Upload
eleanor-stevens
View
222
Download
0
Tags:
Embed Size (px)
Citation preview
CA ARCserve Backup r12.5 Overview
CA ARCserve Backup r12.5
> Complete VM protection Granular recovery from image
backup
Support for VMware, Microsoft Virtual Server 2008 / HYPER-V
> Data De-Duplication Reduce disk space for backup
> Dashboard Graphical insight into your
backup environment
> Oracle RMAN and 64-Bit Platform Support
Support File-based and RMAN-based mode
Native x64 & IA64 bit support
> Access Control and Auditing Different roles with specific
permissions.
Critical operation audit log
> Password Management Password management for
encrypted backups and backup clients
> Media Assure Assure the backup data on
media is readable and writable
> Agent Deployment Packages Deploy agents on multiple
remote hosts simultaneously
Key New FeaturesKey New Features
2
®
ARCserve
DATA DE-DUPLICATION
3
THE CONCEPT
Data de duplication is a technology that examines data for redundancy, storing only unique data "chunks" to disk.
4
Data De-duplication
In this picture, think of each shape as a chunk of data. De-duplication would find unique shapes i.e. unique chunk of data and store it ONLY once on disk, thus introducing lots of savings in disk space.
THE CONCEPT
5
Data De-duplication
THE CONCEPT
C1 C2 C3 C4 C5 C1 C2 C3 C4 C5
D1 D2 D3 D4 D1 D3.ref file .ref file
This is the first backup image.Redundancies can be found within this first backup image. Ex – C4 and C5 are same and hence are pointing to the data chunk D4 on disk.
Data De-duplication
This is the second backup image.A lot of redundancies were found and hence only 2 data chunks were written in this backup. Most of the chunks in the current backup image “POINT” to previous backups
®
ADVANTAGESOF
DATA DE-DUPLICATION
7
ADVANTAGES OF DATA DE-DUPLICATION
REDUCED DISK SPACE
Almost 90% of the data in weekly backups remain the same as previous weeks backup.
Data de-duplication will eliminate those redundancies and reduce the size of backup image on disk.
For ex – Assume that you were backing up 5 TB to disk and copying data to tape, and you were retaining the data on disk for 3 weeks. This would mean that you would need at least 15 TB of disk space
De-duplication would require just about 5-6 TB of disk space. The savings would be more visible when you want more backup images on site.
8
Data De-duplication
ADVANTAGES OF DATA DE-DUPLICATION
FASTER BUSINESS RECOVERY TIMES
Because of the reduction in disk space for each backup image, more backup versions could be maintained on site. So instead of 2 weeks, you could retain backup images for almost 12 weeks onsite.
Hence when restores have to be done from any of the backup images within the last 12 weeks, you don’t have to wait for the tapes to come from offsite. Instead you could do the restores right off the DDD media onsite.
9
Data De-duplication
ADVANTAGES OF DATA DE-DUPLICATION
GREEN TECHNOLOGY
More disks means more spindles being powered which in turn means more power consumption.
De-duplication reduces the disk space requirements and hence also reduces the power requirements.
10
Data De-duplication
ADVANTAGES OF DATA DE-DUPLICATION
CHEAPER THAN TAPES AND TAPE LIBRARIES
If, in your environment, you don’t have the requirement to store data on tapes you could replace your tape infrastructure with backups to DDD.
If, in your environment, using backups to de dupe you could get away with copying just the monthly data to tapes, this reduces your tape library size requirements.
11
Data De-duplication
DIFFERENT TYPES OF DATA DE-DUPLICATION
1. De-duplication at Backup Server
2. De-duplication at production Server
3. De-duplication at block level
4. De-duplication at file level
5. De-Duplication at block level and optimized, where possible, at file level
6. Inline De-duplication
7. Post process De-duplication
8. Inline and post process de-duplication
12
Data De-duplication
BLOCK LEVEL DE-duplication
BLOCK level de dupe is smart enough to detect the changes that happened and write ONLY data around the changes.
