Tivoli Storage Manager for Windows Administrator's Guide


Managing Nodes

From the perspective of the server, each client, application client, and Tivoli Data Protection host server is a node requiring TSM services. For information, see Overview of Client Nodes and File Spaces. Client nodes can be local or remote to the TSM server. For information, see Comparing Network-Attached Nodes to Local Nodes.

Administrators can perform the following activities when managing client nodes.

Task Required Privilege Class
Updating, renaming, locking, or unlocking any client nodes System or unrestricted policy
Updating, renaming, locking, or unlocking client nodes assigned to specific policy domains System, unrestricted policy, or restricted policy for those domains
Displaying information about client nodes or file spaces Any administrator
Deleting any client nodes System or unrestricted policy
Removing client nodes assigned to specific policy domains System, unrestricted policy, or restricted policy for those domains
Managing client access authority levels System

Updating Client Node Information

You can use the UPDATE NODE command to update information such as the client's assigned policy domain, the user's password or contact information, and the client option set used by the node.

For example, update client node TOMC to prevent him from deleting archived files from storage pools by entering:

update node tomc archdelete=no

Renaming Client Nodes

You can rename a client node with the RENAME NODE command. You may need to rename a client node if the workstation network name or host name changes. For example, with UNIX clients, users define their node name based on the value returned by the HOSTNAME command. When users access the server, their TSM user IDs match the host name of their workstations. If the host name changes, you can update a client node user ID to match the new host name.

For example, to rename CAROLH to ENGNODE, enter:

rename node carolh engnode

ENGNODE retains the contact information and access to backup and archive data that belonged to CAROLH. All files backed up or archived by CAROLH now belong to ENGNODE.

Locking and Unlocking Client Nodes

You can prevent client nodes from accessing the server with the LOCK NODE command. This will prevent client nodes from performing functions such as either backup and restore or archive and retrieve.

You can restore a locked node's access to the server with the UNLOCK NODE command.

For example, to prevent client node MAB from accessing the server, enter:

lock node mab

To let client node MAB access the server again, enter:

unlock node mab

Deleting Client Nodes

You can delete a client node from the server with the REMOVE NODE command. All file spaces that belong to the client node must first be deleted from server storage. After all of the client node's file spaces have been deleted (see Deleting File Spaces and Client Nodes), you can delete the node.

For example, to remove client node DEBBYG, enter:

  1. Delete the DEBBYG file space by entering:
    delete filespace debbyg * type=any
    
  2. Delete the DEBBYG node by entering:
    remove node debbyg
    

Displaying Information about Client Nodes

You can display information about client nodes. For example, as a policy administrator, you might query the server about all client nodes assigned to the policy domains for which you have authority. Or you might query the server for detailed information about one client node.

Displaying Information about Client Nodes Assigned to Specific Policy Domains

You can display information about client nodes assigned to specific policy domains. For example, to view information about client nodes that are assigned to STANDARD and ENGPOLDOM policy domains, enter:

query node * domain=standard,engpoldom

The output from that command might look like this:


+--------------------------------------------------------------------------------+
|Node Name    Platform     Policy Domain   Days Since   Days Since   Locked?     |
|                          Name                  Last     Password               |
|                                              Access          Set               |
|----------   --------     --------------  ----------   ----------   -------     |
|DEBBYG         DOS        STANDARD                 2          12    No          |
|ENGNODE        AIX        ENGPOLDOM               <1           1    No          |
|HTANG          OS/2       STANDARD                 4          11    No          |
|MAB            AIX        ENGPOLDOM               <1           1    No          |
|PEASE          AIX        STANDARD                 3          12    No          |
|SSTEINER       (?)        ENGPOLDOM               <1           1    No          |
|                                                                                |
+--------------------------------------------------------------------------------+

Displaying Information about a Specific Client Node

You can view information about specific client nodes. For example, to review the registration parameters defined for client node JOE, enter:

query node joe format=detailed

The resulting report would look like this:


