Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ nsr(8) — DG/UX 5.4R3.00

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

rsh(1)

nsr(5)

mminfo(8)

networker(8)

nsradmin(8)

nsrck(8)

nsrd(8)

nsrexecd(8)

nsrim(8)

nsrindexd(8)

nsrls(8)

nsrmm(8)

nsrmmd(8)

nsrmmdbd(8)

nsrwatch(8)

rap(8)

rapd(8)

recover(8)

recoverindex(8)

save(8)

savefs(8)

uasm(8)

savegroup(8)

saveindex(8)

scanner(8)

netgroup(5)

ypfiles(5)

ypmake(5)

gethostname(2)

gethostent(3)



NSR(8)                      Legato NetWorker 4.0                      NSR(8)


NAME
       NSR - introduction and overview of NetWorker

DESCRIPTION
       NetWorker facilitates the backup and recovery of files on a network
       of computer systems.  Files and file systems may be backed up on a
       scheduled basis.  Recovery of entire filesystems and single files is
       simplified by use of an on-line index of saved files.

       NetWorker uses a client-server model to provide the file backup and
       recover service.  At least one machine on the network is designated
       the NetWorker server, and the machines with disks to be backed up are
       NetWorker clients.  Four daemons provide the NetWorker service, con­
       trol access to the system, and provide index and media support.  On
       the clients, there are special programs to access the file systems
       and communicate with the NetWorker server.

       The NetWorker system has several parts.  Commands and files are only
       briefly mentioned here, see the appropriate reference manual page for
       more detailed information.  Each command has a manual page entry in
       section 8.  The files and their formats are explained in section 5
       manual pages.

       The NetWorker Administrator's Guide provides information on configur­
       ing and administering a NetWorker system.  It includes many examples
       and rationale for setting up and running a successful backup opera­
       tion.

INSTALLATION
       After unloading the NetWorker distribution tape with tar(1) into a
       temporary directory, the software must be correctly installed.

       nsrize(8)    The NetWorker installation script.  The script will
                     install both clients and servers.  The nsrize script
                     is also used to de-install NetWorker.

       nsrlayout(5) Describes where NetWorker programs, files and manual
                     pages are installed.

SERVER DAEMONS
       NetWorker uses a client-server model to provide a backup and recover
       service.  The following daemons encompass the server side of Net­
       Worker.

       nsrd(8)      The main NetWorker daemon.  nsrd handles initial commu­
                    nication with clients, and starts and stops the other
                    NetWorker server daemons.

       nsrindexd(8) This server daemon provides access to the NetWorker on-
                    line index.  The index holds records of saved files.
                    The index allows clients to selectively browse and
                    choose files to recover.

       nsrmmdbd(8)  The media management database daemon provides an index



Licensed material--property of copyright holder(s)                         1




NSR(8)                      Legato NetWorker 4.0                      NSR(8)


                    of save sets and media.  Nsrmmdbd provides a much
                    coarser view of the saved files than does nsrindexd, and
                    therefore the resulting index is usually much smaller.

       nsrmmd(8)    The media multiplexor daemon provides device support for
                    NetWorker.  When more than one client is saving files,
                    the data from each client is multiplexed.  During recov­
                    ery operations, the data is demultiplexed and sent back
                    to the requesting client.  When the concurrent device
                    support module is used, several of these daemons may be
                    active at the same time.

ADMINISTRATION
       NetWorker is administered through the attributes of its resources.
       These resources may be manipulated by the administrator to change
       schedules, start times, group assignments and other aspects of Net­
       Worker.  A detailed resource description is in nsrresource(5).
       There is also a manual page for each NetWorker resource in section 5.

       networker(8) Monitors the activity of and administers NetWorker
                    servers.  Networker is an X Window System application,
                    using a look and feel appropriate to the platform on
                    which it runs.  Manual backups and recoveries can also
                    be initiated through this window tool.

       nsradmin(8)  A curses(3) based tool for the administration of Net­
                    Worker servers.

       nsrwatch(8)  A curses(3) based tool to monitor the activity of Net­
                    Worker servers.

       nsrmm(8)     Media manager command.  Nsrmm is used to label, mount,
                    unmount, delete and purge volumes.  Mount requests are
                    generated by nsrmmd, and displayed by networker or nsr­
                    watch.  The size of the on-line user file indexes may be
                    controlled by deleting and purging volumes.

       nsrim(8)     Automatically manages the on-line index.  Usually run
                    periodically by savegroup.

       mminfo(8)    Provides information about volumes and save sets.

       nsrck(8)     Checks and repairs the NetWorker on-line index.  It is
                    run automatically when nsrd starts up if the databases
                    were not closed cleanly due to a system crash.

