Download presentation
Presentation is loading. Please wait.
1
CA ARCserve Backup r12.5 Overview
2
CA ARCserve Backup r12.5 Access Control and Auditing
Key New Features Complete VM protection Granular recovery from image backup Support for VMware, Microsoft Virtual Server 2008 / HYPER-V Data De-Duplication Reduce disk space for backup Dashboard Graphical insight into your backup environment Oracle RMAN and 64-Bit Platform Support Support File-based and RMAN-based mode Native x64 & IA64 bit support Access Control and Auditing Different roles with specific permissions. Critical operation audit log Password Management Password management for encrypted backups and backup clients Media Assure Assure the backup data on media is readable and writable Agent Deployment Packages Deploy agents on multiple remote hosts simultaneously New RMAN based Oracle agent for Windows Granular backup and restore Full instance restore to alternate location Windows Oracle Agent 64 bit Support Native x64 & IA64 bit support Limited user profiles limited auditing Password management for encrypted backups Password management for backup clients The agent provides two modes of backup: File-based mode RMAN-based mode ■ The agent supports x86, x64, and IA64 platforms. ■ The agent supports JIS 2004 characters. ■ The agent enables SAP agents to do Oracle backups. Graphical insight into your backup environment 2 2
3
ARCserve DATA DE-DUPLICATION
3
4
THE CONCEPT Data De-duplication Data de duplication is a technology that examines data for redundancy, storing only unique data "chunks" to disk. In this picture, think of each shape as a chunk of data. De-duplication would find unique shapes i.e. unique chunk of data and store it ONLY once on disk, thus introducing lots of savings in disk space. 4 4
5
THE CONCEPT Data is processed to create chunks of data between 8KB to 32 KB Hashes are created on those chunks The hashes are compared with those of previous backup images If hashes are matched, data is NOT written to disk. Else data is written to disk Data De-duplication 5 5
6
THE CONCEPT This is the second backup image.
Data De-duplication .ref file .ref file D1 D2 D3 D4 D1 D3 This is the second backup image. A lot of redundancies were found and hence only 2 data chunks were written in this backup. Most of the chunks in the current backup image “POINT” to previous backups This is the first backup image. Redundancies can be found within this first backup image. Ex – C4 and C5 are same and hence are pointing to the data chunk D4 on disk. 6
7
ADVANTAGES OF DATA DE-DUPLICATION
7
8
ADVANTAGES OF DATA DE-DUPLICATION
REDUCED DISK SPACE Almost 90% of the data in weekly backups remain the same as previous weeks backup. Data de-duplication will eliminate those redundancies and reduce the size of backup image on disk. For ex – Assume that you were backing up 5 TB to disk and copying data to tape, and you were retaining the data on disk for 3 weeks. This would mean that you would need at least 15 TB of disk space De-duplication would require just about 5-6 TB of disk space. The savings would be more visible when you want more backup images on site. Data De-duplication 8 8
9
ADVANTAGES OF DATA DE-DUPLICATION
FASTER BUSINESS RECOVERY TIMES Because of the reduction in disk space for each backup image, more backup versions could be maintained on site. So instead of 2 weeks, you could retain backup images for almost 12 weeks onsite. Hence when restores have to be done from any of the backup images within the last 12 weeks, you don’t have to wait for the tapes to come from offsite. Instead you could do the restores right off the DDD media onsite. Data De-duplication 9 9
10
ADVANTAGES OF DATA DE-DUPLICATION
GREEN TECHNOLOGY More disks means more spindles being powered which in turn means more power consumption. De-duplication reduces the disk space requirements and hence also reduces the power requirements. Data De-duplication 10 10
11
ADVANTAGES OF DATA DE-DUPLICATION
CHEAPER THAN TAPES AND TAPE LIBRARIES If, in your environment, you don’t have the requirement to store data on tapes you could replace your tape infrastructure with backups to DDD. If, in your environment, using backups to de dupe you could get away with copying just the monthly data to tapes, this reduces your tape library size requirements. Data De-duplication 11 11
12
DIFFERENT TYPES OF DATA DE-DUPLICATION
De-duplication at Backup Server De-duplication at production Server De-duplication at block level De-duplication at file level De-Duplication at block level and optimized, where possible, at file level Inline De-duplication Post process De-duplication Inline and post process de- duplication Data De-duplication 12 12
13
BLOCK LEVEL DE-duplication
Data De-duplication BLOCK level de dupe is smart enough to detect the changes that happened and write ONLY data around the changes. 13 13
14
ARCserve De-duplication Device (DDD) Creation
1414
15
ARCserve De-Duplication Device (DDD) LOCATION
De dupe devices could be created on Local Direct attached Storage Backup Server (could also be a production server) DAS STORAGE 15 15
