FAQ
LICENSES & VERSIONS
Does SEP sesam require identical versions of SEP sesam Client and Server?
To avoid general version compatibility issues, the following rules apply:
- the version of SEP sesam Server must be greater than or equal to the version of SEP sesam RDS.
- the version of SEP sesam Server must be greater than or equal to the version of the SEP sesam Clients.
These rules are especially important when performing an upgrade of your environment. First upgrade the SEP sesam Server, then the RDS components, and last the Clients.
Forward and backward compatibility is maintained for all backup types that have not been discontinued. If you require restore/recovery of savesets for discontinued backup types, you can use old SEP sesam version that still supports that backup type.
What happens after a SEP sesam version is no longer supported?
Discontinued versions of SEP sesam can still be used, but they are no longer maintained, SEP AG no longer provides updates or fixes for those versions. Maintenance period for a version is generally 12 months (this depends on your license type), after this period SEP AG strongly recommends upgrading your SEP sesam Server and RDS components.
On older platforms that are still available, SEP strongly recommends to use only Client packages, and to combine such clients with the latest SEP sesam Server and RDS components. Backward compatibility is maintaned for discontinued Client versions, that are still used for older (outdated) platform versions.
How do I order a new licence?
To obtain a license, contact SEP sesam sales at SEP contact page or sales@sep.de and provide the following information:
- host name of the SEP sesam Server
- IP address of the SEP sesam Server
To determine which specific names are used by SEP sesam (for example, if more than one network card is installed on the server), go to Help -> License Info in the SEP sesam GUI menu bar and check the details. Licenses are available immediately after your purchase or renewal is completed and will be sent to you by email.
License Info displays all licensed components which are currently in use. It also shows you the number of clients and modules needed by your configuration if your SEP sesam Server is currently running in trial mode.
Note | |
Some features require a special license, for example, SEP sesam Exchange Recovery Pro and SEP sesam SharePoint Recovery Pro. SEP sesam licenses are issued on the basis of the size and requirements of your environment, so make sure that you are aware of feature/application specific licensing. For details on newly introduced licenses, see SEP sesam Exchange Recovery Pro license and SEP sesam SharePoint Recovery Pro license. |
How do I activate a license?
You can activate licenses easily by importing the license in the SEP sesam GUI. Note that the SEP sesam Exchange Recovery Pro and SEP sesam SharePoint Recovery Pro extensions require special licences and specific activation steps, as described in the section Activating special licenses.
Activating licenses in the SEP sesam GUI
After you have received your SEP sesam license by email, proceed as follows:
- From the SEP sesam GUI menu bar -> Help, select License Info. The SEP sesam License Info window appears.
- Click the button Import New License. A new window opens prompting you to paste a valid license file.
- Copy a valid license file sm_lic.ini and paste it from the clipboard or use the file manager to browse and select the required license as .ini or .zip file.
- Click Apply to enable the license.
Tip | |
The License Info also enables you to check the expiration date and to upgrade your license. All licensed components currently in use are displayed. |
If the program displays any errors (for instance, in the host name or IP address), email the SEP sesam License Info to SEP sesam sales by clicking the Send as Mail button. Clicking the button opens an email with the license information loaded. Address the message to sales@sep.de and send it.
Activating special licenses
To activate the special licenses, such as SEP sesam Exchange Recovery Pro or SEP sesam SharePoint Recovery Pro, proceed as follows:
- Go to Start -> All Programs -> SEP sesam Exchange Recovery Pro or Start -> All Programs -> SEP sesam SharePoint Recovery Pro and open the extension. A License file not installed message appears.
- Click the License info button and import the license.ini file.
Both, SEP sesam Exchange Recovery Pro and SEP sesam SharePoint Recovery Pro extensions require specific installation and configuration. For details on these procedures, see SEP sesam Exchange Recovery Pro and SEP sesam SharePoint Recovery Pro.
Why does the W008-License TCPIP address not match the local address 127.0.0.2?
This problem usually occurs on SLES-based Linux systems. Check the file /etc/hosts and change the relevant entry for the loopback address 127.0.0.2 or remove it from the /etc/hosts file entirely.
How do I obtain the community version?
The SEP sesam community version is available to the general public for private use on Microsoft Windows and Linux. Please note that the software, manuals, licensing and terms from SEP AG and SEP Software Inc remain unchanged.
During the installation of a SEP sesam demo version (available at SEP Download Center), a community license file is created automatically. This file must be copied to the license file location after the 30-day trial period is over.
The file sm_lic.ini.com can be found at <SESAM_ROOT>/skel
. Copy the file to <SESAM_ROOT>/var/ini
and rename it to sm_lic.ini.
If you want to check the license status, go to Help -> License Info.
Technical support is not provided for the SEP sesam community version and it cannot be upgraded. Visit the SEP Forum or search SEP Wiki for help.
REQUIREMENTS
What are the hardware and software requirements for a SEP sesam Server?
SEP sesam Server hardware requirements
The following are the hardware requirements for the SEP sesam Server, RDS or SEP sesam Client. They are similar for both servers, SEP sesam Server and RDS, except for the required space on the file system for the SEP sesam database, which is not necessary for RDS.
- The hardware requirements for the SEP sesam components represent the common requirements. Additional amount of RAM/CPU may be required for bigger Si3 data stores. For details, see Si3 Deduplication Hardware Requirements.
- (Windows only) Make sure that you are using CPUs with supported AVX versions (AVX, AVX2, or AVX-512) and FMA3 (Fused Multiply-Add 3-operand Form) or FMA4 (Fused Multiply-Add 4-operand Form) to prevent the Sesam Transfer Protocol Server (STPD) from automatically disabling the HTTPS port. This happens when the CPU instructions are missing due to unsupported AVX. Consequently, the TLS key and certificate cannot be created. For a list of supported AVX versions, see Advanced Vector Extensions.
Requirements | SEP sesam Server Standard edition | SEP sesam Advanced Server edition | SEP sesam Premium Server edition | SEP sesam Enterprise Server | SEP sesam Client |
---|---|---|---|---|---|
Memory (without Si3 deduplication) | 8 GB RAM | Minimum 16 GB RAM | 32 GB RAM | Minimum 64 GB RAM | 2 GB (recommended 4 GB) |
Memory (with Si3 deduplication) | Minimum 32 GB RAM | Minimum 32 GB RAM | 64 GB RAM | Minimum 128 GB RAM | Minimum 8 GB |
Core (without Si3 deduplication) | 1x CPU with 4 cores (≥ 2,4 GHz) | 1x CPU with 8 cores (≥ 2,4 GHz) | Minimum 1x CPU with 8 cores (≥ 2,4 GHz) | Minimum 2x CPUs with 4 cores (≥ 2,4 GHz) | - |
Core (with Si3 deduplication) | 1x CPU with 6 cores (≥ 2,6 GHz) | 2x CPUs with 8 cores (≥ 2,6 GHz) | 2x CPUs with minimum 8 cores (≥ 2,6 GHz) | Minimum 2x CPUs with 8 cores (≥ 2,6 GHz) | - |
Minimum hard disk space for SEP sesam metadata | 200 GB | 300 GB | 500 GB | 500 GB | 4 GB (for all client data) |
No. of backup clients | Up to 15 | Recommended up to 50 | Recommended up to 150 | Recommended for more than 150 | - |
Si3 deduplication hardware requirements
For the minimum Si3 hardware requirements that apply to SEP sesam Si3 deduplication server, see the above requirements list. Keep in mind that these requirements represent the demand for deduplication only. In addition, the amount of memory for the operating system and other services should be taken into account. For details on Si3 requirements, see Si3 Deduplication Hardware requirements.
SEP sesam Server software requirements
- Java: The required Java version depends on SEP sesam version. See Java Compatibility Matrix.
- Linux: PostgreSQL server package from the Linux distribution is required for 64-bit Linux. Note that SEP sesam RPM packages already include PostgreSQL server package, however, for some older SEP sesam versions, you may have to install the PostgreSQL manually. For details, see Installing PostgreSQL.
- Microsoft Windows: Check prerequisites for Microsoft Windows installation.
Note | |
We recommend that you use a separate partition for the SEP sesam metadata in order to prevent SEP sesam metadata from filling up the operating system partition.
|
Which Java version does SEP sesam require?
The required Java version depends on SEP sesam version. Check the following Java compatibility matrix for details. Oracle/Sun Java, IBM Java or OpenJDK can be used. For details on how to install Java, see Installing and Managing Java.
SEP sesam version | Java version |
---|---|
5.1.0 Apollon [V2] | Java 17 Note1, Java 11, OpenJDK 11 LTS |
5.0.0 Jaglion V2 | Java 17 Note1, Java 11, OpenJDK 11 LTS, Java 8 ≥ patch level 111 (both Windows and Linux) Note2 Note3 |
5.0.0 Jaglion | Java 11, OpenJDK 11 LTS, Java 8 ≥ patch level 111 (both Windows and Linux) Note3 |
4.4.3 Beefalo V2 | Java 11, OpenJDK 11 LTS, Java 8 ≥ patch level 111 (both Windows and Linux) |
- On Windows, SEP sesam recommends Java 17.
- On Linux, SEP sesam versions ≥ 5.0.0.9 Jaglion V2 and 5.1.0 Apollon support Java 17 only on demand, if the use of Java 17 from the command line has been enabled with
sm_setup set_java_path -f <java_17_installation_path>
.
- 5.0.0.9 Jaglion V2 is the last version of SEP sesam that supports Java 1.8.
- Java 1.8 (≥ 1.8.0_111) is only accepted if it is already installed and the computer does not have a 4K display.
You can check your Java version with the following command:
java -version
Example:
#> java -version java version "1.7.0_45" Java(TM) SE Runtime Environment (build 1.7.0_45-b18) Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)
Linux – RPM
If the SEP sesam Server is installed as an RPM package, Java must also be installed as an RPM.
Note that to install a SEP sesam Server on an OES2 system, Java 1.5 must remain the default version so that Micro Focus-specific functions (previously Novell) can operate. If a different Java version (such as 1.6) is installed on the system via RPM, the default Java version is kept, i.e., the reinstallation doesn't overwrite it. Java and the SEP sesam Server can be installed as described below.
In our example, 64-bit Sun Java is used:
- After the download is complete, give the package execution rights:
- Install the JRE binary package:
- Verify that the Sun Java version was properly registered in the package database.
#> chmod +x jre-6u25-linux-x64-rpm.bin
#> ./jre-6u25-linux-x64-rpm.bin Unpacking... Checksumming... Extracting... UnZipSFX 5.50 of 17 February 2002, by Info-ZIP (Zip-Bugs@lists.wku.edu). inflating: jre-6u25-linux-amd64.rpm Preparing... ########################################### [100%] 1:jre ########################################### [100%] Unpacking JAR files... rt.jar... jsse.jar... charsets.jar... localedata.jar... plugin.jar... javaws.jar... deploy.jar... Done.
#> rpm -qa | grep jre jre-1.6.0_25-fcs
The SEP sesam Server is installed via an RPM package. The SEP sesam installer finds the Java information in the package manager and automatically creates a link to it in the directory /opt/sesam/bin/sesam
. If the SEP sesam Server and Java are installed via Tarball, you must create the link manually, as described in the procedure below.
Linux – Tarball
If Java is installed as Tarball, the SEP sesam Server must also be installed as Tarball. The installation of a SEP sesam Server package with --nodeps is not supported.
