To make performing tasks with multiple servers easier, TSM provides the following functions:
Enterprise logon enables the administrator's logon credentials to be used for access to other servers for successfully linking to other servers and routing commands to other servers. The administrator must be defined on each server with the appropriate administrative authority for the action or command.
Enterprise logon, in conjunction with enterprise configuration, allows an administrator to log on to one TSM server and have access to all associated TSM servers and clients that the administrator is authorized to access. Enterprise logon is available from a Web browser. The client must be configured to access a server at TSM Version 3 or later.
An administrator no longer has to remember multiple user IDs and passwords for servers and clients, other than the initial user ID and password. The administrator enters the initial user ID and password from the sign-on screen displayed on the administrator's Web browser. A single set of logon credentials are then used to verify an administrator's identity across servers and clients in a Web browser environment. Encrypted credentials ensure password security.
Authentication time-out processing requires an administrator to re-authenticate after a specific amount of time has passed. You can set the amount of time by using the SET WEBAUTHTIMEOUT command. The time-out protects against unauthorized users indefinitely accessing an unattended Web browser that has credentials stored in a Web browser cache. A pop-up is displayed on the browser that requires an administrator's ID and password to proceed.
The following can use enterprise logon:
A client can optionally disable enterprise logon.
If you have set up your servers as described in Setting Up Communications for Command Routing, you can route TSM administrative commands to one or more servers. Command routing enables an administrator to send commands for processing to one or more servers at the same time. The output is collected and displayed at the server that issued the routed commands. A system administrator can configure and monitor many different servers from a central server by using command routing.
You can route commands to one server, multiple servers, servers defined to a named group (see Setting Up Server Groups), or a combination of these servers. A routed command cannot be further routed to other servers; only one level of routing is allowed.
Each server that you identify as the target of a routed command must first be defined with the DEFINE SERVER command. If a server has not been defined, that server is skipped and the command routing proceeds to the next server in the route list.
TSM does not run a routed command on the server from which you issue the command unless you also specify that server. To be able to specify the server on a routed command, you must define the server just as you did any other server.
Commands cannot be routed from the SERVER_CONSOLE ID.
Routed commands run independently on each server to which you send them. The success or failure of the command on one server does not affect the outcome on any of the other servers to which the command was sent.
For more information on command routing and return codes generated by command processing, refer to Administrator's Reference.
The following sections describe how you can route commands to one or more servers, and to server groups.
To successfully route commands to other servers, you must have the proper administrative authority on all servers that receive the command for processing.
The return codes for command routing can be one of three severities: 0, ERROR, or WARNING. See Administrator's Reference for a list of valid return codes and severity levels.
To route a command to a single server, enter the defined server's name, a colon, and then the command to be processed. For example, to route a QUERY STGPOOL command to the server that is named ADMIN1, enter:
admin1: query stgpool
The colon after the server name indicates the end of the routing information. This is also called the server prefix. Another way to indicate the server routing information is to use parentheses around the server name, as follows:
(admin1) query stgpool
Note: | When writing scripts, you must use the parentheses for server routing information. |
To route a command to more than one server, separate the server names with a comma. For example, to route a QUERY OCCUPANCY command to three servers named ADMIN1, GEO2, and TRADE5 enter:
admin1,geo2,trade5: query occupancy
Or
(admin1,geo2,trade5) query occupancy
The command QUERY OCCUPANCY is routed to servers ADMIN1, GEO2, and TRADE5. If a server has not been defined with the DEFINE SERVER command, that server is skipped and the command routing proceeds to the next server in the route list.
The routed command output of each server is displayed in its entirety at the server that initiated command routing. In the previous example, output for ADMIN1 would be displayed, followed by the output of GEO2, and then the output of TRADE5.
Processing of a command on one server does not depend upon completion of the command processing on any other servers in the route list. For example, if GEO2 server does not successfully complete the command, the TRADE5 server continues processing the command independently.
A server group is a named group of servers. Once you set up the groups, you can route commands to the groups. See Setting Up Server Groups for how to set up a server group.
