. passwd root passwd admin passwd lservice rsm-passwd admin rsm-passwd lservice After each command, you are prompted to enter the current password and a new password. Passwords: The passwd command changes the passwords that are used to log on to the RSM server command line. The rsm-passwd command changes the passwords that are used to log on to the RSM server browser interface. Changing the iaadmin password The iaadmin userid is used to log on to the cluster node servers, the IBM Systems Director interface, install upgrades, and access the Management Console from the appliance’s keyboard video mouse console (KVM console) or remotely through a Secure Shell (SSH) connection. If necessary, you can change this password on a regular basis to comply with your company’s security policy. The iaadmin userid is predefined and cannot be changed. There is no possibility to create another user with the same role/ authority as the iaadmin user. To change the password, log on to the system and complete the following steps: 1. Expand Information Archive Management in the navigation tree. 2. Click System Management. 3. Click Modify iaadmin password in the General Settings section. 4. Complete the form, and click OK. Changing the iscadmin password The iscadmin user account is used to log on to Information Archive (using the Information Archive GUI). This user account is only intended for use during initial setup of the appliance. Create a separate user account for each person who manages the appliance or accesses audit logs. The administrative user role required for this task is adminsecuritymanager. Do these steps: 1. In the Information Archive GUI, expand Users and Groups in the navigation tree. 2. Click Manage Users. The WIM User Management portlet opens. 3. In the Search for Users section of the portlet, click Search. A list of users is shown in the table. 4. Click iscadmin. The User Properties form opens. 5. Enter a new password, confirm the password, and click OK.82 IBM Information Archive: Architecture and Deployment
  • 98. Changing the root password for Management Console / cluster nodesIf you do not enable the Enhanced Tamper Protection feature, you are responsible formanaging the root password for all the appliance components, including the ManagementConsole server. If Enhanced Tamper Protection is enabled, root access is not available for theManagement Console server.To change the root password, you need physical access to the Information Archive appliance.There is no possibility to remotely change the root passwords. With Enhanced TamperProtection enabled, root login is no longer possible. The iaadmin userid has less authoritythan root to be compliant.Complete the following steps:1. Slide the keyboard video mouse console (KVM console) out from the appliance and open the display panel.2. Press the Print Screen key to view a list of appliance components.3. Select iamconsole1/ianoden. The Management Console desktop or logon panel is displayed.4. Press Ctrl+Alt+F1 to access the Terminal Screen.5. Log on to the Management Console using the iaadmin user account.6. At the server prompt, enter the following command: su root. When prompted, enter the root password.7. Enter the command: passwd root8. You are prompted for a new password and password confirmation.9. The password is changed. As a best practice, change this password on a regular basis. You can use Ctrl+Alt+F7 to go back to the graphical panel on the Management Console.Setting the password in DS Storage ManagerWhen accessing the DS Storage Manager as described in “Accessing the DS StorageManager interface” on page 98, you get a pop-up window as shown in Figure 4-13.Figure 4-13 set Password po-up windowSelect No to continue to the DS Storage Manager Enterprise Window. Because the DSStorage Manager was customized for compliance, it will prevent deletion or modifications bythe user anyway. Therefore it is not required, and actually it is better not to set a password. Chapter 4. System administration and operations 83
  • 99. Important: Do not set a password in the DS Storage Manager. The RSM server and Management Console will run certain SMcli commands to collect information from the storage controllers. A password can block various queries from these nodes. Changing the password for local administrative users The local user accounts are used to log on to the Information Archive GUI to manage, operate, and monitor the Information Archive appliance. Changing the password in the Information Archive GUI for users with the “tsmAdministrator role”, will also affect the IBM Tivoli Storage Manager Administration Center and CLI logon. Passwords: It is good practice to change the passwords for the administrative users at regular intervals. Set the administrative user role adminsecuritymanager required for this task as follows: 1. In the Information Archive GUI, expand Users and Groups in the navigation tree. 2. Click Manage Users. The WIM User Management portlet opens. 3. In the Search for Users section of the portlet, click Search. A list of users is shown in the table. 4. Click the user account you want to change. The User Properties form opens. 5. Enter a new password, confirm the password, and click OK. Setting a password for the KVM console By default, a password is not required to access the keyboard video mouse console (KVM console). You can optionally set a password for this component. To do so, complete the following steps: 1. Slide the keyboard video mouse console (KVM console) out from the appliance and open the display panel. 2. Turn on the KVM console if necessary. 3. Press the Print Screen key to open the OSCAR interface. 4. Click Setup > Security. The Security page opens. 5. In the Change Password section, type a new password in the New and Repeat fields. 6. Click OK and then close the page. The password is set to the value that you specify. As a best practice, change this password on a regular basis.4.1.3 Software updates IBM provides automated upgrade packages to help you apply interim fixes for most of the components in the Information Archive appliance. Some firmware updates for the appliance servers and storage controllers must be applied by an IBM service representative. As necessary, Information Archive upgrade packages are made available to provide important product fixes between scheduled releases.84 IBM Information Archive: Architecture and Deployment
  • 100. Important: Only the packages that are made available specifically for Information Archive can be used to upgrade the appliance. Do not apply any other hardware or software updates to any components in the appliance, unless you are directed to do so by an IBM service representative.Upgrade packages are published on the Information Archive support website:http://www.ibm.com/systems/support/storage/disk/InformationArchiveThe Management Console has no Internet access. Because of internal firewall rules, youcannot download an upgrade package directly to the server. You have to download theupgrade package to another computer and use SCP, a DVD, or USB flash drive to transfer thepackage to the Management Console server. Physical access to the appliance is sometimesrequired to complete an upgrade. Tip: You can subscribe to the support website to receive an email notification when new upgrade packages are available. The subscription feature is called My notifications.Use the following link to access the My notification page.https://www.ibm.com/systems/support/myview/subscription/css.wss/folders?methodName=listMyFoldersYou can add all products to which you want to subscribe, and you are informed by email.The frequency of those emails can be configured on the My notifications page shown inFigure 4-14.Figure 4-14 IBM support - My NotificationsEach upgrade package includes cumulative fixes for one or more appliance components. Chapter 4. System administration and operations 85
  • 101. Important: All of the collections in Information Archive must be suspended during an upgrade; documents cannot be archived and retrieved until the upgrade is complete. A typical upgrade takes less than six hours. Tip: If you have Enhanced Remote Mirroring, always run the upgrade first on the secondary appliance. You do not need to suspend the collection and put the nodes in maintenance mode (this is not possible on a secondary appliance). Just reboot the Management Console server at the secondary Information Archive and run the upgrade script. Instructions for upgrade packages A readme file is included with each upgrade package. The readme file provides detailed instructions for applying the upgrade, which typically includes the following tasks: 1. Transfer the upgrade package to the Management Console server. You can use the transfer method of your choice (scp, a USB flash drive, a DVD image, FTP, and so on). 2. Reboot the Management Server before starting each upgrade attempt, including upgrade retries. 3. Suspend all collections and place all cluster nodes into maintenance mode. 4. Log on to the Management Console server with iaadmin account and extract the compressed files from the upgrade package. Unzip the package in a directory of your choosing, such as /home/iaadmin or /tmp. For example: iaadmin@iamconsole1:/tmp> unzip ia-1.2.0.1_upgrade.zip 5. Change to the directory that was created when the upgrade zip file was unzipped. For example: cd /tmp/ia-1.2.0.1 6. Run the iaupgrade.sh script from the current (ia-1.2.0.1) directory (/opt/tivoli/tiam/bin/iaupgrade.sh). iaadmin@iamconsole1:/tmp/ia-1.2.0.1> /opt/tivoli/tiam/bin/iaupgrade.sh 7. After the upgrade is complete, take cluster nodes out of maintenance mode and resume the collections. 8. Delete the upgrade package from the Management Console server. In an Enhanced Remote Mirroring configuration, upgrades must be applied to both the primary and secondary appliances. Upgrade the secondary appliance first, Important: If tracing is enabled for the clustered file system software (General Parallel File System or GPFS), this tracing is automatically disabled by the upgrade process. If necessary, you can re-enable this tracing after the upgrade completes. Upgrading firmware for servers and storage controllers Like other Information Archive upgrades, firmware upgrades for the servers and storage controllers in the appliance are provided in a package on the Information Archive support website. However, some of these upgrades must be applied by an IBM service representative. If firmware upgrades are available when you upgrade the appliance, the firmware upgrades must be applied after the appliance upgrade is complete. Contact the IBM Support Center to schedule a time for an IBM service representative to apply the firmware upgrades.86 IBM Information Archive: Architecture and Deployment
  • 102. 4.1.4 System monitoring An Information Archive administrator must always know about the health of the system. For that purpose, Information Archive provides various monitoring tools. The administrator (auditor or monitor role assigned) has the possibility to monitor the entire Information Archive using the IBM System Director, RSM, Health Monitor, and IBM Tivoli Storage Manager Reporting functions. The administrator can monitor the various components such as storage controller, servers, and switches using the IBM Systems Director and Remote Support Manager. The health monitor will always display the current appliance status. You can configure email and SNMP alerting to get informed whenever a software or hardware error has occurred. Additionally, you can set up the call home functionality from Information Archive. Configuration and use of the monitoring features is explained in detail in Chapter 9, “Monitoring and call home” on page 351. Figure 4-15 shows an illustration of the Health Monitor page.Figure 4-15 Information Archive GUI - Health Monitor4.1.5 RSM management The RSM server software monitors the Information Archive storage controllers. The main function is described in “RSM server for Information Archive” on page 381. Detailed documentation for the IBM Remote Support Manager for Storage can be found at the following website: http://www.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-66062&b randind=5000008 Chapter 4. System administration and operations 87
  • 103. Important: Do not download the RSM server software from the RSM web page. Information Archive uses a special version of RSM for compliance. See “Accessing the RSM server” on page 97 for information about how to access the RSM. There are four management areas and one log section on the RSM main page: System Configuration Reporting and Alerts Internal Firewall Remote Access Statistics and Logs These management areas and log section are shown in Figure 4-16, Figure 4-16 RSM Server - Main Menu System configuration The System Configuration page shown in Figure 4-17 allows you to specify the following information: Company name and address One or more contact people that IBM Service must call or email when responding to a problem report Connection information about the RSM for Storage system Storage controllers to be monitored by the RSM system Other SAN devices System activation There are three validation checks made for the configuration information. The first check occurs when you click the Update Configuration button on each configuration page. This verifies the format and content of each configuration field. Any problem will be indicated with a Configuration Incomplete status. When all configuration Incomplete problems have been fixed, an option will be available at the bottom on the System Configuration page to run a Configuration Test. This test checks that the RSM for Storage system has TCP/IP connectivity to all configured storage devices, with the attached external modem if configured, and that each of the storage controllers can be contacted. Problems detected during the test are indicated with a Configuration Problem status.88 IBM Information Archive: Architecture and Deployment
