EVault Software. Course 361 Protecting Linux and UNIX with EVault

(1)

Course 361

(2)

2

3 Objectives

In this course, you will learn how to protect Linux/UNIX servers with EVault. This includes backing up and restoring individual files and folders.

Installation methods are basically the same no matter whether you’re using Linux or UNIX, but the installation packages will vary.

Scenario

The course is composed of a CentOS Linux 5.5 server that we’ll protect. EVault supports a handful of various Linux/UNIX versions. There are many out there. Make sure to review the release notes in i365’s download section to ensure that you’re installing an Agent on a supported platform. If you don’t have a supported version, you can try to backup the system via an NFS mount (Mapping a drive) from a supported OS.

Estimated Time to

Complete This Lab

30 Minutes

Requirements for

This Lab

 Our Linux Server is running CentOS 5.5 (The unbranded version of RHEL 5.5).

 On your productions machines, we recommend that all Linux/UNIX Updates have been applied

Computers Used in

This Lab

HQ-Vault

DR-Vault

(4)

4 Exercise 1 – Installing EVault Agent on File Server

In this step, we will install the EVault Agent to a Linux server that we wish to protect. This will allow us to further configure the protection of our Linux server through CentralControl.

Tasks Detailed Steps

1. Initial Logon

LINUX01

a. Once the lab starts, within Surgient, click on the Linux_Server and choose

VNC. This might take a couple of seconds to spawn the VNC Authentication

window.

b. On the VNC Authentication window, type evault and click OK.

2. Connect to Download Share and Copy Agent Installer Locally

a. For the Agent installer, I’ve downloaded them to a share found at

\\192.168.0.150\c$\Temp\. Normally you would download the Agent from

our Customer Service Portal at http://csp.i365.com or the Partner Portal at

https://www.i365.com/partners/portal/partner_login.html.

b. To connect to this share, we’ll use the mount command. c. At the prompt, type following command on one line: mount –o

username=traininglab/administrator,password=I365password //192.168.0.150/c$/Temp/ /mnt

(5)

5

f. At the prompt, type: cp Agent-Linux-6.73.3196.tar.gz /root. This will copy the Linux Agent installer to a local folder, /root.

(6)

6

we can verify that the file was copied over.

3. Extract and Install Agent

a. At the prompt, type: tar xfz Agent-Linux-6.73.3196.tar.gz. This unpacks the Agent install kit.

(7)

7

navigates us to that subfolder.

d. At the prompt, type: ls. This displays the contents of this directory. Within the directory, you’ll see our install script called install.sh.

e. At the prompt, type: ./install.sh. This will run the install script.

(8)

8

the default of installing the Agent under /opt/BUAgent/. Please be sure you have at least 10% free per the installation partition that you install the Agent on.

g. When prompted that /opt/BUAgent doesn’t exist. Create it?, press Enter. This will accept the default of Yes.

(9)

9

server, type n, and press Enter. Optionally, you could register to Web

CentralControl, but in this lab we will not.

(10)

10 Exercise 2 – Add Agent to CentralControl

In the next steps, we’ll add the Agent we just installed to our Windows CentralControl. CentralControl is EVault’s Agent Management interface or GUI. We’ve already got it installed on HQ-Vault. We’ll need to switch to that box.

1. Switch Machines

HQ-Vault

a. Using the Server drop-down at the top of the Surgient window, choose

HQ-Vault-Server to connect to the HQ-Vault.

b. The system should automatically log you in, but if you are prompted for login, below are the credentials.

 Username TrainingLab\Administrator  Password I365password.

c. On the desktop, double-click EVault Software CentralControl. This is the localized Windows CentralControl.

2. Add Agent to CentralControl

a. CentralControl is a place where you can centrally manage your various Agent machines on your network. You can be managing as little as one Agent in CentralControl or you can manage hundreds.

b. Right-click the Workspace and choose New Agent...

c. For the Description, the best way to describe an Agent machine is by its host name. Type Linux01.

d. For the Network Address, this can be one of two things. Either the IP address or the Fully Qualified Domain Name (FQDN). It’s preferable to use the FQDN in case of potential IP changes, but this training environment does not have a DNS server. In this lab, we’ll use the IP address. Type

192.168.0.61.

e. For the Port, we use 2548 or 808 (depending on the Agent version) for connections between CentralControl and the Agent. The Agent listens on this TCP Port. If there are firewalls between the Agent and CentralControl, they should be opened in that direction. For this Agent version, we use port 808, but this will automatically be configured when we click Get Status later. f. For the User name, type root. The user specified here needs to be a

member of the root user group.

