SCA Book

From SEPsesam
This page contains changes which are not marked for translation.
Draft.png WORK IN PROGRESS
This article is in the initial stage and may be updated, replaced or deleted at any time. It is inappropriate to use this document as reference material as it is a work in progress and should be treated as such.

Part I: Introduction

Imprint

Any form of reproduction, duplication or distribution of the contents, in part or in whole, is allowed only with the express written permission of SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to provide accurate and correct information. However, the information in the SEP sesam user documentation is subject to change without notice due to continuous product development. SEP AG cannot guarantee the accuracy of the explanation and shall not be liable for the use of the provided information and product implementation.

SEP sesam and SEP-related modules are trademarks of SEP AG. All other trademarks used at this site are the property of their respective owners.

SEP sesam Release Versions

Release Version Release date Release notes Specific extension versions End of support
5.1.0 Apollon V2 5.1.0.14 March 6, 2024 Apollon V2 Release Notes
5.1.0 Apollon 5.1.0.7 July 25, 2023 Apollon Release Notes
5.1.0.6 June 20, 2023
5.1.0.5 May 24, 2023
5.0.0 Jaglion V2 5.0.0.15 SP1 March 6, 2023 Release Notes 5.0.0 Jaglion V2 & Service Packs
5.0.0.15 February 8, 2023
5.0.0.12 SP1 November 4, 2022
5.0.0.11 August 22, 2022
5.0.0.9 SP3 August 4, 2022
5.0.0.9 SP2 July 21, 2022
5.0.0.9 SP1 June 30, 2022
5.0.0 Jaglion 5.0.0.4 SP1 March 28, 2022 Release Notes 5.0.0 Jaglion April 2024
5.0.0.4 February 28, 2022
5.0.0.3 December 29, 2021
4.4.3 Beefalo V2 4.4.3.86 July 5, 2021 4.4.3.86 Beefalo V2 Release August 2023
4.4.3.84 SP2 December 16, 2020 Beefalo V2 Service Pack Releases (SP1 and SP2)
4.4.3.84 SP1 October 14, 2020 Beefalo V2 Service Pack Releases (SP1 and SP2)
4.4.3.79-.84 May 11, 2020 - August 3, 2020 Release Notes 4.4.3 Beefalo V2
4.4.3 Beefalo 4.4.3.70-.72 July 25, 2019 Release Notes 4.4.3 Beefalo August 2022
4.4.3 Grolar 4.4.3.60-.64 July 23, 2018 - October 29, 2018 Release Notes 4.4.3 Grolar October 2021
4.4.3 Tigon V2 4.4.3.48 December 5, 2017 Release Notes 4.4.3 Tigon V2 December 2020
4.4.3 Tigon V1 4.4.3.42 August 10, 2017 Release Notes 4.4.3 Tigon September 2020
4.4.3 4.4.3.22-.29 September 21, 2016 - April 4, 2017 Release Notes 4.4.3 January 2020
4.4.2 4.4.2.66-.88 August 6, 2015 - April 27, 2016 Release Notes 4.4.2 January 2020
4.4.1 4.4.1.14-.48 July 16, 2014 - March 11, 2015 Release Notes 4.4.1 January 2020
4.2.2 4.2.2.1-.40 June 25, 2013 - August 4, 2014 Release Notes 4.2.2 September 2016
4.2.1 4.2.1.5-.41 July 16, 2012 - January 18, 2013 Release Notes 4.2.1 December 2014
4.0.5 4.0.5.26, 4.0.5.28 February 24, 2012 Release Notes 4.0.5 July 2013
4.0.3 4.0.3.30 July 13, 2011 / September 29, 2011 Release Notes 4.0.3 July 2013
4.0.2 4.0.2.13, 4.0.2.30 June 2011 Release Notes 4.0.2 July 2013
4.0.1 4.0.1.19 November 2010 / May 2011 Release Notes 4.0.1 July 2013
3.6 3.6.4.x October 2009 / August 2010 Release Notes 3.6 June 2012
3.4 3.4.1.x August 2008 / October 2009 Release Notes 3.4 December 2010
3.0 3.0.1.xx 2006/2007 Release Notes 3.0 December 2009



Part II: Architecture Overview

SEP sesam Requirements

SEP sesam Requirements/en

Directory layout

Directory Layout/en

Part III: SEP sesam Installation and Configuration

Licensing

SEP provides a flexible approach to licensing of hybrid SEP sesam backup solutions that simplifies procurement and meets the specific needs of different organizations.

SEP sesam licenses fall into one of the following broad categories:

Unit-based licensing

SEP's unit-based licensing model begins with the main Backup Server (SEP sesam Server) as the first unit. All additional units are separated in different tiers for different workloads.

The concept behind this model is to license only what the customer actually uses.

Capacity-based licensing

SEP also offers capacity-based licensing models that provide convenient and flexible licensing for ever-changing environments.

SEP sesam's volume licensing model is primarily aimed at large and dynamic security environments where numerous different database or groupware applications are deployed. Rental licenses are based on volume and provide maximum flexibility with minimal administration effort and no additional cost. This license is ideal for large installations, without depreciation expense.

With this model, customers have access to most features and functionality and the only relevant factor is the amount of data backed up. Customers are able to customize their backup solutions to their specific financial blueprint and infrastructure.

SEP licensing models

For more information on SEP licensing models and available licenses, contact SEP sesam sales.

SEP volume perpetual licensing

The SEP volume licensing model is based on front-side data volume size. In addition, further differentiation is made according to the type and complexity of the databases used (Level 2 and/or Level 3). Licenses are perpetual and maintenance is included for the first 12 months. After the subscription expires, SEP sesam savesets can still be used for restores, but backing up data is no longer possible.

Calculating front-side capacity

All SEP sesam capacity-based licenses are calculated by how much original, source-side data is protected (front-side TB). This equates roughly to the sum of all files, databases and hypervisor snapshots of the clients to be backed up. In practice, this means that the maximum volume of all backup jobs (normally the largest FULL backup) is calculated, provided it is stored on any SEP sesam media (retention policy). The original data is calculated before deduplication or compression.

SEP subscription licensing

SEP sesam subscriptions are purchased per year, based on the data volume per front-side terabyte and depend on the utilization of the SEP database agents. Maintenance is included in each subscription timeframe. Subscriptions are licensed for a period of 12 months and include full maintenance.

After the subscription expires, SEP sesam savesets can still be used for restores, but backing up data is no longer possible.

