[Digital logo]
[HR]

OpenVMS System Manager's Manual

Previous | Contents

For a complete description of the Backup utility qualifiers, see the OpenVMS System Management Utilities Reference Manual.

How to Perform This Task

To perform an image backup of the system disk to tape, use the following procedure:

  1. Obtain blank tape cartridges or magnetic tapes that you can use for the backup operation.
  2. Write-enable the tape. To write-enable a tape cartridge, slide the write-protect switch away from the tape cartridge label. To write-enable a tape, insert a write-enable ring in the back of the tape reel.
  3. Insert a tape into the tape drive.
  4. Determine the device name of the system disk you are backing up. (See Section 7.2 for information about determining the names of your devices.) To display the device name of the system disk you are booted from, enter the DCL command SHOW LOGICAL SYS$SYSDEVICE.
  5. Depending on your configuration, either boot standalone BACKUP or start the menu system:
  6. Enter the BACKUP command in the following format: 
    BACKUP/IMAGE/VERIFY input-specifier: output-specifier:saveset.BCK/REWIND/LABEL=label

    where:
    For example: 
    $ BACKUP/IMAGE/VERIFY DUA1: MUA0:DEC_31_BACKUP.BCK/REWIND/LABEL=WKY101
  7. The following message indicates that BACKUP has transferred the files and is verifying the accuracy of the backup copy: 
    %BACKUP-I-STARTVERIFY, starting verification pass
  8. If your system disk contains more data than a single tape cartridge or magnetic tape can store, the procedure displays the following messages and prompt: 
    %BACKUP-I-RESUME, Resuming operation on volume 2 
%BACKUP-I-READYWRITE, Mount volume 2 on _MUA0: for writing 
Enter "YES" when ready.

    If you do not receive these messages, see step 9. If you do receive these messages, do the following:
    1. Remove the backup tape from the drive.
    2. Label it COMPLETE SYSTEM BACKUP and include the date and the number of the tape in the sequence.
    3. Write-protect the backup tape.
    4. Write-enable another scratch tape and insert it into the drive.
    5. When you are ready to continue, enter Y (for YES) and press Return.
    6. The procedure displays the following message, which indicates that it has transferred the files and is verifying the accuracy of the backup copy: 
      %BACKUP-I-STARTVERIFY, starting verification pass

      Each time the procedure displays a mount request, follow steps a through e.
  9. If you are using standalone BACKUP, when the backup is finished, the system displays the following message: 
    %BACKUP-I-PROCDONE, Operation completed. Processing finished at 19-MAY-1996 
15:30. If you do not want to perform another standalone BACKUP operation, 
use the console to halt the system.                       
 
If you do want to perform another standalone BACKUP operation, 
ensure the standalone application volume is online and ready.              
Enter "YES" to continue:

    Continue with step 11.
  10. If you are using the menu system, the DCL prompt appears after the backup is finished. Log out and choose the Shutdown option from the menu.
  11. Remove the backup tape from the drive. Label it COMPLETE SYSTEM BACKUP, number it (if you used more than one cartridge), and include the date.
  12. Write-protect the tape cartridge or magnetic tape.
  13. Halt the system.
  14. Reboot the system.
  15. Store the backup tapes in a safe place.

10.17.4 Restoring the System Disk from Tape

If a problem occurs that renders your system disk unbootable, you can restore the system disk from your backup copy.

How to Perform This Task

To restore the system disk from tape, use the following procedure.

Note

The BACKUP restore operation creates a system disk that includes a set of volume parameters provided by Digital, including a cluster size (disk access scheme). You can change most volume parameters later with the SET VOLUME command. For cluster-mounted volumes, changes occur to the nodes on which the SET VOLUME command is issued.

To change the cluster size, back up the system disk to a disk that has been previously initialized with the cluster size that you want. For more information about initializing a disk, see Section 8.3. For more information about the BACKUP command qualifiers, see the OpenVMS System Management Utilities Reference Manual.