13
Data De-duplication
®
ARCserve De-duplicationDevice (DDD)Creation
14
ARCserve De-Duplication Device (DDD)LOCATION
15
Backup Server(could also be a
production server)
DASSTORAGE
De dupe devices could be created on
1. Local Direct attached Storage
ARCserve DDD LOCATION
16
Backup Server(could also be a
production server)
DASSTORAGE
SANSTORAGE
De dupe devices could be created on
1. Local Direct attached Storage
2. iSCSI or SAN storage
ARCserve DDD LOCATION
17
Backup Server(could also be a
production server)
DASSTORAGE
SANSTORAGE
NAS FILEROr
Any n/w attached storage
Network attached STORAGE
De dupe devices could be created on
1. Local Direct attached Storage
2. iSCSI or SAN storage
3. Network share coming off a NAS filer or a WIN share
ARCserve DDD CREATION
18
1. Go to Backup Manager
ARCserve DDD CREATION
19
1. Go to Backup Manager
2. Choose staging or destination tab
ARCserve DDD CREATION
20
1. Go to Backup Manager
2. Choose staging or destination tab
3. Choose the ARCserve Primary or member server where you want to create a de dupe device
ARCserve DDD CREATION
21
1. Go to Backup Manager
2. Choose staging or destination tab
3. Choose the ARCserve Primary or member server where you want to create a de dupe device
4. Select Configure Deduplication Device
ARCserve DDD CREATION
22
5. Click Add
ARCserve DDD CREATION
23
Specify the location on disk where de dupe data will be
stored
Specify the location on disk where de dupe meta data
(also called index files) will be stored
Optionally you could also specify group name of the de
dupe device
Security is required when you create de dupe device on a network attached storage
You can create multiple de dupe devices in one shot
ARCserve DDD CREATION
24
6. Clicking Finish will create a de duplication device
ARCserve DDD CREATION
25
Now the new De duplication group that was created, is visible under the ARCserve server.
The Group Type and the location of the data and index files on disk is also visible
ARCserve DDD CREATION
26
Clicking on the media of de dupe device shows the volume characteristics
ARCserve DDD GROUP PROPERTIES
27
You can click on DDD group and choose “Configure Deduplication Groups” and adjust the de dupe group properties according to your needs.
ARCserve DDD GROUP PROPERTIES
28
During backup, when the volume used space of data files is detected to be greater than the specified MAX Threshold, the backup job fails.The value could also be specified as absolute value.
Please specify this value according to your needs.
ARCserve DDD GROUP PROPERTIES
29
MAX # Streams allow you to regulate the maximum “simultaneous” backup streams which can happen to this de dupe device.The default value is 4 and the maximum value is 32
ARCserve DDD GROUP PROPERTIES
30
If a DDD device is being used in a staging job and you don’t want pending migrations to happen because for ex – the tape library needs to be fixed, you could select this option.Once your tape library is fixed, you could un check this option.
ARCserve DDD GROUP PROPERTIES
31
Optimization in de dupe is useful for backups of Windows file system.ARCserve de dupe engine will NOT do costly de dupe processing for data belonging to files which did not change.
This reduces the CPU utilization and also reduces the backup window.
This is enabled, by default.
ARCserve DDD GROUP PROPERTIES
32
This will ensure that data belonging to C:\ drive of different machines will also be de duped as part of a post process backup.This is enabled by default.
ARCserve DDD GROUP PROPERTIES
33
Delayed Disk reclamation – When ARCserve sessions have to be deleted, it would reduce the reference count of the corresponding chunks of data. When the reference count of a chunk becomes zero, that much amount of disk space is ready to reclaimed. But if those small chunks are reclaimed right away, the volume could get fragmented.Choosing Delayed Reclamation will cause the data to be reclaimed ONLY when multiple such chunks could be reclaimed.Using this approach the volume would be less fragmented.
