Backup / Restore of IBM System i Server
Creation Date: February 16, 2006
Revision Date: October 14, 2015
Product: DS‑Client
Summary
This article covers various aspects regarding the IBM System i Server.
See also
Unix DS-Client issues
Windows DS-Client is recommended for backups of System i Server because it uses IBM iSeries Access to communicate with the System i Server.
Unix DS-Client uses FTP to communicate with the System i Server.
DS-Client performance considerations
If you create System i Server backup sets with the Individual obj option selected, the following performance considerations apply:
• The backup performance will be affected.
• If the saved library contains a large number of small objects, the backup performance will be further significantly affected.
• To restore some objects from the backup set, this option will improve the restore performance. If you plan to restore the entire library, do not to use this option.
Backing Up and Restoring Private Authorities
The Backup Private Authorities backup set option applies to System i objects with the Private Authority (PVTAUT) parameter (This parameter was introduced in IBM i 6.1).
When PVTAUT is set to *YES, you will be able to save the private authorities attached to your saved objects. These updated commands will store and restore Public Authorities, Owner and object authorities, Primary group and primary group authorities, and the names of authorizations lists linked to the saved object.
NOTE: IBM cautions against using this option for .individual objects only because PVTAUT increases the amount of time needed to save an object. It is not recommended that you select this option for large scale backup and recovery of user data.
Configuring the System i Server
Define the following settings on the System i Server before performing backups / restores.
• Create a special user on the System i Server for the purpose of backup. Do not use this user for any other purpose. This user must also have:
• the user class *SECADM on its user profile
• the special authorities *SECADM *ALLOBJ *JOBCTL
• the *SAVSYS special authority if a backup of the system info is required
You can change the above parameters using the following command:
CHGUSRPRF USRPRF(user_name) USRCLS(*SECADM) SPCAUT(*SECADM *ALLOBJ *JOBCTL)
• To exchange data between a System i Server and DS-Client, the folder DSBUFFER and one or more subfolders must be created in the "root" IFS system. To create these folders, type the following command(s) from the command prompt:
MD DIR('/DSBUFFER')
MD DIR('/DSBUFFER/folder_name')
• Create two libraries on the System i Server: LIBIN and LIBOUT. These are the locations where DS-Client creates the save files (the System i Server equivalent of a database dump file). To create these libraries you can use the following commands:
CRTLIB LIB(LIBIN)
CRTLIB LIB(LIBOUT)
The LIBIN and LIBOUT libraries are used as a buffer to transfer save files from or to the System i Server. In addition, these libraries could be used by the System i Server administrator to locate a save file for a manual restore (in case the "Restore only dump file" option is checked, or on unsuccessful completion of a restore process).
• [Windows DS-Clients only] Install iSeries Access for Windows on the DS-Client computer using the following installation program:
\\<System i Server>\QIBM\ProdData\Access\Windows\Install\Image\Setup.exe
Refer to your iSeries Access for Windows documentation for further instructions.
• DSBUFFER share: To create and execute backup sets, the DSBUFFER folder must be shared (with read/write permissions). You can manage the DSBUFFER share in the iSeries Navigator or System i Server Operations Navigator.
• Firewall: If there is a firewall between the DS-Client computer and the System i Server to backup, the ports 139, 449 as well as the ports between 4400 and 4407 must be opened.
Services Required on the System i Server
The System i Server must be running the TCP/IP jobs. They can be started with the STRTCP command. To start the TCP application server jobs individually, you can use the STRTCPSVR command with a corresponding parameter.
• For Windows DS-Clients, the Netserver is required. This can be started using the command STRTCPSVR SERVER(*NETSVR).
• For Unix DS-Clients, the FTP TCP/IP server is required. This can be started using the command STRTCPSVR SERVER(*FTP).
System i Server Backup Checklist
Use the following checklist to quickly verify if a System i Server machine is properly configured.