  • 104. Error correction: The RSM server software will not process any events until all configuration errors are corrected and the System Activation step has been completed. For Information Archive, this is normally already done by manufacturing.A third configuration check occurs each day when each storage controller is contacted toverify connectivity. This check will detect the following situations: If a new version of controller firmware has been installed: This condition will require an update to RSM for compatibility. In Information Archive, this situation is not expected to occur, because normally you have to update the whole appliance, including necessary firmware updates. If any new expansion drawers have been added to the storage controller: When a new enclosure (drawer) is detected, the configuration status for the storage controller in RSM changes to Incomplete and you need to add the IBM Machine Type and Serial number for the enclosure to the RSM configuration.A typical System Configuration page is shown in Figure 4-17.Figure 4-17 RSM Server - System ConfigurationReporting and alertsNormally, all configured storage controllers are enabled for reporting. This means that RSMwill accept and process any events related to the storage controller. If you are relocating astorage controller or performing any task that might generate events that IBM does not needto respond to, you can disable reporting until the storage controller is fully operational again.While you are making configuration changes to the RSM software, the Reporting Status mightbe “Suspended.” This is a reminder that no events will be processed by the RSM system whileany configuration problems exist.This page, shown in Figure 4-18, displays a summary of all alerts being tracked by the RSMsoftware and allows you to view details about alerts that are active for each storage controller.When a storage first reports a problem, an alert is sent to IBM Service. After IBM has beenalerted to the problem, additional alerts for that storage controller are usually held at the RSMsystem. However, if another event for the same storage controller occurs and indicates ahardware failure that differs from the previously sent alert, the new alert will also be sent toIBM. Chapter 4. System administration and operations 89
  • 105. IBM will respond to the alert by connecting to the RSM system, at which time they will either acknowledge or close all of the alerts for the storage controller. Alerts are acknowledged to indicate that they have been seen by IBM Service but work on the problem has not been completed. Closing all of the alerts for a storage controller indicates that service is complete. When all alerts for a storage controller are closed, the RSM software will consider the next event from that storage controller to be a new problem and an alert will be sent to IBM Service. The Reporting and Alerts page will show the number of alerts sent, acknowledge, and pending for each storage controller that has active alerts. Pending alerts are ones that are candidates to be sent to IBM Service, but are being held at the RSM system for one of three reasons: Holding, Queued, or Waiting. Holding: Another alert has already been sent to IBM Service for the storage controller. Queued: The RSM for Storage software attempted to send the alert, but received an error. The most likely cause is a network problem that prevents the RSM for Storage software from reaching the SMTP server. The RSM for Storage software will attempt to re-send the alert every few minutes. Waiting: IBM Service was remotely connected to the RSM system when the alert occurred. If all other alerts have been closed and the remote user disconnects without acknowledging this alert, it will then be sent to IBM Service as a new problem. Figure 4-18 RSM Server - Reporting and Alerts Internal firewall The firewall page shown in Figure 4-19 provides status for the RSM server internal firewall. The purpose of the internal firewall is to limit the scope of access that local and remote users of the system have to your network. The normal state for the firewall is Enabled:Closed which means that the firewall is operational and configured to allow SNMP traps to be received and emails to be sent. However, access to other devices on your network is not allowed. The Enabled:Custom state indicates that one or more custom rules have been added to /etc/rsm/rsmfirewall.conf. These rules will be active any time the firewall is enabled.90 IBM Information Archive: Architecture and Deployment
  • 106. The Enabled:Open state means that access to one or more other devices has been enabled.The firewall allows access to any storage controller that has an active alert, and also storagecontrollers that have been placed in Service Access mode.Disabling the firewall allows unrestricted access from the RSM for Storage system to yournetwork. To maintain the security of your network, disabling the firewall will also disableremote access. Likewise, enabling Remote Access will automatically enable the firewall.Figure 4-19 RSM Server - Internal FirewallRSM remote accessThe RSM Remote Access page shown in Figure 4-20 provides controls and status for remoteaccess to the RSM system. Enabling remote access unlocks the rservice user account anddepending on your configuration, allows the modem to answer an incoming call, or enablesthe firewall to accept SSH connections. Important: If your Information Archive appliance is behind a firewall, you need to configure a port forwarding for the SSH service between your firewall and the RSM server.After being enabled, when a remote user connects to the system, the status will change toActive.You can select to have Remote Access automatically enabled when an alert is sent to IBMService, or wait to be contacted by IBM Service by phone before manually enabling it.This page also allows you to set the Remote Access Timeout. This guarantees that thesystem will return to a secure state, without intervention. If the problem is difficult to resolve,or occurs intermittently, you might need to refresh the time-out to allow IBM Service moretime to work on the problem. If you disable Remote Access while a remote user is connected,the remote user will be disconnected. Chapter 4. System administration and operations 91
  • 107. Figure 4-20 RSM Server - Remote Access Statistics and logs The Statistics and Logs page shown in Figure 4-21 contains information that can be helpful in solving problems with operation of the RSM server application: The Activity Log contains time stamped entries for actions performed by the RSM software. The Security Log contains time stamped entries for actions performed by the RSM for software that affect the security of the system. The System Log contains time stamped entries for actions performed by the Operating System were the RSM software is running.92 IBM Information Archive: Architecture and Deployment
  • 108. Figure 4-21 RSM Server - Activity Logs4.1.6 DS Storage Manager You can use the DS Storage Manager interface to perform hardware maintenance tasks on the storage controller or to verify the health of the storage controllers. You can access the DS Storage Manager as described in “Accessing the DS Storage Manager interface” on page 98. Important: The DS Storage Manager is a compliant version. No deletion of LUNs or arrays is allowed. Storage controller status When the Enterprise Management Window is opened (see “Accessing the DS Storage Manager interface” on page 98), the storage management software establishes communication with each managed Information Archive storage controller and determines the current status. The status icons displayed in the Enterprise Management Window represent a summary status for each storage controller. If a storage controller has a Needs Attention or Fixing status, you can select the storage controller and launch its management window to determine the condition that is causing this status. More detailed status icons are shown in the Management Window for the various components that comprise the storage controller. Also, the Recovery Guru option provides a detailed explanation of the conditions and the appropriate steps to remedy any Needs Attention status. Error reporting: All critical errors are reported to the RSM server. The configured mail contact will always get informed when a critical error has occurred. For a description of the Storage Manager software and its features, see the IBM Redbooks publication, IBM System Storage DS4000 and Storage Manager, SG24-7010. Chapter 4. System administration and operations 93
  • 109. Storage controller functions The major storage controller functions are as follows: Overall Component Information: Use the storage controller / expansion drawer, Overall Component Information, to view the status of all components in the storage controller. In the Subsystem Management Window, click the View button to display the Summary information as illustrated in Figure 4-22. Figure 4-22 DS Storage manager - storage controller summary Information Recovery Guru: The Recovery Guru is a component of the Management Window that diagnoses storage controller problems and describes recovery procedures to fix the problems. To display Recovery Guru, select the Recovery Guru toolbar button in the Subsystem Management Window. Event log: Use the Event Log Viewer to display a detailed list of events that occur in a storage controller. The Event Log is stored on reserved areas on the storage controller disks and records configuration events and storage controller component failures. The Event Log stores approximately 8,000 events before replacing them. Use the following procedure to display events: – From the Subsystem Management Window, select Advanced  Troubleshooting  View Event Log.94 IBM Information Archive: Architecture and Deployment
  • 110. – Specify or type the number of events to retrieve in the Retrieve most recent events spinner box. When View only critical events is selected, the box is labeled Retrieve most recent critical events. – To view details about a selected event, select View details. – Click Update to retrieve new events from the storage subsystem for display.4.2 Operations In this section, we describe how to start and stop Information Archive and how to access the system components. The Information Archive appliance components must be started and stopped in a specific order. Cluster nodes can be stopped, restarted, or put into maintenance mode. Maintenance mode prevents the cluster management software from trying to restart the node if it is stopped or if an error occurs. Cluster nodes must be put into maintenance mode before a software upgrade on the Information Archive appliance.4.2.1 Accessing the system There are multiple ways to access the various components in order to manage, configure, and operate Information Archive. Accessing the Management Console You can access the Management Console locally or from a remote computer through a web browser. To remotely access the Information Archive command line, you can also use an SSH client such as putty. Accessing the Management Console locally You can access the Information Archive GUI directly from the appliance by using its keyboard video mouse console (KVM console): 1. Press the Print Screen key to open a list of the appliance nodes. Select iamconsole1. 2. Log on to the Management Console server with the iaadmin user account. Accessing the Management Console remotely You can access the Information Archive command line remotely over SSH: 1. Start an SSH client such as putty. 2. Enter the management node server TCP/IP address in the Host Name section. 3. Select the SSH Protocol and port 22. 4. Log on to the Management Console using the iaadmin user account. Starting the Information Archive GUI locally After you are logged on as mentioned in “Accessing the Management Console locally”, the IA GUI logon window is displayed. If a web browser does not open automatically, right-click the Management Console server desktop and select xterm. At the command prompt, enter firefox. You get a Welcome window as shown in Figure 4-23. Chapter 4. System administration and operations 95
  • 111. Starting the Information Archive GUI remotely You can access the remotely, using a supported web browser. Start your web browser and navigate to the following web address: https://<management-console-ip-address>:9043/ibm/console The logon panel is shown in Figure 4-23. Finding TCP/IP address: The TCP/IP address of the Management Console and the appliance name can be found in the Information Archive GUI in the System Management section’s Appliance Properties Notebook. If necessary, access the Information Archive GUI from the appliance keyboard video mouse console (KVM console) to obtain this information. Figure 4-23 Information Archive GUI - logon panel Accessing the cluster nodes You can access the cluster nodes only locally by using the keyboard video mouse console (KVM console). 1. Access Information Archive keyboard video mouse console (KVM console). 2. Press the Print Screen key to open a list of the appliance nodes. Select ianode. Log on to the cluster nodes using the iaadmin user account.96 IBM Information Archive: Architecture and Deployment
  • 112. Accessing the RSM serverYou have to access the IBM Remote Support Manager for Storage (RSM for Storage)interface to view details about disk errors, update call home information for the storagecontroller, and to complete other tasks.Accessing the RSM server from the Information Archive GUIYou can access the RSM server as follows:1. Log on to the Information Archive GUI locally or remote as described in “Accessing the Management Console” on page 95.2. Expand Information Archive Management in the navigation tree.3. Click Service Tools.4. Click Open Remote Support Manager on local Appliance as shown in Figure 4-24. Afterwards you get the Main Menu for the RSM for Storage as shown in Figure 4-25.5. Click any link to receive a logon prompt.Figure 4-24 Information Archive GUI - Open RSM interface Chapter 4. System administration and operations 97
  • 113. Logging on to the RSM server locally To log on to the RSM server locally, use the following steps: 1. Access the Information Archive keyboard video mouse console (KVM console). 2. Press the Print Screen key to open the KVM console menu. Select iarsm1 to connect to the RSM server. 3. Log on to the RSM server using the admin user account. 4. Click the Manage icon on the RSM server desktop to open the RSM for Storage interface as shown in Figure 4-25. 5. Click any link to receive a logon prompt. Figure 4-25 RSM Server - Main menu Accessing the DS Storage Manager interface Use the IBM System Storage DS® Storage Manager interface to perform hardware maintenance tasks on the storage controller. You can access the DS Storage Manager locally or from a remote computer. Accessing the DS Storage Manager locally Log on to the Management Console server using the iaadmin user account. Right-click the Management Console server desktop and click xterm. At the Management Console server prompt, enter the command sudo SMclient.98 IBM Information Archive: Architecture and Deployment
