I ran into an interesting problem recently. A de-duplicated pool containing TDP for Oracle backups was consuming much more space than would otherwise be indicated. Here’s what the occupancy looked like:

Node Name         Storage         Number of     Logical
                  Pool Name           Files     Space
                                                Occupied
                                                (MB)
----------        ----------    -----------    ----------- 
CERN_ORA_ADMIN    CERNERDISK            810      31,600.95 
CERN_ORA_BUILD    CERNERDISK          1,189      74,594.84 
CERN_ORA_CERT     CERNERDISK            402   3,876,363.50 
CERN_ORA_TEST     CERNERDISK            905   7,658,362.00
LAW_ORA_PROD      CERNERDISK          1,424     544,896.19 
OEM_ORA_RAM       CERNERDISK          2,186     524,795.31

That works out to about 12.7 TB. And, here’s what the storage usage looked like:

Storage         Device          Estimated       Pct       Pct     High  Low  
Pool Name       Class Name       Capacity      Util      Migr      Mig  Mig  
                                                                   Pct  Pct  
-----------     ----------     ----------     -----     -----     ----  ---  
CERNERDISK      CERNERDISK       47,319 G      90.4      90.4       97  90 

That’s about 47TB of storage, 90% used, which works out to just over 42TB of used storage. On top of that, TSM was reporting a “savings” of about 2TB, which means I should have about 44TB of data stored on disk. But only 12.7TB was actually backed up!

IBM has built a few interesting scripts to collect TSM data for support lately. One of which is tsm_dedup_stats.pl. This little Perl script collects quite a bit of information relating to deduplication. Here’s some summary info from that script ran a couple of days later:

Pool: CERNERDISK
  Type: PRIMARY		   Est. Cap. (MB): 48445474.5  Pct Util: 88.7
  Reclaim Thresh: 60	Reclaim Procs: 8		  Next Pool: FILEPOOL
  Identify Procs: 4	  Dedup Saved(MB): 2851277


  Logical stored (MB):	  9921898.18
  Dedup Not Stored (MB):  2851277.87
  Total Managed (MB):	 12773176.05

  Volume count:			        4713
  AVG volume size(MB):	        9646
  Number of chunks:	       847334486
  Avg chunk size:	           87388

There’s some interesting stuff in there. There’s almost 10TB of logical storage in the storage pool, almost 3TB saved in deduplication, and about 12TB total managed storage, which matches the output from “Q OCCupancy” pretty closely. The output also has a breakdown by client type and storage pool of the deduplication rate:

Client Node Information
-----------------------
    DP Oracle:		7
      Stats for Storage Pool:		CERNERDISK
        Dedup Pct:		22.28%
    TDPO:		1
      Stats for Storage Pool:		CERNERDISK
        Dedup Pct:		23.14%

So far so good, tsm_dedup_stats.pl matches what we’re seeing with the regular TSM administrative commands.

At this point, I ran “REPAIR OCC“. There’s a possible issue where the occupancy reported and the storage reported by “Q STG” can be inacurate. This new command validates and corrects the numbers reported. Unfortunately, running this had no effect on the problem.

The next thing we looked at was the running deduplication worker threads. After the “IDentify DUPlicates” command locates and marks “chunks” as duplicates, background processes run and actually remove the duplicated chunks. Running “SHOW DEDUPDELETE”, one of the undocumented show commands in TSM, reports the number of worker threads defined, the number of active threads, and which node and filesystem IDs are currently being worked on. If all the worker threads are active for a significant amount of time, more worker threads can be started by putting the “DEDUPDELETIONTHREADS” option in the dsmserv.opt file and restarting the server. The default is 8, on the bigger servers I’ve bumped that to 12. Bumping this number will generate more log and database traffic as well as drive more CPU usage, so you’ll want to keep an eye on that.