SEP unit licensing

The SEP sesam unit model provides unit-based licenses tailored to a customer's individual needs. Licensing is modular and scalable, expansions of any license components (Tier1, Tier 2, Tier 3, Users and Data Volume) can be made at any time. Maintenance is included within the first 12 months.

To calculate the units you can use our online unit-calculator: sesam unit calculator

SEP maintenance

All SEP sesam Backup Server licenses for volume models, classic models and SAP Business One Edition include 12 months maintenance. SEP maintenance consists of software updates (incl. latest features, patches and bug fixes) or renewal services and technical support. Extensions (at initial purchase or later) are always adopted to the runtime of an existing SEP sesam Backup Server environment and include a maximum maintenance validity of 12 months. Excluded are consulting services, such as analysis of the data to be backed up, infrastructure analysis, determination of the target state, creation of a solution concept, and installation services.

VM Essential Edition

The SEP sesam VM Essential Edition is licensed according to the number of installed sockets. A maximum of 6 sockets and up to 50 virtual machines can be used in one license environment. VM Essential (Plus) Edition VMware and Essential (Plus) Edition Hyper-V can be mixed. Note that it is not possible to combine VM Essential and VM Essential Plus editions.

It is not possible to extend functionality, but it is possible to switch to the volume licensing model.

Managed Service Provider

The SEP MSP licensing model is suitable for managed service providers and data center operators who use SEP sesam to offer Backup as a Service (BaaS) to their customers. Based on long-term contracts with different service levels, you get a complete full-service package.

Licensing is based on units divided into 3 different tiers (Standard, Enterprise or Enterprise Plus) or based on the TB data volume (front-side capacity), which is divided into service classes for database usage (Level 2 and Level 3). It is not possible to mix these two license models.

Offers, order confirmations and invoices are issued on a monthly basis.

The SEP sesam MSP maintenance consists of the software upgrade, the update service and the SEP sesam 2nd and 3rd level support. Excluded are consulting services, such as analysis of the data to be backed up, analysis of the infrastructure, determination of the target state, creation of a solution concept, and installation service. During the maintenance period, customers can download patches and bug fixes as well as the latest SEP sesam versions.

After the first qualified error analysis, SEP is available to the MSP for 2nd and 3rd level support via the SEP hotline (+49 (0) 8024 464 464 4) from Monday to Sunday (available 24 hours a day). For details on current support information, contact SEP sesam sales: sales@sep.de.

Also available are SEP CAPS (SEP Cloud App Protection Service) licenses for Cloud-2-Cloud backup and restore of SaaS applications such as Microsoft 365, Dynamics 365, Google Workspace, and Salesforce.

Data volume of backed up items is limited to 1 TB per user, but can be split among all users as desired. There is no charge for uploading/downloading data and inactive users (excluded from the backup) are not charged.

SEP Community Edition

SEP sesam now offers a free community edition (CE) license for home use and test environments (a non-commercial use license). After registration an email with the community edition license will be sent to you. The CE license works with all SEP sesam standard products from our download center.

With the CE license you can use the following components:

Backup Data:

  • no limits for the frontside data

Backup Options:

  • 5x backup clients
  • 1x RDS
  • 3x Streams
  • 1x NDMP
  • 1x NetApp
  • 1x of each supported hypervisors (except Nutanix AHV) incl. 5 VMs per hypervisor
  • 1x L2 database (PostgreSQL, MSSQL, MySQL)
  • 1x L2 application (Groupwise, Kopano, OpenLDAP, IMAP)
  • 5x mailuser

Backend Infrastructure:

  • 3 TB storagepool
  • 1 TB Si3 deduplication (with replication and source side deduplication)

License administration

Requirements

To create an application-specific license, you need the following information about the SEP sesam backup server:

  • Host name
  • IP address
  • Delivery note number
  • Hardware platform (i386, x86, PPC, ia64, ...)

The SEP sesam Server name and IP address can be found in the SEP sesam GUI menu bar: Help -> License Info or by using the keyboard shortcut ALT + L.

Information about the delivery note number and the hardware platform can be retrieved on the Linux console with the command:

uname -i

or on the Windows command line with the command:

set

Send this information to sales@sep.de. If you have any questions during the 30-day installation support period, please contact SEP sesam sales.

Information sign.png Note
After installing SEP sesam, all features are available without restriction for 30 days. Seven days before the temporary license expires you will be reminded about the upcoming license renewal. After the 30-day period has expired, the backup functions of the software are disabled. However, restores up to this point are still possible.

Entering a license

Licenses are usually sent as an attachment by email. The attachment contains the license file, which you must enter on the SEP sesam Server.

  • extract the file sm_lic.zip on the target machine
  • copy the file sm_lic.ini to <SESAM_ROOT>/var/ini

To determine the correct hostname and IP address for your SEP sesam license, follow these simple instructions:

  • In the SEP sesam GUI menu bar, select Help -> License Info.
  • UNIX command line:
 #> source <SESAM_ROOT>/var/ini/sesam2000.profile 
 #> sm_info c  
  • Windows command line:
> <SESAM_ROOT>\var\ini\sm_prof
> sm_info c
Information sign.png Note
Before entering a new license, make a backup copy of your existing license. If there are any problems with the new license, you can always restore your working state with the original license.

Changing an existing license

If the IP address or server name of the backup server is changed, you have to transfer a SEP sesam Server license. This includes adapting the existing server license to match the changed server name and/or the new IP address.

Send the old and new license information to SEP AG (by email to sales@sep.de) to ensure that there were no errors during the transfer and to notify the contact person.

The transferred license is sent by email within the warranty response time. New versions of the existing license and service documentation are created and the customer center is updated.

License transfer is free of charge for customers with an existing SEP upgrade contract.

License and service documentation

In addition to the license file, which is sent in digital form (usually by email), the customer also receives license certificates for the purchased modules and an upgrade/support card (if they have opted for an upgrade or support contract).

The documentation contains a summary of all relevant information (IP address, server name, license details, runtime and response times) and is sent by regular mail or as a PDF document by email.


About Installation and Update

4 4 3 Beefalo:About Installation and Update/en

SEP sesam Components

SEP sesam Components/en

SEP sesam Quick Install Guide

The complete SEP sesam environment consists of different modules, which can be combined as needed to implement an optimized backup. The nodules interact with each other via SEP API,s which are also used for interaction with other software.