  • 114. Accessing the DS Storage Manager remotelyTo access the DS Storage Manager from a remote computer, use the following steps:1. Install an X-Server on the remote computer2. Open an ssh client like Putty3. Enable X11 forwarding as shown in Figure 4-26.Figure 4-26 Putty - Enable X11 Forwarding4. As shown in Figure 4-27, you have to select the Category Session from the left menu. Then do the following steps: a. Enter the Management Console server TCP/IP address in the Host Name section b. Select the SSH Protocol and the Port 22 c. Click Open to start the SSH session Chapter 4. System administration and operations 99
  • 115. Figure 4-27 Putty - Basic options 5. Log on to the Management Console using the iaadmin user account. 6. Run the command sudo SMclient to start the DS Storage Manager interface on your remote computer. This is shown in Example 4-1. Example 4-1 Starting the SMclient login as: iaadmin Using keyboard-interactive authentication. Password: Last login: Fri Feb 19 17:30:07 2010 iaadmin@IA-Primary:~> sudo SMclient If the configurations settings are correct, you get a window as shown in Figure 4-28. Figure 4-28 SMclient Enterprise window100 IBM Information Archive: Architecture and Deployment
  • 116. Accessing the IBM Systems Director You can use IBM Systems Director to diagnose and troubleshoot hardware errors, and to configure the call home feature for Information Archive. Logging on to the IBM Systems Director using the Information Archive GUI Log on to the IBM Systems Director as follows: 1. Log on to the Information Archive GUI. 2. Expand Information Archive Management in the navigation tree. 3. Click Service Tools. From the Service Tools window shown in Figure 4-24, select Open IBM Systems Director on Local Appliance locally. 4. Log on using the iaadmin user account and password. You get the Welcome to IBM Systems Director window as shown in Figure 4-29. Figure 4-29 IBM System Director - Welcome panel For details about the IBM Systems Director, see 9.3, “Using IBM Systems Director in Information Archive” on page 365.4.2.2 Shutting down the appliance When you want to power off the whole appliance, you have to do it in a specific order: 1. Shut down all cluster nodes. 2. Shut down the RSM server. 3. Shut down the Management Console. 4. Power off all storage controllers. 5. Power off all expansion drawers. 6. Power off KVM Switch. 7. Power off Rack / Switches. Chapter 4. System administration and operations 101
  • 117. Shutting down the cluster nodes From the KVM console, log on to the Management Console using the iaadmin user account. Log on to the Information Archive GUI with a user account that has Information Archive System Administrator authority. Tip: At the command line (X-Term Window on the Management Console server), enter ia_list_active_hosts.py. Check the output to ensure that all the archiving activities have been completed. It is better to suspend all collections before you power off cluster node servers. Stopping all cluster nodes Follow these steps to stop all cluster nodes: 1. Expand Information Archive Management in the navigation tree. 2. Click System Management. 3. In the Cluster Node section, stop all cluster nodes: a. Click the stop icon next to the first cluster node as shown in Figure 4-30. b. Select Shutdown node and click OK as shown in Figure 4-31 c. Repeat these steps for each cluster node. Figure 4-30 Stop icon - cluster node Figure 4-31 Shut down cluster node102 IBM Information Archive: Architecture and Deployment
  • 118. Shutting down a cluster node on the secondary applianceTo shut down a cluster node on the secondary appliance, follow these steps:1. Open a secure shell connection and log in to the secondary appliance Management Console as iaadmin.2. At the command line, enter ia_powercontrol -d <nodename> where <nodename> is the name of the cluster node server you want to power down. (see Example 4-2)3. Make sure that you see the following output to verify that the node has been successfully powered down: Node attached to power control hardware at <nodename> powered down.Example 4-2 shut down secondary cluster nodeiaadmin@IA-Secondary:~> ia_powercontrol -d ianode3Node attached to power control hardware at ianode3 powered down.Shutting down the RSM serverLog on to the RSM server as root user and open a Terminal Window (Desktop icon in thelower left corner). Enter the shutdown now -h command to shut down the RSM server.Shutting down the Management ConsoleLog on to the Management Console and open a terminal window. Enter the sudo/sbin/shutdown now -h command to shut down the Management Console.A second way to shut down the Management Console is to slide the power-control buttoncover to the left and press the power-control button. The power-control button is located onthe right side of the server, above the optical drive bay.Powering off the storage controller / expansion drawerPress the left and right rocker switches on the back of the storage controller (2231-D1A). Ifnecessary, repeat this operation for the storage controllers in the 2231-IS3 expansion rack.If you have the optional expansion drawers (2231 D1B), press the left and right rocker switchon any available expansion drawers. Important: The storage controller (2231-D1A) must be powered off, before you power off the expansion drawers (2231-D1B).Powering off the KVM switchPress the power button on the keyboard video mouse console (KVM console). The powerbutton is located at the bottom of the monitor.Press the rocker switch on the keyboard video mouse switch (KVM switch) in the back of theRack.Powering off the rack / SAN and Ethernet switchesThe FC and Ethernet switches in Information Archive are not equipped with rocker switches. Ifyou need to power off the switches, you have to unplug the power cords or unplug the mainline power cords connected to the left or right power distribution units (iPDUs) in theappliance.When you plan to unplug the main line power cords, be sure that all servers are powered off. Chapter 4. System administration and operations 103
  • 119. 4.2.3 Starting up the appliance When you want to power on the whole appliance, you have to do it in a specific order: 1. Power on rack / switches 2. Power on the KVM switch 3. Power on expansion drawers 4. Power on storage controller 5. Power on Management Console 6. Power on all cluster nodes 7. Power on RSM server Powering on the rack / SAN and Ethernet switches The SAN and Ethernet switches within Information Archive are not equipped with rocker switches. To power on the switches, you have to plug the power cords or plug the main line power cords to the left or right power distribution units (iPDUs) in the appliance. Make sure the main line power cords are connected to both iPDUs. Powering on the KVM switch Press the rocker switch on the keyboard video mouse switch (KVM switch) in the back of the rack. Press the power button on the keyboard video mouse console (KVM console). The power button is located at the bottom of the monitor. Powering on the expansion drawers / storage controller If you are have the optional expansion drawers (2231-D1B), press the left and right rocker switches on any available expansion drawers. Press the left and right rocker switches on the back of the storage controller (2231-D1A). If installed, repeat this step for the storage controllers in the 2231-IS3 expansion rack. Important: All expansion drawers (2231-D1B) have to be powered on first before you continue with powering on the storage controllers (2231-D1A). Powering on the Management Console On the front of the Management Console, slide the power-control button cover to the left and press the power-control button. The power-control button is located on the right side of the server, above the optical drive bay. Power-control LED: When the server was completely powered off, the power-control button LED of the server flashes rapidly for up to one minute. When the power-control button LED is flashing slowly, press the button to start the server. Powering on the cluster nodes Starting a cluster node powers on the server and starts the software processes required for ingesting and managing documents. There are two possibilities to power on the cluster node server. You can power on the cluster node server from the Information Archive GUI or just by pressing the power button.104 IBM Information Archive: Architecture and Deployment
  • 120. Powering on the cluster node server from the Information Archive GUI Log on to the Information Archive GUI and complete the following steps: 1. Expand Information Archive Management in the navigation tree. 2. Click System Management. 3. In the Cluster Nodes section, complete the following steps: a. Click the start icon button next to the cluster node as shown in Figure 4-32. If the cluster node was shut down using the Information Archive GUI, it starts in maintenance mode. b. Click the maintenance mode button next to the cluster node to bring it out of maintenance. A typical maintenance button is shown in Figure 4-30. Figure 4-32 Start icon Cluster Node Powering on the cluster node server using the power button On the front of the cluster nodes, slide the power-control button cover to the left and press the power-control button. The power-control button is located on the right side of the server, above the optical drive bay. Power-control LED: When the server was completely powered off, the power-control button LED of the server flashes rapidly for up to one minute. When the power-control button LED is flashing slowly, press the button to start the server. Powering on the RSM server On the front of the RSM server, slide the power-control button cover to the left and press the power-control button. The power-control button is located on the right side of the server, above the optical drive bay. Power-control LED: When the server was completely powered off, the power-control button LED of the server flashes rapidly for up to one minute. When the power-control button LED is flashing slowly, press the button to start the server.4.2.4 Rebooting the servers Occasionally it might be necessary to reboot a server, for example, for troubleshooting, restoring configuration files, or tracing. Normally this process is directed by IBM support. Rebooting a cluster node You can reboot a cluster node from the Information Archive GUI or from the cluster node itself Rebooting a cluster node using the Information Archive GUI You can reboot the cluster node using the Information Archive GUI, as follows: 1. Log on to the Information Archive GUI from the Management Console as described in “Accessing the Management Console” on page 95. 2. Expand Information Archive Management in the navigation tree. Chapter 4. System administration and operations 105
  • 121. 3. Click System Management. 4. In the Cluster Node section, click the stop icon next to the first cluster node as shown in Figure 4-33. Figure 4-33 Cluster node stop Select Restart node and click OK as shown in Figure 4-34. Figure 4-34 Restart node Rebooting a cluster node using the Information Archive CLI You can also reboot the cluster node as follows: 1. Access the Information Archive keyboard video mouse console (KVM console). 2. Press the Print Screen key to open the KVM console menu. Select ianodeX to connect to the cluster node server. 3. Log on to the cluster node server using the iaadmin user account. 4. Enter command sudo /sbin/reboot as shown in the Example 4-3. Example 4-3 Reboot cluster node command iaadmin@ianode1:~> sudo /sbin/reboot Rebooting the Management Console To reboot the Management Console, follow these steps: 1. Access the Information Archive keyboard video mouse console (KVM console). 2. Press the Print Screen key to open the KVM console menu. Select iamconsole1 to connect to the Management Console. 3. Logon using the iaadmin user account. 4. Enter the command sudo /sbin/reboot.106 IBM Information Archive: Architecture and Deployment
  • 122. Rebooting the RSM server To reboot the RSM server: 1. Access the Information Archive keyboard video mouse console (KVM console). 2. Press the Print Screen key to open the KVM console menu. Select iarsm1 to connect to the RSM server. 3. Log on to the RSM server using the root user account. 4. Open a terminal window and enter the command reboot.4.2.5 Maintenance mode for cluster node Putting a cluster node into maintenance mode prevents the cluster management software from trying to restart the cluster node if it is stopped. A cluster node must be put into maintenance mode when you run a software upgrade on the Information Archive. Secondary cluster: It is not possible to place a secondary cluster node in maintenance mode, because it is in read-only mode. Placing a cluster node into maintenance mode Log on to the Information Archive GUI and complete the following steps: 1. Expand Information Archive Management in the navigation tree. 2. Click System Management. 3. In the Cluster Nodes section, click the maintenance mode icon (the right icon) next to the cluster node to bring the node maintenance mode, as shown in Figure 4-35. Figure 4-35 Maintenance mode icon 4. In the next window, click Put Node into Maintenance Mode, as shown in Figure 4-36. Figure 4-36 Maintenance mode Chapter 4. System administration and operations 107
  • 123. Taking a cluster node out of maintenance mode Log on to the Information Archive GUI and complete the following steps: 1. Expand Information Archive Management in the navigation tree. 2. Click System Management. 3. In the Cluster Nodes section, click the maintenance mode icon (the right icon) next to the cluster node to bring the node out of maintenance mode.4.2.6 Suspending a collection You can suspend a collection to allow maintenance on the storage controller and you have to suspend all collections to apply a software upgrade. If a File Archive Collection is suspended, Network File System (NFS) and HTTP accesses are stopped. When a System Storage Archive Manager Collection is suspended, you cannot commit or retrieve documents. Any uncommitted documents in the collection file system remain uncommitted and will not be ingested until the collection is resumed. To suspend a collection, log on to the Information Archive GUI and complete these steps: 1. Expand Information Archive Management in the navigation tree. 2. Click System Management. 3. In the Collections section, click the suspend button that is next to the collection you are suspending, as shown in Figure 4-37. Figure 4-37 Suspend icon 4. Confirm that you really want to suspend the collection. Click Yes or No. Figure 4-38 Suspend Collection confirmation Tip: You might have to scroll up the web browser window to see the Yes or No button.108 IBM Information Archive: Architecture and Deployment