I only had 4 threads busy routinely, so adding more threads wouldn’t have helped. But, those threads had were always working on the same node and filespace. The node IDs and node names can be pulled out of the database by running this as the instance owner:

db2 connect to tsmdb1
db2 set schema tsmdb1
db2 "select NODENAME, NODEID, PLATFORM from Nodes"

Those 4 node IDs mapped to 4 of the nodes with data in our problem storage pool. You can see how much work is queued up per node ID with this SQL:

db2 connect to tsmdb1
db2 set schema tsmdb1
db2 "select count(*) as \"chunks\", nodeid from tsmdb1.bf_queued_chunks group by nodeid for read only with ur"

What was happening is that clients were backing up data faster than the TSM server could remove the duplicate data. Part of the problem is probably that so much data is concentrated in one filespace on the TDP clients, so only one deduplication worker thread can process each nodes data at any one time.

We could do client-side deduplication to take the load off the server, but we’ve found that with the big TDP backups that slows down the backup too much. So, with only saving about 2TB of storage on 12TB of backed up data, we came to the conclusion that just turning off deduplication for this storage pool was probably our best bet. After turning off deduplicaiton, it took about 10 days to work through the old duplicate chunks. Now the space used and occupancy reported are practically identical.

The client OS level field in TSM for most operating systems is pretty straightforward. On Linux, it’s the kernel version, HP-UX and AIX show a recognizable OS level. For windows the OS level is more cryptic. Here is a list of the OS levels:

UPDATE: I got some feedback that some people are not clear on creating multiple schedulers, so I’m updating this post.

Since I wrote about doing TSM Full-VM Image Backups With VStore API I’ve done more testing, and have put it into “production” with our smaller VMWare cluster. This cluster is managed by one department inside IT. It has some VMs used by customers inside the enterprise, some VMs used for development or testing, and some VMs used by the group inside IS. Now that I’m ready to put VMWare backups into practice, I need to schedule the backups. And, I got some great feedback on the first post, so I thought I would follow it up.

First we need to setup the client, and here we have a few options. If we have few enough VMs that we can backup all of them in one backup window, then we just specify the VMs in the client options and setup a schedule. If on the other hand we have too many VMs to backup in one backup window, then we need to setup multiple schedules with multiple schedulers and options files. This is similar to how you would setup Data Protection for MS SQL backups. If you have divided your VMs into folders, you can specify a folder of VMs to backup for each scheduler in the options file. Otherwise, you probably want to specify the VMs individually for each scheduler.

There is another option, you can specify a whole ESX host to each scheduler. I discounted this because a VMotion event would throw off where the VMs get backed up to inside TSM. In my environment, we are sure to end up with multiple unnecessary backups that would have to be cleaned up manually.

Because this is a smaller test system, there are a lot of VMs that I don’t want to backup regularly, and I can get it all backed up in on backup window. So, I specified to backup “ALL-VM”s in the GUI, followed by each VM I wanted to exclude.

This, of course, just adds some lines to the dsm.opt file:

VMMC "VM_IMAGES"
DOMAIN.VMFULL "ALL-VM;-VM=crcamzm1-bkup;-VM=DCFM;-VM=dmzftp;-VM=ftp..."

If you're going to run multiple schedulers, at this point you can copy the dsm.opt file to a new file and use that to setup your scheduler services. Otherwise, just restart the scheduler service and you're in business. Also of note, you can schedule file level backups of Windows VMs with the VStorage API similarly just by changing the options.

When I looked at the server side, I was happy to note that Tivoli has added a VM subaction to the Backup action. So, I created a schedule that ran once a week using the enhanced schedule options:

tsm: TSM>def sched standard mmc-opsvc1 action=backup subaction=vm schedstyle=enhanced startt=18:00 DAY=Sunday
ANR2500I Schedule MMC-OPSVC1 defined in policy domain STANDARD.