Install Java Tarball as follows:
- Download a Java version that is compatible with your operating system, such as 64-bit Sun Java version jre-7u<version>-linux-x64.tar.gz, to
/opt/java
. - Go to the directory
/opt/java
and extract the Tar archive ./jre-7u<version>-linux-x64.tar.gz to the folder/opt/java
. - Java is unpacked into the subfolder jre1.7.0_45 and is ready to use. You can test Java functions as follows:
- Create the directory structure
/opt/sesam/bin/sesam
to link Java to the SEP sesam Server installation:
#> /opt/java/jre1.7.0_45/bin/java -version java version "1.7.0_45" Java(TM) SE Runtime Environment (build 1.7.0_45-b18) Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)
#> ln -s /opt/java/jre1.7.0_45/bin/java /opt/sesam/bin/sesam/java
You can now install SEP sesam Server via Tarball.
Windows
You can operate several Java versions on Windows. The SEP sesam Server can work with a Java version other than the operating system's default Java version. Enter the path of your Java version into the <SESAM_ROOT>\var\ini\sm.ini
file in the [JAVA] section:
[JAVA] java_interpreter="C:\Program Files\Java\jre7\bin\java" java_home="C:\Program Files\Java\jre7" java_exit_on_fail=no
This gives the SEP sesam Server its own Java environment on startup.
Where can I get the latest 64-bit version of Sun's JRE?
You can download Oracle Java at Java downloads for all operating systems. However, with Oracle announcing the end of free support for past versions of Java as well as the Oracle JDK binary no longer be free for use in production from JDK 11 on, SEP sesam introduced support for OpenJDK LTS (long term support) distributions, so you can use a free OpenJDK LTS version instead of Oracle Java. You can simply install OpenJDK on Linux or Windows, as described in SEP sesam Quick Install Guide.
INSTALLATION & CONFIGURATION
How do I install a Remote Device Server (RDS)?
You can simply install and configure RDS as follows:
- Depending on your operating system (Linux or Windows), download the relevant installation file from the SEP Download Center. For details on Linux/Windows installation, see SEP sesam Quick Install Guide.
- Add RDS as a SEP sesam Client to the SEP sesam environment. Make sure that the DNS names (between SEP sesam Server and RDS) are correctly resolved (forward and reverse DNS lookup). For details, see Configuring RDS.
- Add storage hardware (disk storage, tape libraries or single tape drives) to RDS.
For step-by-step procedure, see How to create a Remote Device Server (RDS).
How do I install the SEP sesam GUI on a Linux system?
To install a SEP sesam GUI on a Linux system, proceed as follows:
- Download a package for your Linux distribution from SEP Download Center.
- Depending on your distribution, install the SEP sesam GUI, as described in SEP sesam Quick Install Guide.
- After installing, check that the SEP sesam Server is available by using the following command:
- Make a shortcut with the following path:
- When starting the GUI, you have to log in with an appropriate user, refer to About Authentication and Authorization.
nslookup <SEP sesam Server name>
For details, see nslookup.
/opt/sesam/bin/gui/sesam_gui -S <SEP sesam Server name>
What problems may occur after installing the SEP sesam RPM package?
The following message appears when starting the SEP sesam GUI:
The connection to the server <SEP sesam Server> was denied.
The last message was:
java.rmi.RemoteException: Connection refused to host: [SEP sesam Server]; nested exeption is: java.net.Connect.Exception: Connection refused
- Make sure that the SEP sesam RMI Server component is active and the correct port is being used.
The program is terminated.
/opt/sesam/bin/sesam/java -version
In the Java v. < 1.7, you will need to update the Java files. For the list of supported Java versions, see Java Compatibility Matrix.
How do I change the IP address and the name of the SEP sesam Server?
Your license must first be modified to match the new server name and/or IP address. Send the original license, the new server name, and the IP address to info@sep.de.
When you receive the new license information, you can change the SEP sesam Server name using sm_setup.
- Set the SEP sesam profile and enter the following command:
- After executing the command, check the interfaces of the renamed SEP sesam Server: Main selection -> Components -> Clients -> double-click the server (Client) to open its properties. In the Interfaces field, manually remove the old interfaces and enter the new interfaces for http and https.
sm_setup change_servername <mynewserver>
How do I adjust SEP sesam limits?
The best way to adjust SEP sesam limits on the system is to create the Systemd override file. By using this file the settings are not overwritten during the update.
To adjust the SEP sesam limits, proceed as follows:
Example
> > root@cefix:~# systemctl show sepsesam.service | grep ^LimitCORE= > LimitCORE=2147483648
- Create the override file and adjust the value:
- Reload the system by using the command:
- Then specify:
> mkdir -p /etc/systemd/system/sepsesam.service.d/ > echo "[Service]" > > /etc/systemd/system/sepsesam.service.d/override.conf echo > "LimitCORE=infinity" >> > /etc/systemd/system/sepsesam.service.d/override.conf
> root@cefix:~# systemctl daemon-reload
> root@cefix:~# systemctl show sepsesam.service | grep ^LimitCORE= > LimitCORE=infinity
How do I calculate the data store capacity (free space calculation and license check)?
Data store volume sizing and capacity usage should be managed at the partition level. It is recommended that only SEP sesam data is stored on the respective volume. Note that it is possible to store non-SEP sesam data on the same partition as the data store without including it in the fill level calculation and thus the license check. For details, see Data store capacity.
When specifying the capacity value, a dedicated partition must have enough free space. The method for calculating the required disk space is:
space occupied by SEP sesam + free disk space = DS capacity
where DS capacity is the configured capacity value in the SEP sesam's data store configuration.
Note | |
SEP sesam expects the configured data store space to be available.
|
Example:
Volume size: 10 TB Used by SEP sesam: 4 TB Used by non SEP sesam 3 TB Free disk space: 3 TB ======================
DS capacity: 6 TB 4 TB + 3 TB > 6 TB: -> Backup can start ---------------------- DS capcity: 8 TB 4 TB + 3 TB < 8 TB: -> Backup will fail
For example, a data store reports the following error:
Not enough disk space could be freed to reach high water mark of -100GB for data store Data-Store. (Data store: Data-Store. Free space: 696GB . Freed: 3GB).
Solution: You have to correct the capacity value of your data store.
How do I determine the number of SID for Oracle?
You can determine the number of SID for Oracle in the following ways:
- View the list of the operating system's running processes. If an Oracle instance is running, the system monitor will also be running. The name of the Oracle process always contains part of the instance name. The common form is ora_<process_name>_<sid> Example:
oracle@myhost:/ ps -ef | grep smon oracle 23557 11596 0 Dec 19 ? 0:22 ora_smon_rac1
In this case, the SID is rac1.
oracle@myhost:cat /var/opt/oracle/oratab rac1:/opt/app/oracle/product/10.2.0/db_1:N
1. SHOW parameter db_name 2. SHOW parameter instance_name
The following statements can be used from every tool:
1. SQL> SELECT instance_name FROM v$instance; 2. SQL> SELECT [name] FROM v$database;
How do I configure the SEP sesam profile to run automatically during login?
Create a link in the directory /etc/profile.d/ as follows:
ln -s /var/opt/sesam/var/ini/sesam2000.profile /etc/profile.d/sesam.sh
How do I set permissions for a GUI client?
In previous SEP sesam versions, you have to set client permissions via the command line. As of version 4.4.3 Grolar, you can simply set client permissions by configuring ACLs in the SEP sesam GUI. For details, see Using Access Control Lists.
What problems may occur when adding a new client?
The following errors may appear when adding new clients to the SEP sesam Server.
Error message 1:
No Access for Computer pc2 - please enter for pc1
or
There is no SEP sesam installed on computer pc2, please install it.
The problem might be:
- There is no SEP sesam Client software installed.
- The wrong system name is specified in the SEP sesam GUI.
- There is an active firewall between the two computers.
Solution:
- Install the SEP sesam software on the target client.
- If the name was entered incorrectly, delete it and then re-enter it.
- Deactivate the firewalls or install the SEP sesam firewall option.
Error message 2:
Rights Restriction - [pc1.domain.de system] in pc2:<SESAM_VAR>/var/ini/sm_ctrld.auth
Problem: The SEP sesam Server has no privileges to access the client.
Solution: Enter the value in the square brackets into the client's <SESAM_VAR>/var/ini/sm_ctrld.auth
.
Error message 3:
Test backup from pc2 does not restore to pc1 – please verify (ping, DNS, local STPD)
Problem: The connection between the SEP sesam Client and Server is not functioning.
Solution: Check DNS resolution. SEP sesam recommends using the sm_setup check_resolution command, as described in How to check DNS configuration. Make sure that you have set up a SEP sesam profile before running the command; for details, see FAQ: What happens when I set a profile?
How do I use the Nagios plugin from Netway to query and monitor the SEP sesam database?
Attention | |
Open source monitoring tools like Nagios are not part of, nor are they supported by, SEP AG and/or its partners and subsidiaries. Neither are other programs or scripts which query data from the SEP sesam DB or any other SEP sesam module that are not specifically distributed by SEP AG. SEP cannot and will not make any guarantees or warranties as to the usability or functionality of such scripts. Therefore, for obvious reasons, SEP cannot offer support for any of these customer and client designed and implemented tools or programs. Consequently, there is no support for the client specific programs. |
NETWAYS GmbH has developed an open-source database query routine for SEP sesam – the Nagios plugin. In accordance with the OSF foundation rules, this is a free software package that comes with the standard disclaimers regarding warranty, usability, and functionality. In other words, use it for free at your own risk. You can download the plugin from SEP Download Center.
Demo scripts from projects
Various scripts have been written for specific projects to allow customers to query (retrieve information from) the SEP sesam DB. These scripts are very specific to the client environments and are in no way guaranteed to work in other environments. Sample scripts to query the SEP sesam database have been written illustrating the use of the Nagios methodology and are meant to be used for demonstration purposes only. They can be found at SEP Download Center.
How do I configure a command event?
You can configure the command events in the SEP sesam GUI. You might have to set permissions to execute the commands. For details, see Creating a Command Event.
How do I configure a follow-up event?
You can configure the follow-up events that are triggered on the SEP sesam Server once the initial event is completed. In the SEP sesam GUI, you can set up migration, saveset verify and other actions to be triggered immediately after the backup or other event is completed. For details on configuring such events, see Follow-up events.
How do I change data size units?
You can change the default unit for data size by using the menu bar -> Configuration -> Defaults -> select the Display Format tab. The data size can be specified either with (KB, MB, GB, TB) or binary prefix (KiB, MiB, GiB, TiB).
You can also set a different data size unit for the individual table. For details, see Changing data size units.
GUI
Why can't I find some features in the GUI?
The available GUI features (e.g., Expert Options for restore) depend on the selected UI mode: simple or advanced. (The former advanced GUI mode is now replaced by simple mode, while the former expert mode is replaced by advanced mode.) The appearance of the GUI does not change depending on the mode, but simple mode hides complex features and shows the user only a basic subset of options. Advanced mode provides all the features of SEP sesam, such as expert restore options, log level setting, etc. Under Configuration -> Defaults -> General, you can easily switch between modes at any time, as described in Selecting UI mode.
The currently active mode is displayed at the top of the SEP sesam application window.
How do I set a specific language for the SEP sesam GUI?
By default, the SEP sesam GUI always starts with the language of the operating system. The GUI currently supports English and German language. You can change the language by adjusting the parameter -r of the GUI client in the following ways:
- By right-clicking on your GUI desktop icon and selecting Properties, as described in Changing GUI language.
- By using the parameter -r when calling the GUI directly (i.e., on Linux) or when editing the link itself. The following settings are possible (do not use space after the parameter!):
-rde -ren -ren_us -ren_gb
The first option represents German. The other three options represent English; the first option shows time in 24-hour format whereas the second and the third option show time in the 12-hour format (AM and PM).
How to set Chinese fonts?
The default GUI font does not supply Chinese characters. You can change the default font to Chinese in the SEP sesam GUI (Configuration -> Defaults) by specifying the entry 'key= default_font[_...]', see Configuration: Defaults.