16
(could also be a production server)
ARCserve DDD LOCATION De dupe devices could be created on Local Direct attached Storage iSCSI or SAN storage Backup Server (could also be a production server) DAS STORAGE SAN STORAGE 16 16
17
Any n/w attached storage (could also be a production server)
ARCserve DDD LOCATION De dupe devices could be created on NAS FILER Or Any n/w attached storage Network attached STORAGE Local Direct attached Storage iSCSI or SAN storage Network share coming off a NAS filer or a WIN share Backup Server (could also be a production server) DAS STORAGE SAN STORAGE 17 17
18
ARCserve DDD CREATION Go to Backup Manager 18 18
19
ARCserve DDD CREATION Go to Backup Manager
Choose staging or destination tab 19 19
20
ARCserve DDD CREATION Go to Backup Manager
Choose staging or destination tab Choose the ARCserve Primary or member server where you want to create a de dupe device 20 20
21
ARCserve DDD CREATION Go to Backup Manager
Choose staging or destination tab Choose the ARCserve Primary or member server where you want to create a de dupe device Select Configure Deduplication Device 21 21
22
ARCserve DDD CREATION 5. Click Add 22 22
23
ARCserve DDD CREATION Specify the location on disk where de dupe data will be stored Specify the location on disk where de dupe meta data (also called index files) will be stored You can create multiple de dupe devices in one shot Security is required when you create de dupe device on a network attached storage Optionally you could also specify group name of the de dupe device 23 23
24
ARCserve DDD CREATION 6. Clicking Finish will create a de duplication device 24 24
25
ARCserve DDD CREATION Now the new De duplication group that was created, is visible under the ARCserve server. The Group Type and the location of the data and index files on disk is also visible 25 25
26
ARCserve DDD CREATION Clicking on the media of de dupe device shows the volume characteristics 26 26
27
ARCserve DDD GROUP PROPERTIES
You can click on DDD group and choose “Configure Deduplication Groups” and adjust the de dupe group properties according to your needs. 27 27
28
ARCserve DDD GROUP PROPERTIES
During backup, when the volume used space of data files is detected to be greater than the specified MAX Threshold, the backup job fails. The value could also be specified as absolute value. Please specify this value according to your needs. 28 28
29
ARCserve DDD GROUP PROPERTIES
MAX # Streams allow you to regulate the maximum “simultaneous” backup streams which can happen to this de dupe device. The default value is 4 and the maximum value is 32 29 29
30
ARCserve DDD GROUP PROPERTIES
If a DDD device is being used in a staging job and you don’t want pending migrations to happen because for ex – the tape library needs to be fixed, you could select this option. Once your tape library is fixed, you could un check this option. 30 30
31
ARCserve DDD GROUP PROPERTIES
Optimization in de dupe is useful for backups of Windows file system. ARCserve de dupe engine will NOT do costly de dupe processing for data belonging to files which did not change. This reduces the CPU utilization and also reduces the backup window. This is enabled, by default. 31 31
32
ARCserve DDD GROUP PROPERTIES
This will ensure that data belonging to C:\ drive of different machines will also be de duped as part of a post process backup. This is enabled by default. 32 32
33
ARCserve DDD GROUP PROPERTIES
Delayed Disk reclamation – When ARCserve sessions have to be deleted, it would reduce the reference count of the corresponding chunks of data. When the reference count of a chunk becomes zero, that much amount of disk space is ready to reclaimed. But if those small chunks are reclaimed right away, the volume could get fragmented. Choosing Delayed Reclamation will cause the data to be reclaimed ONLY when multiple such chunks could be reclaimed. Using this approach the volume would be less fragmented. 33 33
34
ARCserve DDD GROUP PROPERTIES
Expedited Disk reclamation – When ARCserve sessions have to be deleted, it would reduce the reference count of the corresponding chunks of data. When the reference count of a chunk becomes zero, that much amount of disk space is ready to reclaimed. But if those small chunks are reclaimed right away, the volume could get fragmented. Choosing Expedited Reclamation will cause the disk space to be reclaimed right away. The downside of this is increased fragmentation. 34 34
35
ARCserve BACKUP TO De-Duplication Device (DDD)
3535
36
ARCserve BACKUPS to DDD
A DDD device can be used as a final destination in a backup job A DDD device can be used as a staging area in a disk staging backup job 36 36
37
DDD in final destination of backup job
A DDD device can be used as a final destination in a backup job 37 37
38
DDD in final destination of backup job
The retention of data in DDD device can be specified in De- duplication Purge Policy 38 38
39
DDD in final destination of backup job