+--------------------------------------------------------------------------------+
|                                                                                |
|                     Node Name: JOE                                             |
|                      Platform: WinNT                                           |
|               Client OS Level: 4.00                                            |
|                Client Version: Version 3, Release 1, Level 3.0                 |
|            Policy Domain Name: STANDARD                                        |
|         Last Access Date/Time: 05/19/1999 18:55:46                             |
|        Days Since Last Access: 6                                               |
|        Password Set Date/Time: 05/19/1999 18:26:43                             |
|       Days Since Password Set: 6                                               |
|         Invalid Sign-on Count: 0                                               |
|                       Locked?: No                                              |
|                       Contact:                                                 |
|                   Compression: Client's Choice                                 |
|       Archive Delete Allowed?: Yes                                             |
|        Backup Delete Allowed?: No                                              |
|        Registration Date/Time: 05/19/1999 18:26:43                             |
|     Registering Administrator: SERVER_CONSOLE                                  |
|Last Communication Method Used: Tcp/Ip                                          |
|   Bytes Received Last Session: 108,731                                         |
|       Bytes Sent Last Session: 698                                             |
|Duration of Last Session (sec): 0.00                                            |
|   Pct. Idle Wait Last Session: 0.00                                            |
|  Pct. Comm. Wait Last Session: 0.00                                            |
|  Pct. Media Wait Last Session: 0.00                                            |
|                     Optionset:                                                 |
|                           URL:http://joe.host.name:1581                        |
|                     Node Type: Client                                          |
|    Password Expiration Period: 60                                              |
|             Keep Mount Point?: No                                              |
|  Maximum Mount Points Allowed: 1                                               |
+--------------------------------------------------------------------------------+

Overview of Remote Access to Web Backup-Archive Clients

With the introduction of the Web backup-archive client, when a client node is registered with a TSM 3.7.0 server or above, an identical administrative user ID is created at the same time. This user ID has client owner authority over the node by default. Enterprise logon enables a user with the proper administrative user ID and password to access a Web backup-archive client from a Web browser. The Web backup-archive client can be used by the client node or a user ID with the proper authority to perform backup, archive, restore, and retrieve operations on any machine that is running the Web backup-archive client.

You can establish access to a Web backup-archive client for help desk personnel that do not have system or policy privileges by granting those users client access authority to the nodes they need to manage. Help desk personnel can then perform activities on behalf of the client node such as backup and restore operations.

A native backup-archive client can log on to TSM using their node name and password, or administrative user ID and password. The administrative user ID password is managed independently from the password that is generated with the passwordaccess generate client option. The client must have the option passwordaccess generate specified in their client option file to enable use of the Web backup-archive client.

To use the Web backup-archive client from your web browser, you specify the URL and port number of the TSM backup-archive client machine running the web client.

During node registration, you have the option of granting client owner or client access authority to an existing administrative user ID. You can also prevent the server from creating an administrative user ID at registration. If an administrative user ID already exists with the same name as the node being registered, the server registers the node but does not automatically create an administrative user ID. This process also applies if your site uses open registration.

For more information about installing and configuring the Web backup-archive client, refer to Tivoli Storage Manager Installing the Clients.

Description of Node Privilege Class with Client Access Authorities

Access to a Web backup-archive client requires either client owner authority or client access authority. Administrators with system or policy privileges over the client node's domain, have client owner authority by default. The administrative user ID created automatically at registration has client owner authority by default. This administrative user ID is displayed when an administrator issues a QUERY ADMIN command.

The following describes the difference between client owner and client access authority when defined for a user that has the node privilege class:

Client owner
You can access the client through the Web backup-archive client or native backup-archive client.

You own the data and have a right to physically gain access to the data remotely. You can backup and restore files on the same or different machine, you can delete file spaces or archive data.

The user ID with client owner authority can also access the data from another machine using the -NODENAME parameter.

The administrator can change the client node's password for which they have authority.

This is the default authority level for the client at registration. An administrator with system or policy privileges to a client's domain has client owner authority by default.

Client access
You can only access the client through the Web backup-archive client.

You can restore data only to the original client.

A user ID with client access authority cannot access the client from another machine using the -NODENAME parameter.

This privilege class authority is useful for help desk personnel so they can assist users in backing up or restoring data without having system or policy privileges. The client data can only be restored to none other than the original client. A user ID with client access privilege cannot directly access client's data from a native backup-archive client.

Managing Client Access Authority Levels

By default, an administrator with system or policy privilege over a client's domain can remotely access clients and perform backup and restore operations.

You can grant client access or client owner authority to other administrators by specifying CLASS=NODE and AUTHORITY=ACCESS or AUTHORITY=OWNER parameters on the GRANT AUTHORITY command. You must have one of the following privileges to grant or revoke client access or client owner authority:

You can grant an administrator client access authority to individual clients or you can grant an administrator client access to all clients in a specified policy domain. For example, you may want to grant client access privileges to users that staff help desk environments. See Example: Setting up Help Desk Access to Client Machines in a Specific Policy Domain for more information.