As the available Chinese font sets depend on the operating system, the following platform-specific keys are provided:
- Windows: 'default_font_windows'
- Linux: 'default_font_linux'
- Common setting: 'default_font'
Example for setting MS Song as the default Windows font:
sm_db "INSERT INTO defaults (key,user_name,value,host,protection) VALUES ('default_font_windows','sesam','MS Song',NULL,NULL);"
Can I administer more than one SEP sesam Server via the GUI?
To administrate more that one SEP sesam Server, you have to enable the Master GUI functionality. No special license is required.
Note | |
All SEP sesam Servers must be of the same version to use Master GUI functionality. |
To enable Master GUI, proceed as follows depending on your operating system:
On Windows
Edit the SEP sesam desktop shortcut and add the parameter -M1 to the target:
"C:\Program Files\Java\jre6\bin\java.exe" -classpath sm_gui.jar;sm_lib.jar; de.sep.sesam.gui.client.Frame -ucr -sbackupserver -lwindows -p11401 -P local -v2 -ren -M1
On Linux
Start the GUI executable /opt/sesam/bin/gui/sesam_gui with the parameter -M1:
./opt/sesam/bin/gui/sesam_gui -M1
NETWORK
Can I disable HTTP for connections to REST server?
SEP sesam enables communication between the REST server and user interface components (Web UI, GUI, CLI) through both HTTP and HTTPS protocols. By default, HTTPS is used for communication to ensure security, but HTTP is also permitted to simplify initial setup.
In environments, where the use of HTTP is not allowed for security reasons, the HTTP protocol can be disabled. This ensures that all network traffic is routed exclusively through the secure HTTPS protocol.
To disable the HTTP and redirect all network traffic to HTTPS, modify the sm.ini file. In the [UI] section, set the http.protocol property to false:
[UI] http.protocol=false
Save the file and restart the SEP sesam REST server to apply the changes.
Can I disable FTP/HTTP for data transfer channels SBC to STPD?
SEP sesam supports secure HTTPS protocol for all control commands and network traffic. The HTTP and FTP interfaces can be switched off and all data traffic is performed over HTTPS interfaces.
Before you can disable HTTP and FTP interfaces, make sure to check existing tasks and events (backups, restores or migrations) and move them to HTTPS interfaces if necessary. You cannot remove an interface that is still in use.
For detailed instructions on how to disable unsecure HTTP and FTP protocols for data transfer, see Disabling unsecure transport modes.
How to check SEP sesam Client access status?
You can use the Check Access State option in the SEP sesam GUI to determine whether the client is accessible, that is, to verify that the SEP sesam software is present on the client, the network connection works and hence the client is reachable from the SEP sesam Server. For details, see Checking Access State.
How can I verify that the SEP sesam Server has full access to a specific client?
Even if you can reach a client from the SEP sesam Server with nslookup and ping over DNS names, it is still possible that the SEP sesam Server cannot connect to the client. In this case, check the availability of the client from the SEP sesam Server with the following command:
For Linux/UNIX client:
sm_ctrlc -l root {nameofclient} sbc
sm_ssh -l root {nameofclient} sbc
For Windows client:
sm_ctrlc -l system {nameofclient} sbc
sm_ssh -l system {nameofclient} sbc
The output should be similar to the following standard output of the sbc command (example for a Linux client):
smsrv:~ # sm_ctrlc -l root dbsrv.local sbc 2016-11-22 13:11:44: sbc-3036: Info: # @(#)SESAM BACKUP CLIENT FOR UNIX FILE SYSTEMS, VERSION: 4.4R3 Build: 3ed0977 20161122 11:34:51 Linux x86_64 sles11fix # 2016-11-22 13:11:44: sbc-3162: Info: Client Host name: buildfix11 2016-11-22 13:11:44: sbc-3253: Info: Sesam version: [server,4.4.3.24,20161122114206] 2016-11-22 13:11:44: sbc-3257: Info: Sesam package: [sesam_srv-4.4.3-24_pg.sles11.x86_64.rpm] 2016-11-22 13:11:44: sbc-3019: Info: OS info: SUSE Linux Enterprise Server 11 (x86_64) 2016-11-22 13:11:44: sbc-3000: Info: usage: sbc -b|r|g|p|k|h [-C <control_host>] [-d <device>] [-f <list_source>] [-F <data_format>] [-i <saveset_info>] [-j <job_name>] [-l <level>] [-L <control_target>] [-n <segment_number>] [-o {options}] [-O <STOR/RETR_direct>] [-R <restore_target>] [-s <saveset_spec>][-S <storage_node>] [-t <tape_spec>] [-T <since_time>][-x <exclude_patterns>] [-X <exclude list>] [-v <level>] [-V <throughput_interval>] # Backup # [<backup_source1>[ <backup_source2> <backup_sourceN>]] | # Restore # [<restore_source1>[ <restore_source2> <restore_sourceN>]] | # Get # [<remote_file> [<local_file>]] | # Put # [<local_file> [<remote_file>]] {options}: comma separated list of compress, encrypt[_plain]=[{aes}|{bf}]<passwd> noacl # process without ACL (Trustees) only for backup: verify # verify data after backup plain # do not descend into subdirectories hard=defer # defer hardlinks hard=sort # expect i-node sorted input ignore_finder # ignore errors from sbc_find only for restore: rename, overwrite # rename/overwrite if file exists over=new, over=old # overwrites newer/older files plain, tree # restore plain/tree in target dir next # start from subsequent tape 2016-11-22 13:11:44: sbc-3001: Info: Exiting.
When a network problem occurs, the output may look like:
2016-10-26 13:25:59: scc-1128: Error: Network communication problem: STDLIB error: 110 - Connection timed out. connect() call failed for host: [dbsrv.sep.de].
Or a connection from SEP sesam Server to the SEP sesam Client may be forbidden:
2016-10-26 13:28:29: scc-1128: Error: Network communication problem: CTRLD reply: 2016-10-26 13:37:55: scd-1136: Error: Host [smsrv.local] is not allowed to connect or security problem for user: [root].
Which are SEP sesam default TCP ports?
SEP sesam client-server communication requires certain TCP ports to be open to enable SEP sesam components to communicate with each other through a firewall. The required ports may be SEP sesam version-specific; as of version ≥ 4.4.3 Beefalo, SEP sesam uses fewer ports than in the previous versions. For the complete list of SEP sesam ports and their configuration, see List of Ports Used by SEP sesam.
Why do I get the error: "Network communication problem: SOCKET error: 10038 – The descriptor is not a socket" when I try to connect to a client?
The Layered Service Provider (LSP) chain is defective or damaged. The cause can be an antivirus program or a virus. Another option is that the DLLs were switched during installation or uninstallation. This results in sub-processes not being able to inherit/open your socket handles.
In the following example, the SEP sesam CTRL connection takes the SM_CTRLD_MAIN daemon call from SM_CTRLC, opens the necessary sockets and passes them onto the newly created sub-process SM_CTRLD. Due to the defective LSP, the sockets cannot use this information and return the following error during an operation such as setsockopt():
10038 – The descriptor is not a socket.
Use the following free tools on the SEP sesam Client:
- lspfix.exe – identifies blocked DLLs, for example, bmnet.dll and removes them
- listdlls.exe – checks the chain of DLLs (alternatively use
sm_list -f {PID of SM_CTRLD_MAIN
)
Corrective measures:
- Check if the Layered Service Provider (LSP) links with lspfix.
- Check the sm_ctrld[_main].exe indirectly used DLLs with listdlls.
- Remove the conflicting DLL with lspfix.
An example of a correct listdlls for an environment:
#> listdlls.exe sm_ctrld D:\kit\su\src\gui>listdlls sm_ctrld . ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals ------------------------------------------------------------------------------ sm_ctrld_main.exe pid: 4872 Command line: D:\programme\SEPsesam\bin\sesam\sm_ctrld_main.exe -D . Base Size Version Path 0x00400000 0x23000 D:\programme\SEPsesam\bin\sesam\sm_ctrld_main.exe 0x7c910000 0xb7000 5.01.2600.2180 D:\WINDOWS\system32\ntdll.dll 0x7c800000 0x106000 5.01.2600.2945 D:\WINDOWS\system32\kernel32.dll 0x71a10000 0x17000 5.01.2600.2180 D:\WINDOWS\system32\WS2_32.dll 0x77be0000 0x58000 7.00.2600.2180 D:\WINDOWS\system32\msvcrt.dll 0x71a00000 0x8000 5.01.2600.2180 D:\WINDOWS\system32\WS2HELP.dll 0x77da0000 0xaa000 5.01.2600.2180 D:\WINDOWS\system32\ADVAPI32.dll 0x77e50000 0x91000 5.01.2600.2180 D:\WINDOWS\system32\RPCRT4.dll 0x719b0000 0x40000 5.01.2600.2180 D:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.2180 D:\WINDOWS\system32\hnetcfg.dll 0x77ef0000 0x47000 5.01.2600.3099 D:\WINDOWS\system32\GDI32.dll 0x7e360000 0x90000 5.01.2600.3099 D:\WINDOWS\system32\USER32.dll 0x719f0000 0x8000 5.01.2600.2180 D:\WINDOWS\System32\wshtcpip.dll
After removing the defective DLL, the socket can be inherited by the sub-process SM_CTRLD.
Why is the throughput for local backups very low?
In some Linux systems, e.g., SLES12, the local loopback device lo is often configured with MTU (Maximum Transmission Unit) size 65536 (64K). This may decrease the local transfer throughput because the MTU size is equal to the transfer buffer size used in SEP sesam.
To check and modify the MTU size for local loopback, proceed as follows:
- To check the local loopback MTU size: ifconfig lo
- To set the MTU size to 16K: ifconfig lo mtu 16384
- Add or change MTU='16384' in /etc/sysconfig/network/ifcfg-lo for SLES12
Example:
srv1:/ # ifconfig lo lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:61869492 errors:0 dropped:0 overruns:0 frame:0 TX packets:61869492 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:5001500685 (4769.8 Mb) TX bytes:5001500685 (4769.8 Mb) srv1:/ # ifconfig lo mtu 16384 srv1:/ # grep MTU ifcfg-lo /etc/sysconfig/network/ifcfg-lo srv1:/ # echo MTU=16384 >> /etc/sysconfig/network/ifcfg-lo
For more information, see nixCraft article Linux MTU Change Size.
SECURITY
Is SEP Sesam vulnerable to the LOG4J security issue?
Apache Log4j2 (issue CVE-2021-44228) has a remote code execution vulnerability that allows hackers to take control of a system. This means that the vulnerability can be exploited remotely over a network without requiring any authentication (no username and password). How does this affect SEP sesam?
Current research shows that SEP Sesam is not vulnerable to security issue CVE-2021-44228. SEP sesam uses the SLF4J logging library, which means that the Java components shipped with SEP Sesam (Si3, Si3-NG, UI/CLI) do not have direct dependencies for the Log4j module. Consequently, the vulnerable Log4j core module is not shipped with a SEP sesam installation. For more details, see SEP sesam and CVE-2021-44228.
SEP SESAM SPECIFIC
What is SEP sesam Newday?
SEP sesam Newday is a predefined SEP sesam daily event that resets the backup event calendar and is managed by SEPuler. A Newday event is used by SEP sesam to reorder its database and enable the uninterrupted activity of SEP sesam processes, therefore it must never be completely deactivated or it will cause SEP sesam to stop working properly. It also gives system administrators the flexibility to extend backup routines to run after midnight and retain the backup date of the prior day. This is very useful when the clients requiring backup exceed the time allotment between the end of the day and midnight. For details, see Newday Event.
Is there an overview of SEP sesam services?
There are different services depending on whether you are dealing with a SEP sesam Server, a SEP sesam Client or a SEP sesam Remote Device Server (RDS).