Essential modules

The essential modules of any SEP sesam environment are: SEP sesam Server, SEP sesam GUI, SEP sesam Remote Device Server (RDS), and SEP sesam Client(s). Each module is installed separately. The SEP sesam environment is managed centrally by the SEP sesam GUI.

Additional modules

SEP sesam also provides additional modules and functionality that enable consistent backup of databases (Oracle, MS SQL, IBM DB2, Informix SAP R/3, etc.), applications (such as SAP), groupware systems, and virtualization environments. Some of these extensions are already part of a Client package, others require a separate license to work. For details on licenses, see Licensing.

General requirements

Use the following checklist before installing SEP sesam to ensure a successful installation.

  • Check the latest Release Notes and look for important installation information.
  • Ensure that the target computer is running a supported version of Windows or Linux with the latest updates. Check the SEP sesam OS and Database Support Matrix for details. For a list of all supported extensions and their configuration, see Extensions.
  • The SEP sesam GUI requires a screen resolution of at least 1920x1080 (full HD). In order to adjust SEP sesam for HiDPI displays, make sure that you use the relevant Java version. To adjust your SEP sesam for high-resolution display, refer to HiDPI Display Support.
  • SEP sesam uses name resolution for communication between server and client. You should test the DNS name resolution by simply sending a ping (with long and short name) from the server to the client and back. For details on DNS resolution check, see How to check DNS configuration.
  • Make sure that all SCSI devices used are recognised by the operating system on which you install SEP sesam. SEP sesam checks the storage devices connected to the SCSI bus during installation and adds their data to the database. SEP sesam can only see devices that are recognised by the operating system.
  • Deactivate or remove the antivirus software before installing SEP sesam components on each computer. Failure to disable active antivirus software may result in a failed, corrupt or incomplete installation. If antivirus software is installed, it is strongly recommended to turn off any on-demand scanning while a backup is running. For more details, see Antivirus Exclusions for SEP sesam.
  • It is recommended to disable the firewall to avoid problems during the SEP sesam installation. Once SEP sesam is installed, you can enable the firewall with exceptions for the SEP sesam services.
  • For details on the SEP sesam default ports, see List of Ports Used by SEP sesam.
  • Check the Windows or Linux specific requirements.
Information sign.png Note
Once you have determined how you want to set up your SEP sesam environment, you can install the necessary components. Note that the installation procedure depends on the platform on which you are installing a SEP sesam package and that Java is required on all systems that serve as SEP sesam Server, SEP sesam GUI Client or SEP sesam Remote Device Server (RDS) when Si3 deduplication is used. For details, see Installing and Managing Java.

After you have installed and configured your SEP sesam components according to your environment, SEP sesam provides free updates from previous versions of SEP sesam to new versions and new features within the maintenance period. During this period you can download patches and bug fixes as well as the latest SEP sesam versions, provided you have a valid license. For details, see Updating SEP sesam.


Microsoft Windows installation

Prerequisites

  • Before you start with SEP sesam installation, check the general requirements above.
  • Make sure you are logged in as the local administrator or domain administrator.
  • For remote access via remote desktop connection (RDC), the RDC administrator needs the same access rights as the local administrator.
  • To install any of the SEP sesam components (SEP sesam Server, RDS, Client or GUI), you need an installation file, which you can download from SEP Download Center. Make sure you download the correct file for your processor type.
    • The .Net Framework 4 is required for the SEP sesam Server installation and can be deselected for all other SEP sesam components during installation.
  • A SEP sesam Server (including the GUI) and the GUI installation require a Java Runtime Environment (JRE) installed on the system, see Installing and Managing Java and check Java versions.
Information sign.png Note
SEP sesam RDS does not have its own installation package. To install RDS, use the SEP sesam Server package.

Installation

SEP sesam provides four installation packages: SEP sesam Client, SEP sesam GUI, SEP sesam RDS and SEP sesam Server (contains the Client and GUI components). You also have the option to install the Server Disaster Recovery feature. In the following installation example, we use the SEP sesam Server installation package without the Server Disaster Recovery feature.

  1. Locate the download folder where you saved the SEP sesam installation package and double-click the sesam-srv-<Version_ID>-windows.x<SysType>.exe file to start the installation. Select your installation language and click Next.
  2. You can select to install the Server Disaster Recovery feature. In this case the installation procedure is slightly different than described. Click Next.
    Install-DR.jpg
  3. Accept the license agreement terms and click Next again.
  4. Choose whether you want the SEP sesam services to run under the Standard system account or a Custom user account. It is recommended to give the SEP sesam Server services a Domain user account belonging to the Domain admins and Local administrators groups. After you have selected a user account, click Next.
    Install-account.jpg
  5. Select an installation directory for the program files (including the folders <SESAM_ROOT>\bin and <SESAM_ROOT>\skel) and the application data (including the folder <SESAM_ROOT>\var. This folder requires considerable storage space if you are installing a server). Click Next.
    Install-directory.jpg
  6. In the next window, select which of the four SEP sesam components you want to install (SEP sesam Server, SEP sesam Remote Device, SEP sesam GUI or SEP sesam Client). After selecting the component to be installed, a pop-up window may appear asking whether available service packs should be installed automatically after successful installation. You can also select additional features, such as SEP sesam BSR Pro or PostgreSQL.
    Information sign.png Note
    • SEP sesam recommends using PostgreSQL for complex enterprise environments with many tasks, high performance expectations (due to PostgreSQL's ability to support multiple concurrent writers and read/write at fast speeds), and security and authentication requirements.
    • Upgrading from SQLite to PostgreSQL is currently not supported, except with the help of SEP support.

    Install-components.jpg

    SEP Tip.png Tip
    The SEP sesam Server package already includes all other components. If you install a Remote Device Server (RDS), you can also include a GUI. If you install a GUI, you can also include the Client.
    After you have selected a component, click Next.
  7. Choose if you want to download and install SEP sesam Service Packs (if available) after the installatation is completed.
    Install-SP.jpg
  8. Depending on which components you install, proceed accordingly:
    • If you are installing the SEP sesam Server, click Install and then Finish to complete the installation.
    • If you are installing the Server Disaster Recovery feature, select the external database file that will be used for Disaster Recovery.
    Install-DB.jpg
    • If you are installing the SEP sesam RDS, the SEP sesam GUI or the SEP sesam Client, enter the name of the SEP sesam Server (in the example below, the name of the server is Informatix).
    Information sign.png Note
    You must enter the hostname and not the IP address of the SEP sesam Server. The server name may not contain underscores.