  • 124. 4.2.7 Resuming a collection You can resume a collection that has been suspended. If you resume a File Archive Collection, the Network File System (NFS) and HTTP services are started and any uncommitted documents are processed. Log on to the Information Archive GUI and complete the following steps: Expand Information Archive Management in the navigation tree. Click System Management. In the Collections section, click the resume button that is next to the collection you are resuming.4.2.8 Retrieving error logs and traces You can download a compressed file that contains error and trace logs from the Information Archive GUI or from the Management Console. The logs are used by IBM service representatives to troubleshoot errors. Service ticket: If you have an open service ticket at IBM, you can upload the log files at: http://www.ecurep.ibm.com/app/upload Files are excluded from the compressed file if they are too old, too large, or in a directory with too many files. The files are excluded to reduce the size of the log file. These thresholds are preset, and cannot be changed. To override the log collection thresholds and to collect all the log files, use the trace configuration utility. How to modify the Logging and Tracing options is explained in 9.6, “Logging and tracing” on page 398. To download the logs from the Information Archive GUI, perform the following steps: 1. Log on to the Information Archive GUI as an administrative user with Information Archive System Administrator level of access. 2. Expand Information Archive Management in the navigation tree. 3. Click Service Tools in the lower right corner as shown in Figure 4-39. Figure 4-39 Service Tool Screen 4. In the Logging and Tracing section, click Download logs. When the logs are ready, a dialogue box appears. Specify where to save the compressed file and the file is downloaded. If you use the keyboard video mouse console to download the logs, they are saved in the /home/iaadmin directory on the Management Console. Chapter 4. System administration and operations 109
  • 125. 4.3 Information Archive Command Line Interface The Information Archive provides a command line interface (Information Archive CLI) that gives you an alternative to the Information Archive GUI for executing some tasks. The CLI can also be used to define scripts for monitoring or for configuration tasks. The Information Archive CLI runs at the Information Archive Management Console and uses a tool called wsadmin to issue administrative commands.4.3.1 Definitions This section explains some terms and concepts often used in the context of the Information Archive CLI: wsadmin The wsadmin tool is used to manage WebSphere Application Server as well as the configuration, application deployment, and server run-time operations. The Information Archive CLI only supports the Jython scripting languages. The wsadmin launcher makes several scripting objects available: AdminConfig, AdminControl, AdminApp, AdminTask, and Help. Scripts use these objects for application management, configuration, operational control, and for communication with MBeans that run in WebSphere Application Server processes. jython Jython, successor of JPython is a pure Java implementation of the Python programming language that allows you to run Python programs on any Java platform. iacli.sh The iacli.sh is a script, available on the Information Archive Management Console to run Information Archive CLI commands. The script will check Information Archive appliance prerequisites before the wsadmin tool is opened. Information Archive CLI commands are case-sensitive. Enter all commands using lowercase characters.4.3.2 Accessing the Information Archive CLI You have two possibilities to get to the command line interface: From the Information Archive GUI: If you are directly at the appliance and logged on the Management Console, do a right-click in the desktop and select “Terminal Window.” Through SSH: You can open an SSH session with your SSH client, for example, putty, pointing to the TCP/IP address of the Management Console. Then, run the command iacli.sh110 IBM Information Archive: Architecture and Deployment
  • 126. 4.3.3 CLI command categories There are seven categories of CLI commands available: Collection management commands Policy management commands Collection access commands System management commands Event notification commands Logging and tracing commands Document management commands For a detailed command reference, see the Information Archive User Guide, SC27-2325 or access the information from the Information Archive Information Center at: http://publib.boulder.ibm.com/infocenter/tivihelp/v37r1/topic/com.ibm.ia.doc_1.0/i c/c_cli_overview.html4.3.4 Using the Information Archive CLI There are three methods available to enter Information Archive CLI commands: Entering Information Archive CLI commands interactively Redirecting command output Using a script to run commands Role: You will need a userid with the IA Archive Administrator role to perform collection related CLI commands. Entering CLI commands interactively Start and run the Information Archive command line interface (Information Archive CLI) in interactive mode to enter multiple commands without being prompted for your user account and password each time (Example 4-4). The Management Console can be accessed directly from the keyboard video mouse (KVM) console in the appliance, or remotely through a Secure Shell (SSH) connection. When you start the Information Archive CLI, you must enter an administrative user account and password. The user account must be assigned either the IA Archive Administrator or the IA System Administrator administrative user role to issue commands. Log on to the Management Console and complete the following steps: 1. At the Management Console prompt, enter iacli.sh. 2. Enter your administrative user account and password when prompted. 3. Enter Information Archive CLI commands. For example showsystemstatus to display the system health status. 4. Enter quit to exit the Information Archive CLI prompt. Example 4-4 Enter Information Archive CLI command showsystemstatus interactively iaadmin@IA-Primary:~> iacli.sh IA Username: iscadmin IA Password: CTJIC0151I The IBM Information Archive command line is ready for use. IACLI> showsystemstatus Chapter 4. System administration and operations 111
  • 127. ----Cluster Node Status---- Cluster Node Name: ianode1 Cluster Node IP: 172.31.1.1 Collections Hosted: NFS1, SSAM1 State: running Cluster Node Name: ianode2 Cluster Node IP: 172.31.1.2 Collections Hosted: NFS1, SSAM1 State: running Cluster Node Name: ianode3 Cluster Node IP: 172.31.1.3 Collections Hosted: NFS1, SSAM1 State: running ----Storage Subsystem Status---- Controller Name: iastorage1a Hosted Collection: NFS1 Capacity: 9.95 TB Cache Hit Ratio: 1.0% Throughput: 2.9 MB/sec I/O Rate: 59.3 KB/sec Remote Replication Status: Synchronized Controller Name: iastorage2a Hosted Collection: SSAM1 Capacity: 4.5 TB Cache Hit Ratio: 1.0% Throughput: 1.1 MB/sec I/O Rate: 12.2 KB/sec Remote Replication Status: Synchronized ----Tape Library Status---- Library Name: IBM 00L4U78F6723_LL1 3573-TL /dev/IBMchanger0 Library Name: IBM 00L4U78F6723_LL0 3573-TL /dev/IBMchanger1 Drive 1: IBM 1310127710 ULT3580-TD4 /dev/IBMtape0 Drive 2: IBM 1310125225 ULT3580-TD4 /dev/IBMtape1 IACLI>quit iaadmin@IA-Primary:~> Tip: For information about using the Information Archive command line interface, enter help. To view a full list of available commands, enter help -listcommands yes.112 IBM Information Archive: Architecture and Deployment
  • 128. Redirecting command outputUse the wsadmin tool at the Management Console to run a single Information Archive CLIcommand and redirect the output to a file. You do not need the iacli.sh script in front of thiscommand.To redirect command output, you must translate an Information Archive command to Jythonsyntax and enter it as a wsadmin parameter. The format is:/opt/tivoli/tsm/AC/ISCW61/bin/wsadmin.sh -user ia_user -password ia_password -langjython -c "print AdminTask.command_name([command_parameters])"Where ia_user is an administrative user account with the authority to run the command,ia_password is the password for the administrative user, command_name is the name of anIA CLI command, and command_parameters is a list of one or more valid command parameterand value pairs, each separated by a single space.Example 4-5 illustrates redirecting of the showsystemsettings Information Archive CLIcommand output.Example 4-5 Redirect Information Archive CLI command showsystemsettingsLogin as iaadmin.iaadmin@IA-Primary:~> /opt/tivoli/tsm/AC/ISCW61/bin/wsadmin.sh -user administrator-password password -lang jython -c "print AdminTask.showsystemsettings()"WASX7209I: Connected to process "tsmServer" on node tsmNode using SOAP connector;The type of process is: UnManagedProcess----General Appliance----Name: IA-PrimaryTime Server: 172.31.3.2Enhanced Tamper Protection: onFile Archive Collections: enabledSystem Storage Archive Manager collections: enabled----File Sharing----Protocol Status PortWeb Sharing (HTTP) RUNNING 80Network File Sharing (NFS) RUNNING 2049----LDAP Settings----LDAP Server: 9.153.1.100LDAP Port Number: 389LDAP Type: ITDSSearch Base: dc=ArchiveSolutionCompetenceCenter,dc=Leipzig,dc=localBind Distinguish Name:cn=Administrator,dc=ArchiveSolutionCompetenceCenter,dc=Leipzig,dc=localSSL Enabled: noSSL Certificate: n/a Chapter 4. System administration and operations 113
  • 129. Using a script to run commands To automate Information Archive command-based tasks, create a Jython script containing the commands that you want to issue and run the script using the wsadmin tool. To use a script, complete the following steps (assuming, that you have already created a user with the account “administrator” by the Information Archive GUI): 1. Log on to the Management Console as iaadmin. 2. Create a Jython script, with each Information Archive CLI command listed on a separate line. vi <name_of_script> Example: vi query_system_settings.py See Example 4-6. Example 4-6 Sample Jython Script query_system_settings.py to query system settings by CLI # # This script will display IA system settings # print AdminTask.showsystemsettings() print AdminTask.listcollection(-format detailed) print AdminTask.shownotification() 3. Save the Jython script with a .py file extension on the Management Console. 4. At the Management Console prompt, issue the following command to run the Jython script: /opt/tivoli/tsm/AC/ISCW61/bin/wsadmin_cli.sh -user ia_user -password ia_password -lang jython -f path_to_jython_script Where ia_user is an administrative user account with the authority to run the scripted commands, ia_password is the password for the administrative user, and path_to_jython_script is the location of the Jython script on the Management Console server. For example: /opt/tivoli/tsm/AC/ISCW61/bin/wsadmin_cli.sh -user administrator -password password -lang jython -f /home/iaadmin/query_system_setting.py Attention: Created scripts are not backed up automatically. It is a user responsibility.114 IBM Information Archive: Architecture and Deployment
  • 130. 5 Chapter 5. System Storage Archive Manager Collections IBM Information Archive (Information Archive) uses collections to manage archive data. Depending on the archiving application and the functions needed, there are various types of collections available. In this chapter we provide information about the IBM System Storage Archive Manager Collections. Because this type of collection is based on the product IBM System Storage Archive Manager, we explain the relevant details of this product. This information is intended primarily for readers who are new to IBM System Storage Archive Manager. However, we also indicate which features are most relevant to the particular usage within Information Archive collections. Furthermore, we describe the configuration and administration of System Storage Archive Manager Collections, and we register archiving applications to use this configuration.© Copyright IBM Corp. 2010. All rights reserved. 115
  • 131. 5.1 System Storage Archive Manager Collection overview System Storage Archive Manager Collections are used to archive and retrieve documents using the IBM Tivoli Storage Manager archive client or the IBM Tivoli Storage Manager application program interface (API). The latter is considered the preferred technology, because the API is optimized for archival usage and an encapsulated system. Archive applications like document management systems or enterprise content management systems utilize the IBM Tivoli Storage Manager API and archive and retrieve their data by using the API functions. Figure 5-1 shows a diagram of these concepts. TSM API Client Web-browser SSAM Server IA Management GUI Clustered Filesystem & Middleware Disk Storage SSAM Collection IBM Information Archive Tape Device (optional) Figure 5-1 System Storage Archive Manager Collection overview Each System Storage Archive Manager Collection is hosted by a dedicated IBM System Storage Archive Manager server. The System Storage Archive Manager server is running on a Linux operating system on one of up to three cluster nodes, depending on how many cluster nodes are available in the configuration. Each System Storage Archive Manager Collection is using its own, dedicated disk storage subsystem. The IBM System Storage Archive Manager is an integrated component of the PID 5608-IAF Information Archive software. Because the IBM System Storage Archive Manager is the core component of the System Storage Archive Manager Collection where all retention policies and data are managed, we explain the functions and features in detail in the following topics. The underlying file system is the IBM General Parallel File System (GPFS), where the System Storage Archive Manager server stores its own IBM DB2 database and the archived data. The System Storage Archive Manager DB2 database is used to maintain management information such as retention policies and access credentials. The archived data is not held in the database, hence it is stored by System Storage Archive Manager storage pools directly into GPFS. The System Storage Archive Manager server makes use of GPFS functionality by a certain setup within the Information Archive appliance. For instance, System Storage Archive Manager uses file device classes instead of random access file device classes. With that setup, the appliance can store and manage multiple billions of documents over its deployment lifetime.116 IBM Information Archive: Architecture and Deployment