The services can be found in the SEP sesam installation directory <SESAM_ROOT>/bin/sesam
. To check the status of the services, use the following commands:
Linux/UNIX
./sm_main status
Windows
sm_main status
SEP sesam Server services
sm_qm_main SEP sesam main processes, provides also the qm service sepuler SEP sesam event calendar to control all tasks db SEP sesam database services qm Queue manager, administers backups, restores and devices rmi server part of the graphical user interface (GUI) sms read/write of SEP sesam media stpd linking protocol from the SEP sesam Client to the SEP sesam Server passd security administration for SEP sesam ctrl linking protocol from the SEP sesam Server to the SEP sesam Client sshd secure linking protocol from the SEP sesam Server to the SEP sesam Client
SEP sesam Client services
sm_qm_main SEP sesam main processes ctrl linking protocol from the SEP sesam Server to the SEP sesam Client sshd secure linking protocol from the SEP sesam Server to the SEP sesam Client
SEP sesam RDS services
sm_qm_main SEP sesam main processes ctrl linking protocol from the SEP sesam Server to the SEP sesam Client sms read/write of SEP sesam media stpd linking protocol from the SEP sesam Client to the SEP sesam Server passd security administration for SEP sesam sshd secure linking protocol from the SEP sesam Server to the SEP sesam Client
In Backups by state, what do the flags in the column Level mean?
The first letter shows the backup level/type:
(G)F/D/I/C: Backup level (full, differential, incremental, copy); with the prefix G in case of a group backup N: SEP sesam Newday S: SEP sesam startup X: SEP sesam command event
The second letter is used when a database backup is performed. It has no significance for the regular Path backups.
H: Hot - online backup of a database C: Cold - offline backup of a database
What happens when I set a profile?
By setting a profile:
- the
<SESAM_ROOT>/bin
and<SESAM_ROOT>/var/db/
directories (and their subdirectories) are added to the "$PATH" environment variable so that SEP sesam commands can be executed globally, - you do not need to be in the actual run directory.
To set a profile, depending on your operating system, proceed as follows:
On Linux/UNIX
Go to the directory <SESAM_VAR>/var/ini
and call:
. sesam2000.profile
Do not forget the dot and the space at the beginning!
Alternatively, use:
source sesam2000.profile
Note | |
This sets the profile only for the current session. To set it permanently under Linux, see How do I configure SEP sesam profile to run automatically during login? |
On Windows
Open a command window, then go to the directory <SESAM_ROOT>\var\ini
and call:
sm_prof.bat
Alternatively, use the link <SESAM_ROOT>\var\ini\sm_prof.bat.lnk
.
Why does the SEP sesam GUI create so many Java processes under Linux?
On some Linux systems, the threads created by the SEP sesam GUI are shown in the process table. These are not real processes but only threads. There is a large number of processes because Java creates threads for all objects with Listener functionality.
Why does SEP sesam Server use so much disk space on the local hard disk?
One of the essential advantages of SEP sesam is that not all information is filed in a database but, instead, in simple text files. The largest files are usually the *.lis files which contain information about the backup's unique files and are used by the restore wizard to select and restore unique files. *.lis files are stored in the following directories:
Linux/UNIX
/<SESAM_ROOT>/var/lis
Windows
C:\<SESAM_ROOT>\var\lis
You can compress the files as follows:
- Set the SEP sesam profile, as described in the section What happens when I set a profile?
- Use the sm_newday command to run file compression immediately. The files will be compressed directly by the Newday schedule. As predefined in the command, *.lis files are not compressed immediately but three days after they are created. This is because most restores are triggered within three days after a backup.
All *.lis files are converted into a compressed file format and are uncompressed by SEP sesam automatically whenever necessary.
How to protect SEP sesam environment from malware attacks?
Since malware attacks (e.g. ransomware) can be devastating for organizations, it is recommended to apply best practices for SEP sesam Server or RDS in addition to regular system updates, storing backups on a separate device, protecting personal data, etc. For details, see Ransomware Protection Best Practices.
BACKUP (general overview)
Which backup strategy is recommended to implement with SEP sesam?
You can implement various backup strategies with SEP sesam, such as the 3-2-1 backup strategy and its variations, the GFS backup rotation strategy, and the D2D2T strategy. However, it is recommended to keep backup copies both locally and externally (on tape, hard disk, in the cloud, etc.) to quickly and seamlessly recover lost data and ensure business continuity when all preventive measures fail. Before implementing the backup strategy, ensure that you select the one that is appropriate for your unique business needs. For details, see Backup Strategy Best Practices.
Is data that is collected for backup stored in a flat file or a database?
Data is stored in a flat file, but information about the backup is stored in the SEP sesam database, including index pointers for fast and easy data recovery.
Does SEP sesam back up open files?
Yes, SEP sesam can back up open files on both Linux and Windows systems as regular Path backups.
On Windows, open files can be backed up using SEP sesam Volume Shadow Copy Service (VSS). To perform an open file backup, a Windows snapshot is made of the data and partition intended for backup and the partition is backed up. Databases should only be backed up using the relevant SEP sesam database module, see SEP sesam Extensions. For details on VSS, see SEP sesam Volume Shadow Copy Service (VSS) for Windows.
Does SEP sesam perform incremental backups after the initial backup?
Depending on your backup strategy, SEP sesam can be set to perform any backup level in the desired sequence.
Are backups performed directly to disk or tape? How about cloud backup?
Backups can be written directly to different backup media such as disk, tape and cloud. The ability to move data between physical servers, virtual machines, and the cloud is a key for a successful backup strategy. All backup functions are written and/or controlled by the server and may be written directly to the backup disk, tape, remote tape server, or cloud.
- SEP sesam supports disk-to-disk-to-tape (D2D2T) functionality and can also write directly from the backup tape to the server. It supports virtual tape libraries on disk with a pseudo autoloader function as well as removable disk media.
- SEP cloud backup and recovery enables you to back up and replicate physical and virtual data to the cloud without having to build offsite infrastructure. For details, see S3 Cloud, HPE StoreOnce, Si3 Deduplication and Si3 Replication.
When several users save the same file on separate clients, does SEP sesam back up all the files?
For example, if members of a work group save the same file to their respective desktops, does SEP sesam make separate copies of the file or a single file with pointers to the changes?
Typically, SEP sesam stores separate files for each user, unless you are using the SEP Si3 target deduplication. With SEP Si3 target deduplication only one instance of the same data is stored directly on backup media. Si3 deduplication can be easily configured, but it also requires a special license. For explanation, see SEP Si3 target deduplication and SEP sesam extensions.
How to set up an Si3 deduplication store for replication?
Note | |
The Initial Seed feature does not work in v. 5.0.0 Jaglion, but you can use it in earlier SEP sesam versions. Note that SEP is working on this issue and will provide a fix as soon as possible. |
The easiest way is to use the initial seed functionality – you can import the preconfigured Si3 deduplication store and use it for replication. When replicating from origin to new Si3 store, the savesets on the new Si3 deduplication store are identified and the content of the new Si3 store is updated in the SEP sesam database. For details, see Seeding Si3 Deduplication Store.
How are archive bits processed?
On Windows, archive bits are used for full and copy backups. The archive bits are treated the same for both backup levels.
Note that the archive bits are not deleted on Windows systems. If you want to force-reset of the archive bits, you can enter the following command in the backup task properties (Options tab -> Backup options field):
-o clear_archive
You can also add the files with the Archive ready attribute as follows:
-o add_archive_ready
To set the use of archive bits, proceed as follows:
sql "update defaults set value= 'yes' where key= 'with_archive_bit'"
Can I back up MS SQL/MS Exchange with the Volume Shadow Copy (VSS) functionality of Microsoft Windows?
Yes, the VSS functionality can be used to back up MS SQL or MS Exchange environments, but it is only recommended for small installations.
There are two strategies for consistently backing up a running MS Exchange or MS SQL environment:
- Using the SEP sesam online extensions for MS Exchange or MS SQL. For details, see MS Exchange Backup and MS SQL Backup.
- A regular file system path backup with the activated VSS writer for MS Exchange or MS SQL. For details, see SEP sesam Volume Shadow Copy Service (VSS) for Windows.
Note | |
The backup of MS Exchange or MS SQL environments via VSS is a viable option to get a consistent backup of the running environment as long as the data volume is not too large. It is an alternative for small environments with 1-5 users. However, in critical productive environments you should use the SEP sesam online extensions for MS Exchange/MS SQL to ensure consistent backup and restore. |
SEP sesam online extensions
- Dedicated backup of Groupware data/database data, independent of the files in the file system.
- Available are FULL, DIFF (differential) and INCR (incremental) backup levels.
- Provide granular backup of single databases and database instances.
- Backup of the transaction log – other systems accessing the database are aware that a backup is performed.
- Restore of the database/Groupware data only (without files from the file system).
- Provide granular restore of single instances and databases. In a restore scenario, there is no need to restore the complete database – this is beneficial for larger databases/Groupware systems.
- Perform online restore.
Backup via the Microsoft VSS Writer
- The Volume Shadow Copy (VSS) functionality of Microsoft Windows is included in the regular SEP sesam file backup agent for Microsoft Windows. It also supports the VSS backup of MS Exchange and MS SQL.
- A VSS-based backup of a database/Groupware system is always a file system backup. If the file backup agent starts backing up a file system with a MS SQL/MS Exchange database, the VSS functionality is used to inform the database about the backup. The database/Groupware system delivers the data consistently.
- A VSS backup of a database/Groupware system always backs up all of the data. Incremental or differential backups are not supported and the backup of single databases or single instances is also not supported.
- A database-only restore cannot be performed because the database/Groupware system is part of the complete file system backup, therefore the complete file system backup must be restored in order to restore the database.
- Restore of single instances or single databases is not supported.
- The transaction log file is not backed up – other applications are not informed about the backup of the database.
To enable a consistent restore in distributed environments, the different components must be informed if a backup of one of the systems is performed. For example, in a SharePoint Server environment, the database and mail server run on different servers. A VSS backup of a single server will result in an inconsistent restore. In this case, only the backup with the SEP sesam dedicated online extension can guarantee consistent data.
What is the difference between a GroupWise backup with the SEP sesam online extension and one without the extension on an OES Server?
There are two ways to back up a Micro Focus (formerly Novell) GroupWise Server with SEP sesam. You can use the SEP sesam GroupWise extension or the administrator can perform a TSA based file-level backup of the GroupWise Server.
In general, the backup of a GroupWise Server is always performed via TSA interface, either via tsafsgw or tsafs (gw-enabled). There is no difference between the two backup options. The difference is in the management of the backup and restore jobs.
For details on SEP sesam backup in a Micro Focus (formerly Novell) NetWare/OES environment, see Backup principles using SEP sesam in a Micro Focus OES environment.
For file-based backup and restore, you will need qualified knowledge of the GroupWise environment and the management of GroupWise systems. With the SEP sesam GroupWise online extension, the backup and – more importantly – restore of GroupWise systems can be performed by an administrator without any knowledge of the GroupWise environment.
Backup with SEP sesam GroupWise extension
When a new backup job is being defined for a client, the SEP sesam extension automatically recognizes that GroupWise is running on the client and offers the administrator a GroupWise backup. The administrator does not need to know where the GroupWise data is stored or which files are to be backed up.
The backup is started as a GroupWise backup process and is clearly identified as such. The SEP sesam Server recognizes that this is a GroupWise backup and not a normal file backup. This makes management and problem location (in the event of a problem) much easier. Technically, it is only a file backup but the SEP sesam agent ensures that the right files are backed up from the right directories.
The scenario for a restore is similar. The SEP sesam GroupWise extension recognizes the backup (technically a file backup) and is aware that all the files belong together to a GroupWise system. The SEP agent then restores all the relevant files to the GroupWise restore area on the GroupWise Server. Based on the data in the GroupWise restore area, GroupWise can start a recovery process to restore the data (mail or mailboxes). The administrator does not need to know which files need to be restored or where they should be restored to.
