i5os v6r1 brms ppt
DESCRIPTION
brmsTRANSCRIPT
© 2008 IBM Corporation
IBM Power Systems and Business Systems
i5/OS V6R1 BRMS
COMMON
March 19, 2008
IBM Power Systems
© 2008 IBM Corporation
BRMS V6R1IBM Systems Director Navigator for i5/OS Interface
BRMS and Data Encryption
Miscellaneous BRMS Enhancements
IBM Power Systems
© 2008 IBM Corporation
Graphical User Interface Enhancements for BRMSBrowser support via IBM Systems Director Navigator for i5/OS
IBM Power Systems
© 2008 IBM Corporation
Externalize BRMS Media Policy Media Policy access possible using both available graphical interfaces
IBM Power Systems
© 2008 IBM Corporation
Externalize Media Policy DetailManage BRMS Media Policies using both available GUI’s
IBM Power Systems
© 2008 IBM Corporation
BRMS Software Encryption-1Fully implemented only under BRMS – Advanced (5761BR1 – Option 2)
Use the Cryptographic Services Key Management in GUI– Create key store file Q1AKEYFILE in QUSRBRM with a unique file label
IBM Power Systems
© 2008 IBM Corporation
Notes:BRMS now provides you with the ability to encrypt your data to a tape device This encryption solution is hardware independent, meaning no need for any encryption deviceTo use the encryption function, you need to have the BRMS Advanced feature (5761-BR1 Option 2) and Cryptographic Service Provider (5761-SS1 Option 35) installed on the operating system.
Note: i5/OS supports Library Managed Encryption (LME), sometimes also referred to as Transparent Encryption. With LME, the encrypting tape (LTO 4 or 3592 E05) must be in a library such as the 3584, 3577, 3576 or 3573 for encryption to be available. The library and drive work together with the required Encryption Key Manager (EKM) component that is available on the hardware to provide data encryption without any host involvement. Essentially neither i5/OS nor BRMS is aware of encryption/decryption being performend.
This is the best performing solution compared to software encryption (i5/OS and BRMS) on System i, because there is no CPU utilization consumed by this hardware solution. However, feedback from small to medium sized customers indicates the hardware encryption solution is currently cost prohibitive. Thus, V6R1 provides a software-based encryption support for backup under BRMS.
If you have the appropriate master key in the i5/OS directory structure as described in this presentation in your i5/OS partition’s keystore file Q1AKEYFILE in library QUSRBRMS, the basic i5/OS restore commands detect the encryption information on the tape media being restored. Assuming no other object incompatibility or security constraints the restore will complete successfully.
That is, V6R1 BRMS Option 2 and proper creation of the master key are required to encrypt the backup data. Either BRMS or basic i5/OS Restore commands can restore the data.
See the Security presentation for more general information on encryption and coverage of creation and management of the required master key that BRMS uses.