The number of simultaneous streams in a single backup job can be specified as shown below 39 39
40
DDD used as staging in a disk staging backup job
A DDD group can be chosen in staging tab as shown below. 40 40
41
DDD used as staging in a disk staging backup job
In the Staging policy dialog, you could specify when to copy the data from staging area to final destination. You could also specify when to purge data from DDD 41 41
42
DDD used as staging in a disk staging backup job
The biggest advantage of using De Dupe devices in your backup jobs is that this will allow you to store many versions of backup images in your limited disk space on site, and thus improving your recovery times. 42 42
43
De-duplication Considerations
The following table shows the various ARCserve functions that are supported or not supported with Data De-duplication. Function Supported Not Supported Compression/Encryption X Device Format/Erase Migration (Copy Policy) Multistreaming Multiple Concurrent Streams Multiplexing More than one deduplication device assigned to a group Retention of Staging (Purge Policy) Scan Jobs Used by jobs using * groups Used in media pools Used in GFS Rotations Used as Staging Location Used as Final Destination Location 43 43
44
ARCserve Media Assure 4444
45
ARCserve Media Assure This is a policy driven job which picks up ARCserve sessions randomly from any ARCserve media (including DDD) and scans ARCserve sessions on the media. It scans all the metadata and data that is present in an ARCserve session on the media. 45 45
46
ARCserve Media Assure A successful scan of ARCserve session assures that the data is restorable. It automatically validates the backup images in the background. This reduces the inertia to adopt new technologies like de-duplication or even continue to use older technologies like Multiplexing Having such a policy based feature gives a “peace of mind” to backup administrators. 46 46
47
Media Assure Reduce Uncertainty Assure the backup data on your data protection media is readable and writable. Verify whether media is accessible without your identification, Report on the usability of the media and data. Reduce scan time with same coverage Pay close attention to last backups Take good care of important source nodes 1. Native support for 32-bit and 64 bit platform support. This includes the x64 & IA64 bit platforms as listed in section 1. 2. RMAN agent – This should use the Oracle RMAN based backup & recovery mode as was done in UNIX RMAN agent. i. The basic objecti9ve is to support everything that UNIX RMAN agent supports. ii. Some extra features “could” be considered ONLY if we have time. 3. Data objects that should be considered for backup and recovery • RMAN based backup - Entire Database/Instance - Individual Tablespaces - Individual data files - Control File - Archive Log Note: Stream-based backup, Full or Incremental Job package created by Agent, initiated by Oracle Point-in-time consistency among Tablespaces backed up in a single job is maintained by RMAN. Point-in-time consistency among Tablespaces backed up individually is maintained using the Archive Log. 4. RMAN Agent should support full instance restore to i. Original Location ii. Alternate Location 5. Full Cluster Environment Support - In r11.5, Oracle Agents only provide relatively limited support to the cluster environment. User can only use one node in the cluster to do backup and restore, and the data backed up by one node can only be restored by the same node. With the full cluster support, user can use multiple nodes to do backup and restore. This will significantly leverage the power of the cluster environment. 6. Support ASM, Oracle Raw partitions and RAC 7. Backup & recovery of duplicate databases Note: CES Unicode compliant Online and offline backup and restore – r12 just can support offline mode for RMAN Incremental Backup – r12 can not support incremental Backup for RMAN Automatically Recovery – r12 just can restore automatically and recovery manually for RMAN 47 47
48
ARCserve Media Assure The Policy driven job can be specified as shown below. 48 48
49
ARCserve Media Assure The policy allows you to - 1. Specify the number of days from which the sessions should be randomly picked. 2. Specify no more than X% or an absolute number of sessions from the media. 3. Specify comma separated node names whose sessions need to be scanned. Thus for ex - you could specify ONLY the top tier nodes. 49 49
50
? ? QUESTIONS ? ? 50
51
R12.5 Virtualization Enhancements
52
AGENDA Virtualization background
Virtualization Backup \ Recovery Requirements R12 Virtualization support overview R12.5 Virtualization enhancements
53
Virtualization Background
54
VIRTUALIZATION Virtualization is available from multiple vendors like
VMware Microsoft Xen
55
VIRTUALIZATION There rate of virtualization of servers continues to increase. CA, as a corporation, has a very big focus on virtualization. Our Business Unit has a huge emphasis on virtualization as will be evident from the innovation that has been introduced in ARCserve R12.5 virtualization enhancements.