To route a QUERY STGPOOL command to the server group WEST_COMPLEX, enter:
west_complex: query stgpool
Or
(west_complex) query stgpool
The QUERY STGPOOL command is sent for processing to servers BLD12 and BLD13 which are members of group WEST_COMPLEX.
To route a QUERY STGPOOL command to two server groups WEST_COMPLEX and NORTH_COMPLEX, enter:
west_complex,north_complex: query stgpool
Or
(west_complex,north_complex) query stgpool
The QUERY STGPOOL command is sent for processing to servers BLD12 and BLD13 which are members of group WEST_COMPLEX, and servers NE12 and NW13 which are members of group NORTH_COMPLEX.
You can route commands to multiple single servers and to server groups at the same time. For example, to route the QUERY DB command to servers HQSRV, REGSRV, and groups WEST_COMPLEX and NORTH_COMPLEX, enter:
hqsrv,regsrv,west_complex,north_complex: query db
Or
(hqsrv,regsrv,west_complex,north_complex) query db
The QUERY DB command is sent for processing to servers HQSRV, REGSRV, to BLD12 and BLD13 (both members of WEST_COMPLEX), and to NE12 and NW12 (both members of NORTH_COMPLEX).
Duplicate references to servers are removed in processing. For example, if you route a command to server BLD12 and to server group WEST_COMPLEX (which includes BLD12), the command is sent only once to server BLD12.
You can make command routing more efficient by creating one or more server groups and adding servers to them. You can then route commands to server groups in addition to or in place of routing commands to single servers. This section describes how to set up server groups. To use server groups, you must do the following tasks:
After you have the server groups set up, you can manage the groups and group members.
Task | Required Privilege Class |
---|---|
Define a server group
Define a server group member | System |
You can define groups of servers to which you can then route commands. The commands are routed to all servers in the group. To route commands to a server group you must do the following:
The following example shows how to create a server group named WEST_COMPLEX, and define servers BLD12 and BLD13 as members of the WEST_COMPLEX group:
define servergroup west_complex define grpmember west_complex bld12,bld13
You can query, copy, rename, update, and delete server groups as
necessary.
Task | Required Privilege Class |
---|---|
Query a server group
Copy a server group Rename a server group Update a server group description Delete a server group | System |
To query server group WEST_COMPLEX, enter:
query servergroup west_complex
The following is sample output from a QUERY SERVERGROUP command:
+--------------------------------------------------------------------------------+ |Server Group Members Description Managing profile | |--------------------------------------------------------------------------- | |WEST_COMPLEX BLD12, BLD13 | +--------------------------------------------------------------------------------+
To copy the entire server group contents of WEST_COMPLEX to a different server group named NEWWEST, enter:
copy servergroup west_complex newwest
This command creates the new group. If the new group already exists, the command fails.
To rename an existing server group NORTH_COMPLEX to NORTH, enter:
rename servergroup north_complex north
To update the NORTH server group to modify its description, enter:
update servergroup north description="Northern marketing region"
To delete WEST_COMPLEX server group from the TSM server, enter:
delete servergroup west_complex
This command removes all members from the server group. The server definition for each group member is not affected. If the deleted server group is a member of other server groups, the deleted group is removed from the other groups.
You can move and delete group members from a previously defined
group.
Task | Required Privilege Class |
---|---|
Move a group member to another group
Delete a group member | System |
To move group member TRADE5 from the NEWWEST group to the NORTH_COMPLEX group, enter:
move grpmember trade5 newwest north_complex
To delete group member BLD12 from the NEWWEST server group, enter:
delete grpmember newwest bld12
When you delete a server, the deleted server is removed from any server groups of which it was a member.
You can test a connection from your local server to a specified server with the PING SERVER command. To ping the server GEO2, enter:
ping server geo2
The PING SERVER command uses the user ID and password of the administrative ID that issued the command. If the administrator is not defined on the server being pinged, the ping fails even if the server may be running.