If you have too much data to backup in one backup window, you can break up the backups into multiple schedules that run either at the same time (you could probably run 2 at a time to increase network utilization) or in different backup windows. First, create a node on the TSM server for each schedule and then assign it to a backup schedule:

tsm: TSM>register node mmc-opsvc1_vm1 PASSWORD userid=none
ANR2060I Node MMC-OPSVC1_VM2 registered in policy domain STANDARD.

tsm: TSM>register node mmc-opsvc1_vm2 PASSWORD userid=none
ANR2060I Node MMC-OPSVC1_VM2 registered in policy domain STANDARD.

tsm: TSM>def sched standard mmc-opsvc1_vm1 action=backup subaction=vm schedstyle=enhanced startt=18:00 DAY=Sunday
ANR2500I Schedule MMC-OPSVC1_VM1 defined in policy domain STANDARD.

tsm: TSM>def sched standard mmc-opsvc1_vm2 action=backup subaction=vm schedstyle=enhanced startt=18:00 DAY=Monday
ANR2500I Schedule MMC-OPSVC1_VM2 defined in policy domain STANDARD.

tsm: TSM>def assoc standard mmc-opsvc1_vm1 mmc-opsvc1_vm1
ANR2510I Node MMC-OPSVC1_VM1 associated with schedule MMC-OPSVC1_VM1 in policy domain STANDARD.

tsm: TSM>def assoc standard mmc-opsvc1_vm2 mmc-opsvc1_vm2
ANR2510I Node MMC-OPSVC1_VM2 associated with schedule MMC-OPSVC1_VM2 in policy domain STANDARD.

On the client, create seperate dsm.opt files for each nodename. The VMCHost, VMCUser and VMCPW options will need to be changed for your environment. I put them in with the GUI, the copied and edited the dsm.opt file manually. Here's a basic example, you can specify other options for your environment, notice that I specified two VMFOLDERs instead of the "ALL-VM" option:

C:\Program Files\Tivoli\TSM\baclient>type dsm_vm1.opt
NODENAME         MMC-OPSVC1_VM1
TCPSERVERADDRESS tsm2.mhc.net
TCPPORT          1502
ERRORLOGRETENTION 7 D
SCHEDLOGRETENTION 7 D
PASSWORDACCESS GENERATE
COMPRESSION NO
DEDUPLICATION NO
SCHEDMODE POLLING

VMCHOST mmc-opsvc1.ad.mhc.net
VMCUSER pvaughan
VMCPW ****
VMBACKUPTYPE FULLVM
VMFULLTYPE VSTOR
VMMC "VM_IMAGES"
DOMAIN.VMFULL "VMFOLDER=Ambulatory Apps;VMFOLDER=Amcom;"

Once you have the dsm.opt files in place, you just need to register a scheduler service for each file. Here's an example of one:

C:\Program Files\Tivoli\TSM\baclient>dsmcutil install /name:"TSM Scheduler VM1"
/node:"MMC-OPSVC1_VM1" /password:"PASSWORD" /optfile:"dsm_vm1.opt" /startnow:Yes
...
Installing TSM Client Service:

       Machine          : MMC-OPSVC1
       Service Name     : TSM Scheduler VM1
       Client Directory : C:\Program Files\Tivoli\TSM\baclient
       Automatic Start  : no
       Logon Account    : LocalSystem
The service was successfully installed.
...
Authenticating TSM password for node MMC-OPSVC1_VM2 ...

Connecting to TSM Server via client options file 'C:\Program Files\Tivoli\TSM\baclient\dsm_vm1.opt' ...

Password authentication successful.

The registry password for TSM node MMC-OPSVC1_VM1 has been updated.

Starting the 'TSM Scheduler VM1' service ...

The service was successfully started.

