Resiliency File Replication User Guide · CONTENTS 1. Overview ..... 5
Transcript of Resiliency File Replication User Guide · CONTENTS 1. Overview ..... 5
Resiliency File Replication User Guide Version 7.2
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 2
DISCLAIMER
IBM believes that the information in this publication is accurate as of its publication date.
The information is subject to change without notice.
COPYRIGHT
© Copyright IBM Corporation 2017. All Rights Reserved.
Printed September 2017.
Use, copy, and distribution of any IBM software described in this publication needs an
applicable software license.
No part of this product or document may be reproduced, stored in a retrieval system, or
transmitted, in any form by any means, electronic, mechanical, photocopy, recording, or
otherwise, without prior written authorization of IBM Corporation and its licensers, if
any.
TRADEMARK INFORMATION
IBM Resiliency Orchestration is a trademark of IBM Corporation.
All other trademarks used in this publication are the property of their respective holders.
CONTENTS
1. Overview .............................................................................................................................................. 5
Overview ..................................................................................................................................................... 6 Key Features ............................................................................................................................................ 6 Configuration ........................................................................................................................................... 7 Resiliency File Replication Service Large File Support .........................................................................16 Locked Resiliency File Replication ........................................................................................................17 Encryption and Checksum in Resiliency File Replicator ........................................................................17
2.Known Limitations ...................................................................................................................................21
Known Limitations .....................................................................................................................................22
3.Users ..........................................................................................................................................................24
Basic User Management ............................................................................................................................25 Adding Users...........................................................................................................................................25 Modifying Users .....................................................................................................................................26 Deleting Users .........................................................................................................................................26 User Role Management with Basic mode ...............................................................................................27
Advanced User Role Management .............................................................................................................27 Known Limitations..................................................................................................................................27 User Role Management with Advanced mode ........................................................................................28 Configuring LDAP ..................................................................................................................................29 Configuring AD ......................................................................................................................................32 Appendix .................................................................................................................................................35
Privileges....................................................................................................................................................39
4. Setting the Resiliency File Replication Service Log Level....................................................................40
Setting Resiliency File Replication Service Debug Level ...........................................................................41
5. Admin Utility Tools .................................................................................................................................42
Utility Tools ................................................................................................................................................43 Evaluation Scan .......................................................................................................................................43 Debug ......................................................................................................................................................44 Fetching ...................................................................................................................................................45 History Export .........................................................................................................................................46
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 4
Preface
Resiliency File Replicator Software User Guide provides concepts and procedures to
understand the Resiliency File Replicator product. Although this guide is intended for
users responsible for using the Resiliency File Replicator product, advanced users will
also benefit from the information it contains.
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 5
1. Overview
In this chapter, you will learn about:
• Key Features
• Configuration
• Service Parameters
• Fileset Parameters
• Resiliency File Replication Large File Support
• Locked Resiliency File Replication
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 6
Overview
Resiliency File Replicator is an enterprise replication software developed by IBM
Corporation. The Resiliency File Replicator can be used to replicate data (files and
directories) across hosts connected within Local or Remote locations. It works with
both Local Area Network (LAN) and Wide Area Network (WAN). It can transfer files
between any network-shared drives and across heterogeneous platforms.
Resiliency File Replicator supports one-to-one, one-to-many, and many-to-one
configurations.
In the current industry, as the data processing increases, it becomes a challenge to
enable multi-host processing and making data mutually available across the network.
Therefore, Resiliency File Replicator guarantees that all the machines have access to
asynchronously replicated data at all times, which means that any changes to the data
on a source server is reflected on a target server at a specified replication time interval.
Key Features
Resiliency File Replicator supports the following features:
▪ Bi-directional mode of data transfer.
▪ File level replication.
▪ Replication across any network.
▪ Heterogeneous platform support.
▪ Linux Cluster support.
▪ Comprehensive audit-trail and error reporting by log files.
▪ Write order protection.
▪ Facility to perform basic Fileset operations like create, delete, modify, enable,
and disable Fileset from Source server as well as Target server.
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 7
▪ Facility to configure and monitor Resiliency File Replicator remotely using
Resiliency File Replicator GUI.
▪ Facility to provide and replicate to multiple target directories using Resiliency
File Replicator GUI.
▪ Facility to replicate the locked files using Resiliency File Replicator.
▪ Facility to encrypt the data, which is in transit.
Configuration
Service Parameters
The configuration parameters of Resiliency File Replicator services applicable across
the fileset are:
Parameter Details Default
Value
PFR_SYNCHRO
NIZE_TARGET
_INTERVAL
This provides the time interval, specifying how
often should the target machine send its list of
files, so that deleted files in DR can be
replicated.
0
(minutes)
PFR_OPTIMIZ
E_HISTORY_S
OURCE_INTER
VAL
This provides the time interval, specifying how
often should the source machine optimize the
history by comparing with the list of files at
the source.
720
(minutes)
PFR_BUCKETS
IZE
This specifies the Bucket size.
Minimum Bucket size: 1 MB
Maximum Bucket size: 500MB
Note
For values outside this range, the Bucket size
will be the default value of 100MB.
100
(MB)
PFR_MAX_FIL
ECOUNT_PER_
BUCKET
This provides the limit on the number of files
in a bucket during the replication cycle.
10000
RSYNC_LARGE
FILE_SIZE
This provides the size of the large files that
will be replicated using Rsync instead of tar.
1024
(MB)
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 8
PFR_RSYNC_L
ARGEFILE_SU
PPORT_ENABL
ED
This specifies whether the large file support is
enabled or not. This support is enabled only if
this value is true.
To disable this property, set this to false.
Note
If this property is not specified, large file
support is enabled by default.
True
PFR_BLOCK_C
OUNT
This specifies the number of 512-bytes sized
blocks.
4096
PFR_SCAN_IN
TERVAL
This provides the scan interval time to check
for files to be replicated for all filesets.
1
(minutes)
PFR_SCAN_SE
TTINGS
This provides the scan optimization settings.
The options are:
0 - Completely Optimized (recommended
while dealing with large number of files).
1 - Check for open files.
2 - Check history for old files.
3 - Check for open files and history for old
files (includes 1 and 2).
Note
Any value other than the above will be treated
as 0.
2
PFR_USE_HIS
TORY
This specifies whether history should be used.
History is used only if the value is true. To
disable this property, set to false.
(If this property is not specified then history is
used by default.)
When disabled, files created or modified with
oldtime stamp will not be scanned or
replicated.
This property will override the
PFR_SCAN_SETTINGS property for checking
the history.
Note
1. For large number of files, (for better
memory usage/performance) this property can
be disabled.
True
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 9
2. Turing off history should be used with
caution.
PFR_COMPFLA
G
This specified the compression flag status. The
options are:
1 - Enabled.
0 - Disabled.
0
PFR_COMPLEV
EL
This specifies the compression level. 8
PFR_PORTID This specifies the port ID for communication. 46000
RSYNC_DAEM
ON_PORTID
This specifies the RSYNC Daemon port ID. 46001
RSYNC_DAEM
ON_INIT_TIM
EOUT
This provides the RSYNC daemon start
timeout that specifies the number of seconds
to wait after starting or stopping Rsync
daemon.
15
(seconds)
PFR_REQUEST
_TIMEOUT
This specifies the timeout period for request. 3
(minutes)
PFR_REQUEST
_HUNG_TIME
OUT
This specifies the time after which process-
request will be detected as hung if there is no
progress in the operation.
4
(minutes)
PFR_HEARTBE
AT_INTERVAL
This specifies the frequency at which
heartbeats will be monitored.