ARCserve DDD GROUP PROPERTIES
34
Expedited Disk reclamation – When ARCserve sessions have to be deleted, it would reduce the reference count of the corresponding chunks of data. When the reference count of a chunk becomes zero, that much amount of disk space is ready to reclaimed. But if those small chunks are reclaimed right away, the volume could get fragmented.Choosing Expedited Reclamation will cause the disk space to be reclaimed right away. The downside of this is increased fragmentation.
®
ARCserve BACKUP TO De-Duplication Device (DDD)
35
ARCserve BACKUPS to DDD
1. A DDD device can be used as a final destination in a backup job
2. A DDD device can be used as a staging area in a disk staging backup job
36
DDD in final destination of backup job
A DDD device can be used as a final destination in a backup job
37
DDD in final destination of backup job
The retention of data in DDD device can be specified in De-duplication Purge Policy
38
DDD in final destination of backup job
The number of simultaneous streams in a single backup job can be specified as shown below
39
DDD used as staging in a disk staging backup job
A DDD group can be chosen in staging tab as shown below.
40
DDD used as staging in a disk staging backup job
In the Staging policy dialog, you could specify when to copy the data from staging area to final destination.
You could also specify when to purge data from DDD
41
DDD used as staging in a disk staging backup job
The biggest advantage of using De Dupe devices in your backup jobs is that this will allow you to store many versions of backup images in your limited disk space on site, and thus improving your recovery times.
42
De-duplication Considerations
43
The following table shows the various ARCserve functions that are supported or
not supported with Data De-duplication. Function Supported Not Supported
Compression/Encryption X
Device Format/Erase X
Migration (Copy Policy) X
Multistreaming X
Multiple Concurrent Streams X
Multiplexing X
More than one deduplication device assigned to a group X
Retention of Staging (Purge Policy) X
Scan Jobs X
Used by jobs using * groups X
Used in media pools X
Used in GFS Rotations X
Used as Staging Location X
Used as Final Destination Location X
®44
ARCserve Media Assure
ARCserve Media Assure
This is a policy driven job which picks up ARCserve sessions randomly from any ARCserve media (including DDD) and scans ARCserve sessions on the media.
It scans all the metadata and data that is present in an ARCserve session on the media.
45
ARCserve Media Assure
A successful scan of ARCserve session assures that the data is restorable.
It automatically validates the backup images in the background. This reduces the inertia to adopt new technologies like de-duplication or even continue to use older technologies like Multiplexing
Having such a policy based feature gives a “peace of mind” to backup administrators.
46
Media AssureReduce UncertaintyReduce Uncertainty
47
> Assure the backup data on your data protection media is readable and writable.
> Verify whether media is accessible without your identification,
> Report on the usability of the media and data.
> Reduce scan time with same coverage
> Pay close attention to last backups
> Take good care of important source nodes
ARCserve Media Assure
The Policy driven job can be specified as shown below.
48
ARCserve Media Assure
The policy allows you to -
1. Specify the number of days from which the sessions should be randomly picked.
2. Specify no more than X% or an absolute number of sessions from the media.
3. Specify comma separated node names whose sessions need to be scanned. Thus for ex - you could specify ONLY the top tier nodes.
49
®
??
QUESTIONS ??
50
R12.5 Virtualization Enhancements
AGENDA
> Virtualization background
> Virtualization Backup \ Recovery Requirements
> R12 Virtualization support overview
> R12.5 Virtualization enhancements
Virtualization Background
VIRTUALIZATION
Virtualization is available from multiple vendors like
• VMware
• Microsoft
• Xen
VIRTUALIZATION
• There rate of virtualization of servers continues to increase.
• CA, as a corporation, has a very big focus on virtualization.
• Our Business Unit has a huge emphasis on virtualization as will be evident from the innovation that has been introduced in ARCserve R12.5 virtualization enhancements.