Another nice thing that Tivoli did is make each set of image backups for a specific VM a filespace in TSM:

tsm: TSM>q file mmc-opsvc1

Node Name           Filespace       FSID     Platform     Filespace     Is Files-        Capacity       Pct
                    Name                                  Type            pace               (MB)      Util
                                                                        Unicode?
---------------     -----------     ----     --------     ---------     ---------     -----------     -----
MMC-OPSVC1          \VMFULL-HMC        1     WinNT        API:TSMVM        No                 0.0       0.0
MMC-OPSVC1          \VMFULL-DC-        2     WinNT        API:TSMVM        No                 0.0       0.0
                     FM
MMC-OPSVC1          \VMFULL-ftp        3     WinNT        API:TSMVM        No                 0.0       0.0

As you can see, a filespace is created in the format of "\VMFULL-VMNAME". If you need to remove the backups for a VM because it's been decommissioned or moved, you can simply delete the filespace.

DRAFT – I’m still working on it

These are some of the things I’ve been playing with. I’ll update this as I find more changes to make. Your mileage most definitely will vary.

We used to say that TSM is a hog and will use any resource it can. CPU, Memory, Network I/O, Disk I/O, Tape I/O, everything. And, when you were talking about a system with 1 or 2 GB of RAM, a couple of slow (by today’s standards) processors, and only a few adapters, that was right. With current machines, TSM seems to almost sip memory, and isn’t terrible on CPU. It’s great at moving bits between disk and tape. It’s probably the heaviest disk I/O user in your environment, I know it is in mine. There are a few things I’ve done to try and squeeze some more cycles out of TSM.

If you are running your TSM server on AIX, in my opinion, you are WAY ahead of the shops running it on Windows. With UNIX, and AIX in particular, you can easily tune the OS out of the box in ways that Windows shops can only dream of. You have a lot of control over where your data gets placed on the storage devices, you can tweak hardware parameters for adapters and devices, specify how your memory is managed and allocated, and you can monitor your system in great detail. For instance, in our shop the Windows group assigns a disk to a drive. If that disk is too hot, chances are they don’t know it, and if they did there’s not a lot they can do other than break up the data that’s on that drive mount to other mount points that map to other disks. And, that’s interruptive. On AIX, you add a disk to the volume group, make sure the LV is set to Maximum inter-disk policy, and run a reorgvg. You just solved your hot disk problem and it wasn’t disruptive at all.

We have a typical TSM system. The largest server has a 500+GB database (TSM 5.5, not 6.X with real DB2) and backs up 2 to 4 TB a night depending on the night to old repurposed DS4K disk. After the backup windows are complete it migrates the data off to tape. At this moment, the system is using around 8GB of RAM… out of 64GB. That’s around 56GB of RAM for FS cache.

Speaking of which, try turning FS cache off. The other admin’s gave me a weird look what I said that. Think about this, most of the data TSM backs up gets written to disk, then not re-read until it gets migrated or copied to tape. In the disk backup pools your doing a ton of sequential I/O. Way more than you have memory for. And, unless you do server side de-dupe, you’re not going to re-read the stuff you write before you run out of memory and the system has to burn cycles to clear the FS cache pages to make room for more. Now we don’t want to turn it all the way off because you need features of FS cache like I/O coalescence, read-ahead, and write-behind. Those sequential I/Os get coalesced together in memory and take less cycles to service, increasing throughput. If you look at “vmstat -s” you’ll see way more “start I/Os” than “iodones” because those I/Os get grouped together and serviced as one system call. Consider mounting your disk pools with the “rbrw” option. This tells the system to use whatever memory pages it’s going to use to fulfill the I/Os for either reads or writes, then put them back on the free page list for re-use. That way your sequential I’Os get coalesced, but since you’re not going to re-read the data, you might as well free up the RAM instead of making lrud do it later. If you’re using server-side de-dupe, consider using the “rbr” option. That tells the system to keep the pages in memory for writes, but flush them after reads. Chances are once the data is written and then re-read for de-deupe you aren’t going to re-read it again anytime soon. That frees up RAM for the stuff you want to do, and uses your FS cache more efficiently. You may see a higher ratio of usr to sys time in your CPU monitoring tool of choice depending on your workload, which means more real work is getting done.