Backup without SEP sesam GroupWise extension
Backing up a GroupWise system without the SEP sesam GroupWise extension is performed much like a regular file backup. GroupWise is shown as a regular NSS volume in the file system with its volume name. The administrator needs to know:
- which is the GroupWise volume
- which files within the volume need to be backed up
The backup process itself starts as a file backup process. For the restore, the administrator needs to know:
- which files need to be restored
- the location of the GroupWise restore directory
BACKUP CONFIGURATION
Note | |
When backing up the UNC paths, disable the option Backup with VSS. You can only specify one UNC path for each backup task. |
This example assumes that the SEP sesam Server or Client is installed on a Windows system. For a NetApp SMB share backup, see NetApp SMB (CIFS) Backup. If the following steps are not followed, the files and folders and especially their ACL permissions cannot be backed up. If the backup log contains the message "Windows error code 1314: A required privilege is not held by the client.", then either the service user's privileges for the network drive are not sufficient or there are restrictions on the target file system.
Services on Windows (and therefore the SEP sesam processes) usually run under the special SYSTEM account. This account has all local access rights, but due to security reasons no access rights for non-local or network drives.
To access the network drives (CIFS share), you have to adjust the following settings:
- For SEP sesam Client to which the backup task is assigned, the SEP sesam service should run under an administrator account with full read and write privileges for the network drive (services.msc -> SEP sesam -> Log On as administrator).
- Share the network drive without a requirement to log in. Check the access to the SMB (CIFS) share by opening the shared path on the SEP sesam Server in Windows Explorer. If the content of the share is displayed without a user and password request, the UNC path can be used as a source for the backup task.
To configure the UNC backup, in the SEP sesam GUI specify the source path using UNC notation, e.g.:
\\servername\sharename\filepath
or
//servername/sharename/filepath
You can also exclude a UNC directory in the Exclude list field. The excluded UNC path in this example is
//servername/sharename/subfolder1/subfolder2
- UNC path exclude syntax using / (slash) is:
//servername/sharename/subfolder1/subfolder2
. - UNC path exclude syntax with \ (backslash) is only supported if Regular expression has been selected:
\\servername\sharename\subfolder1\subfolder2
.
For more details, see also How to use CIFS share (NAS) as data store and how to back up data from CIFS share.
Testing with the command line
As described above, you have to run the SEP sesam service under an administrator account. In the command line, enter the following command for backup:
C:\Program Files\SEPsesam\bin\gui>sm_ssh -l system rmpc1(host name of the system) sbc -b -s @test.save -v 2 \\fileserver\pub\customers
For restore, enter:
C:\Program Files\SEPsesam\bin\gui>sm_ssh -l system rmpc1(hostname of the system) sbc -r -s @test.save -v 2 -R \\fileserver\pub\customers_restore
This saves the files from \pub\customers
to the file (saveset) test.save. In the second command the files are restored from the saveset test.save to the folder \pub\customers_restore
.
How can I configure a backup using another network or interface?
You must first establish an IP address for the new interface. The IP address is then entered to the properties table of the SEP sesam RDS in the SEP sesam GUI under Components -> Clients. Open the SEP sesam RDS properties and enter the IP address to the Interfaces field. For details, see Configuring Clients.
In the backup event properties, you have to select the IP name under the Parameter tab -> Interface. For example, the computer testme has a second interface module with the name testmeb. From Main Selection -> Scheduling -> Schedules -> double-click the backup event to open its properties and select testmeb in the Interface field.
How do I get backups to ignore archive bits and use creation/modification time?
Archive bits are used for full and copy backups.
To set the use of creation/modification time for full backups, go to the <SESAM_ROOT>/bin/sesam directory and call:
sm_db "INSERT INTO defaults (key,user_name,value) VALUES ('with_archive_bit','sesam','no');"
The full backups are executed without consideration of the archive bits.
Optionally, you can reset the archive bits of the backed up files by entering the following command in the backup task properties (Options tab -> Backup options field):
-o clear_archive
How do I set up a backup to disk?
SEP sesam uses a data store to back up data directly on one or several configured storage locations. The default data store type is Path, also available are SEP Si3 NG Deduplication Store and (depending on version) NetApp Snap Store, HPE StoreOnce and HPE Cloud Bank Store.
The data stores are easily configured. Note that the prerequisites differ depending on the selected data store type. For details, see Data Store Overview.
How do I perform a file backup of a Linux/Windows cluster?
To perform a file backup of a Linux/Windows cluster, proceed as follows:
- Depending on your operating system, install the SEP sesam Client on each physical node, as described in SEP sesam Quick Install Guide.
- Make sure that the DNS names of every node and every resource of the cluster are correctly resolved (forward and reverse DNS lookup). For details, see How to check DNS configuration.
- Add each physical node and each cluster resource as a client to the SEP sesam environment, as described in Configuring Clients.
- After the clients have been successfully configured, create separate backup tasks for each cluster resource in the SEP sesam GUI. During backup, the data is automatically transferred from the active node. For step-by-step procedure, see Standard Backup Procedure.
How do I include a large number of files/folders for backup?
If you want to include several directories or files in the backup (or exceed the character count limit of the Source field with the allowed length of 1024 characters), you can create a text file on the client on which the backup will be executed.
In this file, list all the paths that you want to include as backup source. Each file or directory that you want to include in backup must be specified on a separate line (one entry per line).
/lib
/usr/share /usr/bin/a2ps /srv/Dos6.22.img /var/opt/sesam/var/ini
Then enter the backup option -f <list_source> in the backup task properties -> tab Options -> Backup options field, for example:
-f C:/sesam/backup_file_list.txt
The SEP sesam Server reads this file during backup and stores the additional files and directories listed in the source directories.
Note | |
An include list, introduced by the -f option, behaves differently on different platforms. |
On Windows
The -f <list_source> option overrides the backup source specified in the backup task. For example, creating a backup task with source g:\x and specifying the SBC option -f C:/sesam/backup_file_list.txt
will back up only the data from the backup_file_list.txt while ignoring the directory g:\x, which was specified as the backup source.
On Linux:
Both, the source and the data from the backup_file_list.txt are considered for backup. At least one item must be entered in the Source field. It is therefore recommended that the specified <list_source> file is specified as the source in the Source field (to be included in the backup set, for example, etc/sesam/backup_file_list.txt) and entered again with a -f switch in the Backup options field: -f C:/sesam/backup_file_list.txt
.
Tip | |
On the Linux client, you can also use the exclude list as an include list by converting the exclude to an include filter using the + (plus) sign at the beginning of a pattern. For more information, see Advanced Backup and Restore Options. |
How can I exclude a directory from a backup?
You can permanently exclude a directory from all backups on the client by creating a special (nosbc) file in the directory itself, see Creating a special file nosbc to permanently exclude a directory.
This is just one of the options that SEP sesam provides for specifying exclusions. In the following list you will find different options for configuring exclusions:
- Setting up an Exclude list in the GUI.
- Creating a custom exclude list on the SEP sesam Client (SBC CLI) to exclude a larger number of files.
- Creating a special file nosbc in the directory itself to permanently mark the directory for exclusion.
- Using the SEP sesam configuration file sm.ini to exclude files from all backups on the client.
How can I specify a longer exclude list?
You can create a separate file with excludes when the number of files or directories to be excluded for backup exceeds the allowed length for exclusion (max. 1024 characters). Such a custom exclude list takes precedence over any exclude list specified in the GUI (the latter is ignored if both are specified).
The exclude list is a text file created on the client on which the backup will be executed. For details, see Create a custom exclude list.
Once you have created the exclude file, for example, exclude_list.txt, enter it in the backup task properties -> Options tab -> Backup options field as follows:
-X C:/sesam/exclude_list.txt
The syntax for the exclude entries is platform/ OS and for regex exclude also SEP sesam version dependent, see Exclude with Regular Expressions. For details on custom exclude lists on Linux, Windows or Micro Focus OES, see Create a custom exclude list.
How can I set the SBC so that the exclude list always uses the file pattern (?,*) instead of regular expressions?
Exclude by using regular expressions is the default setting. To use the file pattern (?,*) instead of regexp, you have to modify the configuration file <SESAM_VAR>/var/ini/sm.ini on the SEP sesam Client.
In the config file sm.ini, change the entry EXCLUDE_MATCH=REGEXP
to EXCLUDE_MATCH=PATTERN
.
Can I exclude specific VSS writers from a backup?
Yes. For step-by-step procedure, see Manually excluding a VSS writer from backup.
How do I exclude files and folders during TSA-based backup?
You can simply exclude files and folders in the SEP sesam GUI by using the Exclude list field when creating a backup task (or in its properties), see Exclude list in the GUI. If you want to exclude several directories or files in the backup task, it can happen that the character count limit of the field (max. 1024 characters) is exceeded. In this case, use a text file to create a custom exclude list. For details, see Create a custom exclude list.
Which mode should I use for TSAFS backup of OES Micro Focus file systems?
The TSAFS should generally be loaded in Linux mode. Netware mode and Dual mode are only intended for mixed environments (backup of native Netware servers) or for a Micro Focus (previously Novell) cluster in mixed mode.
- On cluster nodes of a pure Linux OES cluster, use the TSAFS ONLY in Linux mode.
- On a mixed cluster (OES Netware and OES Linux nodes), the TSAFS must be loaded in Netware or Dual mode. For the backup of the cluster volumes, the Netware Cluster filesystem target must be used.
How can I set or modify a retention time for backup
When configuring the SEP sesam environment, you set up media pools and define the retention time. The retention time period starts with the date a saveset is written to the media (at the end time of the first backup) and thus defines the expiration date of the saveset (saveset EOL). The EOL property can be managed for three object types: Saveset EOL (the expiration date for each saveset), Backup EOL (the expiration date for all data that belongs to the same backup), and Media EOL (the expiration date for tape media). If a saveset is part of a backup chain, its EOL follows the rules of dependency-based retention to retain the consistency of the backed up data and ensure successful restore.
However, you can check or modify the expiration date (EOL) manually by setting the exact expiration date. To do this, you can use the calendar function to extend or shorten the saveset/backup EOL under all media-related views, e.g., in the Media, Media Pools and Data Stores properties. You can also directly expire the saveset or backup by clicking the Expire -> Saveset EOL/Backup EOL button. You should only expire the saveset (individual EOL) or backup (EOL of the entire backup set) if you know what the Expire function does and are aware that expired savesets and backups are irrevocably lost! For details, see Changing Retention (EOL).
BACKUP ERRORS
How to deal with a failed backup
There are various causes why the backups fail, e.g., file-size issues, insufficient permissions, etc. When a backup fails check the day log and search for errors. Then identify the problem by following the basic troubleshooting procedure in the Troubleshooting Guide. After fixing the problem, restart your backup to ensure that all your data is properly protected.
Note | |
In case a backup fails, SEP sesam extends the EOL of the last successful backup to ensure it is not deleted. The failed backup will be deleted automatically after 3 days. If you want to keep any failed backup for a longer time, you may manually extend the backup EOL of a particular saveset. For details, see section Manually extending EOL. |
A client backup did not function properly. How can I determine where the problem is?
The following test commands should help you isolate the problem. You can run a test backup for the target client from a SEP sesam Server or Client without writing data to a tape drive or disk drive. Run the following commands in the directory <SESAM_ROOT>/bin/sesam/
.
Attention | |
The following commands produce a high network load. |
Backup server Unix, client Windows
sm_ctrlc -l system {client name} sbc -b -s - f:/test >/dev/null
Data from the F:/ directory on Windows is written over the network to the directory /dev/null
on Unix.