1
(minutes)
PFR_STATUS_
CHK_INTERVA
L
This specifies the frequency to scan the fileset.
This parameter is used to scan filesets in-spite
they are disabled.
Note
Optimistic value can be obtained by averaging
the replication intervals of the filesets, which
are at the source host.
10
(minutes)
MAX_SCAN_T
HREAD
This specifies the number of bounded number
of scan threads. The options are as follows:
DEFAULT: For unbounded number of scan
threads.
DEFAULT
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 10
Set to some specific number: For bounded
number of scan threads.
PFR_CHK_PRO
C_STREAM_IN
TERVAL
This specifies the time interval to check the
process stream.
15
(seconds)
PFR_CUSTOM_
FILTER_BY_SI
ZE_BYTES
This specifies the custom integration
parameters. This property should can be set to
zero or more, so that files can be filtered by
size. This property is disabled, by default.
-1
PFR_DB_CLEA
NUP_TASK_IN
TERVAL
This specifies the time interval to cleanup the
database.
10
(minutes)
PFR_DB_MAX_
SIZE
This specifies the permissible size of the in
memory DB.
If the size of DB exceeds this value, PFR
should automatically restart to allow the DB to
be compacted.
If the value is -1, the check for DB size will be
disabled.
1 (GB)
ENCRYPTION_
ALGORITHM
This property is shown as a comment by
default. The user needs to uncomment this
property to choose a different algorithm that
Resiliency File Replicator supports. Resiliency
File Replicator currently supports only AES.
Resiliency File Replicator uses AES algorithm
by default to encrypt the data, which is in
transit.
AES
ENCRYPTION_
ALGORITHM_K
EY_SIZE
This property is shown as a comment by
default. The user needs to uncomment this
property to provide a different keysize.
Resiliency File Replicator currently supports
AES with only 128 keysize. Resiliency File
Replicator uses AES algorithm with 128 key
size by default.
128
ENABLE_ENCR
YPTION_FOR_
REPLICATION
This property needs to be enabled to allow
Resiliency File Replicator to enable data, which
is in transit.
true
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 11
CHEKSUM_CO
MPUTATION
This property needs to be enabled to allow
Resiliency File Replicator to enable checksum
calculation of data, which is in transit.
true
Fileset Parameters
Fileset defines what has to be replicated and how a replication should be carried
out. A fileset has a unique name and holds the following information:
Parameter Details Default
Value
FILESET_NAME This specified the name that is entered while
creating the fileset.
--------
FILESET_SOUR
CE_HOSTNAME
This specifies the source server IP address. --------
FILESET_TARG
ET_HOSTNAME
This specifies the target server IP address. --------
FILESET_REPLI
CATION_INTER
VAL
This specifies the time interval in seconds for
the files to be scanned for replication from
the source server to the target server.
--------
FILESET_BUCK
ET_SIZE
This specifies the Bucket size.
Minimum Bucket size: 1 MB.
Maximum Bucket size: 500MB.
Note
For values outside this range, the Bucket size
will be the default value of 100MB.
100 (MB)
FILESET_MAX_
FILE_COUNT_P
ER_BUCKET
This provides the limit on the number of files
in a bucket during the replication cycle.
10000
FILESET_BLOC
KS_CNT
This specifies the number of 512-bytes sized
blocks.
1024
FILESET_COMP
RESS_FLAG
This specified the compression flag status.
The options are:
YES: Enabled.
NO: Disabled.
NO
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 12
FILESET_COMP
RESSION_LEVE
L
This specifies the compression level. The
range of compression level is 1 - 9.
Note
This value is considered, if the
FILESET_COMPRESS_FLAG field is
enabled.
8
FILESET_DATA
_STREAMS_CN
T
This specifies the number of data streams
used in parallel to replicate data from source
server to target server. This value ranges
from 1 - 4.
1
FILESET_PRIO
RITY
This specifies the priority assigned to a fileset
by Resiliency File Replicator. The options are:
0: Minimum.
1: Medium.
2: Maximum.
0
FILESET_AUTH
ENTICATION_K
EY
This specifies the authentication key
generated by Resiliency File Replicator for
internal usage purpose.
Randomly
generated
.
FILESET_LINK_
STATUS
This specifies the option selected for
the symbolic links status. The options are:
0: Do not replicate symbolic link.
1: Replicate symbolic link only.
2: Replicate symbolic link and files.
1
FILESET_REPLI
CATE_FLAG
This flag status specifies whether the fileset
should be scanned/replicated or not. The
options are:
0: The scanning and replication is not
performed for the fileset.
1: The scanning is performed for the fileset
but the replication is not performed.
2: The scanning and the replication are
performed for the fileset.
2
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 13
FILESET_REPLI
CATE_FROM_FI
LENAME
This specifies Resiliency File Replicator to
replicate all the files with time stamp greater
than the name of the file mentioned.
--------
FILESET_REPLI
CATE_FROM_TI
ME
This specifies Resiliency File Replicator to
replicate all the files with time stamp greater
than the time of the file mentioned.
0
FILESET_ALRE
ADY_SYNC_FLA
G
This specifies Resiliency File Replicator that
the source server and the target server are in
sync and to replicate files with time stamp
greater than the time at which the fileset
were created or modified.
False
FILESET_INTEG
RITY_KEY
This parameter specifies the file for
replication is taken from backup or Source.
This is helpful to avoid any possible
corruption of the fileset.
A higher integer value for this parameter
indicates the most recent files.
Increment
al integer
value
FILESET_RSYN
C_LARGEFILE_
SUPPORT
This specifies whether Resiliency File
Replicator allows large Resiliency File
Replication using Rsync
True: Resiliency File Replicator allows large
Resiliency File Replication using Rsync.
False: Resiliency File Replicator does not
allows large Resiliency File Replication using
Rsync.
True
FILESET_RSYN
C_LARGEFILE_
SIZE
This specified the size of large file that will be
replicated using Rsync instead of tar.
Note
This value is considered, if the
FILESET_RSYNC_LARGEFILE_SUPPORT
field is true.
1024
FILESET_SYNC
_DELETE_SUPP
ORT
This specifies Resiliency File Replicator the
action to be taken on the replicated file in the
target server when the file is deleted on the
source server.
True: Resiliency File Replicator should delete
the replicated file in the target server.
False: Resiliency File Replicator should delete
the replicated file in the target server.
False
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 14
FILESET_VSS_
ENABLE
This specifies the status of Visual Source Safe
(VSS) which is used to replicate locked files.
False: VSS is disabled.
True: VSS is enabled.
Note
Applicable for Windows only.
False
FILESET_TRAN
SFER_MODE
This specified the mode used for replication.
The options are:
ONLY_RSYNC: This mode uses Rsync only.
MIX: This mode uses both tar and Rsync.
MIX
FILESET_PATH:
• SOURCE_
PATH
• TARGET_
PATH
This specifies the path of the files or folders
in the source server that needs to be
replicated.
This specifies the path of the destination
folder in the target server for the replicated
files.
For
example:
C:\test
C:\test1
Note
The paths
are
specific to
the OS.
FILTER
• EXCLUDE
This specifies the list of files and folders
that should be excluded while replicating
from source server to target server.
• SOURCE: This specifies the path of the
files or folders in the source server
that needs to be excluded.
• EXPRESSION: This specifies the name
of the file or the wild card to be
excluded.
• RECURSIVE: This specifies to apply the
filter on all the files within the source
folder and its sub-folders.
-------
-
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 15
• INCLUDE
• CASE_SENSITIVE: This specifies
whether the wild card is case sensitive
or not.
• ACT_ON: This specifies whether to
exclude only files or only directories or
both.
This specifies the list of files and folders that
should be included while replicating from
source server to target server.
