![]() |
![]() |
From the perspective of the server, each client and application client is a node requiring Tivoli Storage Manager services. For information, see Overview of Client Nodes and File Spaces. Client nodes can be local or remote to the server. For information, see Comparing Network-Attached Nodes to Local Nodes.
Administrators can perform the following activities when managing client
nodes.
Task | Required Privilege Class |
---|---|
Updating, renaming, locking, or unlocking any client nodes | System or unrestricted policy |
Updating, renaming, locking, or unlocking client nodes assigned to specific policy domains | System, unrestricted policy, or restricted policy for those domains |
Displaying information about client nodes or file spaces | Any administrator |
Deleting any client nodes | System or unrestricted policy |
Removing client nodes assigned to specific policy domains | System, unrestricted policy, or restricted policy for those domains |
Managing client access authority levels | System |
You can use the UPDATE NODE command to update information such as the client's assigned policy domain, the user's password or contact information, and the client option set used by the node.
For example, update client node TOMC to prevent him from deleting archived files from storage pools by entering:
update node tomc archdelete=no
You can rename a client node with the RENAME NODE command. You may need to rename a client node if the workstation network name or host name changes. For example, with UNIX clients, users define their node name based on the value returned by the HOSTNAME command. When users access the server, their Tivoli Storage Manager user IDs match the host name of their workstations. If the host name changes, you can update a client node user ID to match the new host name.
For example, to rename CAROLH to ENGNODE, enter:
rename node carolh engnode
ENGNODE retains the contact information and access to backup and archive data that belonged to CAROLH. All files backed up or archived by CAROLH now belong to ENGNODE.
You can prevent client nodes from accessing the server with the LOCK NODE command. This will prevent client nodes from performing functions such as either backup and restore or archive and retrieve.
You can restore a locked node's access to the server with the UNLOCK NODE command.
For example, to prevent client node MAB from accessing the server, enter:
lock node mab
To let client node MAB access the server again, enter:
unlock node mab
You can delete a client node from the server with the REMOVE NODE command. All file spaces that belong to the client node must first be deleted from server storage. After all of the client node's file spaces have been deleted (see Deleting File Spaces and Client Nodes), you can delete the node.
For example, to remove client node DEBBYG, enter:
delete filespace debbyg * type=any
remove node debbyg
You can display information about client nodes. For example, as a policy administrator, you might query the server about all client nodes assigned to the policy domains for which you have authority. Or you might query the server for detailed information about one client node.
You can display information about client nodes assigned to specific policy domains. For example, to view information about client nodes that are assigned to STANDARD and ENGPOLDOM policy domains, enter:
query node * domain=standard,engpoldom
The output from that command may display similar to the following:
+--------------------------------------------------------------------------------+ |Node Name Platform Policy Domain Days Since Days Since Locked? | | Name Last Password | | Access Set | |---------- -------- -------------- ---------- ---------- ------- | |DEBBYG DOS STANDARD 2 12 No | |ENGNODE AIX ENGPOLDOM <1 1 No | |HTANG OS/2 STANDARD 4 11 No | |MAB AIX ENGPOLDOM <1 1 No | |PEASE AIX STANDARD 3 12 No | |SSTEINER (?) ENGPOLDOM <1 1 No | | | +--------------------------------------------------------------------------------+
You can view information about specific client nodes. For example, to review the registration parameters defined for client node JOE, enter:
query node joe format=detailed
The resulting report may appear similar to the following:
+--------------------------------------------------------------------------------+ | | | Node Name: JOE | | Platform: WinNT | | Client OS Level: 4.00 | | Client Version: Version 3, Release 1, Level 3.0 | | Policy Domain Name: STANDARD | | Last Access Date/Time: 05/19/1999 18:55:46 | | Days Since Last Access: 6 | | Password Set Date/Time: 05/19/1999 18:26:43 | | Days Since Password Set: 6 | | Invalid Sign-on Count: 0 | | Locked?: No | | Contact: | | Compression: Client's Choice | | Archive Delete Allowed?: Yes | | Backup Delete Allowed?: No | | Registration Date/Time: 05/19/1999 18:26:43 | | Registering Administrator: SERVER_CONSOLE | |Last Communication Method Used: Tcp/Ip | | Bytes Received Last Session: 108,731 | | Bytes Sent Last Session: 698 | |Duration of Last Session (sec): 0.00 | | Pct. Idle Wait Last Session: 0.00 | | Pct. Comm. Wait Last Session: 0.00 | | Pct. Media Wait Last Session: 0.00 | | Optionset: | | URL:http://joe.host.name:1581 | | Node Type: Client | | Password Expiration Period: 60 | | Keep Mount Point?: No | | Maximum Mount Points Allowed: 1 | | Auto Filespace Rename: No | | Validate Protocol: No | | | +--------------------------------------------------------------------------------+