MULTIPLE APPROACHES TO BACKUP VIRTUAL MACHINES
MULTIPLE APPROACHES TO BACKUP VIRTUAL MACHINES
Just like any other entity in an enterprise, a virtual machine has to be
• Managed
• Protected (Backed up)
Our focus in today’s discussion will be primarily on protecting Virtual machines
MULTIPLE APPROACHES TO BACKUP VIRTUAL MACHINES
A virtual machine can be backed up in many different ways
• Install Agent inside a Virtual Machine
• Install Agent on the Physical machine and backup all the VMs as files
• Do a server less backup. For ex – VCB backups in VMware environments
Each of the above has its own advantages and disadvantages
MULTIPLE APPROACHES TO BACKUP VIRTUAL MACHINES
Install Agent inside a Virtual Machine
ADVANTAGES:• Everybody knows how to do this. A lot of environments continue to backup VMs using this
approach because everyone understands this and is simple.
• If you have applications inside a VM and want to do the conventional full and log backups, this is a simple approach to do your backups
DISADVATANGES:• Virtual Machines are already taxed because of them being virtual. Backups from within a
VM increases COU utilization, n/w utilization and could impact the performance of that VM and possibly other VMs which are running on the same physical machine.
• This might not reduce backup window
MULTIPLE APPROACHES TO BACKUP VIRTUAL MACHINES
Install Agent inside Physical Machine
ADVANTAGES:• The agent on physical machine will backup the files belonging to the VMs
• This is also a simple approach and doesn’t need for anyone to understand any new technologies.
• This is a the best approach to backup Hyper V VMs from a Hyper V physical machine.
DISADVATANGES:• ESX 3i doesn’t have a console and hence this approach won’t be possible
• Some admins are reluctant to install anything on an ESX server for whatever reason
• The backups from the physical machine will utilize CPU, n/w, disk and hence might impact the performance of VMs that are running on that physical machine.
MULTIPLE APPROACHES TO BACKUP VIRTUAL MACHINES
Serverless backup – backup using a Proxy agent
Before we explain advantages and disadvantages, let’s see how this technology works. Currently this is possible ONLY in VMware environments using VCB technology.
MULTIPLE APPROACHES TO BACKUP VIRTUAL MACHINES
ESX SERVER
VM1
VM2
VM3
VM4
SAN DISK
VCBPROXY SERVER
CA ARCserve VM AGENTAll the VMs on
the ESX server has its data
stored on a SAN storage
CA ARCserve Backup Server
ARCserve VM agent uses VCB technology to take a snapshot of VM and read the VM files
from SAN disk
ARCserve reads data from VM agent. Thus
this scheme of backup never impacts the VMs
or the ESX server
ARCserve R12Virtualization Overview
R12 Virtualization support overview
VMware VM Hyper-V VM
R12 Virtualization support overview
VMware VM
>Image level backup using VCB
>File level backup using VCB
>File level backup using Client Agent
Microsoft Hyper-V VM
>Image level backup using Hyper-V VSS writer
>File level backup using Client Agent
R12 backup process for VMware VMs
Vmware Consolidated Backup (VCB)
Proxy
vm14vmxvm1.vmdkvm1.log