JFS2 read-ahead is your friend. Check the output of “vmstat -s”. The ratio of “start I/O”s to iodones is an indication of how much of your I/O is sequential and how efficient your JFS2 read-ahead and write-behind mechanism is. For TSM, you want a pretty high ratio, I’m still tuning this. I’m tuning the ioo parameter j2_maxPageReadAhead. When the OS reads 2 sequential pages, the next sequential I/O reads in 2 * j2_minPageReadAhead pages, the next after 4 * j2_minPageReadAhead, and so on until the number of pages reaches j2_maxPageReadAhead. I’ve set this parameter to 512, just went to 1024. I’ve been told that I could set it to 2048 if I moved to faster disk, but I should not exceed that.

Bump up your JFS2 cache.  By default JFS2 is tuned for a mixed work load, and then it’s not really setup for intense reads and writes.  TSM doesn’t do a lot of mixed workload.  It’s a lot of intense sequential I/O.  What you want to look at is the “external pager filesystem I/Os blocked with no fsbuf” line of “vmstat -v”.  If that goes up very quickly, bump up the “j2_nBufferPerPagerDevice” ioo parameter.  It’s a restricted parameter, so you may have to use the -F flag.  That will bump up the number of filesystem buffers allocated at filesystem mount time.  Mine is currently set to 2048, with a default of 512.  Once the j2_nBufferPerPagerDevice is exhausted, the system will allocate extra buffer space to service the I/O dynamically.  These dynamically allocated buffers are carved out of free memory, then returned to the free list when the system is done with them.  The problem is that by default the system allocates 256k (16 buffers) at a time.  So, if everything is the default, the system burns through 512 buffers doing JFS2 I/O, then to alleviate that it nickles and dimes you 16 buffers at a time.  I set the j2_dynamicBufferPreallocation ioo parameter to 128.  If the “external pager filesystem I/O blocked with no fsbuf” counter goes up quickly, continue to bump those up.  With the default setting TSM can push that counter up really fast.  I rarely see an increment in this counter.  By contrast, an untuned system with moderate disk I/O gets 5 to 6 digits per day.

The I/O’s get passed off to the LVM layer buffers.  Check the global I/Os blocked with lvmo.  If they keep increasing, bump them up per VG with the lvmo command until they stop increasing.  Remember the number of buffers is per physical volume in the volume group, so adding disks bumps this up too.  To see what VGs are exhausting the pbufs run:

for vg in `lsvg -o`
do
     lvmo -v $vg -a
     echo
done

lvmo -v VG -a pv_pbuf_count=XXXX

The last time I did big disk I/O operations like copying disk to disk, or even better defining a file volume to TSM, I get about 500MB/s pretty well sustained.  That’s heavier I/O with DS4500 disks than I get with my DS8100, and by far the most intense workload on our SAN.  Your goal should always be to crush the SAN, at least until we get to SSDs.

Play with mounting your database with the “cio” option. Your database is probably too big to fit into RAM, and lots of random database operations may be slowed down by going through the JFS2 stack. Mounting your filesystems with the “cio” option is the next best thing to using RAW LVs for databases. But, some users have found that mounting the database this way actually slows down some operations, like database backups. This is probably because you lose the JFS2 read-ahead feature. I didn’t see much difference either way and am still testing with it.  So, give it a go and see what you get.