IBM Power Systems
© 2008 IBM Corporation
BRMS Software Encryption-2BRMS enabled encryption will be supported for:
– Any tape library – Standalone tape drive– Virtual Tape– Media Duplication
What cannot be encrypted– Operating System – Save Files – Tape labels
How to Encrypt BRMS Media– Valid Keystore file Q1AKEYFILE in QUSRBRM– Media Policy : Encrypt data (*yes) and refer to key
Performance Considerations– Next Foils
IBM Power Systems
© 2008 IBM Corporation
Encryption and Performance Save / Restore
Ultrium 3
36 x 70GB 15Krpm
Main Storage 40GB
IBM Power Systems
© 2008 IBM Corporation
Encryption and Performance CPU Utilization
Ultrium 3
36 x 70GB 15Krpm
Main Storage 40GB
IBM Power Systems
© 2008 IBM Corporation
FlashCopy SupportSupport through the Initialize (INZBRM) command
– Option (*FLASHCOPY)
Initialize command must run before FlashCopy is performed– Make BRMS aware of copy function
No BRMS activity allowed on production system/partition– As long as BRMS is in FlashCopy state
For detailed information and setup guidance– Networking Chapter of BRMS manual SC41-5345-06
IBM Power Systems
© 2008 IBM Corporation
Start Virtual IP Address (VIPA) in Restricted State
IBM Power Systems
© 2008 IBM Corporation
DVD/Optical Library Support
Optical and Virtual Optical– Support in all Device and Media commands
IBM Power Systems
© 2008 IBM Corporation
Multiple Job Common Synchronization PointSave while Active (*YES) in the Backup Control Group Entry
– New values *SYNCLIB, *SYNC, or *NWSSYNC invoke an additional entry– Synchronization Identifier (SYNC ID)– SYNC ID can be a 8 character name
Maximum 32 Save while Active BRMS jobs can use the same SYNC ID– All jobs need to start within the ‘Start Save Wait Time’ timeframe
New command Monitor Save while Active BRM (MONSWABRM)– Manage the Multiple Job Common Synchronization Point activity
– Number of Operations value needs to be correct
IBM Power Systems
© 2008 IBM Corporation
Logical/Physical file dependency handling by BRMS
STRRCYBRM OPTION (*ALLUSR) or STRRCYBRM OPTION(*CTLGRP)– BRMS will use a predefined value “Q1ARSTID” for the parameter DFRID– Using this parameter value BRMS will automatically handle data
dependencies– All objects in a set of libraries will be restored, even when the libraries with
dependent objects are restored before the libraries with the objects they depend on
IBM Power Systems
© 2008 IBM Corporation
Other important BRMS EnhancementsView and print backup statistics report
– New command PRTRPTBRM– Convenient to monitor backup activities
Save specific objects across many libraries generically– Select from list of libraries by generic (LIB: ABC* + DEF* + ….) name
File or object level backup for guest operating systems – Linux and Windows objects can be individually saved / restored
Save and Restore private authorities at an object level– Through Control Group Entries– Supported also on IFS lists and SAVxxxBRM / RSTxxxBRM commands
Omit *SYSDTA on the SAVSYSBRM command– Shortens backup window. LIC & Library QSYS omitted.
Many other enhancements– Explore BRMS manual SC41-5345-06 and look for change indicators
IBM Power Systems
© 2008 IBM Corporation
Trademarks and Disclaimers8 IBM Corporation 1994-2007. All rights reserved.References in this document to IBM products or services do not imply that IBM intends to make them available in every country.Trademarks of International Business Machines Corporation in the United States, other countries, or both can be found on the World Wide Web at http://www.ibm.com/legal/copytrade.shtml.
Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, other countries, or both.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registeredtrademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency which is now part of the Office of Government Commerce.ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office.UNIX is a registered trademark of The Open Group in the United States and other countries.Cell Broadband Engine and Cell/B.E. are trademarks of Sony Computer Entertainment, Inc., in the United States, other countries, or both and are used under license
therefrom.Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.Other company, product, or service names may be trademarks or service marks of others.
Information is provided "AS IS" without warranty of any kind.
The customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer.
Information concerning non-IBM products was obtained from a supplier of these products, published announcement material, or other publicly available sources and does not constitute an endorsement of such products by IBM. Sources for non-IBM list prices and performance numbers are taken from publicly available information, including vendor announcements and vendor worldwide homepages. IBM has not tested these products and cannot confirm the accuracy of performance, capability, or any other claims related to non-IBM products. Questions on the capability of non-IBM products should be addressed to the supplier of those products.
All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Some information addresses anticipated future capabilities. Such information is not intended as a definitive statement of a commitment to specific levels of performance, function or delivery schedules with respect to any future products. Such commitments are only made in IBM product announcements. The information is presented here to communicate IBM's current investment and development activities as a good faith effort to help with our customers' future planning.
Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput or performance improvements equivalent to the ratios stated here.
Prices are suggested U.S. list prices and are subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.