application development on power system (ibm i )
DESCRIPTION
Application Development on Power System (IBM i). Application Development on Power System (IBM i ). School of Software Engineering Tongji University HUANGJie. Syllabus. 2014/11/27. 2. Unit 2 IBM i Administration ABC. Chapter 6 Security, Storage & Restore Management. Outline. 信息安全基础 - PowerPoint PPT PresentationTRANSCRIPT
Application Development on Power System (IBM Application Development on Power System (IBM ii))
Application Development on Power System (IBM i)
School of Software Engineering Tongji University
HUANGJie
No Subject Hours Abstract Instructor
1 Overview of IBM i 2 Server, Power System and Power System IBM i Huangjie
2 iOS fundamental 4 i OS & Basic Operation Huangjie
3 File system & object management 4 Object management concept and integrated file system Huangjie
4 Message management 2 Message & Its management Huangjie
5 Work management 4 Concepts of job, subsystem and library, job routing Huangjie
6 Administration ABC 2 Security, Storage & Restore Management Huangjie
7 Application Development 6 ILE development enviroment , RPG programming Huangjie
8 Database Development 4 Database on IBM i Huangjie
9 IBM i & SOA 2 SOA approach on IBM i Huangjie
10 Case Study 2 Csae Study Huangjie
11 Examination 2 Examination Huangjie
Syllabus
23/4/19 2
Chapter 6 Chapter 6 Security, Storage & Restore ManagementSecurity, Storage & Restore Management
Unit 2 IBM i Administration ABC
23/4/19 3
Outline
• 信息安全基础• System i安全设计
– 访问控制 (Access control)
– 资源安全 (Resource Security)
– 管理控制 (Administrative Control)
• 备份与恢复– 备份介质– 备份示例– 备份面临的挑战– 备份策略– 恢复示例– 课堂练习
5
Information Security
Information Security is the protection of information assets from accidental or intentional (but authorized) disclosure, modification, or destruction and from inability to process that information.
Written on paperStored electronically
⁻On disks of server, notebooks, …⁻Backup medias
Transmitted by postFilmsSpoken word
Information Forms
6
Threats
• Force majeure risk( 不可抗力 )• Organizational deficiencies • Human mistakes• Technical problems • Intentional actions
7
Security Threats and Business Risks
• Unauthorized use of resources• Inappropriate disclosure of information• Modification or destruction of information• Denial( 拒绝 ) of service• Failure of accountability( 问责 )
8
What is Security?
RISKRISKRISK
RISK
RISKRISK
RISKRISK
RISK
Reductionof
risk
Protectionagainstthreats
9
Security concepts and relationships
value
wish to abuse and/or may damage
may be aware of
Owners
leading to
risk
assets
Threat agents
threats
impose
that may possess
wish to minimise
tothat increase
Countermeasures对策
Vulnerabilities漏洞
to reduce
that exploit
giverise to
that may bereduced by
to
Source: Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and general model
10
Basic Components of Computer Security
Confidentiality
Integrity Availability
11
Some Other Terms Frequently Used• Authentication( 身份认证 ): when a person logs on to a system, authentication
means checking and verifying the identity of the person logging on. The term is also used where the identity of IT components or application is checked.
• Authorization( 授权 ): authorization entails checking whether a person, IT component or application has permission to carry out a particular action.
• Data protection: data protection refers to the protection of person-related data against misuse by third parties (not to be confused with data security).
• Data security: data security refers to the protection of data in relation to the pertinent confidentiality, availability and integrity requirements. Another term for this is "IT security".
• Data backup: during a backup, copies of existing data sets are created to protect against loss of data.
• Penetration testing( 渗透性测试 ): a penetration test is a deliberate, normally simulated, attempted attack on an IT system. It is used to check the effectiveness of existing security measures.
Source: Federal Office for Information Security (BSI), IT Security Guidelines.
12
IT Security Costs
Risks
13
The Main Ingredients of Success• Common sense• Well-thought out organizational procedures • Reliable, well informed staff who independently and
expertly observe security requirements in a disciplined manner
• Creation and implementation of an effective IT security concept does not have to be prohibitively expensive.