  1. Depending on your configuration, either boot standalone BACKUP or start the menu system:
  2. Determine the device name of the system disk you want to restore. (See Section 7.2 for information about determining the names of your devices.)
  3. Insert the first tape of the complete system disk backup into the drive. Make sure the tape is write-protected.
  4. Enter the BACKUP command in the following format: 
    BACKUP/IMAGE/VERIFY  input-specifier:saveset.BCK/REWIND  output-specifier:

    where:
    For example: 
    $ BACKUP/IMAGE/VERIFY MUA0:DEC_31_BACKUP.BCK/REWIND DUA0:
  5. The procedure displays the following message: 
    %BACKUP-I-STARTVERIFY, starting verification pass
  6. If your system disk contained more data than one tape could store, you receive the following messages and prompt: 
    %BACKUP-I-RESUME, Resuming operation on volume 2 
%BACKUP-I-READYREAD, Mount volume 2 on MUA0: for reading 
Enter "YES" when ready.

    If you do not receive these messages, see step 7. If you do receive these messages, do the following:
    1. Remove the backup tape from the drive.
    2. Insert the next backup tape into the drive.
    3. When you are ready to continue, enter Y (for YES) and press Return.
    4. The procedure displays the following message: 
      %BACKUP-I-STARTVERIFY, starting verification pass

      Each time the procedure displays a mount request, follow steps a through c.
  7. If you are using standalone BACKUP, when the restore is finished the system displays the following message: 
    %BACKUP-I-PROCDONE, Operation completed. Processing finished at 19-MAY-1996 
15:30. If you do not want to perform another standalone BACKUP operation, 
use the console to halt the system.                       
 
If you do want to perform another standalone BACKUP operation, 
ensure the standalone application volume is online and ready.              
Enter "YES" to continue:

    Continue with step 9.
  8. If you are using the menu system, the DCL prompt appears after the restore is finished. Log out and choose the shutdown option from the menu.
  9. Remove the last backup tape from the drive.
  10. Halt the system.
  11. Reboot the system.
  12. Store the backup tapes in a safe place.

10.17.5 Backing Up the System Disk to a Disk

To eliminate disk fragmentation, perform a disk-to-disk image backup without using the /SAVE_SET qualifier. This creates a functionally equivalent copy of the entire system disk, on which files are stored contiguously.

Note

This procedure initializes the output disk, effectively erasing the files on the disk.

How to Perform This Task

To perform a disk-to-disk image backup, use the following procedure:

  1. Obtain a disk with enough storage capacity to use for the backup. Make sure the disk does not contain files you need, because standalone BACKUP initializes the output disk.
  2. Determine the device name of the system disk you are backing up. (See Section 7.2 for information about determining the names of your devices.) To display the device name of the system disk you are booted from, enter the DCL command SHOW LOGICAL SYS$SYSDEVICE.
  3. Depending on your configuration, either boot standalone BACKUP or start the menu system:
  4. Enter the BACKUP command in the following format: 
    BACKUP/IMAGE/VERIFY input-specifier: output-specifier:

    where:
    For example: 
    $ BACKUP/IMAGE/VERIFY DUA0: DUA1:
  5. BACKUP displays the following message, which indicates that it has transferred the files and is verifying the accuracy of the backup copy: 
    %BACKUP-I-STARTVERIFY, starting verification pass

  6. If you are using standalone BACKUP, when the backup is finished the system displays the following message: 
    %BACKUP-I-PROCDONE, Operation completed. Processing finished at 19-MAY-1996 
15:30. If you do not want to perform another standalone BACKUP operation, 
use the console to halt the system.                       
 
If you do want to perform another standalone BACKUP operation, 
ensure the standalone application volume is online and ready.              
Enter "YES" to continue:

    Continue with step 8.
  7. If you are using the menu system, the DCL prompt appears after the backup is finished. Log out and choose the shutdown option from the menu.
  8. You can use the backup output disk as the system disk. Files are stored contiguously on the output disk, eliminating disk fragmentation.
  9. Store the original system disk.
  10. Halt the system.
  11. Reboot the system using the newly created system disk.

    10.17.6 Using InfoServer Tapes to Back Up and Restore System Disks

    On VAX systems, you can back up the system disk to an InfoServer tape and restore the system disk from an InfoServer tape.

    How to Perform This Task

    1. Boot the system from the SYS1 directory using the current version of the OpenVMS CD--ROM, which can be in a reader on the InfoServer or on a local drive.

      Note

      The boot command you use for your computer depends on the type of system you have. For more information about booting your system, see the installation and operations supplement for your computer.
    2. Choose option 1 from the menu system.
    3. At the prompt, you can perform the backup of your system disks.

    Example 10-1 shows the procedure for backing up a system disk to an InfoServer tape.