    Install-hostname.jpg

  9. Click Next. The firewall information dialog is for informational purposes only. Take note of the information and click OK. Click Install to install the selected SEP sesam component and then click Finish to complete the installation.

If you have problems or questions about the installation, also see FAQ: Installation and configuration.

Linux

SEP sesam provides RPM packages for the most common Linux distributions (for example, SuSE and RedHat) and DEB files for Debian Linux distributions. The latter run on most Debian-based distributions, such as Ubuntu. For details on SUSE- and RedHat-based distributions, see RPM Repository. For more information on Debian packages, see Debian Repository.

Prerequisites

SEP sesam Server installation

SLES-based distributions

SLES includes the standard tool zypper, which is common for package management. With this tool packages can be installed (and uninstalled) via the command line. Before you install any of the SEP sesam components (e.g., Server, Client or GUI), make sure you have properly configured the RPM repository for SLES-based distributions. For details, see RPM Repository.

The SEP sesam Server package includes all dependencies needed for the standard SEP sesam Server installation. For details on the supported SLES versions, see SEP sesam OS and Database Support Matrix.

On SLES 15 (SP1 through SP4) it may be required to activate the following package modules prior to SEP sesam installation to meet all required dependencies for the SEP sesam Client packages:

Module-Basesystem
Module-Server-Applications
Module-Legacy

These modules are part of the installation DVD; in case no online subscription is available, they can be added via:

zypper ar dvd:/Module-Server-Applications DVD-Server 
zypper ar dvd:/Module-Basesystem DVD-BASE
zypper ar dvd:/Module-Legacy DVD-Legacy 

On SLES12 it is recommended to install the required Java packages before installing SEP sesam Server to avoid possible installation errors. Use the following command sequence:

zypper install java-11-openjdk

To install or update the SEP sesam Server, use the following command:

# zypper install sesam_srv<version.OS.system_type>
SEP Tip.png Tip
To perform a simple update without adjusting the dependencies of the installed SEP sesam version, e.g., on SLES11, you can use the command rpm -Uvh (only recommended for advanced administrators!). Alternatively, update the server with the above zypper command.

RHEL/CentOS-based distributions

All RHEL- and CentOS-based distributions include the standard yum tool, which is common for package management. This tool can be used to install (and uninstall) packages from the command line. Before you install any of the SEP sesam components (e.g., Server, Client or GUI), make sure you have properly configured the RPM repository for RHEL-based distributions. For details, see RPM Repository.

The SEP sesam Server package includes all dependencies needed for the standard SEP sesam Server installation. For details on the supported RHEL/CentOS-based versions, see SEP sesam OS and Database Support Matrix.

To install the SEP sesam Server, use the following command:

# yum install sesam_srv<version.OS.system_type>
Information sign.png Note
On RHEL, the SEP sesam installation changes the permissions of /var/run/postgresql to grant PostgreSQL access rights to SEP sesam users.

Debian-based distributions

The Debian-based distribution (Debian/Ubuntu/UCS) includes the standard tool apt-get which is common for package management. With this tool packages can be installed (and uninstalled) via the command line. Before you install any of the SEP sesam components (e.g., Server, Client or GUI), make sure that you have properly configured the Debian repository. For details, see Debian Repository.

The SEP sesam Server package includes all dependencies needed for the standard SEP sesam Server installation. For details on the supported Debian-based versions, see SEP sesam OS and Database Support Matrix.

To install the SEP sesam Server, use the following command:

root@hostname#: apt-get install sesam-srv

Use the following command to install *.deb files:

dpkg -i sesam-srv<version.system_type>.deb
Information sign.png Note
Installing SEP sesam on Debian and Ubuntu requires additional steps. For details, see Debian Repository.

SEP sesam Client installation

Information sign.png Note
As the SEP sesam GUI already contains the client components, the SEP sesam Client package cannot be installed in addition to the GUI.

To install the SEP sesam Client, select the download folder where you have saved the SEP sesam Client installation package.

  • For SLES-based distributions, use the following command:
# zypper install sesam_cli<version.OS.system_type>
  • For RHEL (Red Hat Enterprise Linux), use the following command:
# yum install sesam_cli<version.OS.system_type>
  • For Debian-based distributions, use the following command:
root@hostname#: apt-get install sesam-cli

Use the following command to install *.deb files:

dpkg -i sesam-cli<version.system_type>.deb
Information sign.png Note
Installing SEP sesam on Debian and Ubuntu requires additional steps. For details, see Debian Repository.

Run the following command on the SEP sesam Client to grant access rights to the SEP sesam Server and allow it to contact and back up the client:

/opt/sesam/bin/sesam/sm_setup set_client <SEP sesam Server Name>

If you have problems or questions about the installation, see FAQ: Installation and configuration.

SEP sesam GUI installation

The SEP sesam GUI package is intended for managing the SEP sesam Server from another computer.
Note: As the GUI component is already included in the SEP sesam Server package, it cannot be installed additionally on the SEP sesam Server.

To install the SEP sesam GUI, select the download folder where you have saved the SEP sesam GUI installation package.

  • For SLES-based distributions, use the following command:
# zypper install sesam_gui<version.OS.system_type>
  • For RHEL (Red Hat Enterprise Linux), use the following command:
# yum install sesam_gui<version.OS.system_type>
  • For Debian-based distributions, use the following command:
root@hostname#: apt-get install sesam-gui

Use the following command to install *.deb files:

dpkg -i sesam-gui<version.system_type>.deb
Information sign.png Note
Installing SEP sesam on Debian and Ubuntu requires additional steps. For details, see Debian Repository.

On KDE and Gnome, the installation creates a link on the root user's desktop to start the GUI. This link must point to the correct SEP sesam Server. Open the link properties and add the following parameter to the command line:

-S <SEP sesam Server Name>

If you have problems or questions about the installation, see FAQ: Installation and configuration.

To start the SEP sesam GUI, use the following command:

/opt/sesam/bin/gui/sesam_gui -S <hostname_backup_server>

AIX

For information on supported AIX versions and AIX-related available components, see SEP sesam OS and Database Support Matrix.