(11)

11

future.

i. For the Domain, we’ll leave this field blank.

j. Whenever adding Agent to CentralControl, it’s always a good idea to click

Get Status. This tests our connection to the given Agent. We would receive

an error message if it had problems. Click OK.

(12)

12

added so we don’t have to type in its information again.

(13)

13 Exercise 3 – Register Agent to Vault

In this section, you’ll learn how to register your Agent to the Vault. For this step, you’ll need to know the Vault account credentials. If you own your own Vault, you would’ve created an Account within the Director Console. Otherwise, if you don’t own your own Vault and backup to a Vault hosted by i365 or an i365 partner, they would’ve created the account for you on their Vault.

1.

HQ-Vault

a. At this point, you’ve installed the Agent and added it to CentralControl. You should now see the Agent in CentralControl.

(14)

14

connections. In this lab, we’ll just register to one Vault, but if you were Dual Vaulting, you would need to register to both your local and remote Vaults. For Replication, you only need to register to your primary Vault.

2. Vault Configuration Wizard

a. On the Vault Configuration Wizard – Welcome screen, click Next >.

(15)

15

new Vault” and click Next >. We recommend you use the machine name or location for the Vault here. It’s simply a description but is referenced later when creating a backup job.

d. On the Vault Network Address[es] screen, type 192.168.0.150 for the “New address” and then Add. The address can either be the FQDN or IP Address. FQDN is preferable here due to potential IP changes in the future, but in this example our Linux server does not resolve DNS.

(16)

16

2546 to the Vault. The Vault listens on this port. On your network, please ensure that TCP Port 2546 is open in an outbound direction from the

perspective of the Agent. Port 807 is a legacy port that is no longer required for Agent version 4 or higher.

(17)

17

that we would’ve created on the Vault or that i365/i365 partner would’ve provided for us.

Account: Acme User name: evault Password: 1234

i. Click Next >.

Reconnection settings – If the Agent were to lose network

connection in the middle of a backup, the Agent by default will try to reconnect to the Vault every 3 minutes for a window of 3 hours. If the Agent is able to reconnect in this timeframe, it will continue where it left off. If the window is exhausted, that night’s backup will fail.

You can change the Reconnection settings here, but the defaults are the recommended settings.

Over The Wire Encryption Settings – This setting encrypts the

(18)

18

k. On the Agent Configuration screen, you should now have your HQ-Vault listed.

l. Please refer to Appendix A in the back of this guide for information on the other tabs listed in Agent configuration. This covers important topics like setting up Notifications and Customizing Retentions.

(19)

19 Exercise 4 – Creating a Backup Job

When creating a backup job, you’ll select what you want to protect and how you want to protect it. When going through the Wizard, you might have questions about a certain menu item. You can always click the in the upper left hand corner of the screen and then click the item you are curious about. This will give you a description of that item.

1.

HQ-Vault

a. When creating the backup job, we’ll continue using CentralControl on the HQ-Vault.

b. Right click the Agent Linux01, and select New Job…

2. New Job Wizard

(20)

20

(21)

21

click Next >. Here, we’ve named our job Data. This will signify backing up data files from the / directory. In this example, we’ll backup something small, the /etc/ directory. For Oracle related jobs, we would call my job Oracle. You can use whatever naming scheme makes sense for you.

e. On the New Job Wizard – Source screen, you can select what you want to backup. Notice that there is no such thing as System State within Linux/UNIX. The system files for these types of operating systems are handled within the normal file structure of Data Fiels. To protect your system from a disaster, you’d probably want to backup everything under / and then exclude the EVault Agent directory in /opt/BUAgent. However, keep in mind, when it comes time to recovery, Linux is not nearly as graceful when recovering to dissimilar hardware. Don't expect to be able to restore / and the system will boot. You’ll normally restore application specific directories.

(22)

22

backup this small folder. In your production environment, if you’re unsure of what to protect, include / and exclude /opt/BUAgent/. Whenever including a directory that would include the EVault Agent directory, it’s a best practice to exclude the EVault directory. In this case, /opt/BUAgent/.

h. On the Return Files screen, click OK. We’ll be doing a recursive backup of the entire directory so it really doesn’t matter which option we choose.

(23)

23

selected drive/folder and all of its subfolders. This is also where you can setup filters to only backup certain files/folders or extentions.

k. On the Include / Exclude screen, click OK.

(24)

24

the default backup window. For these items, select the if you have questions. Other than the default backup window, we recommend leaving the other options defaulted.

n. On the New Job Wizard – Encryption screen:

 This is where you can choose to protect your data by password protecting it. If you’ve set a password, upon recovery, you will be prompted for this password.