    Example 10-1 System Disk Backup to an InfoServer Tape 

    >>>  B/R5:10000100 ESA0
Bootfile: ISL_SVAX_071
-ESA0 
 Network Initial System Load Function 
 Version 1.1 
 
 
  FUNCTION        FUNCTION 
    ID 
    1     -       Display Menu 
    2     -       Help 
    3     -       Choose Service 
    4     -       Select Options 
    5     -       Stop 
 
 Enter a function ID value: 3
  OPTION          OPTION 
    ID 
    1     -       Find Services 
    2     -       Enter known Service Name 
 
 Enter an Option ID value: 2
Enter a Known Service Name: VMS062
   OpenVMS VAX Version 7.1 Major version id = 2 Minor version id = 0 
 
%SYSINIT-E, error opening page file, status = 0000025C 
%SYSINIT-E, error opening swap file, status = 0000025C 
%SYSINIT, primary PAGEFILE.SYS not found; system initialization continuing 
%SYSINIT, no dump file - error log buffers not saved 
%SYSINIT-E, error mounting system device, status = 00000F64 
$!  Copyright (c) 1996 Digital Equipment Corporation.  All rights reserved. 
$set noverify 
 
 
 
    Copyright © (c) 1996 Digital Equipment Corporation.  All rights reserved. 
 
 
    Installing required known files... 
 
    Configuring devices... 
 
    **************************************************************** 
 
    The menu can be used to execute DCL commands and procedures for 
    various "standalone" tasks, such as backing up the system disk. 
 
    Please choose one of the following: 
 
        1)  Execute DCL commands and procedures 
        2)  Shut down this system 
 
Enter CHOICE or "?" to repeat menu: (1/2/?) 1
    WARNING -- 
 
    The normal VMS startup procedure has not executed. 
    Some commands and utilities will not work as documented. 
 
 
    Enter DCL commands -- Enter "LOGOUT" when done. 
    When you enter "LOGOUT" a logout message will be displayed, 
    and you will be returned to the menu.
 
$$$ MCR ESS$LADCP SHOW SERVICE/TAPE
$$$ MCR ESS$LADCP BIND/WRITE/TAPE TZL04_TAPE
$$$ MOUNT/FOREIGN MADn
$$$ BACKUP/IMAGE DKA100:  MADn:SYS_DISK.BCK/SAVE_SET
.
    .
    .
$$$ LOGOUT
  Process SYSTEM_1 logged out at  2-FEB-1996 23:35:17.52 
 
    **************************************************************** 
 
 
    The menu can be used to execute DCL commands and procedures for 
    various "standalone" tasks, such as backing up the system disk. 
 
    Please choose one of the following: 
 
        1)  Execute DCL commands and procedures 
        2)  Shut down this system 
 
Enter CHOICE or "?" to repeat menu: (1/2/?)

    10.18 Ensuring Data Integrity

    BACKUP has several qualifiers for further ensuring the integrity of your backups. Digital recommends using these qualifiers if you want to achieve maximum data integrity. This section describes some of the ways you can increase data integrity with BACKUP. For more information about these qualifiers, see the OpenVMS System Management Utilities Reference Manual.

    10.18.1 /CRC Qualifier

    The /CRC qualifier enables the software cyclic redundancy check (CRC). The default is /CRC; you must specify /NOCRC to disable checking. Disabling checking reduces processing time, but increases the risk of data error.

    As an output save-set qualifier, /CRC writes the CRC checking code into the blocks of the output save set.

    As an input save-set qualifier, /CRC checks the CRC information in the input save set.

    Digital recommends that you use the CRC. Although it increases processing time, it also improves data integrity.

    10.18.2 /GROUP_SIZE Qualifier

    This output save-set qualifier causes BACKUP to write redundant data to the output save set. This allows BACKUP to attempt to correct read errors during the backup restore operation. Use the /GROUP_SIZE qualifier to define the number of blocks in each group of redundant information. For example: 

    $ BACKUP/IMAGE/RECORD
_From: DKA100:
_To: MKB100:BACKUP.SAV/LABEL=WKY101/GROUP_SIZE=20

    This command adds a recovery block after every 20 blocks of saved data. This allows BACKUP to recover a corrupted data block for every 20 blocks of saved data. The value of the /GROUP_SIZE qualifier defaults to 10.

    Although using this qualifier increases the size of the save set and the processing time for the operation, Digital recommends using the /GROUP_SIZE qualifier to increase data integrity.

