NSR(8) Legato NetWorker 3.0 NSR(8)
NAME
NSR - introduction and overview of NetWorker
DESCRIPTION
NetWorker facilitates the back up and recovery of files on a network
of computer systems. Files and file systems may be backed up on a
scheduled basis. Recovery of entire filesystems and single files is
simplified by use of an on-line index of saved files.
NetWorker uses a client-server model to provide the file backup and
recover service. At least one machine on the network is designated
the NetWorker server, the other machines are NetWorker clients. Four
daemons provide the NetWorker service, they control access to the
system and provide index and media support. On the clients, there
are special programs to access the file systems and communicate with
the NetWorker server.
NetWorker is comprised of many parts. Each command and daemon has a
manual page entry in section 8. The files and their formats are
explained in section 5 manual pages. Commands and files are only
briefly mentioned here, see the appropriate man page for more
detailed information.
The NetWorker Administrator's Guide provides information on configur
ing and administering a NetWorker system. It includes many examples
and rational for setting up and running a successful backup opera
tion.
INSTALLATION
After unloading the NetWorker distribution tape with tar(1) into a
temporary directory, the software must be correctly installed.
nsrize(8) The NetWorker installation script. The script will
install both clients and servers. The nsrize script is
also used to de-install NetWorker.
nsrlayout(5)
Describes where NetWorker programs, files and manual
pages are installed.
SERVER DAEMONS
NetWorker uses a client-server model to provide a backup and recover
service. The following daemons encompass the server side of Net
Worker.
nsrd(8) The main NetWorker daemon. nsrd handles initial commu
nication with clients, and starts and stops the other
NetWorker server daemons.
nsrindexd(8) This server daemon provides access to the NetWorker on-
line index. The index holds records of saved files.
The index allows clients to selectively browse and
choose files to recover.
Licensed material--property of copyright holder(s) 1
NSR(8) Legato NetWorker 3.0 NSR(8)
nsrmmd(8) The media multiplexor daemon provides device support for
NetWorker. When more than one client is saving files,
the data from each client is multiplexed. During recov
ery operations, the data is demultiplexed and sent back
to the requesting client.
nsrmmdbd(8) The media multiplexor database daemon provides database
support to nsrmmd. Nsrmmdbd provides a much coarser
view of the saved files than does nsrindexd. Nsrmmdbd
keeps track of where the user files are in the media
pool.
ADMINISTRATION
NetWorker describes itself with resources. These resources may be
manipulated by the administrator to change schedules, start times,
group assignments and other aspects of NetWorker. The general
resource description is in nsrresource(5). There is also a manual
page for each NetWorker resource in section 5.
networker(8)
Monitors the activity and provides administrative support
of NetWorker servers. Networker is an X Window System
application.
nsradmin(8) A curses(3) based tool for the administration of Net
Worker servers.
nsrwatch(8) A curses(3) based tool to monitor the activity of Net
Worker servers.
mm(8) Media manager command. mm is used to label, mount,
unmount, delete and purge volumes. Mount requests are
generated by nsrmmd, and displayed by networker or nsr
watch. The size of the on-line user file indexes may be
controlled by deleting and purging volumes.
mminfo(8) Provides information about volumes and save sets.
nsrck(8) Checks and repairs the NetWorker on-line index. It is
run automatically when nsrd starts up if the databases
were not closed cleanly due to a system crash.
SAVING FILES
NetWorker supports both scheduled and manual saving of files and
filesystems. Each client may be scheduled to save all or part its
filesystem. Different clients may be scheduled to begin saving at
different times.
savegroup(8)
Used by administrators to initiate the backup of a group
of client machines. Can be started automatically by the
server.
savefs(8) Orchestrates the save(8) command to back up a client's
Licensed material--property of copyright holder(s) 2
NSR(8) Legato NetWorker 3.0 NSR(8)
filesystem.
saveindex(8)
Generates a back up of a client's on-line file index.
