Table of Contents

Requirements

System Requirements

EMC NetWorker KM for PATROL supports the following operating systems:

Operating System Version
AIX 5.1 and higher
HP-UX 11 and higher
Linux All distributions
Oracle Solaris 8 and higher
Windows 2008 and higher

Software Requirements

EMC NetWorker KM for PATROL supports:

Software Version
EMC NetWorker 8 and higher
BMC PATROL Agent Any version
BMC PATROL Console Any version
BMC ProactiveNet Performance Management 9.5 and higher
BMC TrueSight Operations Management 10 and higher
BMC Helix Operations Management 20 and higher
Java 1.8 and higher
When running the KM on… Fix
Linux managed nodes Korn shell binary (/bin/ksh).
Alternatively a soft link from /bin/ksh to /bin/bash will be needed.
BMC PATROL Agent 11.0.00 on Windows BMC patch 11.0.00.01: Patch 1 for BMC PATROL Agent 11.0.00 must be installed.

For the Access Control List (ACL)

The KM stores all configuration information in the PATROL Agent configuration database (pconfig), under the /NSR/<node-id> and /Runtime/NSR/<node-id> paths. PATROL Agent user (default: patrol) should be able to read and write to these pconfig variables any time. If Access Control List (ACL) is used to control which users are authorized to connect to a PATROL Agent, please make sure that the mode for PATROL Agent user includes “C” in the PATROL Agent variable /AgentSetup/accessControlList. Please refer to the PATROL Agent Reference Manual for more details.

To support bash shell platforms when ksh is not installed

To collect NetWorker stats when ksh was not installed on UNIX/Linux servers, you need to create a soft link for /bin/ksh to /bin/bash:

ln -s /bin/bash /bin/ksh

Security Requirements

A user account with administrative privileges must be configured in BMC PATROL or BMC TrueSight Operations Management to read and execute EMC NetWorker application programs and access file systems. Depending on the operating systems used, several options will be available.

The following user accounts can be used:

  • On UNIX/Linux platforms:

    • a root user
    • a non-root user, such as patrol, that has Sudo privileges on NetWorker to execute application programs and access file systems
    • a non-root account, such as patrol, configured in NetWorker application to administer the NetWorker application.

  • On Windows platforms:

    • an administrator user
    • a non-administrator account, such as patrol, configured in NetWorker application to administer the NetWorker application. Refer to the NetWorker System Administrator’s Guide for details on how to set up this type of account.

The user login details are configured in the KM. The password is encrypted and stored in the PATROL Agent.

This user needs read & execute permission to executable and library files under the paths listed below. The EMC NetWorker installation path INSTALL_PATH, referenced in the tables below is usually:

  • /nsr or /opt/nsr or /opt/networker (on UNIX/Linux)
  • C:\Program Files\EMC NetWorker\nsr (on Microsoft Windows).

Here are the executable and library files accessed by the EMC NetWorker KM User:

UNIX/Linux Microsoft Windows
INSTALL_PATH/bin INSTALL_PATH\bin
INSTALL_PATH/lib
/usr/bin
/usr/sbin
/usr/sbin/nsr
/usr/lib/nsr
/etc/LGTOuscsi

If the KM is enabled to failover in a clustered environment, the login user needs execute permissions to the following cluster commands:

  • /opt/VRTSvcs/bin/hagrp (in Veritas Cluster Server)
  • vxdctl (in Veritas Cluster File System)
  • /usr/cluster/bin/clrg (in Oracle Solaris Cluster)
  • cluster (in Microsoft Cluster)

The EMC NetWorker KM includes some scripts which should be executable by the PATROL Agent user and the EMC NetWorker KM user. These scripts are stored under KM_HOME path, normally <PATROL_HOME>/lib/NSR.