* Source: Federal Office for Information Security (BSI), IT Security Guidelines.
The most effective safeguards are surprisingly simple and often do not actually cost anything!
14
Common Sources for Security Problems
• Lack of resources • Tight budgets • Increasing complexity of IT systems• Uneducated staff• Lack of awareness of potential problems• Undocumented security objectives• Standard settings of the manufacturer
15
Security is not a static condition but an ongoing process
– Most of the tasks have to be repeated regularly• Updates of anti-virus software or firewall software
– Monitoring and Maintaining IT Security• Security checks
– Security Policies (out of date, incomplete or not practicable?)– Log files?– Using independent experts?
• New Security threats• New Standards
Security Process
Risk
Audit
Administration
ImplementationPolicy
– Should be considered at the start of each project
– Application development– New software deployment
16
Aspects of Security Policies• Risk Analysis
– Assets (IT systems, data, know-how, etc.)– Evaluation of threats– Probability of security incident
• Business and IT Requirements– Organizational charts– Password Rules– Application (“need to use”)– Data security (“need to know”)– User Roles– Network Security
• Business Contingency( 意外事故 ) Plan
Secur
ity
Policy
17
Security Policies
1. General security objectives as organization‘s goals
Easier to update!
2. Detailed security objectives, technical requirements and associated safeguards
3. Security requirements formulated in product settings
Outline
• 信息安全基础• System i安全设计
– 访问控制 (System i Access control)
– 资源安全 (Resource Security)
– 管理控制 (Administrative Control)
• 备份与恢复– 备份介质– 备份示例– 备份面临的挑战– 备份策略– 恢复示例– 课堂练习
19
System i Access Control
20
Access control rules are implemented to determine the access privileges of a subject – a person – to an object, such as a file or other system resource.
21
Physical Control
22
Types of Physical Controls• Preventive controls
– used to prevent unauthorized access to computing equipment – Examples:
• badge systems • biometric access controls • double door systems • fences • locks and keys • security guards
• Detective controls– alert security and system personnel to events that are damaging to
the information system or system data– Examples:
• alarms and sensors • closed-circuit television (CCTV) • motion detectors • smoke and fire detectors
23
Physical Access ControlComputer Room
System
Display Stations
Backup Tapes
OffLimits!
24
System Keylock*
Use Dedicared Service Tools Y No No NoLoad system from CD/tape Y No No NoChange IPL** source Y No No NoIPL via switch Y Y No NoRemote IPL No Y Y NoPWRDWNSYS - workstation Y Y Y YOff via power switch Y No No No
Manual Normal Automatic Secure
Low High
* not all models** Initial Program Load
25
Technical Access Control
26
Types of Technical Control• Preventive technical controls
– protect software resources from unauthorized access and modification, include access control software
– Examples:• antivirus software • library control systems • encryption
• Detective technical controls – alert system administrators to system intrusion or attempted
intrusion. – Examples:
• Audit trails– monitor network activity and uncover instances of unauthorized system
access, attempted access by unauthorized parties, and breaches of system security policy.
• Intrusion detection systems (IDSs) monitor user activity. – can terminate a user's session if that user's activity violates the system
security policy
27
System-level Security
28
QSECURITY
Password Level 20
Level 30
Level 50
Resource
Enhanced Integrity
System Integrity Level 40
Recommended value = Level 40
Password required to sign on Y Y Y Y
Initial program/menu active * Y Y Y Y
Limit capabilities support active Y Y Y Y
Access to all objects Y
Resource security active Y Y Y
Unsupported Interfaces fail Y Y
20 30 40 50
* When LMTCPB(*YES) is specified in the user profile
29
Security System Values
30
Security Wizard and Planner
eServer Security Planner:
http://publib.boulder.ibm.com/infocenter/eserver/v1r1/en_US/index.htm?info/secplanr/securwiz.htm
31
Identification and Authentication鉴别与身份认证
32
User Profile
PasswordPassword expiration levelInitial menu/programUser classSpecial authority
User InformationUser ProfileTells the system
who you are
List of Objects Owned
ObjectAuthorizations
iSeries Navigator: under Users and GroupsDSPUSRPRF USRPRF(USERxx) TYPE(*OBJOWN)
or TYPE(*OBJAUT)
No need for a passwd file!