• SOURCE: This specifies the path of the
files or folders in the source server
that needs to be included.
• EXPRESSION: This specifies the name
of the file or the wild card to be
included.
• RECURSIVE: This specifies to apply the
filter on all the files within the source
folder and its sub-folders.
• CASE_SENSITIVE: This specifies
whether the wild card is case sensitive
or not.
• ACT_ON: This specifies whether to
exclude only files or only directories or
both.
--------
FILESET_TEMP
ORARY_AREA
This specifies the status of staging.
False: Staging is disabled.
True: Staging is enabled.
Note
Staging is to use temporary directory on
the target server for replication and to
move the file to the final destination, on
successful replication.
False
FILESET_SOUR
CE_TEMPORAR
Y_LOCATION
This specifies the path of the directory in
the source server for staging.
$EAMSRO
OT/var/w
ork
-temp/
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 16
FILESET_TARG
ET_TEMPORAR
Y_LOCATION
This specifies the path of the directory in
the target server for staging.
$EAMSRO
OT/var/w
ork
-temp/
Resiliency File Replication Service Large File Support
Normally, Resiliency File Replicator uses open-tar transport mechanism to replicate
changed files from source to destination. In order to minimize the impact of network
failures on large file transfers and to optimize the resources, Resiliency File Replicator
replicates large files using Block-segments mechanism, so that only changed blocks
of the large file is replicated. In this mechanism, the file is divided into multiple
segments of a pre-configured size and a checksum of each of these segments is
computed on source and destination files and is compared. Only those file segments
whose checksums differ, are replicated to the destination. This mechanism ensures
that only changed blocks are replicated to the destination irrespective of the size of
the file.
Additionally, it also retires any failed transfers on the large files from the point of
failure so that the whole file is not copied once again.
Resiliency File Replicator provides an option to configure the Large File Size in Create
Fileset and Modify Fileset operations. All files of size larger than the configured size
will be replicated using Block-segments mechanism. By default, the option is enabled
to replicate large files using the Block-segments mechanism and the default value for
the Large File Size is set to 1024 MB.
The Large File size cannot be less than the bucket size. By default, the Large File size
is set to 1024MB and bucket size to 100 MB.
If the user provides Large File size less than bucket size, system will reset the value
to bucket size. For example, if Large File size is set to say 5 MB, system will reset to
100MB.
If compression is enabled on a fileset, all the large files satisfying the specified “Large
File Size” criteria will be compressed (in memory) on the source system and the
compressed data will be replicated.
When Resiliency File Replicator is replicating large files using this mechanism, a new
process called rsync will be started on the source and target systems to handle the
transfer by Resiliency File Replicator. There might be multiple rsync processes running.
These services may terminate at the end of the transfer or continue to run, based on
specific conditions. The “rsync” service needs TCP/IP port 46001 to be opened by
default. The TCP/IP port is configurable in Resiliency File Replicator UI [per Resiliency
File ReplicatorService] instance to a custom value if desired.
Resiliency File Replicator will fail if the configured “rsync” TCP/IP port is not opened
for communication. Resiliency File Replicator will also fail if it is unable to start the
services of “rsync” for any other reason. In all failure cases, Resiliency File Replicator
will log an error and retry the operation.
As usual, events will be raised for failures marking the protection scheme
INACTIVE/DEGRADED as the case may be.
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 17
You can enable/disable the large file support for all filesets by modifying
$EAMSROOT/installconfig/PFRconfiguration.cfg file. To enable large file support,
ensure that "PFR_RSYNC_LARGEFILE_SUPPORT_ENABLED" property should be set to
"true". Large file support is enabled only if the value is true.
To disable, "PFR_RSYNC_LARGEFILE_SUPPORT_ENABLED" property should be set to
"false". When large file support is disabled using this property, none of the filesets
will be replicated using Block Segment mechanism. If this property is not specified,
then large file support is enabled by default.
Locked Resiliency File Replication
During replication, Resiliency File Replicator skips the open/locked files. VSS snapshot
enables the Resiliency File Replicator to replicate the locked and open files. The Locked
Resiliency File Replication feature allows you to create manual or automatic backup
copies or snapshots of data when the file is lock, on a specific volume.
Note: By default, this option will be disabled.
Prerequisites:
1. VSS support should be enabled on Primary.
2. The version of Windows server should be the following:
• Windows 2003 sp1 and above
• Windows 2008 (32/64 bit)
Encryption and Checksum in Resiliency File Replicator
Resiliency File Replicator encrypts the data, which is transmitted on secure and
nonsecure connections, for single and multistream. The following are the encryption
features of Resiliency File Replicator:
a. Resiliency File Replicator is shipped with default encryption enabled.
Currently, Resiliency File Replicator supports AES 128 encryption algorithm,
which is the default algorithm.
b. Resiliency File Replicator is shipped with default checksum computation
enabled. If checksum is enabled, the product calculates the checksum of data
at source and then at target to confirm that there is no data loss. If the
checksum at target fails, the replication fails with proper error message.
c. Resiliency File Replicator provides you the options to enable/disable
encryption and checksum. Refer to Configuration for more details.
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 18
d. Resiliency File Replicator encrypts the data using keystores. The user can
configure Resiliency File Replicator to use a default keystore, which is
obtained from the product. Alternatively, user can configure their keystores,
which the filesets can use for encryption of data. Also, the user can configure
different keystores at fileset level.
e. Product and user provided keystores should implement the following
semantics.
1. Key size: 128
2. Algorithm: AES
3. Keystore have aliases for each keypair and key password
f. Large files are not encrypted, if LargeFileSupport is enabled.
g. The source and target need to have same PFR configurations. The product
verifies if the source and target have same configurations to enable
encryption and checksum, prior to when the replication starts. If the
configuration is not same, the product will throw an error prompting the user
to check for configurations.
h. The source and target server should have the same keystores to encrypt
data.
i. User can configure the keystores in the KeystoreConfiguration.cfg file:
1. Configure all filesets using same keystore: The user can configure
filesets using product provided keystore or their own keystore.
The following is the snippet to configure a common keystore for all
filesets:
default.keystore=<Absolute_path_of the_keystore>
default.keystore.password=<Encrypted_keystore_password>
default.key.password==<Encrypted_key_password>
default.keystore.alias=<keystore_alias>
Product provided keystore: The user can configure their own
keystore or the product provided keystore for all filesets.
The following is the snippet to configure the product provided keystore
for all filesets.
default.keystore=/opt/PFR/installconfig/pfr_default.keystor
e
default.keystore.password=jY2YKzrM4teJLweXxaEor6Q7grGqz/5er
9Jma1vtbKuCTjzNLwAw/xdIJuRDmg40bezV1dcbd861yqo3ohoz4FE3pkfd
fTZxKPYucw7FKDX9QfDWQRftMnWSR1pyMw4OhlES4rjeZSF9KO0VfC8QgDa
bP1rWw7YFrZqnmOlkOZ+/y+MsZBNdQSkO3zTTb8Fq1UnoGDHie1g89sC2n3
1NY7uBxp5iVbCecLAkFDGb2n7m5+BcQZKfWUiyIZWkGORQf5jgE9jgnvNvJ
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 19
QQpOvzC3g1KCQZg4kaNatzcw/i453+447FPb/lDF8HF5OBwROl/1UWWNVCS
cdfxi7RBFt/m5Q==
default.key.password=EiXkFh7H0xoR4h+QvmFBfh7iDxISkE9yoqIhIe
n3ZLKP//UTP0/YUDAVe2OI5GgHYcOxWkGbF21B8fk7XoogRT9e2vR93dItX
UTDMFbsFo3d5xdSCLiHkQRYYfiTA/E6q50B/N+wPp1mLhvfhVaaihsirwlQ
Zx+KjeoWJgNyDSzOngS6J0cqt9NOzpwZ6iBKlIcgsvELkkp7h0NM0j6w20R
ModW5fJM+kAvkXo/OJdWsNDf3rhJonz1HuTeqaFJ72T4DPNOH3KkSt3FEBP
d6TEuESotOqXhU9fDN9T2CSoKZQ/XCGy4UhX+qdJfz5FKrVI5F1EHbbXnRi
4z1LEEOGw==
default.keystore.alias=sanovi_default_keystore
Alternatively, the user can configure their own keystore by
providing appropriate keystore path, passwords, and alias.
