nsr - introduction and overview of NetWorker
NetWorker facilitates the backup and recovery of files on a network of computer systems. Files and filesystems may be backed up on a sched- uled basis. Recovery of entire filesystems and single files is simpli- fied by use of an on-line index of saved files. NetWorker uses a client-server model to provide the file backup and recover service. At least one machine on the network is designated as the NetWorker server, and the machines with disks to be backed up are NetWorker clients. Five daemons provide the NetWorker service, control access to the system, and provide index and media support. On the clients, there are special programs to access the file systems and com- municate with the NetWorker server. The NetWorker system has several parts. Commands and files are only briefly mentioned here; see the appropriate reference manual page for more detailed information. Each command has a manual page entry in section 8. The files and their formats are explained in section 5 man- ual pages. The NetWorker Administrator's Guide provides information on configuring and administering a NetWorker system. It includes many examples and rationales for setting up and running a successful backup operation.
How NetWorker is installed depends on the architecture of the machine upon which you are installing. For detailed installation instructions, see the NetWorker Installation Guide for your specific platform. nsr_layout(5) Describes where NetWorker programs, files, and manual pages are installed.
NetWorker uses a client-server model to provide a backup and recover service. The following daemons encompass the server side of NetWorker. nsrd(8) The main NetWorker daemon. nsrd handles initial communi- cation with clients, and starts and stops the other Net- Worker server daemons. ansrd(8) The agent nsrd process, spawned by nsrd in response to a recovery, clone, or other session. The ansrd daemon is invoked on an as-needed basis and is only present when there are sessions active to the NetWorker server. Modern versions of save(8) do not require use of an ansrd daemon. save sets and media. The nsrmmdbd daemon provides a much coarser view of the saved files than does nsrindexd, and therefore the resultant index is usually much smaller. nsrindexd(8) This server daemon provides access to the NetWorker on- line index. The index holds records of saved files. The index allows clients to selectively browse and choose files to recover without having to access the backup media. nsrmmdbd(8) The media management database daemon provides an index of save sets and media. The nsrmmdbd daemon provides a much coarser view of the saved files than does nsrindexd, and therefore the resultant index is usually much smaller. nsrjobd(8) The jobs daemon provides for the centralized monitoring and control of remote execution "jobs", typically save and directed recover. It manages the parallelism when spawn- ing remote jobs and monitors the status for reporting and storing execution information. All scheduled backups are initiated from nsrjobd. nsrmmd(8) The media multiplexor daemon provides device support for NetWorker. When more than one client is saving files, the data from each client is multiplexed. During recovery operations, the data is demultiplexed and sent back to the requesting clients. When the multiple devices are enabled, several of these daemons may be active simultane- ously.
NetWorker is administered via resources and attributes. Every resource has one or more attributes associated with it. For example, a device is a NetWorker resource type; an attribute of devices is the device type, for example, 4mm or 8mm. The NetWorker resource format is docu- mented in nsr_resource(5). There is also a manual page for each Net- Worker resource in section 5 of the manual. Resource files are not normally edited by hand. Rather, a NetWorker tool (usually NetWorker Management Console or nsradmin(8)) is used to modify resource files dynamically so that values can be checked and changes can be propagated automatically to the interested programs. The following are tools that are used to administer various aspects of NetWorker. NetWorker Management Console Monitors the activity of and administers NetWorker servers. NetWorker Management Console is a Java based application and is most users' primary interface to Net- Worker. nsradmin(8) A curses(3) based tool for the administration of NetWorker servers. nsrwatch(8) A curses(3) based tool to monitor the activity of Net- Worker servers. nsrmm(8) Media manager command. The nsrmm command is used to label, mount, unmount, delete and purge volumes. Mount requests are generated by nsrmmd, and displayed by Net- Worker Management Console or nsrwatch. The size of the on-line user file indexes may be controlled by deleting and purging volumes. nsrjb(8) The NetWorker jukebox-controlling command. When dealing with a jukebox, nsrjb, rather than nsrmm, should be used to label, load, and unload the volumes contained within a jukebox. nsrim(8) Automatically manages the on-line index. It is usually run periodically by savegrp. mminfo(8) Provides information about volumes and save sets. nsrck(8) Checks and repairs the NetWorker on-line index. It is run automatically when nsrd starts up if the databases were not closed cleanly due to a system crash. nsr_render_log(8) Creates a human readable version of the Networker logs. nsr_shutdown(8) A shell script used to safely shut down the local Net- Worker server. The nsr_shutdown script can only be run by the super user.