33
Group Profiles
• Allows users with similar jobs to share permissions without having to share the same password
• Should choose a naming convention which makes groups easily recognizable
• Create with No password (sign-on not allowed)• Users can be a member of up to 16 group profiles• Should assign groups in order of use
34
Initial Program and MenusSign-On Display
Initial Program
Initial Menu
User signs on with userpassword and user name.
Initial program (if any) inuser profile is called.
Initial menu in user Profile or *SIGNOFF is called.
Signoff
35
Limited CapabilitiesUsers' capability to change their initial program, menu, current library and attention program and prohibit them from running most iSeries commands.
Limit initial program/menu capabilities
Initial Program Initial Menu Current
LibraryAttention Program
Execute Commands
Do not limit Yes Yes Yes Yes Yes
Limit some capabilities No Yes No No Yes
Limit capabilities No No No No No
Users can still run commands created or changed with parameter ALWLMTCPB(*YES)
36
New User – Capabilities – Privileges
37
Defining RolesAll object access (*ALLOBJ)
Access to all system resources
Auditing control (*AUDIT)Control audit system values
Job control (*JOBCTL)Manage output queues, job queues and printers; change job attributes; stop subsystems; IPL
Save/restore (*SAVSYS)Save, restore and free storage for all system objects
System Privileges
Privilege Classes
Security officer
Securityadministrator
System operator Programmer User
All object access X 20 20 20 20
Auditing control X
Job control X 20 X 20
Save/restore X 20 X 20 20
Security administration X X
Spool control X
System configuration X
System service access X
Security administration (*SECADM)Create/change/delete user profiles; manage OfficeVision for objects and users
Spool control (*SPLCTL)Manage all users' spooled files
System configuration (*IOSYSCFG)Change system configuration
System service access (*SERVICE)Display and alter service function
38
IBM Supplied User Profiles
User profile Privilege Classes
QSECOFR Security officer
QPGMR Programmer
QSYSOPR System operator
QUSER User
QDFTOWN User
QSRV Programmer
QSRVBAS Programmer
39
Internet User and Validation Lists
Validation lists (*VLDL) • are lists of Internet user names and passwords used in conjunction with
an authentication protocol type to limit access to server resources• validation lists are case-sensitive and reside in iSeries libraries• cannot be used as user profiles for executing a job on OS/400
40
Service Tools
Service tools are used to do any of the following:– Diagnose server problems – Add hardware resources to the server – Manage disk units – Manage logical partition (LPAR) activities, including memory – Review the Licensed Internal Code and product activity logs – Trace Licensed Internal Code – Perform main storage dumps – Manage system security – Manage other service tools user IDs– …
Dedicated service tools (DST) and system service tools (SST) areboth used to access service tools and service functions. DST isavailable when the Licensed Internal Code has been started, even ifi5/OS has not been loaded. SST is available from i5/OS.
41
SST/DST User Profiles
42
HMC User Roles
• Task roles define what tasks an HMC account may perform– One role is assigned to each user account when the user account is created
• Set of predefined user roles can be customized
HMCHMC
43
Resource Security
44
User Owned Objects
• Each object has one owner• When an object is created, an owner is assigned. The
ownership may be transferred later• The owner initially has all object and data permission• The authority may be removed, but the owner may grant any
authority back to himself at anytime• It is not possible to delete a user who owns objects. Two
solutions are offered:– Transfer ownership– Delete owned objects
45
QDFTOWN• QDFTOWN is an IBM-supplied user profile used when:
– An object has no owner– The object ownership might pose security exposure
• The object ownership is assigned to QDFTOWN in the following case:– The owning profile becomes damaged and is deleted. The RCLSTG
command assigns ownership of objects to QDFTOWN– An object is restored and the owner profile does not exist– A program that needs to be created again is restored, but program
creation is not successful– The maximum storage limit is exceeded for the user profile that owns
an authority holder that has same name as file being moved, renamed, or whose library is being renamed
• Consider the following recommendations:– QDFTOWN should not normally own objects– Ownership can be transferred with the WRKOBJOWN command or by
iSeries navigator
46
Specific Object PermissionsPrivate and Public permissions consist of one or more ofthe following:
Specific Object Authorities
Exclude
Object Management Data Authority
Operational
Management
Existence
Alter
Reference
Authorization list
Read
Add
Update
Delete
Execute
47
Object Management PermissionsPermission DefinitionOperational Look at the description of an object and use the object as(*OBJOPR) determined by the data authorities the user has.