2. Configure filesets to use a specific keystore: If you need to
configure a fileset or some filesets to use a different keystore to
encrypt the data in transit, you can perform the configuration at fileset
level and manually update the fileset name, as shown in the following
snippet:
<fileset_name1>.keystore=<absolute_path_keystore> <fileset_name1>.keystore.password=<encrypted_keystore_pwd> <fileset_name1>.key.password=<encrypted_key_password> <fileset_name1>.keystore.alias=<keystore_alias_name> <fileset_name2>.keystore=<absolute_path_keystore> <fileset_name2>.keystore.password=<encrypted_keystore_pwd> <fileset_name2>.key.password=<encrypted_key_password> <fileset_name2>.keystore.alias=<keystore_alias_name> Note: The path, alias, key, and keystore passwords are the details of
the product provided or own keystores. The user can choose either the
product keystore or their own keystore to configure various filesets, as
required.
j. The product provides an ability for the user to modify the keystore
configuration without the need to restart Resiliency File Replicator
services. This means, the user can change the keystore configuration
for every replication without the need to restart the Resiliency File
Replicator services.
k. The workflow will be in awaiting input till the errors are resolved. The
following are few scenarios where product displays errors:
a. Replication failure while encrypting/decrypting data
b. Replication will not start if the configuration parameters
(encryption and checksum) at PR and DR are not same
c. If the user fails to configure the same keystore, replication fails
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 20
l. All error messages with failure cause and corrective action related to
encryption and decryption are seen on Replication status page in ‘Last
Replication Failure Cause’
m. The product provides a utility to enable the user to encrypt the plain text passwords of keystores, which is to be used for encryption/decryption of data. The following are the steps to perform this task:
1. A utility tool Encryptor.sh is available at <SFR_ROOT>/bin
2. The tool takes plain text as input and displays the encrypted password on the console
3. The user needs to copy the encrypted password and update the keystore.password and key.password properties in KeystoreConfiguration.cfg. For details, refer to the procedure for updating the fileset name that is described above.
n. Encryption, Checksum, and Compression can be enabled and disabled individually.
o. The product version of Resiliency File Replicator deployments on PR and DR
sites should be same.
2.Known Limitations
In this chapter, you will learn about:
• Known Limitations
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 22
Known Limitations
▪ In Windows environment,
o During replication failures, there might be multiple tar processes running.
These processes will take time to get cleaned up.
o When Resiliency File Replicator Service (with large file support) is stopped,
it cannot stop the "rsync" processes started by it. However, when
Resiliency File Replicator Service is started again, it will attempt to
cleanup the rsync processes.
o Permissions of configured source path folder are applied to the target
folder only when the target folder is created during the initial copy (like
NFC). If the target folder already exists, then Resiliency File Replicator will
not apply the permissions of source folder during the initial copy. Further,
any modification to the permissions of the configured source path folder
on PR machine will not be maintained on the target folder on DR machine
thereafter. If the user has changed the permissions of source folder(s) on
PR machine, then it is recommended that he/she does the same on target
folder(s) on DR machine.
o If the permissions for subfolders/files within the configured source
folder(s) are altered after replication by Resiliency File Replicator, then the
latest permissions will not be updated on target subfolder/files. However,
any changes to the file permissions after replication, will be maintained on
the DR side once the time stamp of the file is changed on the PR machine.
▪ The source paths/folders configured during fileset creation should not be a
softlink. The user has to provide the actual path pointed by the softlink.
▪ If there are no files to replicate in source paths/folders then the destination
folder will not be created when the fileset is enabled. However, if there are
files to be replicated, the destination folder(s) will be created and the files will
be replicated.
▪ Resiliency File Replicator, supports virtually unlimited number of files
replication. Though, the recomended number of files are 2500000. To support
the enhanced number of file support, Resiliency File Replicator should be
configured to use 2GB memory and 4GB disk space.
▪ Sync delete will be performed only on files/directories that are replicated by
Resiliency File Replicator and are not excluded. However, if file type for
exclusion filter is not set to both (files and directories) then those
files/directories will not be deleted on target server even though it does not
match the exclusion criteria.
For example: assume the criteria is set to exclude “only files” in
c:\app\”matching wildcard “data*”. If directory by name “c:\app\data1” is
deleted on source server then it will not be deleted on target server even
though it qualifies to be deleted as the criteria is set to exclude “only files”
and not directories.
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 23
Note
This limitation is applicable only when exclusion criteria are added after files are
replicated by Resiliency File Replicator. However, if the exclusion criterion is set before
replication of the files then this is not applicable.
3.Users
In this chapter, you will learn about:
• Basic User Management
• Adding Users
• Modifying Users
• Deleting Users
• Users and Roles
• Advanced User Role Management
• Limitations
• Users and Roles
• Configuring LDAP
• Configuring AD
• Appendix
• Privileges
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 25
Basic User Management
This chapter describes how to configure and setup users in the Resiliency File
Replicator environment.
This section explains the following:
▪ Adding Users
▪ Modifying Users
▪ Deleting Users
▪ User Role Management with Basic mode
Adding Users
Click
Privileges to see the privileges.
To add a new user, perform the following steps:
a. Click Admin on the navigation bar. The Admin Summary page appears.
b. Click Create New User at the top right corner of Resiliency File Replicator
Users page. The Create New User page appears.
c. Create a user by providing following information. In this page the mandatory
fields are marked with a red asterisk. This window has both general and
contact details of the user along with login information (user name and
password).
Field Description
User Details
Login Name Login Name is the Resiliency File Replicator login name that
you enter while logging into Resiliency File Replicator.
This field is mandatory.
This field accepts up to 16 alphanumeric characters and must
begin with a letter.
New Password The password is used to authenticate the Resiliency File
Replicator user within Resiliency File Replicator.
This field is mandatory.
This field accepts up to 16 alphanumeric characters including at
least one digit.
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 26
Confirm
Password
Re-enter the password to confirm it.
This field is mandatory.
Full name Enter the user's full name.
This field is mandatory.
This field accepts up to 64 characters, including alphanumerics,
spaces and underscores.
Role Select any one of the following option to assign role to the
user.
▪ Administrator
▪ Operator
▪ Replication Manager
d. Click Submit to add the user. OR Click Cancel to quit current operation.
e. On successfully adding a user, a message box is displayed.
Modifying Users
Click
Privileges to see the privileges.
To modify user details, perform the following:
a. Click Admin on the navigation bar. The Resiliency File Replicator Users
page appears.
b. Click icon corresponding to the user whose details you want to modify. This
opens Edit User window. Change the required fields. Refer Adding Users for
field description.
Note
You cannot modify Login Name.
c. Click Submit to save the modifications. OR Click Cancel to quit current
operation.
d. On successful modification, a message box indicating ‘User Modified
Successfully’ is displayed.
e. Click OK in the message box to return to the Resiliency File Replicator Users
page.