Prerequisites

  • Before you start with SEP sesam installation, check the general requirements above.
  • Make sure you are logged in as the root user.
  • The installation of the SEP sesam component for AIX (either the SEP sesam Client or the Remote Tape Server can be installed, depending on availability) requires special RPM packages to be installed using the standard RPM package manager (part of the AIX standard installation). You can download the SEP sesam RPM packages from SEP Download Center and the required prerequisites from: http://www.oss4aix.org/download/ (openssl and readline) and copy them to the AIX system to /tmp/rpm-packages/. Then install the package via RPM:
cd /tmp/rpm-packages/
rpm -i *
Information sign.png Note
For AIX version 7.02, the following folder must be created for sm_ssh to work:

mkdir -p /opt/freeware/lib/gcc/powerpc-ibm-aix7.1.0.0/4.8.3/

  • The SEP sesam GUI requires Java Runtime Environment to be installed on the system. For details on the required Java version, see the Java Compatibility Matrix.

SEP sesam Remote Tape Server or Client installation

  1. Download the relevant SEP sesam package from SEP Download Center and copy it to the /tmp directory on your AIX system. The following example shows the installation of the sesam_rts package. The procedure for installing the SEP sesam Client is slightly different; the name of the package is substituted with sesam_cli.
  2. Unzip the archive by using the following commands:
     gunzip sesam-rts-<version>-aix_powerpc.tgz
     tar -xvf sesam-rts-<version>-aix_powerpc.tar

    A new directory sesam_rts_<version> is created:

     # tar -xvf sesam-rts-4.4.2.58-aix_powerpc.tar 
     x sesam_rts_4.4.2.58
     x sesam_rts_4.4.2.58/aix_rts.4.4.2.58.tgz, 22440192 bytes, 43829 media blocks.
     x sesam_rts_4.4.2.58/sm_setup, 2168068 bytes, 4235 media blocks.
  3. Change to the unzipped directory
    cd sesam_rts_<version>
  4. Execute the setup executable sm_setup as root user:
     # cd sesam_rts_<version>
     # ./sm_setup
  5. Follow the wizard and select the relevant components you want to install, tapeserver or client, respectively:
     # ./sm_setup
     Found 1 valid archive(s): 'aix_rts.4.4.2.58.tgz,'.
     What do you want to install? (tapeserver,client)
     tapeserver
  6. Set the installation directory; the recommended location for installing sesam is /opt/sesam. Make sure that there is at least 10 GB of free disk space available. Optionally, choose another installation directory that has enough free space:
     In which directory do you want to install (If not existing it will be created): 
     /opt/sesam/
     In which directory do you want to install (Read-Write): 
     /opt/sesam/
  7. Specify the SEP sesam Server hostname in your environment; you must provide the DNS hostname of your backup server. The DNS Server must be correctly resolved on the AIX system. For details, see How to check DNS configuration.
     To which SEP sesam Server should be connected?
     backupserver.hostname

Once you specify all the required information, the SEP sesam software installation and configuration start. If you have problems starting the SEP sesam services, check the Troubleshooting Guide.

Mac OS X

Prerequisites

  • Make sure you are logged in as a local administrator or domain administrator.
  • If you want to install a GUI, the Java Runtime Environment must be installed on the system. For details on the required Java version, see the Java Compatibility Matrix.

Steps

SEP sesam does not provide a dedicated MAC OS package. You should download the latest SEP sesam Linux GUI package from SEP Download Center, copy it to your MAC system and extract it with the command:

 ar x <sesam-gui_4.4.3-xx.lenny_i386.deb> && tar xfz data.tar.gz

Copy the extracted directory to your program files directory; then use the <SESAM_BIN>/gui directory:

/opt/sesam/bin/gui/sesam_gui -S <hostname_backup_server>

Or, if your backup server is a Linux system, you can connect via the command line (X must be enabled) and start the GUI:

/opt/sesam/bin/gui/sesam_gui -S <hostname_backup_server>  

The SEP sesam for Mac OS X supports standard file backups with ACLs. Disaster recovery is not supported!

If you have problems or questions about the installation, see FAQ: Installation and configuration.

Univention UCS

For the list of supported Univention UCS versions and available SEP sesam components for UCS, check SEP sesam OS and Database Support Matrix.

Prerequisites

Installing SEP sesam on UCS

You can install SEP sesam on UCS by using any of the following options:

Option 1: Installing via the Univention App Center (only the SEP sesam Server and Client)

  1. Open the Univention Management Console in your browser.
  2. Go to Software -> App Center.
  3. Search for SEP sesam.
  4. Install either SEP sesam Server or SEP sesam Client.

Option 2: Installing via the SEP Debian Repository

  1. Open a terminal session as root user.
  2. Enable Univention unmaintained repositories with the following command (this enables the UCS system to install the dependencies for SEP sesam):
    ucr set repository/online/unmaintained=yes
  3. Add the SEP Debian Repository as described in Debian Repository:
    • UCS 4.2 is based on Debian 8 Jessie.
    • UCS 4.3 is based on Debian 9 Stretch.
  4. Update the repositories by using:
    apt update
  5. Install the SEP sesam package via apt: For example, to install the SEP sesam Server package, use
    apt install sesam-srv

    Other options are listed here: Debian Repository.

Option 3: Installing manually

  1. Open a terminal session as root user.
  2. Enable Univention unmaintained repositories with the following command (this enables the UCS system to install the dependencies for SEP sesam):
    ucr set repository/online/unmaintained=yes
  3. Download the desired installation package from the SEP Download Center.
    • UCS 4.2 is based on Debian 8 Jessie.
    • UCS 4.3 is based on Debian 9 Stretch.
  4. Update the repositories by using:
    apt update
  5. Install the SEP sesam package via apt:
    apt install /path/to/downloadedpackage

Configuring UCS firewall

By default, the Univention firewall is included in all UCS installations, with all incoming ports blocked. You have to enable access to certain ports for SEP sesam to work.

Information sign.png Note
Installing a SEP sesam App Center package automatically opens the required ports for SEP sesam, except for Si3 Replication and REST API.

Disable UCS firewall

You may consider disabling the UCS firewall completely by setting the Univention Configuration Registry variable security/packetfilter/disabled to true:

ucr set security/packetfilter/disabled=yes
service univention-firewall restart

Use SEP sesam with enabled UCS firewall

Check the list of required ports for SEP sesam: List of Ports Used by SEP sesam.