To display this, append -v 1 to the command above. Everything written to /dev/null
will be displayed.
sm_ctrlc -l system {client name} sbc -b -s - -v 1 f:/test >/dev/null
Backup server Unix, client Unix
sm_ctrlc -l root {client name} sbc -b -s - /usr >/dev/null
To display the read data:
sm_ctrlc -l root {client name} sbc -b -s - -v 1 /usr >/dev/null
Backup server Windows, client Unix
sm_ctrlc -l root {client name} sbc -b -s - /usr > NUL
With data logging backup:
sm_ctrlc -l root {client name} sbc -b -s - -v 1 /usr > NUL
If the test backup should run on the target backup client only, execute the following command:
In the Unix directory <sesam>/bin/sesam/
:
sbc -b -s - /usr >/dev/null
In the Windows directory <SESAM_ROOT>\bin\sesam\
:
sbc -b -s - f:/test > NUL
Enter -v 1 to display the backed up data.
Why do I receive the message: "Login incorrect. Password incorrect." during backup?
Check your name resolution (DNS or etc/hosts file). The SEP sesam Server and SEP sesam Client must be reachable with or without FQDN and should be able to resolve each other correctly, including the reverse lookup. In case you have changed an entry in your DNS configuration, but Windows still reports a wrong hostname/IP, try to run ipconfig /flushdns as administrator. If the resolution is correct, do the following:
- In the SEP sesam GUI, go to Main Selection -> Tasks -> By Clients, and select the client where the backup problem is.
- Open the properties of the backup, and click the tab Options.
- Insert -v 4 in the Backup options (previously Save options) field.
- Start the backup again. Then go to Main Selection -> Job State -> Backups, and double-click the backup to open its properties.
- Go to the Logging -> Day Log, and search for the line Login incorrect. Password incorrect., then correct the respective name resolution.
Note | |
To solve this problem you can also try using the http:// or https:// interface. |
What should I do when a client backup fails with a WIN32 API error: "1450 - Not enough system resources to execute the requested service"?
The backup of a client may end with the following error message in the backup log:
sbc-1148: Error: W2KSS Error: [WIN32 API error: 1450 - Not enough system resources to execute the requested service.
Cannot store registry key: [SOFTWARE]. RegSaveKey() call failed in BackupRegistry().].
This is caused by insufficient size of the registry/paged memory area. This problem affects SEP sesam as well as other backup tools, such as NTBackup. For the relevant approach for your Windows version, check a Microsoft article Backup program is unsuccessful when you back up a large system volume.
What does the warning "The system cannot find path. RegLoadKey()..." during System_State backup mean?
You may see the following output in NOT-Log:
C:\Program Files\SEPsesam\var\tmp\usr_wf_S-1-5-21-220523388-1123561945-839522115-1003]. 2010-04-13 02:04:20: sbc-2074: Warning: W2KSS Warning: [WIN32 API error: 3 - The system cannot find path. RegLoadKey() call failed for file: [C:\Documents and Settings\nn\ntuser.dat] in BackupUserProfiles().].
There are inconsistencies in the OS configuration. The reason is that a user profile has been deleted but the user account still exists. The System_State backup is looking for files corresponding to the user in the file system but the files no longer exist.
To resolve the problem, delete the user in question or restore the profile date in the file system.
Check the following in your registry to see whether it still includes references to user names which no longer exist:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
Why is the Powershell script not executed on a target machine?
By default, Microsoft installs Windows Powershell with the permission set to Restricted. This setting only allows the execution of commands in Powershell, but no scripts.
This can be changed with the following command in Powershell:
Set-ExecutionPolicy RemoteSigned
For details, see Changing the Windows PowerShell Script Execution Policy.
Why does a Microsoft Windows backup via VSS stop with "[CVssBaseObject::CreateVssBackupComponents] - Access denied"?
SEP sesam is not allowed to create a snapshot with the current user. Check the user running the SEP sesam daemon and make sure that the user has all permissions to access the volume(s).
What does "Stream data length bigger than buffer can accept. Input buffer length = [65536], Stream data size = (High part)[0] (Low part)[65564]" mean?
SEP sesam uses 64 kB to back up Windows ACL files and folders and one object exceeds this buffer. You can use the Windows command icacls to display the ACL of a file or folder. The output looks like this:
C:\>icacls "C:\Documents and Settings\LocalService\Local Settings\Temp" C:\Documents and Settings\LocalService\Local Settings\Temp NT AUTHORITY\LOCAL SERVICE:(I)(F) NT AUTHORITY\LOCAL SERVICE:(I)(OI)(CI)(IO)(F) NT AUTHORITY\SYSTEM:(I)(F) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F) BUILTIN\Administrators:(I)(F) BUILTIN\Administrators:(I)(OI)(CI)(IO)(F) Successfully processed 1 files; Failed processing 0 files
If you get several hundred or thousand lines, there is something wrong with the ACL. You should reset the permissions of the file's respective folder by using the command:
C:\>icacls "C:\Documents and Settings\LocalService\Local Settings\Temp" /reset
This command inherits the permissions of the parent object. You may have to adjust the permissions after running this command if manual settings have been applied for this object.
PERMISSIONS
Can users perform their own backup and restore?
Typically, users cannot back up their own computers, but it can be done by installing a SEP sesam Server license on the target client (the user's computer). This way, the user becomes the SEP sesam administrator of the respective client/server and can back up and restore the files on this computer.
Can the Master schedule be changed by a user?
Essentially, no. The most efficient method of handling this is for the user to convey his needs to the system administrator. Upon initial installation, the backup periods are established and entered into the Master GUI. This would be an appropriate time to have input from the users when any special backup and restore commands are required and have them administered centrally. If necessary, a SEP sesam Server license can be added.
The sesam Master GUI can be installed on the client but this would give the client/user all privileges. Another solution that requires greater overheads (more work on the part of the administrator) is to install a GUI with restricted privileges.
How do I get access to SEP sesam Server?
SEP sesam uses the authentication module to grant and restrict access to SEP sesam Server. You can connect to SEP sesam Server only if you are granted appropriate user permissions. Your user rights depend on the specified user type (admin, operator or restore). For details on how to configure authentication, see About Authentication and Authorization.
ENCRYPTION & COMPRESSION
What encryption types are available with SEP sesam?
SEP sesam provides data encryption types on different levels: backup-task encryption for savesets (set in the backup task), Si3 encryption for Si3 deduplication store, and hardware-based LTO encryption for LTO tape drives (generation 4 and higher), which is done on a media pool level. For every encryption you must create and store an encryption key.
How to encrypt an Si3 deduplication store?
You can encrypt an Si3 deduplication store by setting the deduplication security password directly in the drive properties for the first drive. For details, see Encrypting Si3 Deduplication Store.
When encryption is selected before transferring data to the server, does SEP sesam perform compression before encrypting the data?
Data encrypted by the system and transferred to the server will be compressed if stored to tape using the manufacturer's compression algorithms.
Where is the encryption key stored?
The encryption key is stored in the SEP sesam database. If the encryption key is changed, the subsequent task will be executed with the new key and the new key will be stored in the SEP sesam database.
A restore uses the stored encryption key.
How to set compression?
Compression for backup to virtual tape media
To activate compression for backing up to a Path data store, modify the file sms.ini
under /var/opt/sesam/var/ini/
on the system where the data store is configured (SEP sesam Server or RDS). Locate the section [SMS_Server] and enter the following key:
Compresslevel=1
Save your changes and restart the SEP sesam Server or RDS for the changes to take effect.
Note that Si3 deduplication store always uses compression for the deduplicated data.
Compression on tape drives
Compression is done by the drive itself. Use the SEP sesam tool slu to check whether compression is activated or deactivated.
- Display a list of attached SCSI devices. slu topology is a SEP sesam SCSI loader utility that provides information about the loaders and drives connected to the system and their relation. To be able to run the SEP sesam commands globally, you must first set up a profile as described in FAQ: What happens when I set a profile?
- Check the tape drive settings:
- Activate compression:
Then run slu topology to list all attached SCSI devices as follows:
<SESAM_BIN>/sesam/slu topology
For details on the output, see Using slu topology for detecting devices.
[root@sinus sesam]# ./slu 0020 -s Tape Info Read Attribute not supported internal_status_byte= 0x0 buffered_mode= 1 block_length= 0 (variable) media_type= unknown (0) write_protect= 0 density_code= 44 compression= 1 STATUS= SUCCESS MSG= "OK"
If compression is set to 1, drive compression is active. Setting the compression can also be done with slu or alternatively with the Linux tool mt.
[root@sinus sesam]# slu 0020 -c 1 DCE= 1 DATA COMPRESSION ENABLE:1 TRY MODE SELECT (6) SET COMPRESSION DCE compression= 1 DONE MODE SELECT (6) SET COMPRESSION DCE STATUS= SUCCESS MSG= "OK"
On Windows systems, check if the compression is enabled in the Device Options. When performing a check, make sure that the tape is in the drive.
RESTORE
Is it possible to restore only single files if the SEP sesam listing file is no longer available?
Yes. In order to do this, enter the file patterns into the restore wizard. Follow Standard Restore Procedure and select the desired saveset and then the option Complete restore.
In the Target Settings dialog, click the Expert Options button to open the Expert Options window. Click the Filter tab and enter the file patterns. Separate each entered pattern with a space. Only files which fit into specified pattern will be restored. All others are ignored.
Examples:
/*.xls restores all files with the ending .xls /*/X11/XF86* restores all files from the directory /X11 which start with XF86 /*.ini /*.conf restores all files which end on .ini or .conf
Note | |
You must use the slash (/) when writing the pattern. |
How do I restore all the data from tape media without the SEP sesam DB?
To restore data without a current license from SEP sesam, follow the restore procedure described below (SESAM DB restore):
- Go to the <SESAM_ROOT>/bin/sesam directory and run the program sm_recover. In the first response, all known devices currently active on the system will be displayed. You can choose one of these drives.
- By entering 2, sm_recover will look for the desired data on the physical tape drive. You have to answer the following question with yes (y) if no other backups or restores are active:
- Restoring the data while SEP sesam is active may cause conflicts due to concurrently running tasks on the drive. If you are sure that there are no activities scheduled during recovery, you do not need to block SEP sesam. Blocking SEP sesam during recovery prevents the execution of backup activities scheduled for the other devices.
- Confirm by typing y (yes).
- The following question should be answered with no (n) unless you wish the data search to continue with a desired filter.
- You may now choose the desired savesets. By entering the saveset number, you can insert further instructions to restore the data. After finishing, restart all SEP sesam services.
azurix:~ # sm_recover num device name typ 1 disk1 Drive-1 DISK_HARD 2 /dev/nst0 Drive-2 DLT Enter drive number, (r) to repeat list, (q) to quit
Analyse media: restore data or listings of savesets
Do you want to block SEP sesam ? (y|n] >
wait until SEPuler - the timecontrol of SEP sesam - finishes its current work ... SEPuler is blocked ...
Do you wish to enter label, saveset-name and segment-number directly (no searching on media) (y/n) > n
You will be notified that the tape is rewinding.
The tape will now rewind and scanned to the end EOT...
How do I restore all the data from a disk/data store media without the SEP sesam DB?
Depending on your operating system, proceed as follows:
On Windows:
sbc.exe -r -S $SERVER_HOSTAME -s @SF.....data -v 1 -R c:\target\
On Linux:
sbc -r -S $SERVER_HOSTAME -s @SF.....data -v 1 -R /target/
How can I restore a backup that has errors? The backup log file reported that the backup was partially successful.
If a backup has failed but some or most of the data was backed up, you can update the SEP sesam database manually to show the backup in the restore wizard.
First, the saveset ID is required. You can find it in the SEP sesam GUI under Main Selection -> Job State -> Backups -> double-click a failed backup (State Error) to open its properties -> check the saveset ID in the first field (Saveset).
Proceed as follows:
- Set a SEP sesam profile.
- Modify the entry in the DB.