General checklist |
| (Windows) DS-Client computer: verify iSeries Access is installed |
| System i Server: Login as QSECOFR or a user with equivalent rights to perform the following checklists |
Backup user checklist |
| Run the following command: DSPUSRPRF USRPRF(USERNAME) |
| Verify user class *SECADM |
| Verify special authorities *SECADM *ALLOBJ *JOBCTL |
| If you need to backup the System i Server system information, verify special authority *SAVSYS |
Buffer folder checklist |
| Verify DSBUFFER is shared with read/write permissions using System i Server Operations Navigator or iSeries Navigator on the DS-Client PC |
| Run the following command: WRKLNK OBJ('/DSBUFFER') |
| Verify at least one folder exists |
Libraries checklist |
| Run the following command: WRKLIB LIB(LIB*) |
| Verify libraries LIBIN and LIBOUT exist |
Firewall checklist |
| Verify ports 139, 449, 4400-4407 are open (Perform only if there is a firewall between the System i Server and the DS-Client computer.) |
System i Server Disaster Recovery
The following section explains how to perform a System i Server disaster recovery given the following scenario:
A backup of the System i Server’s operating system is made on tape. Your Windows DS-Client has backups of the System i Server’s data and System Info.
1. Perform the following manual steps to get the System i Server running:
a) Repair or obtain a replacement System i Server machine.
b) Restore the LIC from your Full Tape Backup (The PTF level of the original system must be restored on the backup machine).
c) Restore the i5/OS.
2. Configure the following networking services on the System i Server:
• Client Access
• TCP-IP
• The Host servers
4. From DS-Client (DS-User > Restore Wizard), restore the System i Server System Info:
• Restore the user profiles
• Restore the configuration
5. After the System i Server’s operating system and system info are restored, you may restore the user data. After user data is restored, you must restore authority. See
“Known System i Server restore issues”.
Library naming limitations for Linux DS-Client
Use only these characters in the naming of libraries, user profiles, files, and all types of objects when using Linux DS-Client to perform the backup and restore of iSeries servers:
• Alphanumeric characters: A - Z, 0 - 9
• These specific characters in the English Code CCSID 037: $, #, @
Linux DS-Client performs the backup and restore for iSeries backup sets through integration with the IBM FTP module. The IBM FTP module limits the naming of the libraries, user profiles, files, and objects to the characters listed above. Other special characters, such as Æ, Ø, £, and §, are not supported and will prevent successful backup and restore when used.
The above library naming limitations do not apply to the backup and restore of iSeries servers using Windows DS-Client.
Known System i Server backup and restore issues
Consider the following issues when performing backups and restores:
Disk space
The necessary free disk space required for DS-Client to dump files is as follows:
• Windows DS-Client: 2 X (largest file’s size X number of threads)
• Linux DS-Client: largest file’s size X number of threads
Reducing the number of threads means less disk space is required; however, doing so also increases processing time because batch processing will replace parallel processing.
Backup and restore time
Windows DS-Client will require 30%-60% additional time for backup and restore partly because of the disk space used for backup and restore, as described above in
“Disk space”.
Known System i Server backup issues
Due to the iSeries server’s own features, there are some issues to consider when performing backups:
Time span
As a rule, file-level backups will take a lot of time because the internal operations needed to process a file are time and resource consuming. Therefore, it is highly recommended to back up at the library level when there are more than 2000 objects. Library-level backups could be 70%-80% faster when compared with file-level backups.
Library-level backup as a faster option with one exception
Backing up individual objects is a faster option only when a library contains many objects, but only a few of them are expected to ever change. In that case, the size of all changed objects will be much smaller than the library size.
However, the initial backup of individual objects will require more time than an initial backup at the library level.
QUSRSYS library
To save the system directory files, you must end the QSNADS subsystem before saving the QUSRSYS library.
QPFRDATA library
To save the system performance data, you must end the performance monitor before saving the QPFRDATA library.
System iV5R4: Backup of Private Authorities not available
The PVTAUT parameter does not exist in System i v5R4. Hence, even if the option Backup Private Authorities is selected in a backup set for this version, private authorities will not be backed up by DS-Client.