To open a port or a range of ports, use the following commands:

ucr set security/packetfilter/tcp/portnumber_or_portrange/all=ACCEPT
service univention-firewall restart

Client firewall settings

If you want to back up a client behind a firewall using STPD, you have to specify an open port range in the client's STPD Options as follows:

  • Open SEP sesam client Properties and switch to the Options tab. If you have installed a client from the App Center, the port range is 11002-11007.

For more information on client configuration, see Configuring Clients.

Updates

After you have installed and configured your SEP sesam components according to your environment, SEP sesam provides free updates from previous to new versions and features of SEP sesam within the maintenance period. During this period, you can download bug fixes, patches, service packs, and the latest SEP sesam version(s) if you have a valid license.

SEP generally recommends upgrading the SEP sesam Server and Client components to the latest version as part of the regular upgrade process. For the complete list of releases, see SEP sesam release versions.

Information sign.png Note
You always have to update the SEP sesam Server first before updating the client software. For more information about SEP sesam software updates, see Updating SEP sesam.
  • Installing either Windows or Linux-specific distributions is pretty straightforward. For Linux systems, SEP provides special service pack executables that ease the installation of service packs and patches; see Applying Service Packs on Linux.
  • The update of SEP sesam extensions, e.g., BSR Pro for Windows, can be done automatically during the SEP sesam update process.
  • SEP may ask you to install a specific update (i.e. fix, patch or service pack) to address a specific issue. To get instantly notified about SEP sesam vulnerabilities and updates, click to subscribe to the SEP sesam RSS feed.

Update choices.jpg

Updating methods and settings

There are a number of options available for updating SEP sesam software.

Install/Update options in GUI
You can set up your server to automatically check, download and install updates or decide to do it manually, you can update all clients within the location at once or select to update only OS-specific clients (Windows/Linux update), you can exclude a particular client from being updated, etc. For details, see Updating SEP sesam.
CLI command sm_update_client
You can perform all of the mentioned options above by using sm_update_client. The sm_update_client command implements all the features of the sm_update_client, as well as the previously used sm_remote_installer and sm_config_client commands that have been deprecated. For details, see Updating SEP sesam Using CLI.

SEP sesam release cycle

The approximate release frequency of SEP sesam software is once a year for a major release, followed by a minor release that includes all previous fixes and also introduces new features and functionality.

SEP sesam provides executable service packs that ease the installation of service packs and patches. Service packs are cumulative and contain all released bug fixes for the corresponding SEP sesam version. Download and installation of service packs are pretty straightforward on Windows and Linux. For Linux, SEP provides special executable service packs that ease the installation of service packs and patches, see Applying Service Packs on Linux.


Remote Installation of Windows Clients

4 4 3 Beefalo:Remote Installation of Windows Clients/en

Applying Service Packs on Linux

Applying Service Packs on Linux/en

Updating SEP sesam

4 4 3 Beefalo:Updating SEP sesam/en

How to check DNS configuration

How to check DNS configuration/en

Uninstalling SEP sesam

4 4 3:Uninstalling SEP sesam/en

Part IV: SEP sesam Processes and Commands

SEP sesam Processes

4 4 3:SEP sesam Processes/en

How to start and stop SEP sesam

Useful SEP sesam Commands/en

Part V: Using Storage Devices

Configuring Loaders and Drives

A loader (also called tape library or autoloader) is a device that consists of drive(s), a magazine with slots for tape cartridges and a robotic mechanism that moves media between the slots and drives. In SEP sesam there is no dependency to use specific manufacturers' devices or device types; you can check the list of supported hardware at Supported Storage Hardware.

SEP sesam can detect and automatically configure storage hardware in your environment if the hardware is supported and recognized by the operating system (it must be listed in the OS device manager), where the SEP sesam Server or Remote Device Server is installed.

During SEP sesam Server installation, SEP sesam checks the SCSI API of the operating system for connected storage devices and puts accessible device files (SCSI address) into the SEP sesam database. This auto-detection works for most devices, but for certain types of loaders the connection between loader and drives cannot be recognized automatically. You have to manually verify and configure such devices. You also have to manually configure any backup device that is connected after SEP sesam installation. Note that the procedure differs depending on your operating system (Linux or Windows).

Automatically detected storage devices

SEP sesam displays automatically detected backup devices in GUI: Main selection -> Components -> Loaders. All detected loaders are displayed; you only need to select a loader to review its properties, and then click OK to confirm the loader configuration.

SEP Tip.png Tip
It is recommended that SEP sesam auto-configures backup devices, but even for the automatically configured backup devices you should enable persistent naming and check their configuration to configure them as required and avoid errors in SEP sesam operation. See sections Enabling persistent naming for tape devices and Using slu topology for detecting devices.

Preparing loaders and drives

Preparation of storage devices is based on the following general sequence. Note that this sequence might differ for specific devices and might require some additional steps.

  1. Connect a storage device to SEP sesam Server or SEP sesam Remote Device Server (RDS). Follow the configuration instructions specified by the device vendor or the operating system.
  2. Install the latest vendor driver for the tape drives, and also the latest driver for the loader. Note that during SEP sesam Server installation SEP sesam will check the SCSI API of the operating system for connected storage devices and enter working device files (SCSI address) into SEP sesam database automatically. Typically, this auto-detection will work for most devices, but there are some exceptions that need manual verification and configuration of the server operating system to allow device discovery.
  3. Restart the system to ensure that connected storage devices become known to the system.
  4. Check your device vendor documentation for any additional steps that may have to be performed.

Manually configuring loaders and drives

Checking hardware configuration on Windows

If your loader is detected by SEP sesam automatically, you can skip this step. If you have to add it manually to your Windows system, you must ensure that the hardware is recognized correctly by the operating system in the Windows Device Manager.

  1. Open Windows Device Manager and check that the selected hardware is present and recognized, as shown in the example below.
  2. Device Manager Changer known.jpg
    If it is not recognized, it will be shown with a status Unknown Medium Changer as in the following example.
    Device Manager Changer.jpg
    If it is shown as unknown, right-click it and select Update Driver Software to open the Update Driver Software-Unknown Medium Changer window. Then select or download and install the appropriate driver.
    Information sign.png Note
    A wrong driver (or no driver at all) is a common cause of errors. Identify the hardware manufacturer and download the correct driver from their support website to ensure proper configuration of your hardware device. For more information, check the documentation provided by the hardware manufacturer.
  3. In the Device Manager window, also check that the tape drives have a Tape Symbolic Name displayed.