- Proceed as follows using the command line:
sm_db "update results set state= '1',blocks= 1 where saveset= 'SC20060101121314'"
Afterwards, the saveset for this backup should be shown in green on the status display and appear in the GUI restore wizard. Nevertheless, you should still verify whether the data was backed up successfully.
Why don't the data lists appear in the restore wizard?
If the data lists don't appear in the restore wizard, verify whether the CTRLD switch permission is set to <on>, and if not, activate it.
How do I avoid the problem "553 RETR Failed. Data Synchronization lost - Restore terminating"?
Linux/UNIX data is stored in cpio saveset which is checked during the restore to ensure that the cpio format is correct. If a format error is detected, the restore is aborted and ends with
'BSA Call BSAEndData (closing saveset) failed: System detected error, operation aborted. TRANSIENT or PERMANENT NEGATIVE reply: 553 RETR Failed. Data Synchronization lost - Restore terminating'
The following settings allow you to avoid a premature termination of the restore.
Avoid the current restore task
You can use the sbc option '-F none' by using GUI or web Restore assistant.
- Enter this option in the GUI restore wizard (Target Settings dialog -> Expert Options -> Options tab -> Restore options). For details, see GUI Expert options.
- Use the web Restore Assistant (Advanced restore options -> Options for restore). For details, see Restore Assistant.
Avoid all further cpio restores on the RDS
Set the SEP sesam GLBV restore_no_abort at the RDS with 'sm_glbv w restore_no_abort yes'
. If the suspicious (non-cpio) bytes lead to further problems, they can be skipped with 'sm_glbv w restore_no_junk yes'
.
Can I use path relocation of a TSA backed up volume/directory when restoring the data?
Path relocation can be specified in the Expert Options window in the GUI restore wizard:
- Follow Standard Restore Procedure and in the Target Settings dialog, click the Expert Options button to open the Expert Options window.
- Switch to the Relocation tab and select With relocation. Then specify a new target location for the restored files. For details, see Expert options.
Is it possible to restore savesets online with SEP sesam?
You can restore savesets online using SEP sesam web interface Restore assistant. It enables you to restore data from regular Path backups, NDMP and NSS file system Path backups, emails from Kopano backups, and virtual machines (Hyper-V, KVM/QEMU, Open Nebula, etc.) to which you have been granted access. As of version 5.1.0 Apollon, restoring all backup types, except Exchange, is supported.
Note that the Restore assistant cannot currently be used to schedule restores, as this feature is only supported in GUI mode. For details, see Restore Assistant.
Is it possible to restore flat files/directories from multiple locations when restoring a TSA backed up file?
This functionality is not possible with TSA backups/restores. When restoring TSA backups, you should select Original tree structure in the GUI restore wizard, regardless of whether a Restore to original target path or a New restore target option is selected.
MIGRATION
Can I execute pre or post actions for migration tasks in SEP sesam?
Yes, SEP sesam supports pre and post actions for migration. You can configure custom scripts in separate files for pre and/or post actions and place these files in the <SESAM_ROOT>/bin/sesam
directory:
- on Linux: sm_copy_pre and sm_copy_post
- on Windows: sm_copy_pre.bat and sm_copy_post.bat
When a migration task is initiated or completed, the directory is checked. If one or both of these files exist, they will be executed accordingly before and/or after the migration.
STORAGE, DEVICES & MEDIA MANAGEMENT
How do I use NAS/CIFS (QNAP, Synology ...) storage as backup target?
The below prerequisites must be met to use a NAS or a CIFS share as a backup storage. Depending on whether your SEP sesam Server or SEP sesam Remote Device Server (RDS) is Windows or Linux based, proceed as follows:
- To avoid double network traffic, connect the storage via an additional network card to the SEP sesam Server or RDS.
- If your SEP sesam Server or RDS is a Windows system, proceed as follows:
- Create a valid user in your AD/LDAP with administrative rights. For details, see Configuring LDAP/AD Authentication.
- Add this new user to your storage (NAS/CIFS) with full access to the storage part for SEP sesam.
- Adjust the SEP sesam system service and specify it to run under your newly created user account.
- Restart the service.
- Create a data store with a path, such as \\192.168.x.x\sepsesam.
- If your SEP sesam Server or RDS is a Linux system, create a permanent mount point to the server and use this mount point as a backup target for your data store.
How do I set up automatic archive adjustment?
You can set up automatic archive adjustment by creating a media event in the SEP sesam GUI.
By creating a special media event for archive adjustment, you can schedule it to run automatically at specific intervals or set up an archive adjustment template that allows you to start it interactively. Note that media events can be associated only with schedules that do not have any backup events configured.
- In the Main Selection -> Scheduling -> Schedules select a schedule without any backup events. Alternatively, click New Schedule and create a new schedule. For details, see Creating a Schedule.
- Right-click the selected schedule and then click New Media Event. Under Media action select Archive adjustment, and configure the parameters as required.
For more information and instructions, refer to Setting up Archive Adjustment.
Does SEP sesam support removable or USB media for backup?
There is limited support for removable disk media, including USB drives. For their configuration, see Configuring Removable Media.
How can I determine whether a tape is a SEP sesam tape or not?
You can check a tape label by using the SEP sesam GUI or a command line.
To check a tape label in the GUI, place the tape into a drive. Then select the drive in the GUI under Components -> Drives and execute the Identify label drive action. For details, see Checking and Labeling Tape Media. If the label is found, it will be displayed under the drive in the Current messages display.
Alternatively, go to the command line, switch to the directory <SESAM_ROOT>/bin/sms and execute the following depending on your operating system:
On Unix
./sm_sms_interface getlabel -d /dev/nst0
On Windows
sm_sms_interface getlabel -d Tape0
Tip | |
The necessary device (switch -d) can be found in GUI under Components -> Drives. |
How can I manually write a label on a tape (e.g. to overwrite an existing label without performing a check of the SEP sesam database)?
Go to the command line, switch to the <SESAM_ROOT>/bin/sms directory and execute the following depending on your operating system:
On Unix
./sm_sms_interface init -d /dev/nst0 -t testpool00001:1
On Windows
sm_sms_interface init -d Tape0 -t testpool00001:1
Warning | |
The tape will be overwritten without warning! |
The media label consists of three parts:
- Name of the pool (in the above example, the name is testpool).
- The tape ID, a 5-digit number.
- A number after the colon (':') that complies with the preceding number.
How do I automatically remove a tape after a backup is finished?
The best way of removing a tape after the backup is by using the sm_notify interface.
The standard unload command is:
sm_drive dismount 2 unload
This command refers to the selected drive, in this case drive 2.
Where do I install the cleaning tape?
When specifying Archive adjustment, the cleaning tape will automatically be loaded in sequence and an unwanted cleaning operation may be initiated. To prevent the cleaning operation from initiating, select the last (highest numbered) slot for the cleaning tape and reduce the number of slots by one (1).
Cleaning may take place by manually entering the cleaning tape or by following the manufacturer's instructions.
Why does SEP sesam lock tapes that were not involved in a backup?
This is related to full (FULL)->differential (DIFF) or FULL->incremental (INCR)->INCR->INCR-> ... backups.
The following example explains this problem:
- FULL -> requires three tapes (backup00001, backup00002, backup00003)
- INCR -> requires one tape (backup00004)
- INCR -> requires one tape (backup00005)
- INCR -> requires one tape (backup00006)
The first backup merely changes the EOL (end of lifetime) for the three tapes (backup00001 to backup00003), the second backup changes the EOL for the first four tapes (backup00001 to backup00004) and the third backup changes the EOL for the first five tapes (backup00001 to backup00005), and so on. For details on EOL, see Managing EOL.
If the next full backup fails, the succeeding incremental backup will use the chain from the last successful backup(s) and so the chain expands. This is necessary for a generation restore because an incremental backup includes only the changes from the last backup, regardless of whether it was a full, differential or incremental backup. All tapes are needed to perform a successful restore.
With a differential rather than an incremental backup, SEP sesam locks the tapes from full backup and the tapes that were used by the differential backup.
How do I get information on the oldest tape in a pool before the backup starts?
It is sometimes very useful to know which will be the next free medium in a media pool before a backup starts. To get this information, enter the following command:
sm_arch_getoldest 1 full-disk
The command shows the next free medium of pool full-disk in drive 1.
How do I check the consistency of a data store?
The following command allows you to check the consistency of a data store:
sm_data_store check_db -L {datastore} | -d {drive_num}
Example 1
The example shows a data store check that detects 2 savesets with the wrong data file size (sizes smaller than stored in the SEP sesam database). The state of both backup operations is either a fail ('X') or broken data transfer ('3') and the result status is therefore 'SUCCESS'.
#>sm_data_store check_db -L DATA_STORE2 2019-08-28 14:39:59: $Id: sm_data_store.py,v 1.105 2013/08/18 18:06:36 sesam Exp $ 2019-08-28 14:39:59: Arguments: sm_data_store check_db -L DATA_STORE2 2019-08-28 14:39:59: $Id: sm_data_store.py,v 1.105 2013/08/18 18:06:36 sesam Exp $ Sesam Id: None 2019-08-28 14:39:59: Arguments: sm_data_store check_db -L DATA_STORE2 2019-08-28 14:39:59: DB: select * from data_stores where name= 'DATA_STORE2' 2019-08-28 14:39:59: DB: select * from hw_drives where data_store= 'DATA_STORE2' order by drive_num 2019-08-28 14:39:59: DB: select results.saveset,fdi_type,state,task,sesam_date,cnt,media_pool,results.uuid,data_size from results,result_lbls where results.saveset= result_lbls.saveset and results.saveset in (select saveset from result_lbls where label in (select label from media where location= 'DATA_STORE2')) and results.data_size>0 and results.state not in ('a','q') order by start_time 2019-08-28 14:39:59: DB: select results.saveset,fdi_type,state,task,sesam_date,cnt,media_pool,results.uuid,data_size from results,result_lbls where results.saveset= result_lbls.saveset and results.saveset in (select saveset from result_lbls where label in (select label from media where location= 'DATA_STORE2')) and results.data_size= 0 and results.state not in ('a','q') order by start_time 2019-08-28 14:39:59: DB: select label,pool from media where location= 'DATA_STORE2' 2019-08-28 14:39:59: Looking for savesets: sm_client dir "G:/DATA_STORE2/DATA_STORE2/DataStore1/DataStore100002" 2019-08-28 14:40:00: Looking for savesets: sm_client dir "G:/DATA_STORE2/DATA_STORE2/I_DS_POOL/I_DS_POOL00001" 2019-08-28 14:40:00: ================================================================================== 2019-08-28 14:40:00: Savesets in Sesam DB: 187. 2019-08-28 14:40:00: Saveset files found: 187. 2019-08-28 14:40:00: Saveset in DB and on FS: 187. 2019-08-28 14:40:00: Savesets not found on disk: 0. 2019-08-28 14:40:00: Saveset files not in DB: 0. 2019-08-28 14:40:00: -------------- List of savesets with wrong data file size ------------------------ 2019-08-28 14:40:00: 3 SF20190826212205682@gp_o1hNIc8g miraculix_dev 2019-08-26 00:00:00 4430717952 > 4430686656 2019-08-28 14:40:00: X SC20190825083202946@iW9ZD7vcSw2 SESAM_BACKUP 2019-08-21 00:00:00 1323736064 > 1323385536 2019-08-28 14:40:00: -------------------- List of savesets without data file -------------------------- 2019-08-28 14:40:00: -------------------- List of files without DB entry ------------------------------ 2019-08-28 14:40:00: -------------------- List of files without data file ----------------------------- STATUS= SUCCESS MSG= OK
Example 2
A data store check that detects a saveset with the wrong data file size and with a successful backup state ('0'). The result status shows 'ERROR'.