56
MULTIPLE APPROACHES TO BACKUP VIRTUAL MACHINES
57
MULTIPLE APPROACHES TO BACKUP VIRTUAL MACHINES
Just like any other entity in an enterprise, a virtual machine has to be Managed Protected (Backed up) Our focus in today’s discussion will be primarily on protecting Virtual machines
58
MULTIPLE APPROACHES TO BACKUP VIRTUAL MACHINES
A virtual machine can be backed up in many different ways Install Agent inside a Virtual Machine Install Agent on the Physical machine and backup all the VMs as files Do a server less backup. For ex – VCB backups in VMware environments Each of the above has its own advantages and disadvantages
59
MULTIPLE APPROACHES TO BACKUP VIRTUAL MACHINES
Install Agent inside a Virtual Machine ADVANTAGES: Everybody knows how to do this. A lot of environments continue to backup VMs using this approach because everyone understands this and is simple. If you have applications inside a VM and want to do the conventional full and log backups, this is a simple approach to do your backups DISADVATANGES: Virtual Machines are already taxed because of them being virtual. Backups from within a VM increases COU utilization, n/w utilization and could impact the performance of that VM and possibly other VMs which are running on the same physical machine. This might not reduce backup window
60
MULTIPLE APPROACHES TO BACKUP VIRTUAL MACHINES
Install Agent inside Physical Machine ADVANTAGES: The agent on physical machine will backup the files belonging to the VMs This is also a simple approach and doesn’t need for anyone to understand any new technologies. This is a the best approach to backup Hyper V VMs from a Hyper V physical machine. DISADVATANGES: ESX 3i doesn’t have a console and hence this approach won’t be possible Some admins are reluctant to install anything on an ESX server for whatever reason The backups from the physical machine will utilize CPU, n/w, disk and hence might impact the performance of VMs that are running on that physical machine.
61
MULTIPLE APPROACHES TO BACKUP VIRTUAL MACHINES
Serverless backup – backup using a Proxy agent Before we explain advantages and disadvantages, let’s see how this technology works. Currently this is possible ONLY in VMware environments using VCB technology.