To open a file, the user must have *OBJOPR.
Management Authorize users to the object, move or rename the object(*OBJMGT) and add members to database files.
All functions defined for *OBJALTER and *OBJREF.
Existence Change ownership and delete the object, free storage for(*OBJEXIST) the object, perform save and restore operations for the
object
Alter Add, clear, initialize and reorganize members of database(*OBJALTER) files, alter and add attributes of database files, add and remove triggers, change attributes of SQL packages.
Reference Specify database file as the parent in a referential (*OBJREF) constraint.
Authorization List Add and remove users and their authorities from an(*AUTLMGT) authorization list.
48
Data PermissionsPermission Definition
Read Display the contents of an object, such as viewing the(*READ) records in a file.
Add Add entries to an object, such as adding messages to a(*ADD) message queue, or records to a file.
Update Change entries in an object, such as changing records(*UPD) in a file.
Delete Remove entries from an object, such as removing(*DLT) messages from a message queue or deleting records from a file.
Execute Run a program, or search a library or directory.(*EXECUTE)
Exclude Object access prevented(*EXCLUDE)
49
Commonly Used Permissions
Operation Management Existence Alter Reference Read Add Update Delete Execute
*All X X X X X X X X X X
*Change X X X X X X
*Use X X X
*Exclude
Object Control Data Authority
50
Specifying Specific Authority for Objects In the Integrated File System
• *RWX: object operational authority, and all the data authorities
• *RX: object operational authority, read and execute• *RW: object operational authority, read add, update
and delete• *WX: object operational authority, add, update, delete
and execute• *R: object operational authority and read• *W: object operational, add, update, and delete• *X: object operational and execute• *EXCLUDE prevents access to object
51
Authorization List
Name: AUTL1Owner: USER3
User Authority:
*PUBLIC ExcludeUSER1 UseUSER2 ChangeUSER4 AllUSER5 Change
LIBA LFILEB
PFILEC PROGD
*Public is on all authorization lists
52
Authorization List vs. Group Profile
BILL
WAYNE
GUNNAR
FRANK
GROUP FINDEPT/FILE3LIB23DSP05
Objects
UseAllChange
Group Profile
BILL UseWAYNE AllGUNNAR UseFRANK Change
FINDEPT/FILE3LIB23DSP05
ObjectsAuthorization List
53
Groups and AUTLs Compared
Can secure multiple objects Can secure multiple objects
A user can be on multiple lists A user can be a member of 16 groups
Users can have different authority All users in a group have the same authority
Same authority for different objects using same list
Different authority for different objects
An object can be secured by only one authorization list
An object can be authorized to many groups
AUTHORIZATION LISTS GROUPS
54
Adopted AuthorityEverything you've shown me dealswith PERMANENT grants of authority.I'd like to give a user TEMPORARY access to several objects, without a lot of grants and revokes. What can I do?