  • 132. The System Storage Archive Manager Collections are created and administrated through the IA GUI running on the Management Console. The graphical user interface (Information Archive GUI) on the Management Console can be accessed through a HTTP web browser. The Information Archive GUI works with various user roles and shows various panels and results depending on those roles. Each administrative user has to log on to the Information Archive GUI with its own user account and password. Optionally you can attach tape devices to the Information Archive appliance. Tape attachment is already preconfigured in Information Archive and therefore very easy to configure. With tape attachment, you can automatically migrate data from disk to tape. Thresholds and migration delays are used to control the migration process and guarantee the availability and performance for your data. With tape attachment, you can also back up and restore the System Storage Archive Manager environment and help prepare for disaster protection. To use the System Storage Archive Manager Collection, you must follow four basic steps: 1. Create a System Storage Archive Manager Collection from the Information Archive GUI within the Information Archive Management Console. The Create Collection Wizard will guide you through the entire process. Tip: Before you create a System Storage Archive Manager Collection, you must enable support for this collection type. If support was not enabled during initial configuration, you can use the appliance properties notebook to enable the support. 2. Configure the retention policy for the new collection by creating a System Storage Archive Manager policy domain or configuring the default System Storage Archive Manager policy domain that is created during the creation of the collection. System Storage Archive Manager is also administrated at the administrative interface in the Management Console, you can use the Information Archive GUI or command line (Information Archive CLI). 3. Register a client node in System Storage Archive Manager so you can create an account on the Information Archive server for client applications (archive applications). 4. Configure an external archive appliance, such as the one corresponding to a System Storage Archive Manager client node registered in step 3, to use Information Archive as storage device. The external archive appliance is not part of the Information Archive appliance. If you are using document management systems or other archive applications that cannot connect to the Information Archive by the System Storage Archive Manager interfaces, you might consider using the open standard interfaces of Information Archive. These interfaces are not covered in this chapter, however, we describe them in Chapter 6, “File Archive Collections” on page 167.5.2 IBM System Storage Archive Manager overview A System Storage Archive Manager server is much like any other IBM Tivoli Storage Manager server. All features to administer the server and manage data objects and the storage repository are still available. Most of the devices that are supported with Tivoli Storage Manager server are available for an Information Archive System Storage Archive Manager server. System Storage Archive Manager was introduced as a separately licensed product in Version 5.2.2 and was designed to help meet data retention and disposition compliance regulations and policies. System Storage Archive Manager uses the IBM Tivoli Storage Manager Extended Edition source code. Chapter 5. System Storage Archive Manager Collections 117
  • 133. Tip: IBM Tivoli Storage Manager and IBM System Storage Archive Manager share the same source code for executables but are intended for other usage. These two products have unique licenses. However, only the System Storage Archive Manager server shows the unique name, whereas all accompanying components for that server are still named with IBM Tivoli Storage Manager. System Storage Archive Manager provides storage management services that permit users to archive files from their workstations or file servers to archive retention protected storage. Archived copies of files can be retrieved to local workstations. System Storage Archive Manager also includes an application program interface (API) client program that you can use to enhance a content-management application with storage management services. When an application is registered with a server as a client node, the application can archive and retrieve objects from archive retention-protected storage. We refer to all those applications in general as archive applications. System Storage Archive Manager uses chronological and event-based retention policies. Chronological retention is a calendar-based policy in which the final expiration countdown begins when an object is sent to System Storage Archive Manager storage. Event-based retention requires a predefined activation event to occur before the final expiration countdown starts. System Storage Archive Manager provides the ability to override prescribed retention policies using the deletion hold and release events. System Storage Archive Manager offers rich functionality and features giving you a powerful and comprehensive archive retention solution, hence they can all be found in the Information Archive appliance: System Storage Archive Manager runs on vendor neutral storage technology, giving you the ability to utilize hundreds of types of disk, tape, optical, and DVD media on which to retain your data. In case of Information Archive, the internal disk storage subsystem can be extended over the time and can also be replaced when necessary. Substitution of the disk storage subsystem is accompanied by System Storage Archive Manager with data migration services and validation methods for data integrity. Hierarchical storage capabilities allow you to create policies so data is stored on the type of media that best meets data longevity, access speed, and cost needs. For instance, with Information Archive, you can attach tape devices to back up all data. Migration automates moving data from one type of media to another as media needs change, and as new types of media become available in the market. Archive Managers expiration policies expire the data when it is no longer needed, thus freeing up the WORM protected disk storage media and saving you money. With Information Archive, the expired data in the disk storage subsystem will be erased and the space will be used again to store new data. If needed, data shredding can be configured to erase the data in an even more secure way. Off-site protection of the data is standard in the System Storage Archive Manager. Off-site copies can be created onto any of the hundreds of types of media supported, and like the primary copy, is policy-managed to allow for expiration. WORM tape devices are a good choice for that kind of protection. It is beyond the scope of this book to explain System Storage Archive Manager in detail. This book focuses on the System Storage Archive Manager fundamentals necessary to understand the Information Archive appliance and explores what customizing has already been done to the System Storage Archive Manager server provided in Information Archive.118 IBM Information Archive: Architecture and Deployment
  • 134. Tip: For a detailed overview of System Storage Archive Manager V6.1 and its complementary products, see the IBM Tivoli Storage Manager Version 6.1 information center at the following location: http://publib.boulder.ibm.com/infocenter/tsminfo/v6/index.jsp5.2.1 IBM System Storage Archive Manager architecture overview System Storage Archive Manager is implemented as a client/server software application with various components, depending on the function that has to be provided. Figure 5-2 shows the System Storage Archive Manager architecture and the most important components. Client Environment Server Environment TS Administrative Client M Integrated Solutions Console Administration Center Web Browser Command Line Interf ace TS Administrative Client M Server TS Backup-Archive Client M - Lapt op, Desktop F F lat ile - Workstat ion Web Browser - File Server Command Line Interf ace DB LOG Disk - Server (Print , Proxy, …) Graphical User Interface Local/ Metro/ Wide File Server TSM for HSM Optical -F S ile erver Area Network Flat File Tape Command Line Interface Graphical User Interface SS S AM erver Storage Repository Application Server - Database Server TS API M - E-Mail Server Legacy D a at - ER Server P - Port al Server Command Line Interface - File Server Figure 5-2 IBM System Storage Archive Manager architectural overview The System Storage Archive Manager server is running in the Information Archive appliance while various clients are based upon any archiving application connected to the System Storage Archive Manager server through TCP/IP networks. The core product of the entire System Storage Archive Manager environment is the System Storage Archive Manager server with its relational database and storage repository. The server basically provides data management, retention policies, and storage. The System Storage Archive Manager server can be administrated from any available Tivoli Storage Manager administrative client, which is represented by executable files, and a command line interface, which is connected to the System Storage Archive Manager server or to another administrative server called the Integrated Solutions Console (ISC). The ISC can be reached with any web browser in the enterprise. The ISC is a generic IBM administration interface where various applications can be embedded through plug-ins. The plug-ins are called the IBM Tivoli Storage Manager Administration Center (Administration Center) and in the case of a System Storage Archive Manager server, you first log in to the ISC and then can administrate the System Storage Archive Manager server with the embedded Administration Center. Both components (ISC and Administration Center) are available with Information Archive. Chapter 5. System Storage Archive Manager Collections 119
  • 135. From a System Storage Archive Manager perspective, the System Storage Archive Manager clients are systems that exchange data with the System Storage Archive Manager server through TCP/IP networks. There are two types of System Storage Archive Manager clients: The first type of client, the IBM Tivoli Storage Manager backup-archive client, is able to use System Storage Archive Manager directly as a storage repository for archive data. Because the System Storage Archive Manager server is intended to help with regulatory retention, the IBM Tivoli Storage Manager backup-archive client is not able to use its backup functions with the System Storage Archive Manager server. They are disabled. The second type of client uses the IBM Tivoli Storage Manager Application Program Interface (API). Products that use the API with System Storage Archive Manager are typically document content management systems, enterprise content management systems, and so on. Tivoli Storage Manager for HSM for Windows is also a product that uses the API to do hierarchical storage management for NTFS file systems on Microsoft Windows. Although various types of System Storage Archive Manager clients can use a storage area network (SAN) for their normal business, like LAN-free backup and restore, they are not able to do so with System Storage Archive Manager in Information Archive. Due to the necessity to share the back-end storage devices between the server and the client in case of SAN services, Information Archive avoids that for compliance reasons. Attention: Archive applications (System Storage Archive Manager clients) can only communicate over TCP/IP when archiving to an Information Archive System Storage Archive Manager Collection. IBM System Storage Archive Manager server The System Storage Archive Manager server consists of a runtime environment, an IBM DB2 database, and a data storage hierarchy (also known as a storage repository). In the case of Information Archive, those three components are integrated into the appliance and they run on the cluster nodes. The DB2 database stores all information about the running environment and the managed data. Included are retention policies, user management, and metadata for the archived data. The storage hierarchy is used to store the managed data depending on various requirements and in association with the retention policies. System Storage Archive Manager database and database log files With IBM System Storage Archive Manager V6.1 and later, the recovery log is comprised of two primary storage locations. These locations are the active log and the archive log. For security reasons, the active log can be mirrored by DB2, the archive log can have an overflow location. Information Archive uses all kind of security with the System Storage Archive Manager database except the archive overflow location. Because Information Archive uses GPFS, the file system for the archive log is not limited to any size. Hence, Information Archive has no need to utilize the overflow location.120 IBM Information Archive: Architecture and Deployment