Here are the paths and files accessed by the PATROL Agent User:

UNIX/Linux Microsoft Windows
INSTALL_PATH/res INSTALL_PATH\res
INSTALL_PATH/index INSTALL_PATH\index
INSTALL_PATH/mm INSTALL_PATH\mm
INSTALL_PATH/logs/daemon.raw INSTALL_PATH\logs\daemon.raw
INSTALL_PATH/logs/messages INSTALL_PATH\logs\messages
INSTALL_PATH/logs/summary INSTALL_PATH\logs\summary
/var/adm/messages (on Solaris)
/var/adm/syslog/syslog.log (on HP-UX)
/var/log/messages (on Linux)

On Windows platforms the EMC NetWorker installation is identified by checking the Microsoft Windows Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Legato\NetWorker\

The configured login user should have sufficient privileges to run regedit command on the managed node.

Sudo User Settings

If a non-root user with sudo privileges is preferred as the KM user, configure the account as a sudoer through the visudo utility using the entry below. The KM accepts any non-root user with the following or equivalent sudo configuration in the sudoers file.

User_Alias NSRKMUSERS = <nsr-km-user>
Defaults:NSRKMUSERS !lecture,!authenticate,!requiretty,env_keep+="PATH INSTALL_PATH KM_HOME KM_TEMP",env_reset
NSRKMUSERS ALL=/bin/cat,/usr/bin/du,/usr/sbin/nsradmin,/usr/sbin/jobquery,/usr/sbin/mminfo,/usr/sbin/nsr_render_log,/usr/sbin/nsrjb,/usr/sbin/nsrexec

<nsr-km-user> must be replaced with username used by the KM.

If there is a secure_path defined in the sudoers file, all binary paths listed in the sudoers file above should be listed:

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

This KM user should be able to execute required NetWorker and Operating System commands on the command line with just the sudo prefix to the command, without any sudo authentication. For example, the following commands show how to test the sudo settings:

[patrol@rt-netbck-vtl ~]$ export PATH=/sbin:/bin:/usr/sbin:/usr/bin
[patrol@rt-netbck-vtl ~]$ printf "print type:workflow job,backup action job,clone job,save job,savefs job,bootstrap save job\n" |  sudo jobquery -i -
                        type: backup action job;
           activity progress: 2/1/1;
            actual exit code: 1;
                   adhoc job: False;
                    authtype: ;
                   automatic: False;
        canceled input count: 0;
   canceled input work items: ;
       Checkpoint restart ID: ;
 Checkpoint restart sequence: ;
                     command: "savegrp -Z backup:traditional -v";
      completed output count: 0;
 completed output work items: ;
         completion severity: 50;
           completion status: failed;
 data protection policy name: Test Policy;
            dependent job id: 0;
                    end time: 1632078102;
             exit code known: True;
          failed input count: 1;
     failed input work items: 70.0.22.10.0.0.0.0.6.198.217.88.10.0.14.164;
        filtered input count: 0;
   filtered input work items: ;

Here the KM user patrol is able to run the NetWorker command bpdbjobs using sudo without a password prompt and keep the user's PATH settings inside the sudo.

This PSL code can be used to list all commands used by EMC NetWorker KM once the KM is installed. The commands that require sudo privileges are listed separately, if you prefer to restrict the sudoers entry to only those commands.

Warning! This non-root sudo user configured in the KM will be able to execute EMC NetWorker commands. To prevent unauthorized access, ensure this user is only used within the KM and not made public for general use.
Warning! Entering the non-root sudo user with ‘Use Sudo’ option selected into the login configuration dialog, before updating the sudoers file, will generate sudo errors. Also if the sudo user is configured differently, the KM may run sudo commands using incorrect sudo settings, which may expose the sudo user password.

Listing the Commands

To list all OS and NetWorker commands used by the EMC NetWorker KM, execute the following PSL code from the PATROL Console, using PSL Task menu, after installing and loading the KM.