Deleting Users
Click
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 27
Privileges to see the privileges.
To delete a user, perform the following steps:
a. Click Admin on the navigation bar. The Resiliency File Replicator Users page
appears.
b. Click icon corresponding to the user that you want to delete. A message box
is displayed confirming the deletion.
c. Click OK in the message box.
Note
▪ You cannot delete a user with which you are currently logged in.
▪ Only Administrator has the authority to delete users.
User Role Management with Basic mode
Resiliency File Replicator supports the Basic User Role Management mode:
▪ Basic: User account management and authentication will be handled locally in
Resiliency File Replicator DB. Also pre-packaged roles will be provided to attach
to newly createduser accounts. The pre-packaged roles provided in the system
will be as follows:
Role Name Description
OPERATOR Can view everything in Home/Admin. Allowed to edit user
details of self like full name and password.
REPLICATION
MANAGER
Allowed to Enable/Disable replication of filesets. Also
when editing user details of self then the system allows to
edit full name and password like OPERATOR.
ADMINISTRATOR All applicable operations on all features.
The following user accounts are prepackaged in Basic User Role Management mode:
▪ support: Password is provided during fresh installation. Default password after
upgrade is sfrsupport.
▪ sfradmin: Password is sfradmin
▪ role1: Password is tomcat (Only available in upgrade and not in fresh
installation)
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 28
Advanced User Role Management
Known Limitations
a. User Role Management: For any changes (such as, add/delete roles or
users) made in the LDAP/AD server, in order that these changes take effect in
user roles, the user needs to logout and then login to the Resiliency File
Replicator.
b. Manual deletion of entries from user role’s in LDAP server: In LDAP
server, if a user having a role is deleted, then the corresponding entry from
the role must also be deleted. Currently LDAP does not delete the entry in the
role for the user, if that user is deleted. The deletion has to be done
manually.
c. In Advanced User Management mode, if a user account is attached to an
empty role (a role without any attributes or attributes set to false), the user
will not be allowed to login. However other users will be able to see the empty
role attached to that user in the User listing page.
User Role Management with Advanced mode
Resiliency File Replicator supports the Advanced User Role Management mode:
▪ Advanced: This mode will use an LDAP/Active Directory server in the backend
for authentication and authorization [which will also include user creation, role
creation and user-role mapping management]. The following roles should be
made available in the external server for authorization purposes in Resiliency
File Replicator:
Role Name Description
OPERATOR Can view everything in Home/Admin.
REPLICATION
MANAGER
Allowed to Enable/Disable replication of filesets.
ADMINISTRATOR All applicable operations on all features.
The following user account is pre-packaged in Advanced User Role Management mode:
▪ Support: Password is provided during fresh installation. Default password after
upgrade is sfrsupport.
In the LDAP/Active Directory server, the 3 roles as present in the Basic User
Management System should be created. They will function as per the Basic User
Management System. The difference here lies with the OPERATOR role. This role can
be enhanced with other custom roles. These custom roles will contain attributes which
relate to the following feature operations:
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 29
Features/Operati
ons
Execute
[Includes
Start/Stop]
Edit [Includes
Create/Edit/Dele
te]
Additional
Privileges
Server
X N/A
Fileset X X N/A
Users
X N/A
Directory_Server X N/A
Logs X N/A
Features and Relevant Operations To Be Handled
Features/Oper
ations
Create Read Update
/Edit
Delete Enable Disable
Server x X X
Fileset X X X X X X
Users X X X X
Directory_Server X X
Logs X X
Note
In Advanced User Management mode, if a user is modified/deleted in the LDAP/AD
server, then the cache on the Server will be refreshed only if any of the following
scenarios occur:
▪ On restart of the DRM Server.
▪ When any user logs in successfully.
Configuring LDAP
Note
The steps provided below are regarding 389 Directory Structure on Fedora.
1. Install the LDAP Directory Server on the Linux machine.
2. Login to the Admin console of the Directory Server.
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 30
Creating custom Class and Attributes
A “Custom class” for holding IBM Resiliency Orchestration roles has to be created with
appropriate custom attributes. This custom class will be a child of the “groups” class.
3. Login to the LDAP server.
4. New custom attributes can be provided in the Schema tab.
The following attributes for Resiliency File Replicator will have to be created with
the type Boolean.
Attribute name Type
fileset-edit Boolean
fileset-execute Boolean
server-edit Boolean
users-edit Boolean
directoryserver-edit Boolean
logs-execute Boolean
5. For example, to create “fileset-edit” attribute, enter the Attribute name as
fileset-edit and select the Syntax as Boolean.
6. Create attributes for rest of the values given in the table above. Ensure the
feature operation attributes are in lower case and there is no mismatch in the
spelling.
7. For creating the custom class, go to the Object Classes tab.
8. Provide the name for the custom class as sanovidrmrole. Select a Parent to
the class name groupofuniquenames.
9. The custom attributes created previously should be added into the custom
class. Select the required custom attributes from the Available Attributes list.
Ensure all the relevant attributes are added and submit.
Creating pre-packaged roles for Resiliency File Replication Service
The following roles should be made available in the external server for authorization
purposes in Resiliency File Replicator:
Role Name Description
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 31
OPERATOR Can view everything in Home/Admin.
REPLICATION
MANAGER
Allowed to Enable/Disable replication of filesets.
ADMINISTRATOR All applicable operations on all features.
10. Login to LDAP server and go to the Domain Component in which IBM Resiliency
Orchestration roles will reside. For example, the Domain Component sanovi is
selected and it will have the following dc=sanovi, dc=com.
11. An organizational unit with the name Roles has to be created for storing IBM
Resiliency Orchestration roles. Create the same in the Domain Component
selected.
12. To create a new role, for example, an ADMINISTRATOR, go to the
Organizational unit Roles created in the previous step and create a new object
with the type being sanovidrmrole. The role name should have the prefix
“SANOVI_REPL-” to identify them as roles created for IBM Resiliency
Orchestration. For example, for an ADMINISTRATOR role, enter group name
as SANOVI_REPL-ADMINISTRATOR.
13. Users can be added to the newly created roles through the role properties.
14. Similarly add the other pre-packaged roles and the required users.
Note
The role name format after the prefix should not contain hyphen. This is because the
hyphen is used as a delimiter to separate the role-prefix and the actual role name.
Creating custom roles for Resiliency File Replication Service
Custom roles can be created using any of the following feature-operations and
assigned to users who already have OPERATOR role assigned to them.
Features/Opera
tions
Execute [Includes
Start/Stop]
Edit [Includes
Create/Edit/Delete]
Server
X
Fileset X X
Users
X
Directory_Server X
Logs X
15. To create a new custom role, for example, an ADMINISTRATOR, go to the
organizational unit Roles and create a new object with the type being
sanovidrmrole. The role name should have the prefix “SANOVI_REPL-” to
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 32
identify them as roles created for IBM Resiliency Orchestration. For example,
for the custom role having FILESET-EDIT feature-operation provide a role
name like SANOVI_REPL-FILESET ROLE.
16. Users can be added to the newly created roles through the role properties.
17. Add the required custom attribute for the custom role through the role
properties. For example for the role SANOVI_REPL-FILESET ROLE the
attributes fileset-edit can be added to the custom role. Ensure the attribute
value is set to TRUE to enable it for the role.
18. Similarly create custom roles for other required feature-operations.
Note
The role name format after the prefix should not contain hyphen. This is because the
hyphen is used as a delimiter to separate the role-prefix and the actual role name.
External Directory Server Details
To view the External Directory Server Details for LDAP Server, perform the following
steps:
19. Click Admin on the navigation bar. The Admin Summary page appears. Scroll
down to the External Directory Details and click the icon corresponding to
the External Directory Details entry. The External Directory Server
Details page appears.