vm14vmxvm1.vmdkvm1.log
vm3.vmxvm1.vmdkvm1.log
vm3.vmxvm1.vmdkvm1.log
vm2.vmxvm1.vmdkvm1.log
vm2.vmxvm1.vmdkvm1.log
vm1.vmxvm1.vmdkvm1.log
vm1.vmxvm1.vmdkvm1.log
Storage
Virtual Machines
ESX Server
Virtual Machines
ESX Server
Virtual Machines
ESX Server
ARCserve Server
VC
Virtual Center
R12 backup process for VMware VMs
Vmware Consolidated Backup (VCB)
Proxy
vm14vmxvm1.vmdkvm1.log
vm14vmxvm1.vmdkvm1.log
vm3.vmxvm1.vmdkvm1.log
vm3.vmxvm1.vmdkvm1.log
vm2.vmxvm1.vmdkvm1.log
vm2.vmxvm1.vmdkvm1.log
vm1.vmxvm1.vmdkvm1.log
vm1.vmxvm1.vmdkvm1.log
Storage
Virtual Machines
ESX Server
Virtual Machines
ESX Server
Virtual Machines
ESX Server
ARCserve Server
5. Backup
vm14vmxvm1.vmdkvm1.log
vm14vmxvm1.vmdkvm1.log
vm3.vmxvm1.vmdkvm1.log
vm3.vmxvm1.vmdkvm1.log
vm2.vmxvm1.vmdkvm1.log
vm2.vmxvm1.vmdkvm1.log
vm1.vmxvm1.vmdkvm1.log
vm1.vmxvm1.vmdkvm1.log
3. Snapshot Copy
Client Agent
4. Mount
1. Send VM
details
VC
Virtual Center
2.VCBMount
er Command
R12 backup process for Hyper-V VMs
Vm1.xmlvm1.vhd
Vm1-1.vhd
Vm1.xmlvm1.vhd
Vm1-1.vhd
Vm1.xmlvm1.vhd
Vm1-1.vhd
Vm1.xmlvm1.vhd
Vm1-1.vhd
Vm1.xmlvm1.vhd
Vm1-1.vhd
Vm1.xmlvm1.vhd
Vm1-1.vhd
Vm1.xmlvm1.vhd
Vm1-1.vhd
Vm1.xmlvm1.vhd
Vm1-1.vhd
Storage
Virtual Machines
Hyper-V
ARCserve Server
R12 backup process for Hyper-V VMs
vm14vmxvm1.vmdkvm1.log
vm14vmxvm1.vmdkvm1.log
vm3.vmxvm1.vmdkvm1.log
vm3.vmxvm1.vmdkvm1.log
vm2.vmxvm1.vmdkvm1.log
vm2.vmxvm1.vmdkvm1.log
Vm1.xmlvm1.vhd
Vm1-1.vhd
Vm1.xmlvm1.vhd
Vm1-1.vhd
Storage
Virtual Machines
Hyper-V
ARCserve Server
1. Send VM
details
2. Create VSS shadow copy
3. Back
up VM
from sh
adow
copyClient
Agent vm14vmxvm1.vmdkvm1.log
vm14vmxvm1.vmdkvm1.log
vm3.vmxvm1.vmdkvm1.log
vm3.vmxvm1.vmdkvm1.log
vm2.vmxvm1.vmdkvm1.log
vm2.vmxvm1.vmdkvm1.log
Vm1.xmlvm1.vhd
Vm1-1.vhd
Vm1.xmlvm1.vhd
Vm1-1.vhd
R12 Virtualization support
Following are some backup and recovery requirements which were not addressed by ARCserve R12
> No file level restore from the Image backup
> No VM recovery for VMware & Hyper-V VMs
> No incremental/differential for Hyper-V VM
> No VM recovery to alternate physical machines
> No simple to use reports focused on VMs
ARCserve R12.5Virtualization Enhancements
R12.5 Virtualization Enhancements
> Consolidated Virtualization support – new CA ARCserve Agent for Virtual Machines
> Granular restore from Image (Raw) backup of VM
> Mixed mode backup
VM Image backup for Full backup – DR capability in addition to being fast
– File level restore capability.
File mode (incremental / differential)backup for daily backups – Small foot print
> Multi-streaming at VM level
Environment setup
> Install the new Agent for Virtual Machines on VCB Proxy
Hyper-V host
VMs (VMware & Hyper-V)
– File level restore form Image backup
– File mode Incremental/Differential for Hyper-V VMs
Populate the VMs into ARCserve database
Configura
ti
on fo
r
VMw
are
VMs
to b
e
run o
n
Proxy
Configura
tion
for H
yper
-V
VMs,
to b
e ru
n
on H
yper
-V
host
Select VMs to protect
VMware Hyper-V
Dashboard – VM Recovery Points
Dashboard – VM Most Recent Backup status
Troubleshooting
> Some pre-emptive troubleshooting is done by the Agent.