  • 136. The DB2 environment for Information Archive is shown in Figure 5-3. DBDirectory ACTIVELOGDirectory S0000011.LOG Database S0000012.LOG MIRRORLOGDirectory S0000011.LOG S0000012.LOG DBBACKUPDirectory ARCHLOGDirectory S0000000.LOG 67894321.DBV S0000001.LOG 67894322.DBV ARCHFAILOVERLOGDirectory S0000006.LOGFigure 5-3 System Storage Archive Manager database, database log files, and database backup filesThe active log is used to store current in-flight transactions for the server. For example, if theserver has 10 archive client sessions performing archiving or retrieving, the transactions usedby those sessions will be represented in the active log and used to track changes to theserver database such as the insert, delete, or update to records for tables within the serverdatabase.The archive log contains copies of closed log files that were in the active log at an earlier time.The archive log is not needed for normal processing, but is typically needed for recovery ofthe database. To provide roll-forward recovery of the database to the current point in time, alllogs since the last database backup must be available for the restore operation. For theSystem Storage Archive Manager server, the archive log is included in database backups, sothat it can be used for roll-forward recovery of the database. The pruning of the archive logfiles is based on full database backups. Backups can be written to attached storage deviceslike disk storage subsystems or tape devices.System Storage Archive Manager can designate a secondary archive log location, also calledan archive failover log directory. The archive failover directory is used by the server if thearchive log directory runs out of space. Specifying an archive failover directory is optional, butcan prevent problems that occur if the archive log runs out of space. With Information Archive,thanks to GPFS and the overall storage capacity, it is very unusual for the archive logdirectory to run out of space. Hence, there is no secondary archive log location withInformation Archive.When the active log contains log files that are full, the log files are closed by DB2 and getcopied to the archive log directory, transactions might still be active when the file getsarchived. The server continues to copy full log files to the archive log directory until thedirectory becomes full, then copies will go to the failover archive log directory. If even thefailover archive log directory fills up, for example, because of unexpected workload, the activelogs will retain in the active log directory. This can result in an out of log space condition and aserver halt if the active log directory fills up, too. Information Archive health monitoring as wellas its reporting and monitoring features help you become aware of that situation in advance. Chapter 5. System Storage Archive Manager Collections 121
  • 137. Storage repository A System Storage Archive Manager server can write data to more than 400 types of devices, including hard disk drives, disk arrays, and subsystems, stand-alone tape drives, tape libraries, and other forms of random and sequential-access storage. The media that the server uses are grouped into storage pools, and various device classes support the various technologies. For the Information Archive appliance, the storage pools are implemented through a private SAN attachment to the 2231-D1A disk controllers. The disk subsystem is configured as a Redundant Array of Independent Disks (RAID) 6 to maintain data integrity even in the event of two disk failures. The filesystem is build upon the IBM General Parallel File System (GPFS) and System Storage Archive Manager leverages that file system with its database and recovery log as well as with all archived data. The base 2231-IA3 appliance frame supports only one Storage Controller and therefore only one collection. An expansion frame (2231-IS3) can be attached to the base frame to support two more storage controllers and so also two more collections, if needed. Multiple System Storage Archive Manager collections are typically needed for very large environments to balance the work load, and for compliance reasons to divide systems physically. Optional tape attachment with Information Archive can expand the storage repository to migrate data and to use backup and restore as well as disaster protection. Tip: Although optional, it is highly desirable to use the tape attachment feature for Information Archive. Tapes extend the Information Archive storage capacity by allowing migration from the default appliance disk media. Moreover, you can also make backups of your archived data and other elements of your Information Archive appliance, enabling Enhanced Remote Mirroring protection. Client nodes A client node, in the context of the Information Archive System Storage Archive Manager Collection, is an application that communicates and transfer data objects for archiving to the System Storage Archive Manager server. Therefore, the client often is referred to as archiving application. A client node is registered in a policy domain and bound to the policies of that domain on the server. There are three types of client nodes that can be used directly with the System Storage Archive Manager server: IBM Tivoli Storage Manager API IBM Tivoli Storage Manager backup-archive client IBM Tivoli Storage Manager for HSM for Microsoft Windows Application program interface (API) IBM System Storage Archive Manager provides a data management application program interface (API) that can be used to implement application clients to integrate popular business applications, such as databases or groupware applications. The API also adheres to an open standard and is published to enable customers and vendors to implement specialized or custom clients for particular data management needs or nonstandard computing environments. The API enables an application client to use the System Storage Archive Manager storage management functions. The API includes function calls that you can use in an application to perform the following operations: start or end a session, assign management classes to objects before they are stored on a server, archive objects to a server, and signal retention events for retention such as activate, hold, or release.122 IBM Information Archive: Architecture and Deployment
  • 138. Alternatively, some vendor applications exploit the API by integrating it into their softwareproduct to implement new data management functions or to provide archival functionality onadditional system platforms. Some examples are IBM Content Manager, IBM ContentManager OnDemand, IBM CommonStore for SAP® R/3, IBM InfoSphere Content Collector,IBM Optim, and IBM Filenet.The API is published to enable customers or vendors to implement their own solutionsfollowing their special needs, including full documentation available on the Internet. For moreinformation, see IBM Tivoli Storage Manager: Using the Application Programming Interface,SC23-9793, available at:http://publib.boulder.ibm.com/infocenter/tsminfo/v6/topic/com.ibm.itsm.client.develop.doc/b_api_using.pdfIBM Tivoli Storage Manager backup-archive clientThe backup-archive client provides an easy and effective way to archive and retrieve datafrom a workstation. The process is easy and menu driven. The backup-archive client can beaccessed either directly as an application installed on the client node (command line andGUI) or can be accessed remotely through a web browser. The processes can be automatedwith an integrated scheduler that can be configured on the System Storage Archive Managerserver. Keep in mind that the backup feature of the backup-archive client is disabled whenused with a System Storage Archive Manager server (as is the case for Information Archive).IBM Tivoli Storage Manager for HSM for Microsoft WindowsThe IBM Tivoli Storage Manager for HSM for Windows client provides hierarchical storagemanagement (HSM) for Windows NTFS file systems.HSM is a data storage system that automatically moves data between high-cost and low-coststorage media. HSM exists because high-speed storage devices, such as hard disk drives,are more expensive per byte stored than slower devices, such as optical discs and magnetictape drives. Although it is ideal to have all data available on high-speed devices all the time,doing this is prohibitively expensive for many organizations. Instead, you can use HSM tostore the bulk of your enterprise data on slower devices, and then copy data to faster diskdrives only when needed. In effect, HSM turns the fast disk drives into caches for the slowermass storage devices. The HSM for Windows client monitors the way files are used and letsyou automate policies as to which files can safely be moved (migrated) to slower devices andwhich files must stay on the hard disks.File migration, unlike file backup, does not protect against accidental file deletion, filecorruption, or disk failure. Continue to back up your files regardless of whether they reside onyour local file system or are migrated to System Storage Archive Manager storage. You canuse the IBM Tivoli Storage Manager backup-archive client to back up and restore migratedfiles in the same manner as you might back up and restore files that reside on your local filesystem. That cannot be used with a System Storage Archive Manager but with a regular IBMTivoli Storage Manager. If you accidentally delete stub files from your local file system, or ifyou lose your local file system, you can restore the stub files.The IBM Tivoli Storage Manager for Space Management client for UNIX and Linux is a HSMclient that migrates files on appropriate file systems on UNIX and Linux. The client functionsfor threshold migration, demand migration, selective migration, selective and transparentrecall includes processing GPFS file systems containing multiple HSM managed storagepools. Unlike the IBM Tivoli Storage Manager for HSM for Windows client, this kind of clientcan only be connected to an IBM Tivoli Storage Manager server. An IBM Tivoli StorageManager for Space Management client cannot communicate with a System Storage ArchiveManager server. Chapter 5. System Storage Archive Manager Collections 123
  • 139. Tip: An IBM Tivoli Storage Manager for HSM for Windows client can migrate and recall data with System Storage Archive Manager, whereas an IBM Tivoli Storage Manager for Space Management client cannot. Therefore, do not plan to migrate files from UNIX and Linux into Information Archive through the IBM Tivoli Storage Manager HSM client. Administrative interfaces The administrative interfaces allow administrators to control and monitor server activities, define management policies for clients, and set up schedules to provide services to clients and the server at regular intervals. Administrative interfaces available include a command-line administrative client (dsmadmc) and a web browser interface called the Administration Center. The Administration Center is embedded in the Integrated Solutions Console (ISC) and allows you to manage and control multiple servers from a single interface that runs in a web browser. Information Archive supports both types of administration, that is, you can use the command-line administrative client as well as the Administration Center within the ISC. Also, depending on how many document collections you are using, there are several System Storage Archive Manager or IBM Tivoli Storage Manager servers reachable from only that one Administration Center. Command-line administrative client (dsmadmc) The command-line administrative client is preinstalled and preconfigured on the Information Archive appliance. You can start it with a user account with the administrative role of an IA Archive Administrator or the IA System Administrator. Complete the following steps from the keyboard video mouse (KVM) console in the appliance, or remotely through a Secure Shell (SSH) connection: 1. Log on to the Management Console server. 2. At the command prompt, enter dsmadmc -server=<collection_name> where collection_name is the name of the System Storage Archive Manager Collection that you are accessing. 3. Enter the user name and password that are eligible for access to the collection. 4. You will get a shell with a prompt where you can enter Tivoli Storage Manager/System Storage Archive Manager commands (see Example 5-1.) 5. The help command gives you help for all possible commands and their syntax. 6. To exit the shell, enter the command quit. Example 5-1 Tivoli Storage Manager/System Storage Archive Manager shell with dsmadmc command iaadmin@IA-Primary:~> dsmadmc -server=SSAM1 IBM Tivoli Storage Manager Command Line Administrative Interface - Version 6, Release 1, Level 3.3 (c) Copyright by IBM Corporation and other(s) 1990, 2009. All Rights Reserved. Enter your user account: itsoadmin Enter your password: Session established with server SSAM1: Linux/x86_64 Server Version 6, Release 1, Level 2.2 Server date/time: 02/22/2010 17:29:03 Last access: 02/18/2010 21:53:38 tsm: SSAM1>124 IBM Information Archive: Architecture and Deployment
  • 140. Administration CenterFor the central administration of one or more System Storage Archive Manager instances,as well as the whole data management environment, System Storage Archive Managerprovides a Java-based graphical administration interface called the Administration Center,which is installed as an Integrated Solution Console (ISC) component. The AdministrationCenter and the ISC are preinstalled and started automatically at the Information Archiveappliance.The IBM Tivoli Storage Manager Administration Center enables administrators to control andmonitor server activities, define management policies for clients, and set up schedules toprovide services to clients at regular intervals. Figure 5-4 shows the Integrated SolutionsConsole as you find it in the Information Archive appliance. The IBM Tivoli Storage ManagerAdministration Center is provided as a Tivoli Storage Manager headline and tree structure onthe left.Figure 5-4 Integrated Solutions Console and Tivoli Storage Manager Administration CenterWorking with ISC and IBM Tivoli Storage Manager Administration CenterIn this section we give you a short introduction on how to start and configure the IBM TivoliStorage Manager Administration Center on the Information Archive appliance. A user accountwith the administrative role of a tsmAdministrator is needed for this kind of login.Follow these steps:1. To connect to the IBM Tivoli Storage Manager Administration Center web interface, start a web browser and start an https session (Secure HTTP) to the TCP/IP address of the node or workstation where the IBM Tivoli Storage Manager Administration Center and the ISC are installed, using the port number specified when installing the ISC: https://ip_of_management_station:9043/ibm/console Chapter 5. System Storage Archive Manager Collections 125