With the introduction of the Web backup-archive client, when a client node is registered with a Tivoli Storage Manager 3.7.0 server or above, an identical administrative user ID is created at the same time. This user ID has client owner authority over the node by default.
Enterprise logon enables a user with the proper administrative user ID and password to access a Web backup-archive client from a Web browser. The Web backup-archive client can be used by the client node or a user ID with the proper authority to perform backup, archive, restore, and retrieve operations on any machine that is running the Web backup-archive client.
You can establish access to a Web backup-archive client for help desk personnel that do not have system or policy privileges by granting those users client access authority to the nodes they need to manage. Help desk personnel can then perform activities on behalf of the client node such as backup and restore operations.
A native backup-archive client can log on to Tivoli Storage Manager using their node name and password, or administrative user ID and password. The administrative user ID password is managed independently from the password that is generated with the passwordaccess generate client option. The client must have the option passwordaccess generate specified in their client option file to enable use of the Web backup-archive client.
To use the Web backup-archive client from your web browser, you specify the URL and port number of the Tivoli Storage Manager backup-archive client machine running the Web client. The browser you use to connect to a Web backup-archive client must be Microsoft(R) Internet Explorer 5.0 or Netscape 4.7 or later. The browser must have the Java Runtime Environment (JRE) 1.3.1, which includes the Java Plug-in software. The JRE is available at the following URL, http://java.sun.com/getjava.
During node registration, you have the option of granting client owner or client access authority to an existing administrative user ID. You can also prevent the server from creating an administrative user ID at registration. If an administrative user ID already exists with the same name as the node being registered, the server registers the node but does not automatically create an administrative user ID. This process also applies if your site uses open registration.
For more information about installing and configuring the Web backup-archive client, refer to Backup-Archive Installation and User's Guide.
Access to a Web backup-archive client requires either client owner authority or client access authority. Administrators with system or policy privileges over the client node's domain, have client owner authority by default. The administrative user ID created automatically at registration has client owner authority by default. This administrative user ID is displayed when an administrator issues a QUERY ADMIN command.
The following describes the difference between client owner and client access authority when defined for a user that has the node privilege class:
You own the data and have a right to physically gain access to the data remotely. You can backup and restore files on the same or different machine, you can delete file spaces or archive data.
The user ID with client owner authority can also access the data from another machine using the -NODENAME parameter.
The administrator can change the client node's password for which they have authority.
This is the default authority level for the client at registration. An administrator with system or policy privileges to a client's domain has client owner authority by default.
You can restore data only to the original client.
A user ID with client access authority cannot access the client from another machine using the -NODENAME parameter.
This privilege class authority is useful for help desk personnel so they can assist users in backing up or restoring data without having system or policy privileges. The client data can only be restored to none other than the original client. A user ID with client access privilege cannot directly access client's data from a native backup-archive client.
By default, an administrator with system or policy privilege over a client's domain can remotely access clients and perform backup and restore operations.