62
MULTIPLE APPROACHES TO BACKUP VIRTUAL MACHINES
CA ARCserve VM AGENT VCB PROXY SERVER All the VMs on the ESX server has its data stored on a SAN storage ARCserve reads data from VM agent. Thus this scheme of backup never impacts the VMs or the ESX server VM1 ESX SERVER VM2 CA ARCserve Backup Server ARCserve VM agent uses VCB technology to take a snapshot of VM and read the VM files from SAN disk VM3 VM4 SAN DISK
63
ARCserve R12 Virtualization Overview
64
R12 Virtualization support overview
VMware VM Hyper-V VM
65
R12 Virtualization support overview
VMware VM Image level backup using VCB File level backup using VCB File level backup using Client Agent Microsoft Hyper-V VM Image level backup using Hyper-V VSS writer File level backup using Client Agent
66
R12 backup process for VMware VMs
Vmware Consolidated Backup (VCB) Proxy vm14vmx vm1.vmdk vm1.log vm3.vmx vm2.vmx vm1.vmx Storage Virtual Machines ESX Server ARCserve Server VC Virtual Center
67
R12 backup process for VMware VMs
Vmware Consolidated Backup (VCB) Proxy vm14vmx vm1.vmdk vm1.log vm3.vmx vm2.vmx vm1.vmx Storage Virtual Machines ESX Server ARCserve Server 5. Backup 3. Snapshot Copy Client Agent 4. Mount 1. Send VM details VC Virtual Center 2.VCBMounter Command
68
R12 backup process for Hyper-V VMs
Vm1.xml vm1.vhd Vm1-1.vhd Storage Virtual Machines Hyper-V ARCserve Server
69
R12 backup process for Hyper-V VMs
vm14vmx vm1.vmdk vm1.log vm3.vmx vm2.vmx Vm1.xml vm1.vhd Vm1-1.vhd Storage Virtual Machines Hyper-V ARCserve Server 1. Send VM details vm14vmx vm1.vmdk vm1.log 3. Backup VM from shadow copy Client Agent vm3.vmx vm1.vmdk vm1.log 2. Create VSS shadow copy vm2.vmx vm1.vmdk vm1.log Vm1.xml vm1.vhd Vm1-1.vhd
70
R12 Virtualization support
Following are some backup and recovery requirements which were not addressed by ARCserve R12 No file level restore from the Image backup No VM recovery for VMware & Hyper-V VMs No incremental/differential for Hyper-V VM No VM recovery to alternate physical machines No simple to use reports focused on VMs Explain Why each pain point is a pain point
71
ARCserve R12.5 Virtualization Enhancements
72
R12.5 Virtualization Enhancements
Consolidated Virtualization support – new CA ARCserve Agent for Virtual Machines Granular restore from Image (Raw) backup of VM Mixed mode backup VM Image backup for Full backup – DR capability in addition to being fast File level restore capability. File mode (incremental / differential)backup for daily backups – Small foot print Multi-streaming at VM level Change file level restore to Granular restore Advantages of Mixed mode backup Advantages of File-level-restore from RAW backup Explain multi-streaming (actually explain each in detail)
73
Environment setup Install the new Agent for Virtual Machines on
VCB Proxy Hyper-V host VMs (VMware & Hyper-V) File level restore form Image backup File mode Incremental/Differential for Hyper-V VMs
74
Populate the VMs into ARCserve database
Configuration for VMware VMs to be run on Proxy Configuration for Hyper-V VMs, to be run on Hyper-V host
75
Select VMs to protect VMware Hyper-V
76
Dashboard – VM Recovery Points
77
Dashboard – VM Most Recent Backup status
78
Troubleshooting Some pre-emptive troubleshooting is done by the Agent.
Delete VCB snapshot Delete Mount dir for VMware VM Logs are created in Log folder under the Client Agent installation directory Ca_vcbpopulatedb.log vcbMounteroutput_xxx.log ca_msvmpopulatedb.log HyperV.log We log Job id and session number against VM Log file size and number of logs can be controlled by user
79
QUESTIONS
80
ARCserve DASHBOARD 80
81
Did you ever have to ask the following questions?
81 81
82
Which Nodes were failed to be backed up?
QUESTIONS. Which Nodes were failed to be backed up? 82 82
83
Which Nodes were not even attempted to be backed up?
QUESTIONS.. Which Nodes were not even attempted to be backed up? 83 83
84
QUESTIONS… Were all my Tier 1 production servers backed up successfully? If any of them failed, what were the reasons of their failures? 84 84
85
QUESTIONS…. Which Nodes have been constantly failing to be backed up? And what are the reasons? When was the last time these Nodes were backed up successfully? 85 85
86
What is the trend of my Tier 1 node backup status in the last 3 weeks?
QUESTIONS….. What is the trend of my Tier 1 node backup status in the last 3 weeks? 86 86
87
Which Nodes have the slowest backup throughputs?
QUESTIONS…… Which Nodes have the slowest backup throughputs? 87 87
88
AND MANY MORE QUESTIONS …
There would be tons of questions from different people in different backup environments. The objective of dashboard is to answer all those questions in two ways – First give the big picture Then provide the details This presentation has been arranged in Question – Answer format where in a question would be presented and then dashboard would provide an answer to the question. 88 88
89
NODE BACKUP STATUS RELATED REPORTS
89
90
Which Nodes were failed to be backed up?
The pie chart gives the big picture. Clicking on the Failed Pie gives the details as shown below. 90 90
91
Which Nodes were not even attempted to be backed up?