  • 141. 2. Log in at ISC with the appropriate user account. 3. Expand the Tivoli Storage Manager tree in the left pane of the panel and navigate to the most convenient topic (Figure 5-5). Figure 5-5 Tivoli Storage Manager Administration Center - Manage Servers Now you can select various functions to administrate your Information Archive System Storage Archive Manager Server. For example, in Figure 5-5, we use the Manage Servers topic to see all configured System Storage Archive Manager and IBM Tivoli Storage Manager servers within our Information Archive. 4. Use the Manager Servers, select the System Storage Archive Manager server you want to connect to, and then Select Action to use the command line. Figure 5-6 Tivoli Storage Manager Administration Center - Use Command Line After that, you can use various commands on the command line to administrate your Information Archive System Storage Archive Manager Server.126 IBM Information Archive: Architecture and Deployment
  • 142. Automation The System Storage Archive Manager server includes a central scheduler that runs on the System Storage Archive Manager server and provides services for use by the server (administrative schedules) and clients (client schedules). You can schedule administrative commands to tune server operations and to start functions that require significant server or system resources during times of low usage. You can also schedule a client action, but that is unusual for a data retention-enabled client. Each scheduled command (administrative or client) is called an event. The server tracks and records each scheduled event in the database and produces output within its activity log. There are preconfigured administrative schedules in Information Archive, that can be analyzed with the query schedule t=a command. There are no preconfigured client schedules with Information Archive.5.2.2 IBM System Storage Archive Manager basic concepts This section is intended for readers who are not familiar with the product IBM System Storage Archive Manager and its particular concepts. We explain the basics concepts of IBM System Storage Archive Manager, because from the concepts we can derive several preferences and best practices for the setup and configuration of a System Storage Archive Manager Collection. The System Storage Archive Manager server manages client data objects based on information provided in administrator-defined policies. Data objects can be subfile components, files, directories, or raw logical volumes that are archived from client systems; they can be objects, such as tables, logs, or records from database applications, or simply a block of data that an application system archives to the server. The System Storage Archive Manager server stores these objects within his storage hierarchy that is grouped into storage pools. We explain these concepts with regard to the IBM System Storage Archive Manager server on the Information Archive appliance. System Storage Archive Manager storage pools and storage hierarchy System Storage Archive Manager manages data as objects stored in System Storage Archive Manager storage pools (see Figure 5-7). Each object has an associated management policy to which it is “bound.” The policy defines how long to keep that object and where the object enters the storage hierarchy. The physical location of an object within the storage pool hierarchy has no effect on its retention policies. An object can be migrated or moved to another storage pool within a System Storage Archive Manager storage hierarchy. This can be useful when freeing up storage space on higher performance devices, such as disk, or when migrating to new technology. Objects also can and ought to be copied to copy storage pools for disaster recovery protection. To store these data objects on storage devices and to implement storage management functions, System Storage Archive Manager uses logical definitions to classify the available physical storage resources. Most important is the logical entity called a storage pool, which describes a storage resource for a single type of media such as disk volumes, which are files on a file system, or tape volumes, which are cartridges in a library. Chapter 5. System Storage Archive Manager Collections 127
  • 143. Figure 5-7 shows the IBM System Storage Archive Manager storage hierarchy. Archive Application LAN, WAN Storage Pool Volumes Data Object D evice Class DISK Primary Storage Pool Copy Storage Pool Migrate Copy SSAM Server Storage pool Devi ce C lass TAPE* Primary Device C lass TAPE* Storage Pool *Device Class Tape exam ple: Storage Hierarchy devclass =3592class devtyp e=3592 Storage Repository Figure 5-7 IBM System Storage Archive Manager storage hierarchy Device classes A logical entity called a device class is used to describe how System Storage Archive Manager can access physical volumes to place the data objects on them. Each storage pool is bound to a single device class. The storage devices used with System Storage Archive Manager vary mainly in their technology and total cost. To understand this concept, you can imagine the storage as a pyramid (or triangle), with high-performance storage in the top (typically disk), normal performance storage in the middle (typically optical disk or cheaper disk), and low-performance, but high-capacity, storage at the bottom (typically tape). Figure 5-7 illustrates this idea, as well as Figure 5-2 on page 119. Disk storage devices are random access media, making them better candidates for storing frequently accessed data. With Tivoli Storage Manager and System Storage Archive Manager disk storage devices can also be used as sequential access media, but that is done with certain enhancements. For example, although the access mode is sequential, you have parallel input and output on the volume available. Tape, however, is a high-capacity sequential access media, which can easily be transported off-site for disaster recovery purposes. Access time is much slower for tape due to the amount of time needed to load a tape in a tape drive and locate the data. However, for many applications, that access time is still acceptable. With Tivoli Storage Manager/System Storage Archive Manager, tape volumes, located in a tape library, are accessed by the application that is retrieving data from them transparently. Tapes no longer in the library are off-line, requiring manual intervention.128 IBM Information Archive: Architecture and Deployment
  • 144. Device typesEach device defined to System Storage Archive Manager is associated with one device class.Each device class specifies a device type.A device type identifies a device as a member of a group of devices that share similar mediacharacteristics. For example, the 3592 device type applies to IBM System Storage EnterpriseTape Drive 3592 or IBM System Storage TS1120 and TS1130. The LTO device class appliesto the Linear Tape Open standard of tape drives, for example, the IBM System StorageUltrium LTO-4 tape drive.The device type also specifies management information, such as how the server gainsaccess to the physical volumes, recording format, estimated capacity, and labeling prefixes.Device types include DISK, FILE, and a variety of removable media types.Note that a device class for a tape or optical drive must also specify a library.Device access strategyThe access strategy of a device is either random or sequential in regular System StorageArchive Manager and IBM Tivoli Storage Manager environments. With Information Archive,you will use all devices only as sequential, regardless of the physical characteristics: Primary storage pools Copy storage pools System Storage Archive Manager database backups Export ImportTape devicesSystem Storage Archive Manager supports a wide variety of enterprise class tape drives andlibraries. The following link connects you to the product support website where you will find alink to the currently supported devices list:http://www-01.ibm.com/software/sysmgmt/products/support/IBM_TSM_Supported_Devices_for_Linux.html Important: With Information Archive, the usage of IBM 3494 Tape Libraries as well as ACSLS managed tape libraries is not supported. Keep this in mind when reading the foregoing support list.Use tape devices for the purpose of backing up your primary storage pools to copy storagepools and backing up the System Storage Archive Manager database. Tape devices arewell-suited for this, because the media can be transported off-site for disaster recoverypurposes.A tape drive or tape library is not included in the Information Archive appliance; however, anysystem is tape-ready and you can attach tape devices that are supported by System StorageArchive Manager/Tivoli Storage Manager on the Linux platform (see information above) andthat best suit your data retention requirements. We suggest that you use the IBM SystemStorage TS1130 Tape Drive or the IBM Ultrium 4 LTO drives in combination with rewritableand WORM media. We discuss attaching tape in Chapter 10, “Tape attachment withIBM Information Archive” on page 403. Chapter 5. System Storage Archive Manager Collections 129
  • 145. System Storage Archive Manager policy concepts A data storage management environment consists of three basic types of resources: client systems (for example, applications using the System Storage Archive Manager API to archive data), policy, and data. The client systems run the applications that create or collect data to be managed. The policies are the rules to specify how to manage the archived objects, for example, how long to retain an archive object in storage, whether chronological or event-based archive retention is used, in which storage pool to place an object, or, in the case of backup, how many versions to keep, where they must be stored, and what System Storage Archive Manager does to the archive object after the data is no longer on the client file system. Client systems, or nodes, in System Storage Archive Manager terminology, are grouped together with other nodes with common storage management requirements into a policy domain. The policy domain links the nodes to a policy set, which is a collection of storage management rules for various storage management activities. Client node: The term client node refers to the archive application sending data to the Information Archive System Storage Archive Manager server. A policy set consists of one or more management classes. A management class contains the rule descriptions called copy groups and links these to the data objects to be managed. A copy group is the place where all the storage management parameters are defined, such as the number of stored copies, retention period, and storage media. When the data is linked to particular rules, it is said to be bound to the management class that contains those rules. There are two types of copy groups available: backup and archive. Only archive copy groups are used with System Storage Archive Manager. Another way to look at the components that make up a policy is to consider them in the hierarchical fashion in which they are defined, that is, consider the policy domain containing the policy set, the policy set containing the management classes, and the management classes containing the copy groups and the storage management parameters (Figure 5-8). Nodes Clients Policy domain Policy set Copy group Management class #1 Rules Data Copy group Management class #2 Rules Data Copy group Management class #3 Rules Data Figure 5-8 Policy relationships and resources130 IBM Information Archive: Architecture and Deployment
  • 146. Policy domainThis feature enables an administrator to group client nodes by the policies that govern theirfiles and by the administrators who manage their policies. A policy domain contains one ormore policy sets, but only one policy set (named ACTIVE) can be active at a time. The serveruses only the ACTIVE policy set to manage files for client nodes assigned to a policy domain.You can use policy domains to perform the following tasks: Group client nodes with similar file management requirements Provide unique default policies for various groups of clients Direct files from various groups of clients to other storage hierarchies based on need (unique file destinations with various storage characteristics) Restrict the number of management classes to which clients have accessFigure 5-9 summarizes the relationships among the physical device environment, SystemStorage Archive Manager storage and policy objects, and clients:1. When clients are registered, they are associated with a policy domain. Within the policy domain are the policy set, management class, and copy groups.2. When a client archives an object, the object is bound to a management class. A management class and the archive copy group within it specify where files are stored first (destination), and how they are managed when they are archived.3. Storage pools are the destinations for all stored data. An archive copy group specifies a destination storage pool for archived files. Storage pools are mapped to device classes, which represent devices. The storage pool contains volumes of the type indicated by the associated device class. For example, the storage pool filepool on Information Archive, which uses the device class FILECLASS, stores all data in a sequential file pool on disk.Data stored in disk storage pools can be migrated to tape or optical disk storage pools andcan be backed up to copy storage pools. SSAM Policy Construct Overview Client Policy Domain  Policy Domain Policy Set Active • Group client nodes by policies. • Specifies retention grace period Mgmt. Class A Mgmt. Class B Archive copy Archive copy  Policy set Group AA Group BB • Contains mgmt classes. • At least one default mgmt class. • Multiple policy sets per domain • Only one is active. Primary Pool 1 Primary Pool 2  Mgmt Class • Associates files with one archive copy group. • Multiple mgmt. classes per policy set, NextPool Copy Pool • One default – STANDARD - all files volume1 volume2 not bound to mgmt. class are assigned to default class. disk1 disk2  Archive Copy Group • Controls archive processing of a file (retention time, option, pool). • Only one group per mgmt. class.Figure 5-9 Example of the policy structure for archive Chapter 5. System Storage Archive Manager Collections 131