Delete VCB snapshot
Delete Mount dir for VMware VM
> Logs are created in Log folder under the Client Agent installation directory
Ca_vcbpopulatedb.log
vcbMounteroutput_xxx.log
ca_msvmpopulatedb.log
HyperV.log
> We log Job id and session number against VM
> Log file size and number of logs can be controlled by user
QUESTIONS
ARCserve DASHBOARD
80
Did you ever have to ask the following questions?
81
QUESTIONS.
Which Nodes were failed to be backed up?
82
QUESTIONS..
Which Nodes were not even attempted to be backed up?
83
QUESTIONS…
Were all my Tier 1 production servers backed up successfully? If any of them failed, what were the reasons of their failures?
84
QUESTIONS….
Which Nodes have been constantly failing to be backed up? And what are the reasons? When was the last time these Nodes were backed up successfully?
85
QUESTIONS…..
What is the trend of my Tier 1 node backup status in the last 3 weeks?
86
QUESTIONS……
Which Nodes have the slowest backup throughputs?
87
AND MANY MORE QUESTIONS …• There would be tons of questions from different
people in different backup environments.
• The objective of dashboard is to answer all those questions in two ways –• First give the big picture• Then provide the details
• This presentation has been arranged in Question – Answer format where in a question would be presented and then dashboard would provide an answer to the question.88
NODE BACKUP STATUS RELATED REPORTS
89
Which Nodes were failed to be backed up?
90
The pie chart gives the big
picture.
Clicking on the Failed Pie gives the details as shown below.
Which Nodes were not even attempted to be backed up?
91
The pie here displays the nodes that were not even
attempted to backup.The Nodes are listed below
Were all my Tier 1 production servers backed up successfully? If any of them failed, what were the reasons of their
failures?
92
I just have to specify a filter for Tier 1 and I get the results as shown in the pie chart and the
details below.
Which Nodes have been constantly failing to be backed up? And what are the reasons? When was the last time these Nodes were
backed up successfully?
93
Clicking on any node would bring out the errors as shown below
What is the trend of my Tier 1 node backup status in the last 7
days?
94
This shows the backup status for each day. Clicking on an error bar would display all the nodes that failed and the errors associated for that node.
Which Nodes have the slowest backup throughputs?
95
JOB BACKUP STATUS RELATED REPORTS
96
How many backup jobs failed? What % of my backup jobs are
failing?
97
Why did a specific backup job fail? What are its errors and
warnings?
98
You can specify a pattern matching job name as a filter and you will the statistics of that job and its errors.
What is the trend of the backup jobs in the last 7 days?
99
For the failed backup jobs, has a makeup job been created and if yes, what is its current
status? Is it waiting to be run or has it finished running or is it active?
100
RECOVERY POINTS RELATED REPORTS
101
Within the last 7 days, how many recovery points do I have for all my Nodes or a specific
node or nodes with a pattern matching name or all my Tier 1 Nodes?
102
Are my Nodes fully or partially protected?
103
Which Nodes can NOT be recovered from Disaster
Recovery?
104
For a lot of Nodes, DR information is NOT being
generated. Modifying the job to allow
backing up DR information and having a valid DR license would
solve the problem.
If I have to recover a Node or an App, where is my backup image? Is it on disk
or is it on tape onsite or is it on tapes offsite?
105
Which Nodes are being backed up to de dupe device? And which
aren’t?
106
What is the compression achieved on tapes and de dupe
devices?
107
How does backups to tape or disk compare with backups to de dupe device? What are my disk
savings if I backup to de dupe device and increase the retention to 12 weeks?