20. The LDAP Server can be selected and it has the following options:
o Server URL
o Search Base for reading roles
User Account for reading directories
▪ User Name
▪ Password
Note
If anonymous directory lookup is enabled, then the configured user for accessing the
directory server will be able to lookup the directory even if the credentials given are
wrong.
LDAP Query
Roles are searched from the organizational unit ou=Roles
Users associated with the role are read by reading the attribute uniquemember from
the role.
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 33
Configuring AD
a. Login to the AD server.
b. An organizational unit with the name Roles has to be created for storing IBM
Resiliency Orchestration roles. Create the same in the required Domain
Component.
Ensure the following tools are installed on the Advanced Directory server machine:
a. schmmgmt - Appendix A: Installation of schmmgmt tool on Active Directory
machine.
b. ADSI Edit - Appendix B: Installation of ADSI Edit tool on Active Directory
machine.
Also the Unique X.500 Object Id for the machine running the AD server is required
while creating the custom class and custom attributes.
Creating custom Class and Attributes
The schmmgmt tool will display the list of classes and attributes being loaded into the
AD server through the schema.
The following attributes for Resiliency File Replicator will have to be created with the
type Boolean.
Attribute name Type
fileset-edit Boolean
fileset-execute Boolean
server-edit Boolean
users-edit Boolean
directoryserver-edit Boolean
logs-execute Boolean
21. For example, to create fileset-edit, the common name and LDAP Display
name for the attribute is fileset-edit. Assign a Unique X500 Object ID for the
attribute and ensure syntax for the attribute is Boolean.
22. Similarly, create the custom attributes and ensure that each of these attributes
use a unique ending sequence number for the unique X500 Object ID.
23. Create a custom class in the schmmgmt window and provide common name
and LDAP Display name as sanovi-role. Assign a Unique X500 Object ID for
the class. Ensure that cn is a Mandatory attribute in the custom class and all
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 34
the IBM Resiliency Orchestration relevant custom attributes as Optional
attributes.
Creating pre-packaged roles for Resiliency File Replication Service
Role Name Description
OPERATOR Can view everything in Home/Admin.
REPLICATION
MANAGER
Allowed to Enable/Disable replication of filesets.
ADMINISTRATOR All applicable operations on all features.
24. The Adsiedit tool can be used to create pre-packaged roles.
25. All roles should have the prefix “SANOVI_REPL-” to identify them as roles
created for IBM Resiliency Orchestration.
26. To create a pre-packaged role, for example ADMINISTRATOR, create a new
object with type sanovi-role. Provide cn and sAMAccountName as
SANOVI_REPL-ADMINISTRATOR.
27. A user can be added to a role by adding it as a member of the role through its
properties.
28. Similarly create the other pre-packaged roles.
Creating custom roles for Resiliency File Replication Service
Custom roles can be created using any of the following feature-operations and
assigned to users who already have OPERATOR role assigned to them.
Features/Opera
tions
Execute [Includes
Start/Stop]
Edit [Includes
Create/Edit/Delete]
Server
X
Fileset X X
Users
X
Directory_Server X
Logs X
29. The Adsiedit tool can be used to create custom roles.
30. All roles should have the prefix “SANOVI_REPL-” to identify them as roles
created for IBM Resiliency Orchestration.
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 35
31. To create a custom role which will handle, for example the feature FILESET-
EDIT, create a new object with type sanovi-role. Provide cn and
sAMAccountName as say SANOVI_REPL-FILESET ROLE.
32. Add the required custom attributes to the role. For example, add fileset-edit
to the role and ensure it's value is set to TRUE to enable it for the role.
33. A user can be added to a role by adding it as a member of the role through its
properties.
34. Similarly create the other required custom roles.
Note
The role name format after the prefix should not contain hyphen. This is because the
hyphen is used as a delimiter to separate the role-prefix and the actual role name.
External Directory Server Details
To view the External Directory Server Details for AD Server, perform the following
steps:
35. Click Admin on the navigation bar. The Admin Summary page appears. Scroll
down to the External Directory Details and click the icon corresponding to
the External Directory Details entry. The External Directory Server
Details page appears.
36. The AD Server can be selected and it has the following options:
o Server URL
o Search Base for reading roles
o Server domain
User Account for reading directories
▪ User Name
▪ Password
Note
If anonymous directory lookup is enabled, then the configured user for accessing the
directory server will be able to lookup the directory even if the credentials given are
wrong.
AD Query
Role names are read using the query (&(objectClass=sanovi-role)) and searching
for attribute name and searching for roles in the organizational unit ou=Roles.
Users associated with the role are read by reading the attribute member from the role.
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 36
User login name (used for authentication in Resiliency File Replicator) is read using the
query (&(objectClass=user)(cn=<common name of user>)). The common
name of user is obtained from the role as mentioned previously.
Appendix
Installing the schmmgmt tool on Active Directory machine
It applies to:
▪ Windows Server 2003
▪ Windows Server 2003 R2
▪ Windows Server 2003 with SP1
▪ Windows Server 2003 with SP2
▪ Windows Server 2008
▪ Windows Server 2008 R2
▪ Windows SBS 2008
The steps followed to install the Active Directory Schema snap-in are:
37. Open Command Prompt.
38. Type regsvr32 schmmgmt.dll
This command will register Schmmgmt.dll on your computer. For more information
about using regsvr32, see Related Topics.
39. Click Start -> Run, type mmc /a, and click OK.
40. On the File menu, click Add/Remove Snap-in, and then click Add.
41. Under Available Standalone Snap-ins, double-click Active Directory Schema.
Click Close and click OK.
42. To save this console, on the File menu, click Save.
43. In Save in, point to the systemroot\system32 directory.
44. In File name, type schmmgmt.msc, and then click Save.
45. To create a shortcut on your Start menu:
o Right-click Start and click Open All Users. Double-click the programs
folder and then double-click the Administrative Tools folder.
o On the File menu, point to New, and then click Shortcut.
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 37
o In the Create Shortcut Wizard, in Type the location of the item, type
schmmgmt.msc, and then click Next.
o On the Select a Title for the program page, in Type a name for this
shortcut, type Active Directory Schema, and then click Finish.
Caution
Modifying the schema is an advanced operation best performed by experienced
programmers and system administrators. For detailed information about modifying the
schema, see the Active Directory programmer's Guide at the Microsoft Web site.
Note
▪ To perform this procedure, you must be a member of the Domain Admins
group or the Enterprise Admins group in Active Directory, or you must have
been delegated the appropriate authority. As a security best practice, consider
using Run as to perform this procedure. For more information, see Default local
groups, Default groups, and Using Run as.
▪ You can also run the Active Directory Schema snap-in from a computer running
Windows XP Professional. Simply install the Windows Server 2003
Administration Tools Pack on the computer, and then complete step 9 above.
▪ The Windows Server 2003 Administration Tools Pack cannot be installed on
computers running Windows 2000 Professional or Windows 2000 Server.
Installing the ADSI Edit tool on Active Directory machine
It applies to:
▪ Windows Server 2003
▪ Windows Server 2003 R2
▪ Windows Server 2003 with SP1
▪ Windows Server 2003 with SP2
▪ Windows Server 2008
▪ Windows Server 2008 R2
▪ Windows SBS 2008
Active Directory® Service Interfaces Editor (ADSI Edit) is a Lightweight Directory
Access Protocol (LDAP) editor that you can use to manage objects and attributes in
Active Directory. ADSI Edit (adsiedit.msc) provides a view of every object and attribute
in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes
that are not exposed through other Active Directory Microsoft Management Console
(MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and
Services, Active Directory Domains and Trusts, and Active Directory Schema.