Any encryption change after the initial backup will result in a

reseed of data. This means you will be storing double the amount

of data than you should be on the EDPM appliance. Encryption changes include:

 Changing encryption types  Changing encryption passwords  Changing encryption types

 Change from no encryption to use encryption or vice versa

Please make sure to keep your encryption password in a safe place. If you lose your encryption password, i365 will not be able

(25)

25

 For the password, we’ll set the Password and Confirm Password to

test and click Next >.

(26)

26

wizard.”

(27)

27 Exercise 5 – Scheduling

In this section, we’ll schedule the Job that you created earlier. Please refer to EVault Course 412 –

Scheduling Backups with EVault for general guidelines for scheduling your backups. Tasks Detailed Steps

1.

HQ-Vault

a. In CentralControl, right-click Linux01 and select Schedule Entries…

b. On the Schedule List screen:

 This is where we can define a schedule such that our backups will run on automatic basis.

 In this example, we’ll schedule the following: i. Daily – M – F – 8PM

ii. Weekly – Sat – 8PM iii. Monthly – 1st – 8PM

 Per Best Practices, we’ll schedule the Longest retention first so that it is at the Top. Longest retention in this case being Monthly. You can always reorder them in this list if you had done it wrong.  We’ll need to schedule each retention separately. We’ll start with

the Monthly. 2. Schedule

Monthly Backup

(28)

28

c. On the Schedule Wizard – Command screen, click Next >. We’re accepting the default to schedule a Backup. Otherwise, you can schedule a

Synchronize or Custom command. Notice, you can not schedule a restore by default. A scheduled restore would need to be scripted.

(29)

29

Retention Scheme and select Next >.

f. On the Schedule Wizard – Options screen, click Next >. We’ve seen these options before when creating the Job. Here you can change things like the backup time window for this particular retention.

(30)

30

click Next >. For the Days of Month, you can type in any value between 1-31 and the backup will run that day. If you want to run the backup on the last day of the month, you would type LAST into the Days of Month field. This is not case sensitive.

i. On the Schedule Wizard – Finish screen, click Finish.

j. You’ve now completed scheduling the Monthly backup. You still need to complete the Weekly and Daily.

3. Schedule Weekly Backup

(31)

31

c. On the Schedule Wizard – Command screen, click Next >.

d. On the Schedule Wizard – Job List screen, select the Data Job and click Next

>.

(32)

32

>.

g. On the Schedule Wizard – Command Cycle screen, select Weekly for the Command Cycle and click Next >.

h. On the Schedule Wizard – Weekly screen:

 Check Saturday and deselect the rest of the Days.  Change the Start Time, type 8:00.

(33)

33

j. You’ve now finished scheduling the Monthly and Weekly backups. That leaves us just the Daily.

4. Schedule Daily Backup

a. On the Schedule List screen, click New…

b. On the Schedule Wizard – Screen click Next >.

(34)

34

>.

e. On the Schedule Wizard – Retention screen, select Daily for the Retention Scheme and click Next >.

f. On the Schedule Wizard – Options screen, leave the defaults and click Next

>.

(35)

35

 Make sure that Monday, Tuesday, Wednesday, Thursday, and

Friday are selected.

 Change the Start Time, type 8:00.  Click Next >.

i. On the Schedule Wizard – Finish screen, click Finish.

j. You’ve now finished scheduling the job. On the Schedule List screen, click

(36)

36 Exercise 6 – Run an Ad Hoc (Manual) Backup

Normally, you would allow the backup to run per its schedule, but for this lab, we’ll run an ad hoc backup so that we can restore immediately.

1.

HQ-Vault

a. In CentralControl, right-click Data under Linux01 and select Backup…

b. On the Data: Backup Wizard – Welcome screen, click Next >.

(37)

37

Completed and click Close. This backup will take several minutes to

complete.

(38)

38 Exercise 7 – Restoring a Single File or Directory

In the following steps, you’ll learn to restore a single file or directory using EVault.

1.

HQ-Vault

a. In the CentralControl, right click the Data Job under Linux01 and choose

Restore…

b. On the Restore Wizard – Welcome screen, click Next >.

c. On the Restore Wizard (safeset 00000001) – Select a Source screen, click

Next >. This is where you can choose from which safeset you’d like to

(39)

39

type test for the Password and Verify password and click Next >. This is the encryption password we had set earlier when creating the Job.

e. On the Restore Wizard (safeset 00000001) – Select Restore Objects screen, click Data Files and click Add…

f. On the Include / Exclude screen,  Expand 00000001  Expand /

(40)

40

h. On the Include / Exclude screen, click OK.