108
ARCserve scans the environment to find out the total FULL backup size of all the nodes and comes up with the
following comparison.It allows you to change the retention
time and visualize the disk space savings.
??
QUESTIONS ??
109
User Profiles & Auditing
111 December 3, 2008 [User Profiles and Auditing] Copyright © 2008 CA
The need for User Profiles and Auditing
> In r12, all ARCserve users are Administrators. All users can do everything. Example- John can
update/modify/delete Jack’s job.
> User operations in ARCserve do not have a audit log. Administrator cannot figure out who did what. E.g. Which user deleted this specific job ?
> Lack of fine grained access control and multi-user tracking.
®
User Profiles
113 December 3, 2008 [User Profiles and Auditing] Copyright © 2008 CA
User Profiles
> A Role is a collection of operations/permissions that a user can do.
An user can be assigned one or more Roles : Effective user permissions are a OR operation of all roles.
After successful login, an user can only see those UI controls (e.g. button, menu, etc.) and do those operations which s/he has rights to do
> Login using ARCserve and MS-Windows accounts Integrated Windows Authentication.
Continued support of ARCserve native users.
114 December 3, 2008 [User Profiles and Auditing] Copyright © 2008 CA
User Profiles is Role management
A Role is a collection of ARCserve operations/permissions that a user can do.
115 December 3, 2008 [User Profiles and Auditing] Copyright © 2008 CA
User Profiles is Role management -2
An user can be assigned one or more Roles : Effective user permissions are a OR operation of all roles.
User Profiles is Role management -3
116 December 3, 2008 [User Profiles and Auditing] Copyright © 2008 CA
User’s role membership is displayed on the lower panel
User Profiles is Role management -4
117 December 3, 2008 [User Profiles and Auditing] Copyright © 2008 CA
User can access only those operations allowed by the profile.
> A ‘Backup Operator’ cannot access Restore Manager.
User Profiles is Role management -5
118 December 3, 2008 [User Profiles and Auditing] Copyright © 2008 CA
User can access only those operations allowed by the profile.
> Open Job Status Manager and right click on a job which was submitted by other user. You will find you cannot manage that job
User Profiles: Integrated Windows Authentication
119 December 3, 2008 [User Profiles and Auditing] Copyright © 2008 CA
> Register a Windows account as a ARCserve user.
> Assign Roles to the user.
• Choose ‘Add User’ in User Profile.
• Can be a local or domain account.
Windows authentication in ARCserve
> Login with Windows domain account which was just added as a ARCserve user.
> Choose Windows authentication here
Pre-defined Roles in User Profiles
> Fixed Roles and permissions within the roles.
> Extended permissions Ownership Checking Exemption: Allow users to update/modify
other users jobs. Security Administrator: Access to User profile Manager.
®
Auditing
Audit Log : View user operations
123 December 3, 2008 [User Profiles and Auditing] Copyright © 2008 CA
Audit Log : Filter out the log messages.
124 December 3, 2008 [User Profiles and Auditing] Copyright © 2008 CA
Audit Log : View the details of a log message.
125 December 3, 2008 [User Profiles and Auditing] Copyright © 2008 CA
126 December 3, 2008 [User Profiles and Auditing] Copyright © 2008 CA
Miscellaneous points for User Profiles
> After installation, the windows user who did the installation should have already been added as ARCserve user and have been assigned “Administrator” role
> Fully qualified windows username is needed, e.g. “domain_name\username”
> “caroot” belongs to Administrator role and it cannot be modified except for password
> If ARCserve Dbengine is not running, only “caroot” can be used for logon
127 December 3, 2008 [User Profiles and Auditing] Copyright © 2008 CA
Miscellaneous points for User Profiles
> Licensing The Role Management feature will only be enabled when
“Enterprise Options” is installed and licensed
If EO is not installed, you will not be able to see most of Role Management features
If EO is installed, but is not licensed, you will be able to see Role Management features but they will not be working
128 December 3, 2008 [User Profiles and Auditing] Copyright © 2008 CA
Limitations
> Integrated windows authentication ARCserve member installation and ARCserve Configuration
wizard does not support windows authentication
Command line “ca_auth.exe” does not support adding windows account to be ARCserve user
All Command line utilities support only ARCserve user accounts.