You need to useADOPTED
AUTHORITY
•When a program created with USRPRF(*OWNER) is run, objects are accessed with the authority of the user running the program plus the program owner's authority•Authority is in effect as long as the program that originally adopts is still in the stack•Used to temporarily give authority to objects the user normally would not have•Both object authorities and special authorities are adopted•Program owner's groups are not used for adopted authority
55
Column Level SecurityGRANT UPDATE (SALARY) ON EMPLOYEE TO MANAGER
NAME SALARY DEPARTMENT
JOAN 20,000 SALES
FRED 18,000 SALES
LINDA 15,000 ACCOUNTING
Manager - needs Update Access Employee - NO
Update Access
•Column Level Security enforcement primarily occurs during the Update operation on the file•No new enforcement during open of the file•Column level authorities are stored in the database file object and managed by DB2•Object authorities are stored in the user profile and managed by the system security manager
56
Permission Search OrderAll object authorityPrivate Authority
Authorization List
All object authorityPrimary GroupPrivate authorityAuthorization List
Object Authorization List
Adopted Profile All object authority Private Authority Authorization List
User profile - Stop whenany authority is found
Group Profiles - Like user profile. Repeats for each group profile and accumulates. Stopswhen sufficient authority is accumulated.
*Public - Used when no authority is found for user or groups
Adopted Profiles - Usedwhen authority is insufficient
None Found
None Found
Insufficient
57
Where Object Permissions Come FromTo access or use an object you must have the appropriate authority.
This authority may come from:
All object access (*ALLOBJ) special authority
A "private" or explicit authority to the object
Public authority (*PUBLIC) All objects have "Public" authorityThis is the authority you get when you do not have any other authority to the object
Authorization list
Primary group authority
Adopted authority
58
Example: Authority to Workstation (1/2)
Allow Sign-on
Sign-on fails
Determine user's authority to workstation
Is QSECURITY => 30?
QLMTSECOFR = 1 Whether *ALLOBJ and *SERVICE users are limited to specific devices
QSECOFR, QSRV and QSRVBAS can always sign on at the console.QCONSOLE system value is used to determine which device is console.
*CHANGE or greater
Less than*CHANGE
Does user have*ALLOBJ or*SERVICE?
Is QLMTSECOFR = 1?
Yes
Yes
No
No
No
A
59
Example: Authority to Workstation (2/2)
Sign-on fails Allow sign-on
Test user's authority toworkstation
Test groups'authority toworkstation
Does user have *SERVICE but not *ALLOBJ'
A
Does QSECOFRhave *CHANGEor greater
Less than*CHANGE
Less than*CHANGE
Yes
No
No Authority
No Authority
No
Yes
*CHANGEor greater
*CHANGEor greater
60
Exitprogramm
zusä tzliche
Exitpoint
Prü fungen
fü r OpNav existiert z. B.: QIBM - QSYS - OPNAVCLIENT
Exit Programs
Additional checks
please use: example: “exit point for iSeries Navigator”
61
Output Queue – Security Attributes Beyond Resource Security
DSPDTA: Additional restriction. Display any spooled file or only their own. (*YES, *NO, or *OWNER)
OPRCTL: Allow users with SPCAUT(*JOBCTL) to manage queue's spooled files (*YES or *NO)
AUTCHK: Allow users with *CHANGE authority to the output queue to change and delete spooled files owners by other users (*OWNER or *DTAAUT)
CRTOUTQ OUTQ(ADM) DSPDTA(*NO) OPRCTL(*YES) AUTCHK(*OWNER)
62
Administrative Control
63
Types of Administrative Controls• Preventive administrative controls
– managing and monitoring the system activity of personnel– Examples:
• supervision of personnel, • policies for hiring and dismissing personnel, • security procedures, • registration of users before system access, • disaster recovery plans• emergency procedures
• Detective administrative controls – investigate the extent to which system security policies are
implemented. • can be conducted through audit trails and reviews that detect lapses in
security procedures. – monitor personnel activity to detect potential security risks
64
Audit?
WHY? Keep System at Planned Security Level
HOW? Implement at any Security Level
or
Use System Functions
DSPUSRPRF
DSPOBJAUT
DSPPGMADP
. .
.
65
Status Auditing – SECTOOLS• Additional i5/OS commands to help you manage security
– Available through– Individual command– Menu SECTOOLS (commands run interactively)– Menu SECBATCH (report commands submitted or scheduled)
• Work with profiles (SECTOOLS)– Disable users during specified periods– Delete or disable a user on a specific date– Disable profile after certain inactivity period– Analyze profile for default passwords
• Work with auditing (SECTOOLS)– One-step set-up– Display auditing system values
• Security reports (SECTOOLS and SECBATCH)
66
Using the History Log
• Used to monitor for:– Start and completion of jobs– Device status messages– System operator messages and responses– Failed sign-on attempts
• To display the contents:– DSPLOG LOG(QHST) ....