    10.18.3 /IGNORE Qualifier

    Digital recommends that you back up your system when no interactive users are logged in. This is because if BACKUP encounters an open file during a save operation, it issues an error message and does not copy the file.

    You can instruct the backup procedure to save open files by using the /IGNORE=INTERLOCK qualifier on the BACKUP command. When you use the /IGNORE=INTERLOCK qualifier, the contents of the file at the moment of the backup are saved.

    The /IGNORE=INTERLOCK qualifier is useful for files that are constantly open (and would therefore not otherwise be saved). However, you must recognize that you might be saving inconsistent data, depending on the applications that are writing to the open files (for example, open application transactions or file data cached in memory). Also, because of the way BACKUP scans directories, any activity in a directory (such as creating or deleting files) can cause files to be excluded from the backup. In general, it is best to back up your system when a minimum number of files are open.

    Also, because of the way the file system works, using the /IGNORE=INTERLOCK qualifier to back up open files affects subsequent incremental backups. For example, you can back up an open file with the BACKUP/IMAGE/RECORD/IGNORE=INTERLOCK command. However, the backup date field of the file is not updated until you close the file. If the file remains open during subsequent incremental backups, it is not included in those backups because its backup date field is not as recent as the last image backup.

    10.18.4 /LOG Qualifier

    Use the /LOG qualifier to the BACKUP command to display the file specification of the files that BACKUP processes during a backup operation. For example, if you are copying files in a directory, you can use the /LOG qualifier to display the file specification of each file copied: 

    $ BACKUP/LOG
_From: WORK3:[OCONNELL]*.*
_To: WORK1:[OCONNELL.SCRATCH]*.*
%BACKUP-S-CREDIR, created WORK1:[OCONNELL.SCRATCH.COM] 
%BACKUP-S-CREATED, created WORK1:[OCONNELL.SCRATCH]DECW$MAIL.DAT;2 
%BACKUP-S-CREATED, created WORK1:[OCONNELL.SCRATCH]DECW$SM.LOG;42 
%BACKUP-S-CREATED, created WORK1:[OCONNELL.SCRATCH]DECW$SM.LOG;41 
   .
   .
   .

    10.18.5 /VERIFY Qualifier

    Use the /VERIFY qualifier to cause BACKUP to compare the contents of the input and output specifiers after a save, restore, or copy operation. When BACKUP is executing the verification pass, it displays the following message: 

    %BACKUP-I-STARTVERIFY, starting verification pass

    If BACKUP finds differences between the input and output files, it issues an error message.

    Digital recommends that you use the /VERIFY qualifier. Although it increases processing time, it also improves data integrity.

    10.19 Troubleshooting

    This section describes some common BACKUP errors and how to recover from them.

    10.19.1 BACKUP Fatal Error Options

    If, in the course of a backup operation, the Backup utility or standalone BACKUP encounters fatal hardware- or media-related errors or encounters more media errors than considered reasonable for data reliability, BACKUP generates the following informational message and prompt: 

    %BACKUP-I-SPECIFY, specify option (CONTINUE, RESTART, QUIT) 
BACKUP>

    Note

    If BACKUP is running interactively and you used the command qualifier /NOASSIST, you can enter an option in response to the BACKUP> prompt. If BACKUP is executing as a batch job or you specified the command qualifier /ASSIST, the operator must use the DCL command REPLY to enter an option.

    The option you choose depends on several factors. See Table 10-9.

    Table 10-9 BACKUP Error Options and Results
    Option Restrictions Result
    CONTINUE May compromise data reliability. Use only if the position of the tape has not changed since the original error and if the error does not imply that data has already been lost. If possible, BACKUP ignores the error and continues processing.
    RESTART Not valid if the output volume is the first volume in the backup operation. BACKUP unloads the current tape from the drive and prompts for another volume. After you load another tape, BACKUP restarts the save operation from the point at which the original tape was mounted.
    QUIT None. BACKUP terminates the operation and you can reenter the command.

    The following example illustrates the sequence of events that occurs when BACKUP encounters an excessive rate of media errors on VOL3 and you choose the RESTART option:

    1. BACKUP indicates that the magnetic tape has an excessive number of media errors and displays the following error message and prompt: 
      %BACKUP-F-WRITEERRS, excessive error rate writing VOL3 
%BACKUP-I-SPECIFY, specify option (CONTINUE, RESTART, QUIT) 
BACKUP>
    2. Enter RESTART.
    3. BACKUP dismounts VOL3 and prompts for a new tape. Remove VOL3 from the drive and discard this tape.
    4. Place a new tape into the drive and enter YES in response to the prompt for a new tape.
    5. BACKUP restarts the save operation from the beginning of VOL3; no data is lost.