Check your disk queues. During your busiest times, look at the output of “iostat -alDRT 5 60”. Good times are during migrations, big deduplication jobs, expiration, and TSM DB backups. You’re looking for numbers in the last few columns, the “serv qfull” one in particular. This is how many times the disk queue for the offending disk was full. That can be a big killer, especially on databases, and most especially if your using “cio” on your filesystems. If the disk queue is full, the disk doesn’t accept any more requests. If your seeing numbers in this column, try adding more disks to the volume group of the offending disk from different arrays, and redistribute the LVs across all the disks (reorgvg works nicely for this but can take a while). You can also bump up the queue per disk with chdev, but the disk must be varied off to make the change:

chdev -l hdiskX -a queue_depth=XX

By redistributing our database from 2 disks to 4 disks I got a significant increase in speed for everything TSM does except backups (backups are network bound). Expiration is much faster now, and database backups went from 2.5 hours to about 1.5 hours.

We used to say “there are no TSM problems that can’t be fixed by more tape drives”, and it’s still somewhat true.  If you’re still using tape and haven’t gone to VTL or just sets of RAID disk, more and faster tape drives are good.  You want to keep your ratio of HBAs to tape drives to about 3 to 1.  That’s a general rule, you can go 4 to 1, especially if you have 8Gb HBAs and 2Gb tape drives.  If you have two libraries, one for primary storage pools, and one for copy storage pools, mix those tape drives on each HBA.  You’re probably writing to your copy storage pools, then your primary ones.  So, by mixing those drives on a HBA, you can get a lower effective ratio.  Now, there is a new multi-destination migraiton feature in TSM 6.2, which may blow that by letting you do backup copy and primary storage pool migration at the same time.  Currently, I have 4Gb HBAs and 4Gb LTO3 tape drives in a 3 to 1 ratio, and I’m not pushing the HBAs at all.  In fact your SAN admin is probably complaining that your tape drives are “slow drain” devices on the SAN, filling up buffers on the switches.

Find under-utilization times and resources.  We have an old TSM installation, we started with ADSM 3.1.2 and our procedures have developed from that early version.  We run our nightly backups to disk starting about 5pm until about 4am, then copy them to an off-site tape library, then migrate the disk to on-site tape.  When we looked at what our slowest link was, it’s the network.  We are moving to 10Gb ethernet, but currently run a 2 link etherchannel with LACP negotiation.  When we graphed our network throughput on a normal night the network stays below it’s saturation point until around midnight when it flirts with it’s maximum utilization until just before the end of our backup window.  So, the link that was costing us the most in terms of time wasn’t being used very efficiently.  We are looking at how to re-arrange our nightly schedules to smooth our our network utilization, and maybe get a higher effective throughput, and keep the systems who exceed their backup windows down.  The next slowest resource is the tape drives.  And, when we looked at how utilized they were, we found they were idle most of the night while the backups were running.    What I did was develop a simple script to do disk to copy storagepool backups every hour starting an hour before our backup windows began.  That took our morning copy storage pool process down from 4 to 6 hours down to less than 1 hour.  And, it has the side-effect of better protecting the data on our disk storage pools.

In TSM 5.4+, there is an option for backup encryption. Unlike SSL encryption, the data is stored on the server in an encrypted format. So, your tapes are finally, really, secure. Without paying for encryption capable libraries and drives. I always thought it was kind of lame of IBM to say that the TSM backup takes are useless without the TSM database. It looks to me like the data is in the clear on the tape, there’s no reason you couldn’t read the whole tape into a huge file and text search it if you really wanted it bad enough.

WARNING: If you lose your encryption pass phrase, the data is un-recoverable from TSM. Really. Gone. For good. You can save the key to the server in the TSM database (that’s what I’m doing), or you can just make REALLY sure you have it safely documented. Oh, and this will break your de-duplication because the data is encrypted as far as the server is concerned. It’s only de-crypted on the client in the event of a restore.

This is SUPER, and I do mean SUPER simple to setup. Just add this to your client option file:

ENCRYPTKEY generate

You can also specify prompt (which will prompt every time), or save (which will save the passphrase to a file on the client). If you specify generate, a pass-phrase will to automatically generated, and store on the TSM server. The encryption type is AES128 be default, but you can over-ride it and use DES56. The only reason I can think of to use DES56 is for performance.