• To display a specific message range:– DSPLOG LOG(QHST) MSGID(CPF2200)
67
Event Auditing• Audit journal monitors events
– Save/Restore information– Authorization failures and references to objects through
interfaces not supported– Deleted objects– Security related functions– Action auditing information– …
• The levels of auditing :– System wide auditing– Auditing by specific user– Auditing by specific object– Combination of the above
68
Security will be continued …
• Internet and TCP/IP Security– NAT, IP Filter, SSL, VPN, …
• Encryption• Object Signing• Enterprise Identity Mapping • Virus Scanner• ….
Outline
• 系统管理基础• System i安全设计
– 访问控制 (Access control)
– 资源安全 (Resource Security)
– 管理控制 (Administrative Control)
• 备份与恢复– 备份介质– 备份示例– 备份面临的挑战– 备份策略– 恢复示例– 课堂练习
备份与恢复• 可用性
– 例:灾难类型与停机时间
• 可用性评价指标– 可用性 = ( 计划的系统工作时间–故障停机时间 )/ 系统计划工作时间 *100%
类型 频度 停止工作时间频度系统失败 非常少 天硬盘失败 非常少 天程序错误 少 小时用户错误 少 小时数据文件错误 比较多 未知电源失效 未知 未知
存储分类• 连接位置
– 内置存储– 外置存储
• 介质类型– 磁带– 光盘:只读光盘、读写光盘– 磁盘– 软盘
• 连接方式– 直连存储– 存储网络 SAN– 网络存储 NAS
• 智能程度– JBOD :一堆裸磁盘– RAID 磁盘阵列– 智能存储
备份介质• 磁带的特点
– 容量:随着备份数据的增长,可以随时追加磁带进行新的备份,从而扩大备份的容量。– 安全:存储备份数据的磁带可以异地存放,以保证备份数据的安全。– 成本:磁带的容量一般比较大,比较其他存储介质,每 GB 数据的存储成本更低。– 可复用性:可以重复、循环使用。– 加密:若使用可加密型磁带设备对磁带进行加密,可防止未经授权的非法访问。
• 光盘的特点– 数据读写率:光盘存储设备具有随机存取功能,访问数据的循序不依赖于存储顺序。
多个用户可以同时访问一个光盘。而磁带则是顺序读写。– 数据传输率:磁带的数据传送速率通常要比光盘的数据传送速率高。– 耐久性:光盘介质可以保存 50 年的数据。– 归档:只能一次写入的光盘适合用于数据归档。 – 可移植性:使用多次可擦写光盘介质备份的数据,可以被其他任何支持相同文件格式
的系统读取。
• 磁带 vs 光盘 谁优?