When backing up a NetWorker server, a bootstrap save set
is also created.
save(8) Back up a specified file or group of files. Save may be
run manually by users and administrators, and is automat
ically run by savefs.
RECOVERING FILES
NetWorker maintains an on-line index of user files that have been
saved. Users may browse the index and select files for recovery.
NetWorker then locates the correct volume and recovers the requested
files.
recover(8) Browses the on-line user file index and selects files
and filesystems to recover.
recoverindex(8)
Recovers on-line file indexes, including the special
bootstrap index used during disaster recovery.
scanner(8) Verifies correctness of NetWorker volumes. Can also
recover complete save sets and rebuild the on-line file
and media indexes.
nsrcrash(8) A man page describing crash recovery techniques.
APPLICATION SPECIFIC MODULES
In order to process user files in an optimal manner, NetWorker pro
vides the ASM mechanism. Pattern matching is used to select files
for processing by the different ASMs. The patterns and associated
ASMs are described in nsr(5). Save keeps track of which ASMs were
used to process a file so that recover may use the same ASMs to
recover the file.
uasm(8) UNIX filesystem specific save/recover module. The
uasm man page documents the general rules for all
ASMs.
compressasm(8) Compresses files' pages using Lempel-Ziv coding.
mailasm(8) Supports UNIX mail mailbox conventions.
nsrindexasm(8) Processes the NetWorker on-line user file indexes.
nsrmmdbasm(8) Processes NetWorker media database.
nullasm(8) Acts according to ASM protocol without having any
effect on the files.
swapasm(8) Handles diskless client swap files.
Licensed material--property of copyright holder(s) 3
NSR(8) Legato NetWorker 3.0 NSR(8)
xlateasm(8) Implements a simple encryption/decryption scheme on
files.
SERVER LOCATION
On large networks there may be multiple NetWorker server installed.
Each NetWorker client command must select a server to issue requests
to.
For server selection considerations, the client commands are classi
fied into two groups: administration and data processing . The
administration commands include networker, nsradmin, nsrwatch and
mminfo. The data processing commands include save, savegroup, savefs
and recover. Both groups of commands accept a -s server option.
When a server is not explicitly specified, the data processing com
mands use the following steps to locate a server. The first Net
Worker server found is used.
1) The physical machine were the current directory is actually
located is determined. This will either be a NFS server or
the local machine. A query of all NetWorker servers is per
formed. If the machine is listed as a client on one of the
NetWorker servers, then that NetWorker server is used.
2) The physical machine were the current directory is actually
located is examined to see if it is a NetWorker server. If it
is a NetWorker server, then it is used.
3) The local machine is examined to see if it is a NetWorker
server. If it is, then it is chosen.
4) If a NetWorker server has still not been found, then the
machine with the hostname ``nsrhost'' is chosen.
The administrative commands start with step number 3, and follow it
with steps 1, 2 and finally 4. When either set of commands fail to
find a NetWorker server, an error message is printed.
When there is only one NetWorker server on the network, or to desig
nate a ``primary'' server, add a ``nsrhost'' alias for the appropri
ate machine to the file ``/etc/hosts''. When running the Network
Information System (NIS, formerly called Yellow Pages or YP), add the
``nsrhost'' alias to the master and push the ``hosts'' map. Other
wise, add the ``nsrhost'' alias to the /etc/hosts file for every
client and the server. See ypfiles(5) and ypmake(8).
SECURITY
The NetWorker server validates client access by checking the recover
access attribute in the NSR client resource (see nsrclient(5)). The
server will only accept connections that are initiated from a secure
port on the machines listed in the recover access list. Secure ports
can only be opened by root, so most NetWorker programs run set-uid to
root. This access control is similar to that used by the rsh(1) com
mand except that, instead of using the /.rhosts file, NetWorker uses
Licensed material--property of copyright holder(s) 4
NSR(8) Legato NetWorker 3.0 NSR(8)
the recover access list in the NSR client resource.