There are 2 new include/exclude options too:

Exclude.Encryption
Include.Encryption

By default NO data is encrypted, so you’ll have to use the Include.Encryption option to add directories and files. IBM isn’t recommending you encrypt OS system files because of the possibility that you might lose your encryption pass-phrase file and not be able to restore. There are a couple of things you can do to mediate this. You can use the “ENCRYPTIONKEY generate” option, so the passphrase is in the TSM database. If you still don’t feel safe about that, you can only encrypt the really sensitive files like /etc/security/passwd. Or, you can enable SSL to encrypt the data over the wire, and only encrypt the sensitive application data (which doesn’t encrypt the data on the actual TSM server media).

Oh, and if you lose the encryption key the data is NOT RECOVERABLE. No, really, they mean it.

I haven’t looked at TSM backup encryption before, even though it’s been in TSM since version 5.4 (maybe earlier). But, if you think about it, there isn’t any data MORE important than your backup data. Data that is usually encrypted on the wire, is most likely sent in the clear by the TSM client. There are a couple of ways to slice this, but I started with the SSL encryption feature. There is a client encryption option in TSM 6.1 (possibly earlier) that encrypts the data with an encryption passphrase, but that has more issues and isn’t very compatible with server-side de-duplication.

Enabling the SSL features in the server is as simple as adding the following line to the dsmserv.opt and restarting:

SSLTCPPORT xxxx

When the server sees this option, it checks to see if there is a SSL key already generated. If there isn’t one, it creates it automatically. You can specify any port you like, as long as it’s not already being used by something else. If you don’t run the admin client on the same TCP port as the clients, you’ll also need to add:

SSLTCPADMINPORT xxxx

Now, on the client side, you need to copy the newly generated key from the server. It’s named cert.arm, and should be located in the server home directory (that’s the home directory for the instance owner in 6.1 and above). Once you have that, you just have to create an empty keyring and add the server key to it:

gsk7capicmd -keydb -create -db dsmcert.kdb -pw  -stash
gsk7capicmd -cert -add -db dsmcert.kdb -pw  -label "TSM server  self-signed key" -file cert.arm -format ascii -trust enable

The password can be anything and you can add more than 1 keys to your client keyring if you have more than one server as long as the labels are unique.

After that, you have to change the TCPPort option in the client option file (dsm.sys on Unix), and add the option “SSL yes”. Un-encrypted clients can’t talk to the SSL enable server port, and vise-versa. Just restart your client, and you should be in business.

There is a new feature in 6.2 where you can use a well-known certificate, if you want to pay Verisign or Thawt for a SSL certificate. Those certificates are included with the 6.2 clients, so you don’t need to hassle with copying the certificates. I haven’t tried that, because it’s easy enough to copy the self-signed key from the server and setup the keychain on the clients and save the money for a yearly SSL certificate renewal.

Now, I haven’t been able to verify this, but it appears to me that this DOES NOT interfere with de-duplication. The way I read it is the data isn’t stored in an encrypted format on the server, it’s de-crypted on the server before it hits the storage pools. The performance seems pretty good. You will spend some extra CPU cycles, but SSL is pretty light-weight and I haven’t seen a noticeable impact.

Note: this doesn’t encrypt the Webclient, GUI, client-to-client backups, or server-to-server backups. This only encrypts the actual data transfer from the client to the server.

If your wondering who is restoring files, and what they’re restoring, you can capture that information to a custom log file. It’s a pain to get the same kind of data out of the activity log, but you can dump it to a “formatted” text file. You can send it to a user defined script or program too. The offending codes we’re looking at are ANR0503 and ANR0504.