G:\DATA_STORE2\DATA_STORE2\DataStore1\DataStore100002>sm_data_store check_db -L DATA_STORE2 2019-08-28 15:03:05: $Id: sm_data_store.py,v 1.105 2013/08/18 18:06:36 sesam Exp $ 2019-08-28 15:03:05: Arguments: sm_data_store check_db -L DATA_STORE2 ... 2019-08-28 15:03:06: Looking for savesets: sm_client dir "G:/DATA_STORE2/DATA_STORE2/DataStore1/DataStore100002" 2019-08-28 15:03:06: Looking for savesets: sm_client dir "G:/DATA_STORE2/DATA_STORE2/I_DS_POOL/I_DS_POOL00001" 2019-08-28 15:03:06: ================================================================================== 2019-08-28 15:03:06: Savesets in Sesam DB: 188. 2019-08-28 15:03:06: Saveset files found: 188. 2019-08-28 15:03:06: Saveset in DB and on FS: 188. 2019-08-28 15:03:06: Savesets not found on disk: 0. 2019-08-28 15:03:06: Saveset files not in DB: 0. 2019-08-28 15:03:06: -------------- List of savesets with wrong data file size ------------------------ 2019-08-28 15:03:06: 0! SI20190826150006895@ch-Gdm3Id_6 miraculix_dev 2019-08-26 00:00:00 106962944 > 1274932 2019-08-28 15:03:06: -------------------- List of savesets without data file -------------------------- 2019-08-28 15:03:06: -------------------- List of files without DB entry ------------------------------ 2019-08-28 15:03:06: -------------------- List of files without data file ----------------------------- 2019-08-28 15:03:06: ERROR: File size does not match: 1. STATUS= ERROR MSG= ERROR: File size does not match: 1.
In this case, the saveset is corrupted. You have to determine the reason for the corrupted saveset (disk IO problem, file system with limited file size, etc.). To avoid the corrupted saveset from being used, its result state must be changed to broken data transfer ('3').
sm_db "update results set state= '3', msg= 'corrupt saveset (size)' where saveset= 'SI20190826150006895@ch-Gdm3Id_6'"
If the data is still available on the backup source, a corresponding backup must be restarted.
Why is my single tape drive not in the list of devices when I try to initialize it?
First, inspect the device manually via OS options (for example Device Manager on Windows) to see if the tape drive is displayed. You can also check this by entering slu topology in the command line prompt, see Using slu topology for detecting devices.
If the device is not listed, the driver is not installed correctly. Look for the appropriate driver at the manufacturer's site or elsewhere on the internet, download it to your computer and run the program to install the driver. The media pool should now show the Tape (0). Finally, initialize the tapes. For details, see Media Strategy.
Why do I get the error message skipping blocks when I try to perform a SEP sesam backup with an Exabyte VXA172?
Some manufacturers often require a different driver for each tape model they manufacture. In this case, the VXA tape you initialized is not recognized by SEP sesam in the Exabyte tape drive. To fix this problem, go to the drive properties in the GUI (double-click the drive) and change the drive type from VXA to EXA.
Why does SEP sesam not write to my LTO drive on my x86 system?
The OS enables PAE (Physical Address Extension) automatically on x86 systems if more than 3.25 GB RAM are in use. With PAE, the OS cannot write more than 32 KB to a tape drive whereas SEP sesam needs 64 KB for LTO. The most efficient solution is to switch to an x64 OS. Decreasing the RAM to a maximum of 3.25 GB should also solve the problem.
SEP IMMUTABLE STORAGE - SiS
Can I convert an existing Si3-NG store into an SiS or do I need to set it up from scratch?
Yes, an existing Si3-NG store can be converted into an SiS (Si3 store). The process requires a few adjustments to the sesam database and typically takes about one hour to complete. Contact SEP Support and we will assist you with the conversion. Please note that this is a paid service.
Note | |
For secure conversion, the Si3-NG store must be located on a separate physical RDS having internal storage. For details see requirements for immutable storage. |
Can I create and use more than one SiS on one RDS?
No, this is a very complex scenario. It is not supported nor planned in the foreseeable future.
Can I configure SiS on an Ubuntu server?
No, currently only SLES, RHEL, and Debian are supported. For details on supported systems and requirements see requirements for setting up the SiS Linux server.
On Windows, you can use Blocky4sesam module to configure immutable storage. For more information see Blocky4sesam Configuration.
Can I connect a tape library to SiS?
No, this is technically not possible due to the available interfaces. Connecting a tape library would compromise the security of the entire system.
How should I update the SiS server?
Updates should always be performed locally on the server using external storage devices, such as a USB drive. For security considerations see also Ransomware Protection Best Practices.
Can I specify different lock times?
No, this is not technically possible. However, due to data deduplication, which eliminates redundant data and optimizes storage requirements, you can use the longest lock time without significant drawbacks.
Can I delete data from SiS, for instance when an employee leaves the company?
No, this cannot be done through SEP sesam GUI. To delete data, direct access to the Remote Device Server (RDS), where the SiS is hosted, is required via terminal. In such cases, you can contact SEP Support for assistance. Please note that this is a paid service.
Can I replicate data out of the SiS?
No. It's possible to replicate data in and read it out (for restore or migration), but the process of replicating data out of the SiS is not supported. This is due to technical limitations, as it requires additional ports and processes that cannot be enabled on the SiS server for security reasons. For more information see also SEP Si3 Replication.
Does source-side deduplication work in an SiS?
No, source-side deduplication doesn’t work in an SiS. This is due to technical limitations, as it requires additional ports and processes that cannot be enabled on the SiS server for security reasons. For more information see also Source-side Deduplication.
NOTIFICATIONS & LOGGING
What does the notification "Disk space for listings and logging below critical threshold" mean?
In the Newday event, SEP sesam Server checks the free disk space on the partition where the log files and listings are stored.
<SESAM_ROOT>\var\log <SESAM_ROOT>\var\lis
If free space falls below the critical threshold value, the server sends an email notification and the SEP sesam Server is shut down.
In SEP sesam version ≥ 5.1.0.14 Apollon V2, the threshold value for managing free disk space is now defined using system settings, which can be accessed and modified in Web UI ( navigation menu -> System Configuration -> System Settings).
To control the SEP sesam server's behavior when free disk space falls below a critical threshold, two key variables are used:
- gv_conf_minfree_var: This variable determines the critical space threshold. The default setting is 5000 (measured in MB).
- gv_conf_shutdown_minfree: This variable defines whether the SEP sesam Server is shut down when the free disk space falls below the critical threshold. The default setting is 1, indicating that the server will shut down.
In SEP sesam versions preceding 5.1.0 Apollon V2, the threshold value was specified in the <SESAM_ROOT>\var\ini\sm.ini
file under the [Params] section. The parameter gv_min_free was used to define the threshold, with a default value of 5000 MB.
[Params] gv_min_free= 5000
Attention | |
If there is no more disk space available on the partition, the server cannot write additional logs and listings. This can result in critical errors and lead to data loss. This error should be addressed at the earliest possible opportunity. |
How do I set a higher logging level?
You can increase the logging level for specific backup or restore task in the GUI: Main selection -> Tasks -> By Clients -> double-click the backup or restore task to open the Properties. There you can adjust the logging level in the field 'Backup options' with -v <LOGLEVEL>. For details, see Setting Log Level. You can also set the logging level globally for SEP sesam kernel modules, as described in Setting log level globally for SEP sesam kernel modules in debug.ini. Note that running SEP sesam with a higher logging level than default (0 for backup and restore) increases the amount of information being logged and may negatively affect the performance of SEP sesam. For details, see Setting Log Level.
Is it possible to generate audit logs?
It is possible to use the sm_gui_server_requests.log as a source for audit logs by generating a more readable version of the log file with evidence of each action that was triggered by a user. Audit trail records may contain the following details:
- date and time
- API request for the executed action
- user associated with the activity
- user IP address
The below example shows that the restore task was deleted by the user Administrator.
2021-02-03 10:55:08,592 - [GET] /sep/api/restoreTasks/rs_task01/forceRemove [User: Administrator, IP: 192.168.21.12:59111]
For detailed procedure, see Audit Logging.
Why do the request status or daily protocol (log files) return "Host SEP sesam is not allowed to connect or security problem for user"?
Typically, there is an issue with client's access privileges:
scd-1136: Error: Host [{SEPsesam}] is not allowed to connect or security problem for user: [{user}].
There is a problem with the RMI GUI Server on the SEP sesam Server. The system requires CTRL or SMSSH privileges to complete the SEP sesam commands. On the backup client add permission for the SEP sesam Server so the server is allowed to connect to the client.
Execute the following command on the client:
sm_setup set_client <SEP sesam Server hostname>
For example, if the SEP sesam Server hostname is backup01:
- On Microsoft Windows, in the directory C:\Program Files\SEPsesam\bin\sesam, specify:
sm_setup set_client backup01
- On Linux, enter:
/opt/sesam/bin/sesam/sm_setup set_client backup01
How can I create a LOG archive?
The LOG archive for backups, restores and migrations can be created very easily using the GUI or the Web UI.
In the Web UI:
- In the navigation menu click Monitoring and then click the title of the context page (for example, Backups).
- In the list of results find the required entry and click the button for available actions (3 vertical dots) to open a context menu. Select option ZIP Archive with all logs. The ZIP archive is saved to the default download folder.
In the GUI:
- Go to Main Selection - > Job Status - > click the desired <ACTION>: Backups, Restores or Migrations and Replications.
- In the list of tasks, right-click the desired task to open the context menu, and then click the last menu item Download archive with all LOG files.
- Select a directory where the LOG archive will be saved.
Note | |
This archive contains the most important logs that can be used by SEP support to perform an initial analysis of the problem. Among others, these include the NOT and BCK logs, the daily log and, in the case of backups, the LIS file.
Please attach this LOG archive to the support ticket. In case of migration, create the archive once from the 'parent process' of the migration and also for the actual migration 'child process', i.e. attach both archives to the support ticket. |
MONITORING & REPORTING
How can I monitor SEP sesam environment?
You can monitor your SEP sesam environment through Web UI or by using SEP sesam GUI. Note that all monitoring functionality accessible in the SEP sesam GUI is also accessible in Web UI with the advantages of being user-friendly and visually attractive, providing immediate access to the Web UI from mobile browsers and being easily available to anyone you authorize. For details, see Monitoring SEP sesam environment.
How can I access the SEP sesam Web UI and SEP sesam dashboard?
When running the SEP sesam GUI as an administrator, the Web UI landing page opens by default with link to the Web UI (and links to documentation, etc). You can also access the online dashboard from the GUI by clicking the first icon – dashboard – in the toolbar or by selecting Dashboard in Main Selection -> Monitoring. Or you can simply type the following information in the browser address bar: http://[servername]:11401/sep/ui or https://[servername]:11401/sep/ui. For details, see SEP sesam Web UI.
Can special reports be generated for backups, backup time, performed restores, etc.?
SEP sesam reports provide various information on your SEP sesam environment. By using reports in the SEP sesam GUI or Web UI, you check the details of all events, get an overview of all active jobs, next events and different states, e.g., data store status, backups, migrations, etc. You can configure SEP sesam to send these reports and log files in the form of email notifications. For details, see SEP sesam reports.
Additionally, you can create your own scripts for the execution of both pre- and post-operations using the commands execute_pre or execute_post. For details, see Using Pre and Post Scripts and Interaces.
How can I be notified about SEP sesam operations?
SEP sesam can be configured to automatically send the log files (daily protocol, events and errors) to the specified email account. This feature is based on interface scripts that have to be activated via GUI or manually by copying the templates. SEP sesam interfaces require a configured email account to be able to send the selected notifications via email. For step-by-step procedure, see How to Configure Mail Notification.
You can also check notifications in Web UI and in SEP sesam GUI in the upper right corner by clicking the flag. Notifications inform you about license violations, unconfigured interfaces, etc., and contain other important information, such as the announcement of a new release or the notification of the error. For more details, see Notification Center.