foreach var (grep("^/Runtime/NSR/.*CommandControls/",pconfig("LIST")))
{
	ctl=get(var);
	opt=ntharg(grep("Option",ctl),"2-"," =");
	nsa=ntharg(grep("NoSudoAttempt",ctl),"2-"," =");
	sua=ntharg(grep("SingleUserAttempt",ctl),"2-"," =");
	typ=ntharg(grep("CommandType",ctl),"2-"," =");
	cmd=nthargf(grep("CommandText",ctl),"2-","=","=");
	if(osp=="") { osp=trim(nthargf(grep("OSPlatform",ctl),"2-","=","="), " "); }
	fields=lines(ntharg(var,"1-","/"));
	old_host=host;
	host=(fields == 5)? ntharg(var,"3","/") : "localhost";
	if(host!=old_host)
	{
		if((osp!="WINDOWS") && sudoers) { printf("\n\nCommands used with sudo:\n%s",sort(sudoers)); }
		printf("\n\nOn %s:\n\n", host);
		i=0; sudoers=""; osp="";
	}
	if((typ == "")||(typ == "OS"))
	{
		met="";
		if(opt == "NoLogin") { met = "(run as patrol user)"; }
		elsif(nsa == "YES") { met = "(run as configured user without sudo)"; }
		elsif(sua == "YES") { met = "(run as supplied user - used in menu)"; }
		else
		{
			scmd=cmd;
			s=index(scmd,"%sudo");
			if(s) { scmd=replace(substr(scmd,s,length(scmd)),"%sudo",""); }
			sudoers=union(sudoers,ntharg(ntharg(scmd,1,">|"),"1-"," "," "));
		}
		printf("(%2d) %-30s %-40s: %s\n",i++,ntharg(var,fields,"/"),met,cmd);
	}
}
if((osp!="WINDOWS") && sudoers) { printf("\n\nCommands used with sudo:\n%s",sort(sudoers)); }

Disk Space Requirements

EMC NetWorker KM requires approximately:

  • 3 MBytes of available disk space on each monitored PATROL Agent system
  • 5 MBytes of available disk space on each PATROL Console system
  • 400 KBytes of available disk space on each PATROL Central Console Server system
  • 1 MByte of available disk space on each PATROL Central Web Server system

It is installed under the PATROL installation path.

When monitoring a standard installation of EMC NetWorker, the PATROL Agent will generate approximately 250 KBytes of history data per day. An enterprise installation of EMC NetWorker on a master server with multiple media servers, clients, robotic libraries, and standalone drives will generate more history data (as per other KMs used by the PATROL Agent). These history data files are recycled by PATROL depending on the PATROL Agent history retention period.

During execution, the KM creates and maintains temporary files under KM_TEMP(default: <PATROL_HOME>/lib/NSR/tmp) and KM_DEBUG (default: <PATROL_HOME>/log) paths, where <PATROL_HOME> path is usually /opt/bmc/Patrol3/ (on UNIX/Linux) or C:\Program Files\BMC Software\Patrol3\ (on Microsoft Windows). Please make sure you have sufficient space under these paths. These folders should have read, write and execute permissions for the PATROL Agent user.

Remote Monitoring Requirements

Remote monitoring is required for all servers on which no PATROL Agent can be installed. This feature is also interesting if you lack resources or time to deploy a PATROL Agent and EMC NetWorker KM on several servers since it allows to monitor multiple hosts from one agent.

Remote monitoring is not possible from a UNIX/Linux PATROL Agent system to a Windows-based NetWorker server.

Please refer to the sections below to find out the remote monitoring requirements:

Java Runtime Environment

EMC NetWorker KM requires Java 1.8 or higher and a Java Runtime Environment (JRE) to be installed on the same system that runs the PATROL Agent.

The KM will automatically detect the JRE path if it has been installed in the default location or under the BMC PATROL Agent installation path. If it has been installed in a different location, you will have to set JAVA_HOME for the PATROL Agent default account before starting the PATROL Agent.

You can download the Java Runtime Environment along with the KM on Sentry Software Web site.

SSH/WMI Connection

An SSH (UNIX/Linux platforms) or a WMI (Windows platforms) connection is required to monitor remote NetWorker servers. When using an SSH connection, the SSH host key authentication, which is enabled by default on most NetWorker servers, must be disabled on the remote host.

To disable the SSH host key authentication:

  1. Open the global SSH configuration file (ssh_config) stored in the /etc/ssh/ directory on the remote host
  2. Add the line StrictHostKeyChecking no
  3. Save the file.
Keywords:
storage networker km patrol
No results.