NetWorker supports both scheduled and manual saving of files and filesystems. Each client may be scheduled to save all or part of its filesystems. Different clients may be scheduled to begin saving at different times. save(8) A command-line-based tool used to back up a specified file or group of files. The save command may be run manually by users and administrators, or automatically by savegrp. savegrp(8) Used to initiate the backup of a group of client machines. Usually started automatically by the NetWorker server. The savegrp command also backs up the clients' on-line file indexes, which are stored on the server. When back- ing up the server itself, a bootstrap save set is also created. nsrexec(8) The agent savegrp process, spawned by savegrp. The nsrexec command monitors the progress of NetWorker com- mands. nsrclone(8) The NetWorker save set/volume cloning command. Using nsr- clone, clones, or exact replicas, of save sets or entire volumes can be made. Clone data is indistinguishable from the original data, except for the NetWorker media volumes upon which the data reside. nsrexecd(8) NetWorker-specific remote execution service which runs on NetWorker clients. Used by savegrp to start save and savefs on client machines. savefs(8) Used by savegrp to determine characteristics of a client, and to map the save set All to the current list of all save sets on a client.
NetWorker maintains an on-line index of user files that have been saved. Users may browse the index and select files for recovery. This information is used to build a representation of the file heirarchy as of any time in the past. NetWorker then locates the correct volume and recovers the requested files. recover(8) Browses the on-line user file index and selects files and filesystems to recover. nwrecover(8) A Motif-based tool for recovering files. The nwrecover command is the graphical equivalent of recover. mmrecov(8) Used only for disaster recovery. Recovers the special bootstrap index and the server's on-line file index. The recover or nwrecover commands are used to recover other on-line file indexes. scanner(8) Verifies correctness and integrity of NetWorker volumes. Can also recover complete save sets and rebuild the on- line file and media indexes. nsr_crash(8) A man page describing crash recovery techniques. nsrinfo(8) Used to generate reports about the contents of a client's file index.
APPLICATION SPECIFIC MODULES
In order to process user files in an optimal manner, NetWorker provides the ASM mechanism. Pattern matching is used to select files for processing by the different ASMs. The patterns and associated ASMs are described in nsr(5). The save command keeps track of which ASMs were used to process a file so that recover may use the same ASMs to recover the file. uasm(8) UNIX filesystem specific save/recover module. The uasm man page documents the general rules for all ASMs. The uasm command and its man page actually comprise several additional ASMs, including compressasm, mailasm, and xlateasm, to name a few. nsrindexasm(8) Processes the on-line user file indexes. nsrmmdbasm(8) Processes the on on-line media database.
On large networks there may be several NetWorker servers installed. Each NetWorker client command must select a server to use. For server selection, the client commands are classified into two groups: administration and operation. The administration commands include NetWorker Management Console, nsrwatch, and mminfo. The operation commands include save, savefs, and recover. Both groups of commands accept a -s server option to explicitly specify a NetWorker server. When a server is not explicitly specified, the operation commands use the following steps to locate one. The first server found is used. 1) The local machine is examined to see if it is a NetWorker server. If it is, then it is used. 2) The machine where the current directory is actually located is examined to see if it is a NetWorker server. If it is, then it is used. 3) The machine specified with the -c option is examined to see if it is a NetWorker server. If it is, then it is used. 4) The list of trusted NetWorker servers is obtained from the local machine's nsrexecd(8). Each machine on the list is examined to see if it is a NetWorker server. The first machine determined to be a NetWorker server is used. 5) A broadcast request is issued. The first NetWorker server to respond to the request is used. 6) If a NetWorker server still has not been found, then the local machine is used. The administrative commands only use step 1.