SAVING FILES
       NetWorker supports both scheduled and manual saving of files and
       filesystems.  Each client may be scheduled to save all or part its
       filesystem.  Different clients may be scheduled to begin saving at
       different times.

       savegroup(8) Used to initiate the backup of a group of client
                    machines.  Usually started automatically by the server.



Licensed material--property of copyright holder(s)                         2




NSR(8)                      Legato NetWorker 4.0                      NSR(8)


       nsrexecd(8)  NetWorker-specific remote execution service which runs
                    on NetWorker clients.  Used by savegroup to start savefs
                    on client machines.

       savefs(8)    Starts the appropriate save(8) command to back up a
                    client's filesystem.

       saveindex(8) Generates a back up of a client's on-line file index.
                    When backing up a NetWorker server, a bootstrap save set
                    is also created.

       save(8)      Back up a specified file or group of files.  Save may be
                    run manually by users and administrators, or automati­
                    cally by savefs.

RECOVERING FILES
       NetWorker maintains an on-line index of user files that have been
       saved.  Users may browse the index and select files for recovery.
       NetWorker then locates the correct volume and recovers the requested
       files.

       recover(8)      Browses the on-line user file index and selects files
                       and filesystems to recover.

       recoverindex(8) Recovers on-line file indexes, including the special
                       bootstrap index used during disaster recovery.

       scanner(8)      Verifies correctness of NetWorker volumes.  Can also
                       recover complete save sets and rebuild the on-line
                       file and media indexes.

       nsrcrash(8)    A man page describing crash recovery techniques.

APPLICATION SPECIFIC MODULES
       In order to process user files in an optimal manner, NetWorker pro­
       vides the ASM mechanism.  Pattern matching is used to select files
       for processing by the different ASMs.  The patterns and associated
       ASMs are described in nsr(5).  Save keeps track of which ASMs were
       used to process a file so that recover may use the same ASMs to
       recover the file.

       uasm(8)        UNIX filesystem specific save/recover module.  The
                      uasm man page documents the general rules for all
                      ASMs.

       compressasm(8) Compresses files' pages using Lempel-Ziv coding.

       mailasm(8)     Supports UNIX mailbox conventions.

       nsrindexasm(8) Processes the on-line user file indexes.

       nsrmmdbasm(8)  Processes the media index.

       swapasm(8)     Handles diskless client swap files.



Licensed material--property of copyright holder(s)                         3




NSR(8)                      Legato NetWorker 4.0                      NSR(8)


       xlateasm(8)    Implements a simple encryption/decryption scheme on
                      files.

SERVER LOCATION
       On large networks there may be several NetWorker servers installed.
       Each NetWorker client command must select a server to use.

       For server selection, the client commands are classified into two
       groups: administration and operation .  The administration commands
       include networker, nsrwatch, and mminfo.  The operation commands
       include save, savefs, and recover.  Both groups of commands accept a
       -s server option to explicitly specify a server.

       When a server is not explicitly specified, the operation commands use
       the following steps to locate one.  The first server found is used.

       1)   The machine where the current directory is actually located is
            determined.  This will either be an NFS server or the local
            machine.  If that machine is a client of a NetWorker server as
            determined by a RAP query, then that NetWorker server is used.

       2)   The machine where the current directory is actually located is
            examined to see if it is a NetWorker server.  If it is, then it
            is used.

       3)   The local machine is examined to see if it is a NetWorker
            server.  If it is, then it is used.

       4)   If a NetWorker server has still not been found, then the machine
            with the hostname ``nsrhost'' is used.

       The administrative commands start with step number 3, and follow it
       with steps 1, 2 and finally 4.  When either set of commands fail to
       find a NetWorker server, an error message is printed.  The nsradmin
       command (when not given a -s server option), can be used with all
       servers in the RAP area if a rapd daemon is running on the local
       machine, or the host named ``nsrhost''. Otherwise, the local machine
       is used if it is a server, or the host named ``nsrhost''.  The nsrmm
       command always uses the local server, unless given the -s server
       option.  Some commands now use a broadcast to locate servers.

       When there is only one NetWorker server on the network, or to desig­
       nate a ``primary'' server, add a ``nsrhost'' alias for the appropri­
       ate machine to your host table.  For example, edit the file
       ``/etc/hosts'' if you are using a file for your host table.  When
       running the Network Information System (NIS, formerly called Yellow
       Pages or YP), add the ``nsrhost'' alias on the master and push the
       ``hosts'' map.  Otherwise, add the ``nsrhost'' alias to the
       /etc/hosts file for every client and the server.  See ypfiles(5) and
       ypmake(8).