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 38
This topic includes the following sections:
▪ Installing ADSI Edit
▪ Using ADSI Edit
Installing ADSI Edit
To install ADSI Edit on computers running Windows Server® 2003 or Windows® XP
operating systems, install Windows Server 2003 Support Tools from the Windows
Server 2003 product CD or from the Microsoft Download Center
(http://go.microsoft.com/fwlink/?LinkId=100114).
For more information about how to install Windows Support Tools from the product
CD, see Install Windows Support Tools
(http://go.microsoft.com/fwlink/?LinkId=62270).
On servers running Windows Server 2008 or Windows Server 2008 R2, ADSI Edit is
installed when you install the Active Directory Domain Services (AD DS) role to make
a server a domain controller. You can also install Windows Server 2008 Remote Server
Administration Tools (RSAT) on domain member servers or stand-alone servers. For
specific instructions, see Installing or Removing the Remote Server Administration
Tools Pack (http://go.microsoft.com/fwlink/?LinkId=143345).
To install ADSI Edit on computers running Windows Vista® with Service Pack 1 (SP1)
or Windows 7, you must install RSAT. For more information and to download RSAT,
see article 941314 in the Microsoft Knowledge Base
(http://go.microsoft.com/fwlink/?LinkID=116179).
Note
▪ Adsiedit.msc will not run unless the Adsiedit.dll file is registered. This happens
automatically if the support tools are installed. However, if the support tool files
are copied instead of installed, you must run the regsvr32 command to register
Adsiedit.dll before you run the Adsiedit.msc snap-in. To register adsiedit.dll, type
the following command (you must navigate to the directory containing the
adsiedit.dll file): regsvr32 adsiedit.dll
▪ You can run ADSI Edit from a client computer or server. The computer does not
have to be a member of a domain. However, to see domain objects using
Adsiedit.msc, you must have the rights to view the Active Directory domain that
you connect to. By default, members of the Domain Users group have these
rights. To modify objects using ADSIEdit, you must have at least the Edit
permission on the Active Directory objects that you want to change. By default,
members of the Domain Admins group have this permission.
Using ADSI Edit
ADSI Edit (Adsiedit.msc) is an MMC snap-in. You can add the snap-in to any .msc file
through the Add/Remove Snap-in menu option in MMC, or just open the Adsiedit.msc
file from Windows Explorer. The following figure illustrates the ADSI Edit interface. In
the console tree on the left, you can see the major partitions Domain, Configuration,
and Schema. The figure shows the Builtin container of the Contoso.com domain
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 39
selected. In the details pane on the right, you can see the Builtin groups of Active
Directory.
Note
▪ Adsiedit.msc automatically attempts to load the current domain to which the user
is logged on. If the computer is installed in a workgroup or otherwise not logged
on to a domain, the message "The specified domain does not exist" displays
repeatedly. To resolve this issue, you may want to open an MMC, add the ADSI
Edit snap-in, make connections as appropriate, and then save the console file.
Privileges
Operations Basic Advanced
Adding Users Administrator has the
privilege to create Users.
NA.
4. Setting the Resiliency File Replication Service Log Level
In this chapter, you will learn about:
• Resiliency File Replicator Debug Level
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 41
Setting Resiliency File Replication Service Debug Level
The Debug Level for servers discovered in Resiliency File Replicator is configurable.
Click Admin on the navigation bar. The Admin Summary page appears.
To edit the debug level, click the icon for the corresponding server. A page with a
drop-down list having the following options is displayed:
▪ ERROR
▪ WARNING
▪ INFO
▪ DEBUG1
▪ DEBUG2
▪ DEBUG3
▪ DEBUG4
▪ VERBOSE
▪ VERBOSE2
5. Admin Utility Tools
In this chapter, you will learn about:
• Utility tools
• Evaluation Scan
• Debug
• Fetching
• History Export
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 43
Utility Tools
The following are the admin utility tools available in Resiliency File Replicator:
▪ Evaluation Scan
▪ Debug
▪ Fetching
▪ History Export
Evaluation Scan
This tool is used to perform a data scan prior to installing the Resiliency File Replicator
application and performing replication, to determine an approximate estimate of the
replication details such as total scan time, number of files of replication, various
directory depths, filter details, total replication time etc.
The Key features of this tool are:
▪ This tool works with config xml file (fileset) to provide the details.
▪ To used this tool, installing Resiliency File Replicator is not required.
▪ When this tool is executed on a defined fileset, will provide scan time, number
of files, directory depth, filter details, approximate replication time and so on.
▪ This tool also helps to evaluate the suitability of Resiliency File Replicator
application, prior to installation.
▪ The verified and perfected configuration used to execute this tool can be reused
for the actual replication process, after the installation of Resiliency File
Replicator.
The line of code to execute this tool in cmd is:
EAMSROOT/bin/FileScanTool
The typical output on execution of this code is:
C:\PFR\bin>FileScanTool.bat "-
configfile=c:\PFR\resources\SampleScanConfiguration.xml"
openFileCheck = false
configFilePath = c:\PFR\resources\SampleScanConfiguration.xml
calculateReplicationStats= false
Scan Report Open file check is disable
Configured Scanned sources are F:\nilesh
Scan Time: 00:00:39 (HH:MM:SS)
Total Scanned File(s)/Folder(s) count : 82785
Total Scanned Files count : 75792
Total Scanned Folders count : 6993
Total Large file count : 0
Total Data size : 17.74 MB (18602117 Bytes)
Total large files data size : 0 Bytes
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 44
Debug
This tool is used for debugging a particular file instance for missing or old file in the
database logs.
The Key features of this tool are:
▪ Automating the usual debug sequence in case of a query for an particular file
within a fileset.
▪ This tool works with both the modes when Resiliency File Replicator service is
up or down.
▪ This tool will list the file for the give filename and fileset, even if the file is part
of a filter, locked, open or failed file list. Thus the tool rules over the set
conditions such as filters, locked, failed and open file.
▪ This tool provides the details of when the file was last replicated (in case not
latest), size, timestamp etc.
▪ This tool also provides the details of last failed attempts from the logs.
▪ The tool has provision to bring filtered view of the logs to show all the
occurrences of this filename (in any context).