You can grant client access or client owner authority to other administrators by specifying CLASS=NODE and AUTHORITY=ACCESS or AUTHORITY=OWNER parameters on the GRANT AUTHORITY command. You must have one of the following privileges to grant or revoke client access or client owner authority:
You can grant an administrator client access authority to individual clients or to all clients in a specified policy domain. For example, you may want to grant client access privileges to users that staff help desk environments. See Example: Setting up Help Desk Access to Client Machines in a Specific Policy Domain for more information.
To grant client access authority to administrator FRED for the LABCLIENT node, issue:
grant authority fred class=node node=labclient
The administrator FRED can now access the LABCLIENT client, and perform backup and restore. The administrator can only restore data to the LABCLIENT node.
To grant client owner authority to ADMIN1 for the STUDENT1 node, issue:
grant authority admin1 class=node authority=owner node=student1
The user ID ADMIN1 can now perform backup and restore operations for the STUDENT1 client node. The user ID ADMIN1 can also restore files from the STUDENT1 client node to a different client node.
When you use the REGISTER NODE command, by default, the server creates an administrative user ID in addition to the client node. The administrative user ID has client owner authority to the node when the node is defined to the server. For example, you want to register client node DESK2, issue:
register node desk2 pass2dsk
The following shows the output from this command.
+--------------------------------------------------------------------------------+ |ANR2060I Node DESK2 registered in policy domain STANDARD. | |ANR2099I Administrative userid DESK2 defined for OWNER access to node DESK2. | | | +--------------------------------------------------------------------------------+
The DESK2 client node is registered, in addition to an administrative user ID with the same ID. The administrative user ID DESK2 has a password of pass2dsk with client owner authority to the DESK2 node. When the PASSWORDACCESS=GENERATE option is used by the client to change the password, the administrative DESK2 ID can still access the client from a remote location.
You can prevent automatic creation of an administrative user ID with client owner authority by specifying USERID=NONE on the REGISTER NODE command. For example, you want to register DESK2 without creating an administrative user ID with client owner authority by default. Issue the following:
register node desk2 pass2dsk userid=none
You can grant client owner authority to an existing administrative user ID. For example, to give client owner authority to the HELPADMIN user ID when registering the NEWCLIENT node, enter:
register node newclient pass2new userid=helpadmin
This command results in the NEWCLIENT node being registered with a password of pass2new, and also grants HELPADMIN client owner authority. This command would not create an administrator ID. The HELPADMIN client user ID is now able to access the NEWCLIENT node from a remote location.
You want to set up help desk access for user HELP1 to the client nodes in the FINANCE domain. You want to grant HELP1 client access authority to the FINANCE domain without having to grant system or policy privileges.
The client nodes have been previously set up as follows:
The help desk person, using HELP1 user ID, has a Web browser with Java Runtime Environment (JRE) 1.3.1.
register admin help1 05x23 contact="M. Smith, Help Desk x0001"
grant authority help1 class=node authority=access domains=finance
The following is output generated by this command:
+--------------------------------------------------------------------------------+ |ANR2126I GRANT AUTHORITY: Administrator HELP1 was granted ACCESS authority for c| | DAVE. | |ANR2126I GRANT AUTHORITY: Administrator HELP1 was granted ACCESS authority for c| | JOE. | |ANR2126I GRANT AUTHORITY: Administrator HELP1 was granted ACCESS authority for c| | SARA. | | | +--------------------------------------------------------------------------------+
http://sara.machine.name:1581
A Java applet is started, and the client hub window is displayed in the main window of the Web browser. When HELP1 accesses the backup function from the client hub, the Tivoli Storage Manager login screen is displayed in a separate Java applet window. HELP1 authenticates with the administrative user ID and password. HELP1 can perform a backup for Sara.
For information about what functions are not supported on the Web backup-archive client, refer to Backup-Archive Installation and User's Guide.