Enabling persistent naming for tape devices

Persistent naming or binding is an option that enforces file names for loaders and tape drives, thus making them persist across reboots of the operating system. Without this feature the SCSI addresses may be changed during reboots, especially in environments with several tape libraries attached to a server, and the operating system might mix the SCSI addresses between different loaders and library tape drives. Consequently, SEP sesam may have problems accessing devices, such as unloading incorrect drives, read/open errors, volume errors, lost connections ...

Persistent naming means using symbolic names for loaders, tape drives in autoloaders and tape libraries, as well as for single tape drives. These names stay unique during server reboots, regardless of the order in which the operating system discovers the tape hardware. For example, while Tape0 is a logical name that could change during system restart, the persistent name Tape2147483644 is unique and will not change.

Configuration of persistent naming depends on the used driver. Once OS is configured for persistence naming, update SEP sesam configuration with the help of slu topology.

Information sign.png Note
Persistent naming is not part of SEP sesam as each hardware vendor handles it differently. If you need any assistance, consult your respective OS and hardware vendor support. The following information are only for reference and are not meant to replace the official vendor documentation.

Configuring persistent naming on Windows

To enable persistent bindings of symbolic tape and library names, you have to modify the registry key. Make sure that you have a valid SEP sesam and operating system backup before proceeding!

Standard Windows drivers
For standard Windows drivers, proceed as follows:
  1. Open Registry Editor: use Start and type regedit.
  2. Locate and select the following registry subkey:
  3.  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Tape
  4. From the Edit menu, select New and then DWORD Value.
  5. Type Persistence and then press ENTER.
  6. Right-click the Persistence registry entry, then click Modify.
  7. Type 1 in the Value data box, and then click OK.
  8. Close Registry Editor and restart the computer.

When you set the Persistence registry entry to 1, symbolic names become persistent. For example, if your tape drive has the name \\.\\tape1, this name is reserved for use by that device even after your server reboots.

IBM drivers
For IBM drivers, proceed as follows:
  1. Go to
     HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ibmtp2k''<x>'' 
    where value <x> in ibmtp2k specifies the Windows Server version, for example, ibmtp2k8 for Windows Server 2008, ibmtp2k12 for Windows 2012, and ibmtp2k16 for Windows 2016, respectively.
  2. Add DWORD:PersistentNaming=1.
  3. Close Registry Editor and ensure that AutoRun is set to 0 for the driver prior to rebooting; for details, see official Microsoft documentation, e.g., Windows Server 2003 cannot perform backup jobs to tape devices on a storage area network or refer to the article Disable Autorun/Autoplay.
  4. Restart the computer.

For more details, see IBM article Configuring drives with persistent naming with IBM devices on Windows.

HP LTO drivers
For HP LTO drivers, follow the procedure as provided by data-protector.org:
  1. Make sure that you have installed the required HP tape drivers.
  2. Copy the following code and insert it into text editor, then save the content as .reg file.
    • Tape drives:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hplto]
    "AutoRun"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Tape]
    "Persistence"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtmsSvc]
    "Start"=dword:00000004
    • Changer:

    If you have more than one medium changer include the following two lines as well:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MChgr]
    "Persistence"=dword:00000001
  3. Execute the .reg file and reboot the Windows system.

Configuring persistent naming on Linux

Device persistence on Linux is based on preconfigured udev rules. These rules create aliases in the device filesystem in /dev/tape.

Once the persistent naming is configured, you have to identify the WWN of the device and its name. This is because after each reboot on Linux, if you have, for example, two tape drives: /dev/nst0 (typically, the automatically assigned name for the first tape drive on Linux) and /dev/nst1 (the second tape drive), they may be switched around. The device name of a loader may also be changed after reboot. For example, a loader is currently recognized as /dev/sg9, but after reboot its name is changed to /dev/sg6. Changing the device name(s) after each reboot makes it impossible for SEP sesam to recognize the devices without adjustment, causing automated backup processing to fail.

To correctly identify the persistent names of devices on Linux, use the slu scan command and then the /dev/tape/by-id, as shown in the example below.

For example, the slu scan output is as follows:

ID=9:0:9:0    Tape:    STK      T10000B          0105 (/dev/nst4)
ID=9:0:10:0   Tape:    STK      T10000B          0105 (/dev/nst5)
ID=9:0:11:0   Tape:    STK      T10000B          0105 (/dev/nst6)
ID=9:0:12:0   Tape:    STK      T10000B          0105 (/dev/nst7)
ID=9:0:0:0    Loader:  STK      L700             0105 (/dev/sg17)
ID=9:0:8:0    Loader:  STK      L80              0105 (/dev/sg18) 

The output of ls -l /dev/tape/by-id/ shows the following:

total 0
lrwxrwxrwx 1 root root  9 Dec 14 11:17 scsi-350223344ab000900 -> ../../st4
lrwxrwxrwx 1 root root 10 Dec 14 11:17 scsi-350223344ab000900-nst -> ../../nst4
lrwxrwxrwx 1 root root  9 Dec 14 11:17 scsi-350223344ab001000 -> ../../st5
lrwxrwxrwx 1 root root 10 Dec 14 11:17 scsi-350223344ab001000-nst -> ../../nst5
lrwxrwxrwx 1 root root  9 Dec 14 11:17 scsi-350223344ab001100 -> ../../st6
lrwxrwxrwx 1 root root 10 Dec 14 11:17 scsi-350223344ab001100-nst -> ../../nst6
lrwxrwxrwx 1 root root  9 Dec 14 11:17 scsi-350223344ab001200 -> ../../st7
lrwxrwxrwx 1 root root 10 Dec 14 11:17 scsi-350223344ab001200-nst -> ../../nst7
lrwxrwxrwx 1 root root 10 Dec 14 11:17 scsi-SSTK_L700_XYZZY_A -> ../../sg17
lrwxrwxrwx 1 root root 10 Dec 14 11:17 scsi-SSTK_L80_XYZZY_B -> ../../sg18

In our example, by using /dev/tape/by-id/scsi-350223344ab000900-nst instead of /dev/nst4 for the particular drive, the device name will automatically use the correct nst device even after reboot. The same is true for loader names, for example, /dev/tape/by-id/scsi-SSTK_L80_XYZZY_B should be used instead of /dev/sg18.

Information sign.png Note
Make sure that you use the non-rewind device name nst, in the above example scsi-350223344ab000900-nst, and not the auto rewind version st. If you specify auto rewind version st, a rewind command will be issued to the tape drive and the tape will be positioned at the beginning at the tape. When accessing a non-rewind tape device nst, a rewind command is not issued.