The line of code to execute this tool in cmd is:
EAMSROOT/bin/DebugFileHistoryTool.bat
The typical output on execution of this code is:
C:\PFR\bin>DebugFileHistoryTool.bat "-host=172.168.1.230" "-
port=46000" "-fsname
=ACL" "-filePath=F:\nilesh\test.txt" "-string=ACL" "-n=10" "-
logfile=C:\PFR\var\log\PFRManager.log"
File Set Name : ACL
File Path : F:\nilesh\test.txt
File Size : 0 Bytes
File type : txt
Last Modified Time Stamp : 30 Apr, 2013 09:55:12
Last Scan Time : 30 Apr, 2013 10:32:43
Last Successful Replication Time : 30 Apr, 2013 10:25:13
Last Failed Replication Time : N/A
History timestamp : 30 Apr, 2013 10:29:36
Replication Type : tar
Is Filtered : NO
Is Locked : NO
In Failed file list during last replication : NO
*******Log File : C:\PFR\var\log\PFRManager.log***************
04/30/2013 10:32:43 [PFRFileset-ACL] VERBOSE PFR -
::updateFilesetStatus::Sending
sendPFRFSRuntimeProperties for ACL
04/30/2013 10:32:43 [PFRFileset-ACL] INFO PFR - ::PFRFSMgr-
sendPFRFSRuntimeProperties-::sending the runtime property
object of=ACL to peer=172.168.1.231
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 45
04/30/2013 10:32:43 [PFRFileset-ACL] VERBOSE PFR -
::PFRSocketFactory::create Socket { fsName = ACL, bindPoint =
172.168.1.230 endPoint = 172.168.1.231fsObj = Fileset Name :
ACL
04/30/2013 10:32:43 [PFRFileset-ACL] VERBOSE SERVER -
::SocketCommunicationProcessor::Constructing socket with [
bindPoint = 172.168.1.230 ], [ endPoint = 172.168.1.231 ], [
port = 46000 ] [ PANACES_SOCKET_TIMEOUT = 30 ]
04/30/2013 10:32:43 [PFRFileset-ACL] VERBOSE PFR -
::SocketCommunicationProcessor::Socket creation SUCCESSFULL
using directly bindPoint = 172.168.1.230
04/30/2013 10:32:43 [PFRFileset-ACL] VERBOSE PFR -
::PFRSocketFactory::SocketCreation SUCCESSFULL using cached
socket bindPoint = 172.168.1.230
04/30/2013 10:32:44 [PFRFileset-ACL] VERBOSE PFR -
::PFRFileset-scan-ACL::TimeTaken in ScanForReplication = 515
for fileset = ACL
04/30/2013 10:32:44 [PFRFileset-ACL] INFO PFR - ::PFRFileset-
run-::scan thread for fileset ACL terminated normally
04/30/2013 10:32:44 [PFRProcessRequestSocket:
Socket[addr=/172.168.1.230,port=25
Fetching
This tool is used to fetch information from H2 database which is bundled with Resiliency
File Replicator. Using this tool, various file listing can be generated, which can be used
for debugging options.
The Key features of this tool are:
▪ This tool can be used to execute select queries from H2 database bundled with
Resiliency File Replicator.
▪ This tool is to fetch a listing of files that can be used for debugging. For
example, this tool can fetch a listing of replicated files from history or a listing
of events generated by Resiliency File Replicator.
The line of code to execute this tool in cmd is:
EAMSROOT/bin/QueryExecutor.bat
The typical output on execution of this code is:
C:\PFR\bin>QueryExecutor.bat "-host=172.168.1.230" "-
port=46000" "-query=select from event"
33 EamsNativeEvent005 EamsNativeEvent005 Replication Failed due
to reading/writing to socket Test 2 HIGH 1366780478375
1366780478375 1
34 EamsNativeEvent015 EamsNativeEvent015 Replication Service
UPTest 2 NORMAL 1366780538968 1366780539343 1
35 EamsNativeEvent016 EamsNativeEvent016 Replication
Successfully done Test 2 NORMAL 1366780799281 1366785432359 13
65 EamsNativeEvent015 EamsNativeEvent015 Replication Service
UPTest 2 NORMAL 1366802812468 1366894969640 2
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 46
129 EamsNativeEvent005 EamsNativeEvent005 Replication Failed
due to reading/writing to socket FileHistory 2 HIGH
13672278150311367240606890 2
1 SFRServiceInitialize SFRServiceInitialize PFR Service
startedSFR 1 NORMAL 1366780118968 1367241437234 11
97 EamsNativeEvent005 EamsNativeEvent005 Replication Failed due
to reading/writing to socket Test 2 HIGH 1366968238281
1367241453921 50
161 EamsNativeEvent005 EamsNativeEvent005 Replication Failed
due to reading/writing to socket ACL 2 HIGH 1367241514421
1367241534593 1
162 EamsNativeEvent015 EamsNativeEvent015 Replication Service
UPACL 2 NORMAL 1367296096078 1367296096515 1
163 EamsNativeEvent016 EamsNativeEvent016 Replication
Successfully done ACL 2 NORMAL 13672963368751367296338703 1
History Export
This tool is used to export file log history into a flat file for debugging.
The Key features of this tool are:
▪ This tool can be used to export the history details present in the database to a
flat file.
▪ This file will be available at
$EAMSROOT/var/tmp/<FilesetName>_history.dump.
The line of code to execute this tool in cmd is:
EAMSROOT/bin/HistoryExporter.bat
The typical output on execution of this code is :
C:\PFR\bin>HistoryExporter.bat 172.168.1.230 46000 ACL
History is exported successfuly. Please check
C:\PFR\var\tmp\ACL_history.dump on 172.168.1.230 machine
FILE CONTAIN (C:\PFR\var\tmp\ACL_history.dump)
F:\nilesh\1LakhFiles10KFolders\1\f2\f1\Wireshark\snmp\mibs\SNA
-NAU-MIB||1351158843015||1367296336968||NULL||
F:\nilesh\1LakhFiles10KFolders\1\f2\Wireshark\snmp\mibs\SNA-
NAU-MIB||1351158843015||1367296336968||NULL||
F:\nilesh\1LakhFiles10KFolders\1\Wireshark\snmp\mibs\SNA-NAU-
MIB||1351158843015||1367296336968||NULL||
F:\nilesh\1LakhFiles10KFolders\10KFiles\40KFiles\1\f2\f1\Wires
hark\snmp\mibs\SNA-NAU-
MIB||1351158843015||1367296336968||NULL||
F:\nilesh\1LakhFiles10KFolders\10KFiles\40KFiles\1\f2\Wireshar
k\snmp\mibs\SNA-NAU-MIB||1351158843015||1367296336968||NULL||
F:\nilesh\1LakhFiles10KFolders\10KFiles\40KFiles\1\Wireshark\s
nmp\mibs\SNA-NAU-MIB||1351158843015||1367296336968||NULL||
F:\nilesh\1LakhFiles10KFolders\10KFiles\40KFiles\2\f2\f1\Wires
hark\snmp\mibs\SNA-NAU-
MIB||1351158843015||1367296336968||NULL||
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 47
F:\nilesh\1LakhFiles10KFolders\10KFiles\40KFiles\2\f2\Wireshar
k\snmp\mibs\SNA-NAU-MIB||1351158843015||1367296336968||NULL||
F:\nilesh\1LakhFiles10KFolders\10KFiles\40KFiles\2\Wireshark\s
nmp\mibs\SNA-NAU-MIB||1351158843015||1367296336968||NULL||
F:\nilesh\1LakhFiles10KFolders\10KFiles\40KFiles\f3\f2\f1\Wire
shark\snmp\mibs\SNA-NAU-
MIB||1351158843015||1367296336968||NULL||
F:\nilesh\1LakhFiles10KFolders\10KFiles\40KFiles\f3\f2\Wiresha
rk\snmp\mibs\SNA-NAU-MIB||1351158843015||1367296336968||NULL||
F:\nilesh\1LakhFiles10KFolders\10KFiles\40KFiles\f3\Wireshark\
snmp\mibs\SNA-NAU-MIB||1351158843015||1367296336968||NULL||
F:\nilesh\1LakhFiles10KFolders\10KFiles\40KFiles\Wireshark\snm
p\mibs\SNA-NAU-MIB||1351158843015||1367296336968||NULL||
F:\nilesh\1LakhFiles10KFolders\10KFiles\f2\f1\Wireshark\snmp\m
ibs\SNA-NAU-MIB||1351158843015||1367296336968||NULL||
F:\nilesh\1LakhFiles10KFolders\10KFiles\f2\Wireshark\snmp\mibs
\SNA-NAU-MIB||1351158843015||1367296336968||NULL||
F:\nilesh\1LakhFiles10KFolders\10KFiles\Wireshark\snmp\mibs\SN
A-NAU-MIB||1351158843015||1367296336968||NULL||
© Copyright IBM Corporation 2017 IBM Resiliency File Replicator User Guide 48