    10.19.2 Tape Label Errors

    When you instruct BACKUP to use a tape that has a label other than the one you specified, BACKUP issues the following message: 

    %MOUNT-I-MOUNTED, DKA0 mounted on _SODAK$MUA0: 
%BACKUP-W-MOUNTERR, volume 1 on _SODAK$MUA0 was not mounted because 
its label does not match the one requested 
%BACKUP-W-EXLABEER, volume label processing failed because 
 volume TAPE4 is out of order, Volume label TAPE1 was expected 
 specify option (QUIT, NEW tape, OVERWRITE tape, USE loaded tape) 
BACKUP>

    Depending on the option you specify, you can quit the backup operation (QUIT), dismount the old tape and mount a new one (NEW), overwrite the data on the tape (OVERWRITE), or USE the loaded tape.

    If you use blank tapes or tapes that you intend to overwrite, use the /IGNORE=LABEL_PROCESSING qualifier. This suppresses the previous BACKUP message, which normally occurs if BACKUP encounters a non-ANSI-labeled tape during a save operation.

    Chapter 11
    Security Considerations

    This chapter outlines the security features available with the OpenVMS operating system and suggests procedures to reduce the threat of a break-in on your system or cluster. It also tells how to use the access control list editor (ACL editor) to create and modify access control list entries (ACEs) on protected objects. For a more detailed description of security management, refer to the OpenVMS Guide to System Security.

    Information Provided in This Chapter

    This chapter describes the following tasks:
    Task Section
    Managing passwords Section 11.2
    Adding to the system password dictionary Section 11.2.1
    Setting up intrusion detection Section 11.3
    Interpreting a user identification code (UIC) Section 11.4.1
    Parsing a protection code Section 11.4.2
    Creating access control lists (ACLs) Section 11.5
    Using the access control list editor (ACL editor) Section 11.7
    Auditing security-relevant events Section 11.8.1

    This chapter explains the following concepts:
    Concept Section
    What security management involves Section 11.1
    Aspects of password management Section 11.2
    Ways to protect objects Section 11.4
    Construction of access control lists (ACLs) Section 11.5
    Audit log file analysis Section 11.9

    For full descriptions of all these tasks and concepts, refer to the OpenVMS Guide to System Security.

    11.1 Understanding Security Management

    As the person responsible for the day-to-day system management, you play an important role in ensuring the security of your system. Therefore, you should familiarize yourself with the security features available with the OpenVMS operating system and implement the features needed to protect systems, users, and files from damage caused by tampering. Effective operating system security measures help prevent unauthorized access and theft of proprietary software, software plans, and computer time. These measures can also protect equipment, software, and files from damage caused by tampering.

    Types of Security Problems

    Security problems on most systems are generally caused by irresponsibility, probing, or penetration. The tolerance that your site might have to a breach of security depends on the type of work that takes place at your site.

    Environmental Considerations

    A secure system environment is a key to system security. Digital strongly encourages you to stress environmental considerations when reviewing site security.

    Operating System Protections

    In the OpenVMS operating system, managing system security is concerned with three major areas:

    The following sections describe measures to control access to your system and its resources.

    11.2 Managing Passwords

    A site needing average security protection always requires the use of passwords. Sites with more security needs frequently require generated passwords and system passwords. Highly secure sites sometimes choose to use secondary passwords to control network access.

    For information on external authentication (also known as single sign-on), see the Authorize section in the OpenVMS System Management Utilities Reference Manual and the Managing System Access section in the OpenVMS Guide to System Security.

    11.2.1 Initial Passwords

    When you open an account for a new user with the Authorize utility, you must give the user a user name and an initial password. When you assign temporary initial passwords, observe all guidelines recommended in Section 11.2.5. You should consider using the automatic password generator. Avoid any obvious pattern when assigning passwords.

    Using the Automatic Password Generator

    Previous | Next | Contents | [Home] | [Comments] | [Ordering info] | [Help]

    [HR] 

      6017P034.HTM
  OSSG Documentation
  22-NOV-1996 14:22:05.94

    Copyright © Digital Equipment Corporation 1996. All Rights Reserved.

    Legal