Before a save is allowed, there must be an NSR client resource created for the given client. Before a recovery is allowed, the server vali- dates client access by checking the remote access attribute in the NSR client resource (see nsr_client(5)). The savegrp(8) command initiates the save(8) command on each client machine in an NSR group by using the nsrexecd(8) remote save execution service. See the nsrexecd(8) man page for details. For backward com- patibility with older versions of NetWorker, savegrp(8). will fall back on using the rsh(8) protocol for remote execution if nsrexecd is not running on a particular client. Access to the NSR resources through the nsradmin(8) command or Net- Worker Management Console is controlled by the administrator attribute on the NSR server resource (see nsr_service(5)). This attribute has a list of names of the users who have permission to administer that resources. Names that begin with an ampersand (&) denote netgroups (see netgroup(5)). Also names can be of the form user@host or user=user,host=host to authorize a specific user on a specific host.
The system administrator can grant root privileges to specific groups of users by changing the mode of a NetWorker program to setuid-root and setgid-group. (See chgrp(1) and chmod(1) for more details.) When a user invokes a program that is both setuid-root and setgid- group, he may retain root privileges if one of the following is true: 1. The user's name and the program's group name are identical. 2. One of the process's supplementary group id names is identical to the program's group name. (See getgroups(2) for more details.) 3. The user's name is an element of the netgroup whose name is identical to the program's group name. (See getgrnam(3) for more details.) For example, the mode and group owner of the recover command can be changed such that the ls output looks like: -rws--s--x 1 root staff 548808 Apr 18 16:04 recover A user invoking this command will retain root privileges if (1) his name is 'staff', or (2) he is a member of the group 'staff', or (3) his name appears as an element of the netgroup 'staff'. Granting root privileges may be applied to the following NetWorker pro- grams: nsrexec(8), nsrports(8), recover(8), nwretrieve(8), nwrecover(8), nsrclone(8), nsrconsolidate(8), nsrmm(8), mmpool(8), mmlocate(8), nsrjb(8), nsrinfo(8), nsrstage(8), nsrcap(8), save(8), nsrpmig(8), nsrck(8), nsrim(8), jbconfig(8), nsrcnct(8), and scanner(8).
NAMING AND AUTHENTICATION
As described above, the NSR server only accepts connections initiated from the machines listed as clients or listed in the remote access list (for recovering). Since machines may be connected to more than one physical network and since each physical network connection may have numerous aliases, the policies below are used as a compromise between security and ease of use. For further information about naming in the UNIX environment, refer to gethostent(3) or other documentation on name services. A client determines its own name as follows. First the client's UNIX system name is acquired via the gethostname(2) system call. The UNIX system name is used as a parameter to the gethostbyname(3) library rou- tine. The client declares its name to be the official (or 'primary') name returned by gethostbyname. This name is passed to the NetWorker server during connection establishment. A server authenticates a client connection by reconciling the connec- tion's remote address with client's stated name. The address is mapped to a list of host names via the gethostbyaddr(3) library function. Next, the client's stated name is used as a parameter to gethostbyname to acquire another list of host names. The client is successfully employed: 1) The NetWorker clients and servers should access consistent host name databases. NIS (YP) and the Domain Name System (DNS) are naming subsystems that aid in host name consistency. 2) All hosts entries for a single machine should have at least one common alias among them. 3) When creating a new client, use a name or alias that will map back to the same official name that the client machine produces by backward mapping its UNIX system name.
rsh(1), gethostname(2), gethostent(3), netgroup(5), nsr(5), nsr_layout(5), nsr_resource(5), ypfiles(5), ypmake(5), mminfo(8), nsr_crash(8), nsr_ize(8), nsr_service(5), nsr_shutdown(8), nsradmin(8), nsrck(8), nsrclone(8), nsrd(8), nsrexecd(8), nsrim(8), nsrindexasm(8), nsrindexd(8), nsrinfo(8), nsrjb(8), nsrls(8), nsrmm(8), nsrmmd(8), nsrmmdbasm(8), nsrmmdbd(8), nsrwatch(8), nwadmin(8), nwbackup(8), nwrecover(8), recover(8), mmrecov(8), save(81), savefs(8), savegrp(8), scanner(8), uasm(8). and The NetWorker Administrator's Guide
NetWorker 8.0.1 Dec 02, 12 nsr(8)