> Role based user management User’s role assignment only takes effect after that user
has logged in again.
> Audit Log There is “logon” event, but no “logoff” event
129 December 3, 2008 [User Profiles and Auditing] Copyright © 2008 CA
Limitations
> Integrated windows authentication ARCserve member installation and ARCserve Configuration
wizard does not support windows authentication
Command line “ca_auth.exe” does not support adding windows account to be ARCserve user
> All Command line utilities support only ARCserve user accounts.
> Role based user management User’s role assignment only takes effect after that user
has logged in again.
> Audit Log has a “logon” event, but no “logoff” event.
Troubleshooting Methods
> The following information is useful for Support to investigate issues.
%ARCserve_HOME%\LOG\CADBLog.log
%ARCserve_HOME%\LOG\Services.log
%ARCserve_HOME%\LOG\caauthd.exe_*.dmp
®
Questions ?
R12.5 Password Management
Dec 2008
Password Management
> What is Password Management? ARCserve Backup can save session passwords into
ARCserve Database during backups.
The saved session passwords can be used by ARCserve Backup automatically for restores, scan, merge and compare operations.
So, ARCserve User can shift the burden of remembering all session passwords to ARCserve Backup
Password Management
Password Management
> Session Password Expiration Period Users may have a password changing policy that requires
all passwords to be periodically changed. This is a good security practice.
ARCserve Backup can be configured to show a reminder to the change the password after a specified period of time.
This functionality works for all Backup Jobs. User can enable it while configuring backup jobs.
> Export/Import of session passwords User can also export the session passwords periodically for
Escrow purposes and Disaster recovery scenarios.
Password Management
Password ManagementImprove operational efficiency Improve operational efficiency
135
> Password management for encrypted backups
Don’t need to remember the encrypted passwords
> Password management for backup clients
ARCserve will store the user/password for all backup clients
Session Password Management – 1
Password Management
Configure Password Management from this
dialog
Configure Password Management from this
dialog
Set session password here
Set session password here
Check this to enable session password
management
Check this to enable session password
management
Check this to enable session password
expiration reminder
Check this to enable session password
expiration reminder
Check this to enable encryption upon backup
data by session password
Check this to enable encryption upon backup
data by session password
> Configure “Global Option” while submitting backup jobs
Session Password Management – 2
> Open “Job Status Manager”, ARCserve user can configure backup job’s session password by doing a right click.
> Click “Modify Encryption Password …” to get above dialog
Password Management
Set session password here
Set session password here
Check this to enable session password
management
Check this to enable session password
management
Check this to enable session password
expiration reminder
Check this to enable session password
expiration reminder
Session Password Management – 3
> Execute backup jobs with Session Password Management and session password expiration reminder
> Check for warning messages in Activity Log
Password Management
Show this warning message 7 days before session expiration date
Show this warning message 7 days before session expiration date
Show this warning message while session
password expired
Show this warning message while session
password expired
Session Password Management – 4
> Restore sessions which are backed up with Session Password Management
Password Management
ARCserve Backup Restore Manager will retrieve the stored Session Password
from Database automatically and fill it
here, so that if the session to be restored are already enabled session
password management, it isn’t necessary to input
session password manually
ARCserve Backup Restore Manager will retrieve the stored Session Password
from Database automatically and fill it
here, so that if the session to be restored are already enabled session
password management, it isn’t necessary to input
session password manually
Session Password Management – 5
> Encryption Password dialog for Merge Job and Scan Job
Password Management
Session Password Management – 6
Password Management
> Encryption Password dialog for Compare Job
®
Questions ?
Q&A
Thanks!! CA ARCserve Backup r12.5