The pie here displays the nodes that were not even attempted to backup. The Nodes are listed below 91 91
92
Were all my Tier 1 production servers backed up successfully
Were all my Tier 1 production servers backed up successfully? If any of them failed, what were the reasons of their failures? I just have to specify a filter for Tier 1 and I get the results as shown in the pie chart and the details below. 92 92
93
Which Nodes have been constantly failing to be backed up
Which Nodes have been constantly failing to be backed up? And what are the reasons? When was the last time these Nodes were backed up successfully? Clicking on any node would bring out the errors as shown below 93 93
94
What is the trend of my Tier 1 node backup status in the last 7 days?
This shows the backup status for each day. Clicking on an error bar would display all the nodes that failed and the errors associated for that node. 94 94
95
Which Nodes have the slowest backup throughputs?
95 95
96
JOB BACKUP STATUS RELATED REPORTS
96
97
How many backup jobs failed? What % of my backup jobs are failing?
97 97
98
Why did a specific backup job fail? What are its errors and warnings?
You can specify a pattern matching job name as a filter and you will the statistics of that job and its errors. 98 98
99
What is the trend of the backup jobs in the last 7 days?
99 99
100
For the failed backup jobs, has a makeup job been created and if yes, what is its current status? Is it waiting to be run or has it finished running or is it active? 100 100
101
RECOVERY POINTS RELATED REPORTS
101
102
Within the last 7 days, how many recovery points do I have for all my Nodes or a specific node or nodes with a pattern matching name or all my Tier 1 Nodes? 102 102
103
Are my Nodes fully or partially protected?
103 103
104
Which Nodes can NOT be recovered from Disaster Recovery?
For a lot of Nodes, DR information is NOT being generated. Modifying the job to allow backing up DR information and having a valid DR license would solve the problem. 104 104
105
If I have to recover a Node or an App, where is my backup image
If I have to recover a Node or an App, where is my backup image? Is it on disk or is it on tape onsite or is it on tapes offsite? 105 105
106
Which Nodes are being backed up to de dupe device? And which aren’t?
106 106
107
What is the compression achieved on tapes and de dupe devices?
107 107
108
How does backups to tape or disk compare with backups to de dupe device? What are my disk savings if I backup to de dupe device and increase the retention to 12 weeks? ARCserve scans the environment to find out the total FULL backup size of all the nodes and comes up with the following comparison. It allows you to change the retention time and visualize the disk space savings. 108 108
109
? ? QUESTIONS ? ? 109
110
User Profiles & Auditing
111
The need for User Profiles and Auditing
In r12, all ARCserve users are Administrators. All users can do everything. Example- John can update/modify/delete Jack’s job. User operations in ARCserve do not have a audit log. Administrator cannot figure out who did what. E.g. Which user deleted this specific job ? Lack of fine grained access control and multi-user tracking. 111 December 3, [User Profiles and Auditing] Copyright © 2008 CA
112
Page based on Title and Text from Slide Layout palette
Page based on Title and Text from Slide Layout palette. Design is 2_Default Design Slide Master Title text for Title or Divider pages should be either 40 pt for short titles /28 pt for subtitles or 32 pts for longer titles /24 pt for subtitles No DATE on divider pages. User Profiles To reapply Master on Divider pages ONLY, [Format > Slide Design > Apply a design template: > (choose Design 1, 2, or 3) > Apply to Selected Slides]
113
User Profiles A Role is a collection of operations/permissions that a user can do. An user can be assigned one or more Roles : Effective user permissions are a OR operation of all roles. After successful login, an user can only see those UI controls (e.g. button, menu, etc.) and do those operations which s/he has rights to do Login using ARCserve and MS-Windows accounts Integrated Windows Authentication. Continued support of ARCserve native users. Integrated Windows Authentication A windows account (either local account or domain account) can be specified as ARCserve account, and then user can use that account to logon to ARCserve and do backup, restore, etc. 113 December 3, [User Profiles and Auditing] Copyright © 2008 CA
114
User Profiles is Role management
A Role is a collection of ARCserve operations/permissions that a user can do. User Profile Manager is the place for doing these operations. ARCserve will ship with fixed Roles and fixed operations/permisssions per Role. You can find all operations for a role here. Double click on a role, you can also find all users who belong to this role. 114 December 3, [User Profiles and Auditing] Copyright © 2008 CA
115
User Profiles is Role management -2
An user can be assigned one or more Roles : Effective user permissions are a OR operation of all roles. Click on “Add” button to add a new User to ARCserve. Assign roles as part of the user’s properties. 115 December 3, [User Profiles and Auditing] Copyright © 2008 CA
116
User Profiles is Role management -3