Once a connection has been established, the client programs: save(8),
savefs(8), and recover(8), set their effective uid to the uid of the
user who initiated the program so that all local filesystem and sys
tem call access is done as that user. This prevents users from recov
ering or saving files to which they should not have access. The
exception to this rule is that the user name ``operator'' and users
in the group ``operator'' get filesystem access privileges of root.
This allows the administrator to set up a login or group for the
operators who will initiate saves and recovers on behalf of other
users, without giving the operators root access to client machines.
Access control for the client programs can be further tightened by
turning off the set-uid bit. This will restrict the use of these pro
grams to root only on the client machines. To allow access by root
and operator, but not by other users, change the group ownership of
these programs to ``operator'', and set the mode bits to allow execu
tion by owner and group, but not by others.
By default, the savegroup(8) command initiates the savefs(8) command
on each client machine in a save group by using the rsh(1) remote
command protocol. In order for the rsh command to succeed on each of
the client machines, the server's hostname must be in the /.rhosts
file for each client. The root as the default user id can be over
ridden by modifying the rcmd user attribute of the NSR client
resource associated with the client machine. See the hosts.equiv(5)
man page for more information on setting up remote shell access.
Access to the NSR resources through the nsradmin(8) command is con
trolled by the administrator attribute on each resource. This
attribute has a list of names of the users who have permission to
administer that resource. Names that begin with an ampersand (&)
denote netgroups (see netgroup(5)).
NAMING AND AUTHENTICATION
As described above, the NetWorker server only accepts connections
initiated from a secure port on the machines listed as clients or
listed in the recover access list (for recovering). Since machines
may be connected to more than one physical network and since each
physical network connection may have numerous aliases, NetWorker
software performs the algorithms described below in order to maintain
both security and ease of use. For further reference to naming in
the UNIX environment, refer to gethostent(3).
A client determines its own name as follows. First the client's UNIX
system name is acquired via the gethostname(2) system call. The UNIX
system name is used as a parameter to the gethostbyname(3) library
routine. The client declares its name to be the official (or ``pri
mary'') name returned by gethostbyname. This name is passed to the
NetWorker server during connection establishment.
A server authenticates a client connection by reconciling the connec
tion's remote address with client's stated name. The address is
Licensed material--property of copyright holder(s) 5
NSR(8) Legato NetWorker 3.0 NSR(8)
mapped to a list of host names via the gethostbyaddr(3) library rou
tine. Next, the client's stated name is used as a parameter to the
gethostbyname routine to acquire another list of host names. The
client is successfully authenticated iff there exists an common name
between the two hosts lists.
The NetWorker server maps a client's name to an on-line index
database name by resolving the client's name to the official name
returned by gethostbyname. This mapping takes place both at client
creation time and at connection establishment time.
To insure safe and effective naming, the following rules should be
employeed:
1) The NetWorker clients and servers should access consistent
host name databases. NIS (YP) and DNS are naming subsystems
that simplify host name consistency tasks.
2) All hosts entries for a single machine should have at least
one common alias among them.
3) When creating a new client, use a name or alias that will map
back to the same official name that the client machine pro
duces by backward mapping its UNIX system name.
SEE ALSO
nsr(5), nsrlayout(5), mm(8), mminfo(8), networker(8), nsrcrash(8),
nsrize(8), nsrresource(5), nsradmin(8), nsrck(8), nsrd(8),
nsrindexd(8), nsrls(8), nsrmmd(8), nsrmmdbd(8), nsrwatch(8),
recover(8), recoverindex(8), save(8), savefs(8), uasm(8),
savegroup(8), saveindex(8), scanner(8), netgroup(5), ypfiles(5),
ypmake(5), gethostname(2), gethostent(3).
The NetWorker Administrator's Guide
Licensed material--property of copyright holder(s) 6