Granting Client Authority

To grant client access authority to administrator FRED for the LABCLIENT node, issue:

grant authority fred class=node authority=access node=labclient

The administrator FRED can now access the LABCLIENT client, and perform backup and restore. The administrator can only restore data to the LABCLIENT node.

To grant client owner authority to ADMIN1 for the STUDENT1 node, issue:

grant authority admin1 class=node authority=owner node=student1

The user ID ADMIN1 can now perform backup and restore operations for the STUDENT1 client node. The user ID ADMIN1 can also restore files from the STUDENT1 client node to a different client node.

Automatically Creating an Administrative User ID with Client Access

You can use the REGISTER NODE command to automatically create an administrative user ID with client owner authority to a node when the node is defined to the server. By default, the server creates an administrative user ID in addition to the client node. For example, you want to register client node DESK2, issue:

 register node desk2 pass2dsk

The following shows the output from this command.


+--------------------------------------------------------------------------------+
|ANR2060I Node DESK2 registered in policy domain STANDARD.                       |
|ANR2099I Administrative userid DESK2 defined for OWNER access to node DESK2.    |
|                                                                                |
+--------------------------------------------------------------------------------+

The DESK2 client node is registered, in addition to an administrative user ID with the same ID. The administrative user ID DESK2 has a password of pass2dsk with client owner authority to the DESK2 node. When the PASSWORDACCESS=GENERATE option is used by the client to change the password, the administrative DESK2 ID can still access the client from a remote location.

Preventing Automatic Creation of an Administrative User ID with Client Owner Authority

You can prevent automatic creation of an administrative user ID with client owner authority by specifying USERID=NONE on the REGISTER NODE command. For example, you want to register DESK2 without creating an administrative user ID with client owner authority by default. Issue the following:

register node desk2 pass2dsk userid=none

Granting an Existing Administrative ID Client Owner Authority

You can grant client owner authority to an existing administrative user ID. For example, to give client owner authority to the HELPADMIN user ID when registering the NEWCLIENT node, enter:

register node newclient pass2new userid=helpadmin

This command results in the NEWCLIENT node being registered with a password of pass2new, and also grants HELPADMIN client owner authority. This command would not create an administrator ID. The HELPADMIN client user ID is now able to access the NEWCLIENT node from a remote location.

Example: Setting up Help Desk Access to Client Machines in a Specific Policy Domain

You want to set up help desk access for user HELP1 to the client nodes in the FINANCE domain. You want to grant HELP1 client access authority to the FINANCE domain without having to grant system or policy privileges.

The client nodes have been previously set up as follows:

The help desk person, using HELP1 user ID, has a Java 1.1.6-capable Web browser.

  1. Register an administrative user ID of HELP1.
    register admin help1 05x23 contact="M. Smith, Help Desk x0001"
    
  2. Grant the HELP1 administrative user ID client access authority to all clients in the FINANCE domain. With client access authority, HELP1 can perform backup and restore operations for clients in the FINANCE domain. Client nodes in the FINANCE domain are Dave, Sara, and Joe.
    grant authority help1 class=node authority=access domains=finance
    

    The following is output generated by this command:


    +--------------------------------------------------------------------------------+
    |ANR2126I GRANT AUTHORITY: Administrator HELP1 was granted ACCESS authority for c|
    |                          DAVE.                                                 |
    |ANR2126I GRANT AUTHORITY: Administrator HELP1 was granted ACCESS authority for c|
    |                          JOE.                                                  |
    |ANR2126I GRANT AUTHORITY: Administrator HELP1 was granted ACCESS authority for c|
    |                          SARA.                                                 |
    |                                                                                |
    +--------------------------------------------------------------------------------+
  3. The help desk person, HELP1, opens the Web browser and specifies the URL and port number for client machine Sara:
    http://sara.machine.name:1581
    

    A Java applet is started, and the client hub window is displayed in the main window of the Web browser. When HELP1 accesses the backup function from the client hub, the TSM login screen is displayed in a separate Java applet window. HELP1 authenticates with the administrative user ID and password. HELP1 can perform a backup for Sara.

For information about what functions are not supported on the Web backup-archive client, refer to Tivoli Storage Manager Installing the Clients.


[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]