Known System i Server restore issues
User profiles
• Due to the RSTUSRPRF command’s own restrictions, the following situations may apply to user profiles being restored:
• If a user profile exists on the system, but not on the media, the system profile remains.
• If a user profile exists on the media, but not on the system, a new user profile is created
• If the user profile exists on both the media and the system, the media user profile is restored.
• If the user profile exists on the media and is being restored individually, a new user profile is created without its password or group connection.
• If the user profile exists on both the media and the system, and is being restored individually, the media user profile is restored. However, the password and group connection on the system remains unchanged.
• If all user profiles are being restored, the passwords and group connections are also restored from the media.
• If user profiles exist on the system, there are no changes to the existing objects’ authorities.
• To restore all user profiles with USRPRF(*ALL), all other operations on the system must be stopped. Since DS-Client cannot connect when the system is in restricted state, DS-Client cannot restore with the option *ALL, therefore DS-Client restores all user profiles from online individually. If you need to restore using USRPRF(*ALL) or RSTAUT, you must restore the dump file first, and then restore the user profiles manually from the SAVF that was delivered by the dump file restore process.
• The RSTUSRPRF(*ALL) command is normally used after the restore of the operating system, but before the user libraries are restored. The user profiles must be restored before any libraries or objects belonging to them can be restored. After the libraries and their objects are restored, the authority for the objects is restored to the user profiles using the RSTAUT command. Refer to your System i documentation for more information on restoring the system.
• By default, a restore of a user profile will make the following changes to the user profile’s attributes:
• Group Profile (GRPPRF) value is set to *NONE
• Owner of new object (OWNER) value is set to *USRPRF
• Group authority (GRPAUT) value is set to *NONE
• Password is set to *NONE
This means the message CPF1118: No password associated with user ABC is generated if the user attempts to sign-in without initializing the password.
Queues
The contents of the queues are empty (e.g. there are no spool files or jobs waiting for execution).
IBM Supplied Libraries
• As a security measure, when restoring IBM User Libraries and/or IBM System Libraries, DS-Client only restores the dump file *SAVF. Then, the System i Operator may put the server into Restricted State and can complete the restore process using normal System i OS restore commands (via the main console).
• You cannot restore IBM Supplied Libraries as a whole. However, you can restore individual objects through a Restricted State restore (as described above).
Restoring *DTAQ objects
A *DTAQ object cannot be restored over an existing one of the same name. While restoring *DTAQ object(s) through DS-Client into System i servers, you must first manually delete existing *DTAQ(s). Otherwise, DS-Client will encounter System i error CPF3756 and possibly CPD2415 and CPF3770.
Alternatively, you can restore the data queue object(s) to another library.
Restoring *PVTAUT
While restoring *PVTAUT, you must ensure that the object has been backed up with private authorities. Otherwise, DS-Client will encounter System i errors CPF3780 (file for library &1 not found) and CPD37BB (Objects from save file &1 in LIBOUT not restored).
• CPF3780 - The data in the save file or on the tape, diskette or optical volume did not match the specified parameters.
• CPD37BB - You specified *YES for the private authorities (PVTAUT) parameter for restore, but objects in save file &1 in library &2 were saved without their private authorities.
System i Error Messages on Windows DS-Client
The following error message may appear for System i backup sets on a Windows DS-Client:
CPD0084 - '*DTADCT ' NOT VALID FOR PARAMETER OBJTYPE.
Error Description
• A Data Dictionary is not intended to be backed up as an individual object.
• This will also generate the following CPF errors for every single Data Dictionary object (LF/PF):
CPF3876 - FILE QIDCTL## IN library_name NOT SAVED OR RESTORED.
CPF3870 - NO FILES MET FILEMBR SELECTION CRITERIA.
CPF3871 - NO OBJECTS SAVED OR RESTORED; 0 OBJECTS NOT INCLUDED.
Resolution
The library where the Data Dictionary and its objects reside should be backed as a whole without selecting the option Individual Obj.