(41)

41

select “Restore files to an alternate location,” type /restore, and click Next

>. When choosing to restore either to an original or alternate location, that

location will always be on the Agent machine currently focused on in CentralControl. At the bottom, you have options for if a file already exists. You have options to overwrite files, rename files, etc.

(42)

42

Do you wish to overwrite files even if they are locked by another process?

Typically we only choose Yes to this option if we’re doing a full system recovery where we’d be overwriting locked files system directories. Otherwise, leaving the default of “No, do not restore locked files” is typical for normal, non-DR restores.

What do you wish to restore?

EVault allows you to potentially recover data that was backed up by a different Operating System. EVault backs up data in two different streams: a Header stream and a Data stream. The Header has your various file permissions/attributes while the Data stream has your actual data.

In most cases, if you’re restoring to similar Operating Systems (such as Windows to Windows), you want to restore All streams to get back your data along with the header.

If you wish to restore cross platform (such as Novell to Windows), you’ll want to restore “Data streams only” because Windows won’t be able to recognize the things like file permissions for Novell. In this case, the file being recovered will acquire the default

(43)

43

completed and click Close.

(44)

44 Exercise 8 – Verify Sample Folder Has Been Restored – For Lab Example Only

For this exercise, we’ll switch back to Linux01 and verify that the contents of the etc folder have been restored to /restore.ls

1. Switch Machines

LINUX01

Linux_Server to connect back to the Linux01 server.

b. The system should automatically log you in, but if you are prompted for login, below are the VNC credentials.

 Password evault.

2. Verify Sample Folder Has Been Restored

a. In the Terminal window, type cd /restore

(45)

45 Conclusion

In this lab, you learned how to install and configure a Linux Agent. You’ve also learned how to restore an individual file and folders. Hopefully you have a better understanding of how to protect a Linux / UNIX system using EVault. Please feel free to do further testing in your training lab. If you had already taken some of the Windows Agent labs before this, hopefully, you see that the configuration of this Agent is basically the same with the exception of the actual Agent installation. For further information about EVault, you can always check our knowledge base and library of user guides available at

http://csp.i365.com.

(46)

46 Appendix A

In this section, we’ll discuss some of the settings found within Agent Configuration in CentralControl. Items like email notifications and retentions should be reviewed on every implementation. In this example, we’ll assume you’ve completed all of the above exercises.

1. Switch Machines

HQ-Vault

HQ-Vault-Server to connect to the HQ-Vault.

b. The system should automatically log you in, but if you are prompted for login, below are the credentials.

 Username TrainingLab\Administrator  Password I365password.

c. On the desktop, double-click EVault Software CentralControl. This is the localized Windows CentralControl.

2. Open Agent Configuration

a. Right-click Linux01 and choose Agent Configuration.

(47)

47

Tab

a. On the Retentions tab, you can modify existing retentions or create new retentions to meet your business and compliance needs. Please review the course titled EVault - Course 411 (Understanding EVault Retentions) for more information.

(48)

48

Tab

a. On the Notifications tab, you should always have emails sent when there’s a failure. It’s up to you if you want emails sent on error or success as well. You will need to fill out the email settings according to your environment. EVault sends its notifications similar to an anonymous email (sendmail). If you need to provide an authenticated an account, you can do so at the bottom. I’ve filled out some fictitious information below.

7. Advanced Tab a. On the Advanced tab, you can change:

 Execution priority (CPU priority) – Recommend leaving at the

default but you have options to change the settings here.  Bandwidth – This is where you can set bandwidth throttling.

EVault Software. Course 361 Protecting Linux and UNIX with EVault

Course 361

2

Table of Contents

3

Objectives

Scenario

Estimated Time to

Complete This Lab

Requirements for

This Lab

Computers Used in

This Lab

4

Exercise 1 – Installing EVault Agent on File Server

5

6

7

8

9

10

Exercise 2 – Add Agent to CentralControl

11

12

13

Exercise 3 – Register Agent to Vault

14

15

16

17

18

19

Exercise 4 – Creating a Backup Job

20

21

22

23

24

25

26

27

Exercise 5 – Scheduling

28

29

30

31

32

33

34

35

36

Exercise 6 – Run an Ad Hoc (Manual) Backup

37

38

Exercise 7 – Restoring a Single File or Directory

39

40

41

42

43

44

Exercise 8 – Verify Sample Folder Has Been Restored – For Lab Example Only

45

Conclusion

46

Appendix A

47

48