备份介质• 备份文件
– 在系统硬盘中建立的一块和磁带结构完全一致的顺序存储区域,他是一个系统对象(*FILE), 属性是 *SAVF 。
– 由于备份文件建立在硬盘上,用它进行备份和恢复速度非常快,适用于短时间内备份大量数据的情况。
– 可通过网络使用备份文件,将数据从一个系统传送到另一个系统中。– 注意:备份文件不能用作长期保存数据的介质,应当在系统工作负载较轻时将数据从
备份文件保存至其他外部存储介质上。
• 虚拟设备– 虚拟设备包括虚拟磁带设备和虚拟光盘设备。– 特点:适合进行无须人工干预的自动备份操作。
当映像目录 (Image Catalog)为虚拟设备分配的容量不足以完成备份操作时,系统还能自动创建额外的虚拟设备来进行数据备份。
– 操作方法:使用 IMGCLG( 映像目录 )菜单,用户可以完成对虚拟设备的操作,包括创建映像目录、添加映像目录、安装或者卸载映像目录等。访问命令 GO IMGCLG 。
备份与恢复• 系统备份方法:普通备份与备份辅助存储器 (Save Storage)
– 普通备份,使用 Save命令按顺序备份系统信息和用户数据。 Save 使用灵活,占用存储介质少,还可以有选择地进行恢复。
– 备份辅助存储器,使用 SAVSTG命令备份整个辅助存储器。 SAVSTG 直接按照扇区顺序写入磁带,有快速、高效的特点,可用于紧急情况下备份和恢复整个系统,但是在恢复时磁带结构应与备份时一致。
• 增量备份– 增量备份只备份指定日期之后发生变化的数据。节约备份时间和存储介质。
• 即时备份 (Save-while-active)– 当系统备份时,数据不能被其他程序修改。对于一些不能停止的业务来讲,会造成
数据与备份数据的不一致。 i/OS 操作系统的所有备份命令都有一个 SAVACT参数,设置这个参数可以将正在被修改的数据备份下来,同时保持了数据的一致性。
• BACKUP菜单– 该菜单提供了系统自动定时备份功能,允许用户对备份的时间、备份内容及存储介
质的使用进行定制,可以在不干扰用户使用的情况下自动备份。• 存取路径备份 (Access Path)
– 对于数据库文件,备份存取路径,可以减少重建存取路径的消耗。系统提供了在备份数据的同时备份存取路径的功能,可以减少 40%左右的恢复时间。
备份示例• IBM Power System i/OS 操作系统
– 用户可以使用备份 SAVE菜单或者调用 CL命令来执行备份命令。– 条件:备份策略。– 若使用最简单的备份策略,可以直接使用备份菜单中的选项 21 、 22 和 23即可。
• 示例演示– GO SAVE– 21 :全系统备份– 22 :系统数据备份– 23 :用户数据备份
• 备份任务菜单– GO BACKUP– 执行周期性的备份操作并进行相关性的设置。– 在第一次运行周期性备份任务之前,需要设置和启用备份调度计划。– GO SETUPBCKUP 或选择备份任务菜单的选项 “ 10” 。
备份示例• 全系统备份
– 立即或者在指定时间开始备份;– 将系统操作员 (QSYSOPR)消息队列的传送方式更改为 *BREAK 或 *NOTIFY;– 结束所有子系统;– 备份如下内容:
• 许可内码;• 系统库 QSYS;• 安全对象,包括用户概要文件;• 设备配置对象;• 所有由 IBM提供的库,包括包含用户数据的库;• 所有用户库;• 所有邮件;• 所有文件夹;• 所有文档;• 目录中的所有对象。
– 启动控制子系统。• 注意:备份时系统要处于受限的状态。即备份开始后,用户不能访问系统,系
统只执行备份这一项作业。
备份示例• 全系统备份代码示例
– ENDSBS SBS(*ALL) OPTION(*IMMED)– CHGMSGQ MSGQ(QSYSOPR) DLVRY(*BREAK or *NOTIFY)– SAVSYS– SAVLIB LIB(*NONSYS) ACCPTH(*YES)– SAVDLO DLO(*ALL) FLR(*ANY)– SAV OBJ((‘/*’)(‘/QSYS.LIB’ *OMIT)(‘/QDLS’ *OMIT)) UPDHST(*YSE)– STRSBS SBSD (controlling subsystem)
备份面临的挑战• 日志管理 (Journal management)
– 备份及恢复仅对数据进行,但是从最后一次备份到灾难发生时刻之间的数据并没有备份下来。可以用日志管理和提交控制解决这一问题。