  • 147. Policy set The policy set specifies the management classes that are available to groups of users. Policy sets contain one or more management classes. Only one policy set, the ACTIVE policy set, controls policies in a policy domain. Management class The management class associates client files with archive copy groups. A management class can contain one backup or archive copy group, both a backup and an archive copy group, or no copy groups. Users can bind (that is, associate) their files to a management class through the include-exclude list. You must identify one management class as the default management class. If objects are not explicitly bound to a certain management class, they are automatically bound to the default management class. Attention: With the System Storage Archive Manager Collection, management classes can only contain archive copy groups, because backups are not possible on a System Storage Archive Manager server. Archive copy group This group controls the archive processing of files associated with the management class. An archive copy group determines the following characteristics: The retention method; possible values are creation (time-based) or event-based retention. How long, in days, the server keeps archived copies of your files The minimum retention time, which is applicable only for event-based retention The management class to which the archive copy group is assigned The storage pool (destination) in which the archived file is stored Whether to archive a file when it is in use5.3 IBM System Storage Archive Manager features In this section, we discuss the System Storage Archive Manager features that are especially designed for the archive, retrieval, and securing of data. The available features of System Storage Archive Manager and the System Storage Archive Manager Collections, respectively, are: Access control and authentication Data retention protection Creation-based retention Event-based retention Deletion hold and release Data encryption / Tape drive encryption Data shredding Data deduplication5.3.1 Access control and authentication IBM System Storage Archive Manager uses access control and internal code processing to guarantee data security and data integrity. System Storage Archive Manager prohibits the deletion of data before its scheduled expiration. Short of physical destruction of the storage media or server, or deliberate corruption of data or deletion of the Archive Manager database, System Storage Archive Manager will not allow data to be deleted before its scheduled expiration date. Content management and archive applications can apply business policy management for the ultimate expiration of archived data at the appropriate time.132 IBM Information Archive: Architecture and Deployment
  • 148. Different user roles and explicit user credentials are the basis for System Storage Archive Manager access control. A Tivoli Storage Manager/System Storage Archive Manager administrator manages resources on the server, such as storage pools, devices, and data management policies. An administrator or operator might also be responsible for backup and restore of archived data. The number of administrators and their level of privileges will vary according to environment. Within Information Archive, you can grant administrative roles to user accounts within the Information Archive GUI. All user accounts with the administrative role tsmAdministrator are propagated to the System Storage Archive Manager server automatically. Even password changes later on in the Information Archive GUI or in LDAP, if you use an centralized user management, are propagated automatically to the System Storage Archive Manager Collection. This user is propagated with passexp=0 and system privileges. Beside this automated propagation of user accounts, there are two ways to create a Tivoli Storage Manager/System Storage Archive Manager administrator account manually, using the register node and register admin commands. The register admin command is used to explicitly create an administrator account with certain defined privileges. The register node command automatically creates an administrator account with the same name as the node and owner access privilege to the node. Privileges are granted to an administrator through the grant authority command. You need system privileges to issue this command. You can check the privileges of your user with the command query admin f=d. In the case of the Information Archive appliance, System Storage Archive Manager user roles and credentials can be created like described above, with the IBM Tivoli Storage Manager Administration Center at the Integrated Solutions Console, and with the Information Archive GUI (that is, when you create Information Archive users with the privilege of tsmAdministrator). Authentication for a System Storage Archive Manager collection ensures that only the designated client nodes (register node) can read and commit documents and only the designated administrators (register admin) can manage the administrative interface. Beside the roles, there are several additional features to control the access, security, and integrity of the environment: Password expiration period Limitation for invalid password attempts Tamper proof internal code processing (deletion protection) Activity log Password and data encryption5.3.2 Archive copy group retention parameters In order to use the archive function of System Storage Archive Manager, you must define valid policies that include defining a policy domain, policy set, management class or classes, and an archive copy group, as well as setting archive retention parameters in the archive copy group and associating your application clients with the System Storage Archive Manager policies. Tip: Define a test policy domain for test data. We suggest that you define a test policy domain and policy set for any pre-production testing. Remember that all of the test data that you archive to a System Storage Archive Manager Collection cannot be deleted. Chapter 5. System Storage Archive Manager Collections 133
  • 149. Two methods of archive retention There are two methods of archive retention, which are defined by the parameters of the archive copy group: Chronological archive retention Event-based archive retention Next we look at the parameters of the archive copy group and their possible values for the two archive retention methods. Archive retention parameters The most important archive retention parameter in regard to the retention period with System Storage Archive Manager is RETVER (retain version). Possible values are RETVER=0 to 30,000 days or NOLIMIT. Important: Selecting the NOLIMIT value on the Information Archive System Storage Archive Manager server means that you will never be able to delete the data. The retain version parameter (RETVER) within the archive copy group specifies the number of days to retain each archive object. Possible values are 0 to 30,000 days or NOLIMIT, which means that an archive copy is maintained indefinitely. There are two other archive retention parameters, RETINIT and RETMIN: RETINIT (retention initiation): The possible values are RETINIT=creation or event. The retention initiation (RETINIT) parameter specifies when the time specified by the retain version (RETVER=n days) attribute is initiated. The possible values for this parameter are creation or event. The default value is creation. In the following list, we explain both values: – RETINIT=creation (chronological archive retention): By setting this parameter to creation (RETINIT=creation) in the archive copy group, you specify that the retention time specified by the RETVER attribute (RETVER=n days) is initiated right at the time an archive copy is stored on the server. This is referred to as chronological archive retention. – RETINIT=event (event-based archive retention): By setting this parameter to event (RETINIT=event) in the archive copy group, you specify that the retention time (RETVER=n days) for the archived data is initiated by an application that used API function calls or the Web Client. If the application never initiates the retention, the data is retained indefinitely. This method of archive retention is referred to as event-based archive retention. Possible events to signal through the API or the backup-archive client to the Information Archive System Storage Archive Manager server are as follows: – Activate: Activates the countdown of the RETVER value for the given event-based object. – Hold: Prevents the Information Archive System Storage Archive Manager server from deleting the object, even if the RETVER period has ended. Signaling a “hold” does not extend the retention period, but a hold object will only expire after a release event is sent. – Release: Removes the hold status of an object. The System Storage Archive Manager server will then treat the object again according to the RETVER and RETMIN values.134 IBM Information Archive: Architecture and Deployment
  • 150. RETMIN (retain minimum): Possible values are RETMIN=0 to 30,000 days. The retain minimum (RETMIN) parameter applies only to event-based archive retention policy and specifies the minimum number of days to retain an archive object regardless of the value of RETVER. The default value is 365. Possible values are 0 to 30,000 days. We provide the following examples to give you insight into archive copy groups and defining policy.5.3.3 Chronological archive retention Figure 5-10 shows a simplified view of a chronological retention policy. With RETINIT=creation and RETVER=365 days, a file that is archived on day 0 is retained for 365 days and becomes eligible for expiration. In this case, after 365 days from the time the data was created, all references to that data are deleted from the database, making the data irretrievable from System Storage Archive Manager storage volumes. This kind of archive retention is called chronological retention. By default, the RETINIT value is set to creation. Retention: Choose chronological archive retention when the application that is doing the archiving is not able to send retention events such as activate, hold, and release. Figure 5-10 Chronological retention policy Archive copy groups using the chronological retention policy satisfy many archive retention requirements.5.3.4 Event-based retention policy In certain situations, data retention periods cannot be easily defined, or they depend on events taking place long after the data is archived. Event-based archive retention is designed to meet these requirements. Event-based retention policy is designed for applications that use the IBM Tivoli Storage Manager API function calls to trigger events also known as retention events. You can also use the IBM Tivoli Storage Manager backup-archive client to archive client objects (data) using event-based policies and trigger retention events against those objects. Figure 5-11 shows a time line depicting an event-based policy. In this example, an application using the API archives data using the retention values shown. The archived data is retained for a minimum of 2,555 days (RETMIN=2555). If the retention time (RETVER) is activated through an API retention event, System Storage Archive Manager assigns an expiration date for this object. Chapter 5. System Storage Archive Manager Collections 135
  • 151. The expiration date that System Storage Archive Manager assigns is whichever comes later, either: The date the object was archived, plus the number of days specified in the RETMIN parameter. The date the event was signaled, plus the number of days specified in the RETVER parameter. After reaching this expiration date, the data is eligible for expiration. When the time for expiration occurs, all references to that data are deleted from the System Storage Archive Manager database, making the data irretrievable from System Storage Archive Manager storage volumes. This kind of archive retention is referred to as event-based retention. Retention: Use event-based archive retention if the archive application you are using (such as Content Manager together with Record Manager, IBM FileNet® P8 and so on) uses the API function calls to activate the retention period of the archived data objects. Figure 5-11 Event-based retention policy Table 5-1 shows the information gathered from two archive queries that run after archiving a file, one using creation-based archive policy and one using event-based archive policy. Event-based retention: When an object is archived using event-based retention, System Storage Archive Manager manages that object as though the RETVER parameter were set to NOLIMIT until an event initiates the retention period (see Table 5-1). Table 5-1 Status of files archived with creation-based and event-based retention Object attributes in System RETINIT=CREATION RETINIT=EVENT Storage Archive Manager/ Tivoli Storage Manager database Insert date 2006/2/28 12:16:30 2006/2/29 1:23:56 Expiration date 2016/3/9 12:16:30 65535/0/0 0:0:0 (= no limit) Mgmt class CREATION EVENT Retention initiated STARTED PENDING Object Held FALSE FALSE136 IBM Information Archive: Architecture and Deployment
  • 152. Notice that the status of the Retention-Initiated attribute is STARTED for the management class CREATION, and PENDING for the management class EVENT. Also, compare the expiration dates.5.3.5 Deletion hold and release Some regulations require that the data is retained longer than the minimum retention period in certain cases. This might be due to any litigation, a legally-required or a company-required audit, or a criminal investigation requiring the data as evidence. The IBM Tivoli Storage Manager API (and IBM Tivoli Storage Manager backup-archive client) supports function calls used to place a deletion hold on an archive object. These functions are also called retention events. A deletion hold can be applied at any point in time during the retention period for an archive object. The object will then be retained until a deletion release is applied. If a deletion release is not applied, the object is retained indefinitely. Although deletion hold and release are events, they can be applied to objects archived not only using the event-based policies, but also the chronological, creation-based policies. Figure 5-12 shows a time line depicting deletion hold and release. In “Sending retention events using dapismp” on page 288, we demonstrate how to send deletion activate, hold, and release on archived objects with the IBM Tivoli Storage Manager API. Figure 5-12 Deletion hold and release5.3.6 Data retention protection Data retention protection ensures that archive objects will not be deleted from the Information