SECURITY
       Before a save is allowed, there must be an NSR client resource cre­
       ated for the given client.  Before a recovery is allowed, the server



Licensed material--property of copyright holder(s)                         4




NSR(8)                      Legato NetWorker 4.0                      NSR(8)


       validates client access by checking the recover access attribute in
       the NSR client resource (see nsrclient(5)).  The server will only
       accept connections that are initiated from a reserved port.  Reserved
       ports can only be opened by root, so most NetWorker programs run by
       the super-user, or set-uid to root.  This access control is similar
       to that used by the rsh(1) command except that instead of using the
       /.rhosts file, NetWorker uses the recover access list in the NSR
       client resource.

       Once a connection has been established, the client programs: save(8),
       savefs(8), and recover(8), set their effective uid to the uid of the
       user who initiated the program so that all local filesystem and sys­
       tem call access is done as that user. This prevents users from recov­
       ering files to which they should not have access.  The exception to
       this rule is that the user name ``operator'' and users in the group
       ``operator'' receive filesystem access privileges of the super-user.
       This allows the administrator to set up a user name or group for the
       operators who will initiate saves and recovers on behalf of other
       users, without giving the operators root access to client machines.

       Access control for the client programs can be further tightened by
       turning off the set-uid bit. This will restrict the use of these pro­
       grams to root only on the client machines. To allow access by root
       and operator, but not by other users, change the group ownership of
       these programs to ``operator'', and set the mode bits to allow execu­
       tion by owner and group, but not by others.

       The savegroup(8) command initiates the savefs(8) command on each
       client machine in an NSR group by using the nsrexecd(8) remote save
       execution service.  See the nsrexecd(8) man page for details.  For
       backward compatibility with older versions of NetWorker, savegroup(8)
       will fall back on using the rsh(1) protocol for remote execution if
       nsrexecd is not running on a particular client.

       Access to the NSR resources through the nsradmin(8) or networker(8)
       commands is controlled by the administrator attribute on each
       resource.  This attribute has a list of names of the users who have
       permission to administer that resource.  Names that begin with an
       ampersand (&) denote netgroups (see netgroup(5)).  Also names can be
       of the form user@host to authorize a specific user on a specific
       host.

NAMING AND AUTHENTICATION
       As described above, the NSR server only accepts connections initiated
       from a secure port on the machines listed as clients or listed in the
       recover access list (for recovering).  Since machines may be con­
       nected to more than one physical network and since each physical net­
       work connection may have numerous aliases, the policies below are
       used as a compromise between security and ease of use.  For further
       information about naming in the UNIX environment, refer to gethos­
       tent(3), or other documentation on name services.

       A client determines its own name as follows.  First the client's UNIX
       system name is acquired via the gethostname(2) system call.  The UNIX



Licensed material--property of copyright holder(s)                         5




NSR(8)                      Legato NetWorker 4.0                      NSR(8)


       system name is used as a parameter to the gethostbyname(3) library
       routine.  The client declares its name to be the official (or ``pri­
       mary'') name returned by gethostbyname.  This name is passed to the
       NetWorker server during connection establishment.

       A server authenticates a client connection by reconciling the connec­
       tion's remote address with client's stated name.  The address is
       mapped to a list of host names via the gethostbyaddr(3) library func­
       tion.  Next, the client's stated name is used as a parameter to geth­
       ostbyname to acquire another list of host names.  The client is suc­
       cessfully authenticated if and only if there exists a common name
       between the two lists.

       The NetWorker server maps a client's name to an on-line index
       database name by resolving the client's name to the official name
       returned by gethostbyname.  This mapping takes place both at client
       creation time and at connection establishment time.

       To ensure safe and effective naming, the following rules should be
       employed:

       1)   The NetWorker clients and servers should access consistent host
            name databases.  NIS (YP) and the Domain Name System (DNS) are
            naming subsystems that aid in host name consistency.

       2)   All hosts entries for a single machine should have at least one
            common alias among them.

       3)   When creating a new client, use a name or alias that will map
            back to the same official name that the client machine produces
            by backward mapping its UNIX system name.

SEE ALSO
       rsh(1), nsr(5), nsrlayout(5), mminfo(8), networker(8), nsrcrash(8),
       nsrize(8), nsrresource(5), nsradmin(8), nsrck(8), nsrd(8),
       nsrexecd(8), nsrim(8), nsrindexd(8), nsrls(8), nsrmm(8), nsrmmd(8),
       nsrmmdbd(8), nsrwatch(8), rap(8), rapd(8), recover(8),
       recoverindex(8), save(8), savefs(8), uasm(8), savegroup(8),
       saveindex(8), scanner(8), netgroup(5), ypfiles(5), ypmake(5),
       gethostname(2), gethostent(3).

       The NetWorker Administrator's Guide















Licensed material--property of copyright holder(s)                         6


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026