User’s role membership is displayed on the lower panel 116 December 3, [User Profiles and Auditing] Copyright © 2008 CA
117
User Profiles is Role management -4
User can access only those operations allowed by the profile. > A ‘Backup Operator’ cannot access Restore Manager. “Restore Manager” is missing in above bitmap. 117 December 3, [User Profiles and Auditing] Copyright © 2008 CA
118
User Profiles is Role management -5
User can access only those operations allowed by the profile. Open Job Status Manager and right click on a job which was submitted by other user. You will find you cannot manage that job 118 December 3, [User Profiles and Auditing] Copyright © 2008 CA
119
User Profiles: Integrated Windows Authentication
> Register a Windows account as a ARCserve user. Choose ‘Add User’ in User Profile. Can be a local or domain account. Choose ‘Add user’ in User profile. Assign Roles to the user. 119 December 3, [User Profiles and Auditing] Copyright © 2008 CA
120
Windows authentication in ARCserve
Login with Windows domain account which was just added as a ARCserve user. Choose Windows authentication here
121
Pre-defined Roles in User Profiles
Fixed Roles and permissions within the roles. Extended permissions Ownership Checking Exemption: Allow users to update/modify other users jobs. Security Administrator: Access to User profile Manager.
122
Page based on Title and Text from Slide Layout palette
Page based on Title and Text from Slide Layout palette. Design is 2_Default Design Slide Master Title text for Title or Divider pages should be either 40 pt for short titles /28 pt for subtitles or 32 pts for longer titles /24 pt for subtitles No DATE on divider pages. Auditing To reapply Master on Divider pages ONLY, [Format > Slide Design > Apply a design template: > (choose Design 1, 2, or 3) > Apply to Selected Slides]
123
Audit Log : View user operations
User has to belong to Report Operator or Monitor Operator to view the Audit logs. 123 December 3, [User Profiles and Auditing] Copyright © 2008 CA
124
Audit Log : Filter out the log messages.
124 December 3, [User Profiles and Auditing] Copyright © 2008 CA
125
Audit Log : View the details of a log message.
125 December 3, [User Profiles and Auditing] Copyright © 2008 CA
126
Miscellaneous points for User Profiles
After installation, the windows user who did the installation should have already been added as ARCserve user and have been assigned “Administrator” role Fully qualified windows username is needed, e.g. “domain_name\username” “caroot” belongs to Administrator role and it cannot be modified except for password If ARCserve Dbengine is not running, only “caroot” can be used for logon 126 December 3, [User Profiles and Auditing] Copyright © 2008 CA
127
Miscellaneous points for User Profiles
Licensing The Role Management feature will only be enabled when “Enterprise Options” is installed and licensed If EO is not installed, you will not be able to see most of Role Management features If EO is installed, but is not licensed, you will be able to see Role Management features but they will not be working 127 December 3, [User Profiles and Auditing] Copyright © 2008 CA
128
Limitations Integrated windows authentication
ARCserve member installation and ARCserve Configuration wizard does not support windows authentication Command line “ca_auth.exe” does not support adding windows account to be ARCserve user All Command line utilities support only ARCserve user accounts. Role based user management User’s role assignment only takes effect after that user has logged in again. Audit Log There is “logon” event, but no “logoff” event 128 December 3, [User Profiles and Auditing] Copyright © 2008 CA
129
Limitations Integrated windows authentication
ARCserve member installation and ARCserve Configuration wizard does not support windows authentication Command line “ca_auth.exe” does not support adding windows account to be ARCserve user All Command line utilities support only ARCserve user accounts. Role based user management User’s role assignment only takes effect after that user has logged in again. Audit Log has a “logon” event, but no “logoff” event. 129 December 3, [User Profiles and Auditing] Copyright © 2008 CA
130
Troubleshooting Methods
The following information is useful for Support to investigate issues. %ARCserve_HOME%\LOG\CADBLog.log %ARCserve_HOME%\LOG\Services.log %ARCserve_HOME%\LOG\caauthd.exe_*.dmp
131
Page based on Title and Text from Slide Layout palette
Page based on Title and Text from Slide Layout palette. Design is 2_Default Design Slide Master Title text for Title or Divider pages should be either 40 pt for short titles /28 pt for subtitles or 32 pts for longer titles /24 pt for subtitles No DATE on divider pages. Questions ? To reapply Master on Divider pages ONLY, [Format > Slide Design > Apply a design template: > (choose Design 1, 2, or 3) > Apply to Selected Slides]
132
R12.5 Password Management Dec 2008
Page based on Title Slide from Slide Layout palette. Design is cacorp 2006. Title text for Title or Divider pages should be either 40 pt for short titles /28 pt for subtitles or 32 pts for longer titles /24 pt for subtitles. DATE text box is not on master and can be deleted. The date should always be 20 pts. R12.5 Password Management Dec 2008
133
Password Management What is Password Management?
