8.2 Monitoring and Managing TSM client access to the TSM server

TSM Client Node Registration

Before a user can request Tivoli Storage Manager services, the node must be registered with the server. There are 2 types of client node registration, you can set registration to open or closed.
  • Open: The client node is automatically registered when a session starts. The administrator does not have to register this node. Any client that knows the server address can connect and back up files to the server. Open registration specifies that users can register their workstations as client nodes with the server.
  • Closed: The administrator must register the client node. Closed registration provides better security in a production environment. Closed registration permits each user to register his own workstation as a client node with the server. This is the default.
Each node must be registered with the server, and it requires an option file with a pointer to the server. You can register a node at the administrative command line with the following command
register node nodename password

Members of the backup operators group can override security restrictions for the sole purpose of backing up or restoring files.  Backup operators are users or groups that have the security settings for backup and restoration of files and directories. Members of the backup operators group can back up and restore an entire machine, including system state and system services data. Storage administrators do not need to use an administrator ID for backup and recovery.

Also Read: Points to remember when taking backup to multiple storagepools simultaneously

You can run Query Session command on TSM server to know the client session.

Managing TSM Client Passwords

TSM administrators can use the following options to limit and control access to the system
  • Set Password Expiration: The default value for password expiration is 90 days. The expiration period begins when an administrator or client node is first registered to the server. If the password does not change within this period, the server prompts the user to change the password the next time the user tries to access the server.
set passexp days node=nodename
  • Set Invalid Sign-on Limit: By default, Tivoli Storage Manager does not check the number of times a user attempts to log in with an invalid password. On all client nodes, you can set a limit on consecutive invalid password attempts. When the limit is exceeded, the server locks the node.
set invalidpwlimit number_of_attempts
  • Set Minimum Password Length: By default, Tivoli Storage Manager does not check the length of a password. The administrator can specify a minimum password length that is required for Tivoli Storage Manager passwords.
set minpwlength number_of_characters

Lock and Unlock client nodes from accessing the TSM server

You can prevent a client node from accessing the TSM server by using the lock node command. When you lock a node that already has a session, the lock does not take effect until the session restarts. You can reverse this action by using the unlock node command. Two reasons why a node might be locked.
  • Too many invalid password attempts
  • An administrator action to prevent the node inclusion in an upcoming scheduled event
lock node nodename 
unlock node nodename

The below video will demonstrate the installation and configuration of TSM BA client on HPUX server.

Also Read: Use these Exclude options during backup to save storage pool space

0 Comment to "8.2 Monitoring and Managing TSM client access to the TSM server"

Post a Comment