First, we need some options added to our dsmserv.opt file:

REPORTRETRIEVE YES
FILETEXTEXIT YES /var/log/tsm_res.log APPEND

The REPORTRETRIEVE option tells the server to log restores. You could stop with that, and be content to do searches of the activity log manually via the client. This will increase the volume of activity in the log, maybe significantly depending on how many restores you do. The FILETEXTEXIT command writes the specified lines to a file. And, we want it to startup automatically on reboot, write to the /var/log/tsm_res.log file, and APPEND new lines to that file. Once you’ve made these changes, bounce the TSM instance.

Now we have to go into the TSM admin client and enable the events to the exit with:

ENABLE EVENTS FILETEXT ANR0503,ANR0504

You can check the status of the receiver with “Q ENABLED FILETEXT”. You could also add “NODENAME=xxxxxx” to enable this for just certain nodes, which is pretty cool if you need to watch just a handfull of nodes.

There are a few more options for the above commands, check your Admin command reference or the TSM Infocenter website for other options.

The output in the file looks a lot like the TSM activity log, with a few fields added, like the date and the TSM server name.

These are various server SHow commands I’ve picked up from various sources. This is definitely not an exhaustive list, and these commands are added and dropped from TSM based on the version, these commands are not supported and may not work for you.

SHow ASQUEUED:
If you have a client session or process stuck, it may be waiting for a drive. You can use this command to see if there are sessions queued waiting for mount points.

SHow ASVOL:
If you are having problems with sessions or processes queued, or waiting for tape volumes, then this command will display the in-memory list of assigned volumes.

SHow CONFIG:
This is one of the long running commands that produce lots of output. It actually issues a set of QUERY and SHOW commands then uses these to build a quite comprehensive picture of the state of the server. This command is worth running as a diagnostic data gathering exercise, to be analysed when free time permits.

SHow CSVars:
Shows client schedule variables and statistics.

SHow DEDUPDeleteinfo:
Shows Deduplication thread information and current worker thread chunk statistics.

SHow DEDUPThread:
Shows information and statistics on Deduplication threads.

SHow DEVCLass:
Is also useful if you have problems with drives. It displays the status of each device class, including the status of allocated drives.

SHow LIBINVentory:
Shows current state of the library inventory for the library specified.

SHOW LIBINVentory [ LibraryName}

SHow LIBRARY:
Displays the current state of the specified library and all of its drives.

SHOW LIBRary [ libraryName ]

SHow LOCK:
Displays lock holders and waiters.

SHow LVM:
Shows logical volume manager info: server disk volumes.

SHow LVMCOPYTABLE:
Shows the LVM database and recovery log copy table status.

SHow LVMVOLS:
Shows database and recovery log volume usage.

SHow MEMTREnd:
This command will report the memory used by the server in megabytes, recorded at hourly intervals for the last 50 hours (this is a constant in the server code and is not user-configurable). The reported usage represents the amount of memory internal server routines request from the pseudo-kernel memory routines. It does NOT represent the total amount of memory the server is using. Nevertheless, it is still useful in determining the server’s memory usage trend.

SHow MP:
Useful for determining which volume is in-use by a given mount point and other attributes for the assigned mount points.

SHow PENDing:
Shows pending administrative and client schedules.

SHow RESQueue:
Displays the resource queue. The resource queue is used to monitor common resources on the server. Typically, this is useful for displaying information about transactions, locks, and other resources used by a storage agent on the database server that it is configured to use.

Show SLOTS:
This command displays the current state of the specified library’s slot information.

SHow SLOTS libraryName

SHow SSPool:
Displays information storage pools.

SHow SSSession:
Shows information about sessions using volumes in storagepools.

SHow TIME:
Shows the current server date and time.

SHow TXN:
Shows Transaction manager statistics.

SHow TXNTable
Displays information about transactions in-use on the server. This information is useful for diagnosing hangs or other transaction related failures while the transaction is still open on the server.

SHow VOLINUSE:
Displays information on a specified volume in the server’s in-use list. This command will display additional information that may be helpful including whether the volume is currently pending removal from the in-use list.

SHow VOLINUSE VolumeName [ REMOVE=YES ]