ARCserve Backup can save session passwords into ARCserve Database during backups. The saved session passwords can be used by ARCserve Backup automatically for restores, scan, merge and compare operations. So, ARCserve User can shift the burden of remembering all session passwords to ARCserve Backup Password Management
134
Password Management Session Password Expiration Period
Users may have a password changing policy that requires all passwords to be periodically changed. This is a good security practice. ARCserve Backup can be configured to show a reminder to the change the password after a specified period of time. This functionality works for all Backup Jobs. User can enable it while configuring backup jobs. Export/Import of session passwords User can also export the session passwords periodically for Escrow purposes and Disaster recovery scenarios. Password Management
135
Password Management Password management for encrypted backups
Improve operational efficiency Password management for encrypted backups Don’t need to remember the encrypted passwords Password management for backup clients ARCserve will store the user/password for all backup clients Limited user profiles – this will help the customers create multiple users with different privileges for ARCserve functionality; the customers will be able to use Windows accounts as ARCserve users and Windows passwords with it. A limited auditing will also be provided – this will tell the end user about the operations performed by ARCserve users (including login details) Password management for encrypted backups – helps the user in recovering data that is encrypted – don’t need to remember the passwords that could be changing every month. The customers will be able to submit backups with the option of ARCserve remembering the password for recovery purposes – this will ease the recovery process Password management for backup clients – ARCserve will store the user/password for all backup clients; this will help the user to submit backups and restores (especially with user profiles) without the restore operator knowing the user/password of the server (to be restored) 135 135
136
Session Password Management – 1
Configure Password Management from this dialog Set session password here Check this to enable session password management Check this to enable session password expiration reminder Check this to enable encryption upon backup data by session password Configure “Global Option” while submitting backup jobs Password Management
137
Session Password Management – 2
Set session password here Check this to enable session password management Check this to enable session password expiration reminder Open “Job Status Manager”, ARCserve user can configure backup job’s session password by doing a right click. Click “Modify Encryption Password …” to get above dialog Password Management
138
Session Password Management – 3
Show this warning message 7 days before session expiration date Show this warning message while session password expired Execute backup jobs with Session Password Management and session password expiration reminder Check for warning messages in Activity Log Password Management
139
Session Password Management – 4
ARCserve Backup Restore Manager will retrieve the stored Session Password from Database automatically and fill it here, so that if the session to be restored are already enabled session password management, it isn’t necessary to input session password manually Restore sessions which are backed up with Session Password Management Password Management
140
Session Password Management – 5
Encryption Password dialog for Merge Job and Scan Job Password Management
141
Session Password Management – 6
Encryption Password dialog for Compare Job Password Management
142
Page based on Title and Text from Slide Layout palette
Page based on Title and Text from Slide Layout palette. Design is 2_Default Design Slide Master Title text for Title or Divider pages should be either 40 pt for short titles /28 pt for subtitles or 32 pts for longer titles /24 pt for subtitles No DATE on divider pages. Questions ? To reapply Master on Divider pages ONLY, [Format > Slide Design > Apply a design template: > (choose Design 1, 2, or 3) > Apply to Selected Slides]
143
Thanks!! CA ARCserve Backup r12.5
Q&A
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.