– 日志管理是是数据库的基本功能之一。在程序对数据进行操作的同时,系统将操作的数据内容按照时间先后顺序,写入一个日志接收器 (*JRNRCV, Journal Receiver) 。一旦数据库被破坏了,只要保留了日志接收器,通过相应的日志管理命令,可以将数据恢复到灾难发生前的状态。
• 关键业务可用性解决方案– 双活, Active-Active
备份策略• 备份策略取决于业务能够承受的最长停止工作时间 (Save Window) 。
• 简单备份策略– 每周备份整个系统– 每天备份所有用户数据
• 中等备份策略– 每周备份整个系统– 每半周备份所有用户数据– 每天备份改变了的数据或者日志接收器
• 复杂备份策略– 每周备份整个系统– 每半周备份所有用户数据– 每天备份改变了的数据或者日志接收器– 必要时使用即时备份功能 (SAVACT)
备份策略 (i/OS默认策略 )
• 每日备份– 只备份列表中定义的用户库中已更改的目标– 备份列表中定义的文件夹– 备份所有的目录
• 每周备份– 备份所有的用户库– 备份所有的文件夹– 备份所有的目录
• 每月备份– 备份所有的用户库– 备份所有的文件夹– 备份所有的目录– 备份安全数据和配置数据
恢复示例• IBM Power System i/OS 操作系统
– 用户可以使用恢复 RESTORE菜单或者调用 CL命令来执行恢复操作。– 恢复菜单: GO RESTORE
• 可以直接使用备份菜单中的选项 21 、 22 和 23即可。– 全系统恢复– 系统数据恢复– 用户数据恢复
恢复示例• 全系统恢复
– 将系统操作员 (QSYSOPR)消息队列的传送方式更改为 *BREAK 或 *NOTIFY;– 结束所有子系统;– 恢复如下内容:
• 用户概要文件;• 配置对象;• 所有由 IBM提供的库,包括包含用户数据的库;• 所有用户库;• 所有邮件;• 所有文件夹;• 所有文档;• 目录中的所有对象;• 专用权限。
– 启动控制子系统。
常用 CL 备份命令• IBM Power System i/OS 操作系统常用备份命令
– SAVSYS :用于保存许可内码、 QSYS库、安全对象和配置对象的内容。– SAVSECDTA :用于保存系统全部的安全信息。– SAVCFG :用于保存所有配置对象和系统资源管理对象。– SAVLIB :备份一个或多个库,包括库描述、对象描述和库中对象的内容。对
于作业队列、消息队列和逻辑文件,则只保存对象定义,不保存内容。– SAVOBJ :用于备份位于同一个库中的一个或多个对象。
当参数“对象 OBJ”被指定为“ *ALL”时,可以保存参数“库LIB”中所列出的多个库中的所有对象。当保存到备份文件 SAVF 时,则只能指定一个库。
– SAVCHGOBJ :用于备份已经被更改的对象。使用该命令能够备份自参考日期起 被修改过的一个或者多个被更
改的对象。当参数“对象 OBJ”被指定为“ *ALL”时,可以保存所有用户库或库列表中的对象。当保存到备份文件 SAVF 时,则只能指定一个库。对于数据库文件,则只保存已经更改的成员。
– SAV :用于保存在集成文件系统中使用的一个或多个对象。– SAVSTG :用于将许可内码和辅助存储器的内容保存至磁带。该功能可用于灾
难恢复备份和恢复安装整个系统。单个的库或对象不能从该备份磁带中恢复。– SAVDLO :用于保存指定的文档、文件夹或者分发对象 (邮件 )。
常用 CL 恢复命令• IBM Power System i/OS 操作系统常用的恢复命令
– RSTLIB :将由 SAVLIB命令保存的一个库或一组库恢复到系统中,包括库描述、对象描述和库中对象的内容。对于作业队列、消息队列、用户队列和逻辑队列文件,则仅恢复对象描述。为什么?
– RSTOBJ :用于恢复备份在备份介质上的位于同一个库中的一个或多个对象。– RST :用于恢复在集成文件系统中使用的一个或多个对象。– RSTUSRPRF :用于恢复用户概要文件的基本部分,以及由 SAVSYS命令或
SAVSECDTA命令保存的一组用户概要文件。– RSTAUT :用于将专用权限恢复至用户概要文件。– RSTCFG :用于将通过 SAVSYS 或 SAVCFG命令保存的配置对象恢复到系
统上。– RSTDLO :用于恢复文档、文件夹和分发对象 (邮件 )。
课堂练习 Saving a library to and restoring it from a save file
Questions & Answers?