For more details, refer to your hardware manufacturer documentation; for example, IBM article Configuring drives with persistent naming for IBM devices on Linux.

What is next?

Enabling persistent naming is only one step in a sequence for (re-)configuring storage hardware. For full procedure, including using slu topology for identifying the name of the tape hardware and re-configuring loaders and drives, refer to Configuring Loaders and Drives.


Using slu topology for detecting devices

After persistent naming is configured, you have to identify the name of the loader(s) and tape drives and their connection to the SEP sesam internal number of the drive (this drive number is set automatically by SEP sesam) to properly configure devices on the SEP sesam Server.

slu topology is a SEP sesam SCSI loader utility that provides information about the loaders and drives connected to the system; it also shows their relation which is required to identify unique IDs of tape drives and configure them by using SEP sesam GUI.

Using slu topology

  1. To be able to run the SEP sesam commands globally, you must set up a profile as described in FAQ: What happens when I set a profile?
  2. To list all attached SCSI devices, run slu topology:
  3. <SESAM_BIN>/sesam/slu topology

    If the devices are properly connected, you should get the output similar to the one shown below.

    Slu topology output.png

  4. By examining the output you are able to determine the correct names of loaders and tape drives; in the latter case, you can also determine the connection between the drive name and the drive number sequence. This is important if you are using persistent naming for tape devices. For more details on when to use persistence and how to configure it, see Enabling persistent naming for tape devices. Each tape drive is listed in a separate line with its name (Tapexxx) and its relation to the pre-set drive number in the loader; this pre-set drive number is the last in the line and specifies the number of the tape drive in the loader as referenced by SEP sesam. SEP sesam assigns a number to each tape drive, starting with 0 (0: the first tape drive in the loader; 1: the second tape drive in the loader ...). The equivalent GUI field is named the Drive No. in loader.
  5. For example, from the above output you can read the following characteristics that are required for (re-)configuration of loaders and drives in GUI:
     Loader: HP 	 MSL6000 Series 3G3ALRT572VN (Changer0)
             Drive: HP      Ultrium 4-SCSI  HU18111L60 ('''Tape2147483644''') (adr=480) '''0'''
             Drive: HP      Ultrium 4-SCSI  HU18111L66 ('''Tape2147483643''') (adr=481) '''1'''
             Drive: HP      Ultrium 4-SCSI  HU18141PP1 ('''Tape2147483645''') (adr=483) '''3'''

    In our example, the tape drive with the persistent name Tape2147483644 relates to drive number 0 (the first tape drive in the loader). You enter the unique tape drive name, e.g., Tape2147483644, when (re)configuring your backup hardware in GUI.

  6. You can also check the number of slots in the loader. SEP sesam numbers the slots from 0 to the number of cartridges in the loader.
  7. Loader setup 04en.JPG
    In our example, the loader has 56 slots (0–55) and a port slot which is not configured in SEP sesam.

Now you have all required information to manually (re-)configure your storage hardware.

By using slu topology you can check whether your hardware is properly configured and recognized by SEP sesam. If the device is not listed, SEP sesam auto-detection was not successful. The cause may be trivial, for example, your device driver is not installed correctly. In such cases, you have to install the missing driver and then manually configure your storage hardware. In other rare cases, the connection between loader and drives cannot be recognized automatically and you have to manually configure your storage hardware. For detailed steps on how to manually (re-)confingure your loaders and tape drives, see Configuring Loaders and Drives.


(Re-)Configuring loaders and drives in SEP sesam GUI

These steps differ slightly if you are manually configuring a new device or re-configuring an already existing device. If you are re-configuring an existing device, select it from the list of Loaders and double-click to open the properties and review them, as described in the following steps. Then proceed with re-configuration of drives.

Manually configuring a new loader
  1. If you are configuring a new device, in SEP sesam GUI from the Main selection -> Components -> Tapes -> Libraries. Click New Loader.
  2. In the New Loader window, enter its properties which you can read from the output of:
  3. <SESAM_BIN>/sesam/slu topology Slu topology output-loader.png
    Check the output to see if the devices are used correctly by SEP sesam and detect the available SCSI addresses. For details, see above section Using slu topology for detecting devices.
    • Device name: SCSI device filename of the loader. In our Windows example, this is Changer0. On Linux systems it would be, for example, /dev/sg2.
    • Device server: SEP sesam Server or Remote Device Server (RDS) to which the loader is connected. In small environments, the loader or disk array is usually installed directly on the SEP sesam Server. More complex backup environments use RDS instead.
    • Type: The device type, e.g., LTO4.
    • Ctrl : Make sure that DIR_SLU is selected. This is applicable for all loaders which are connected by SAS/iSCSI/FC to the SEP sesam Server or RDS, and provide a robotic control of tape media. (Other options are DIR_VIRT which defines a virtual loader, DIR_DISK which enables controlling a pool of several hard disks, and DIR_ACSLS which defines an ACSLS loader.)
    • Slots: Number of slots in the loader.
    • Ports: Number of mail slots in the loader.
    • Barcode: Depending on whether the loader has a barcode reader or not, select yes or no.
    • Auto unload function: Almost all autoloaders and tape libraries allow explicit commands to transport tapes to and from the loader mechanism. It is strongly recommended to disable Auto unload function by setting it to No and allow the manufacturer's drive settings to perform as designed.

    Example of a configured loader

    Loaders.jpg

Creating or re-configuring drives
  1. From the Components, select Tapes and then Drives. In SEP sesam, every drive has to be a member of a drive group. If you have not yet created a drive group, you have to create it now: click the New Drive Group button and enter the name of the new drive group, e.g., Tape_Drives.
  2. SEP Tip.png Tip
    It is recommended to group all drives that belong to the same loader in the same drive group.
  3. Select the drive group for which you want to (re-)configure the drives, e.g., Tape Drives, and create new drives by clicking New Drive or select existing drives for which you enforced the persistent naming and you have to reconfigure.
  4. In the New Drive window/Drive properties, the following fields are available:
    • Drive number: Number is automatically assigned by SEP sesam; you can change it if you are creating a new drive.
    • Drive name: Optionally, enter a description, e.g., logical identifier of a drive.
    • Drive type: Select the drive type from the drop-down list of existing drives (LTO, DLT, SLR, etc.)
    • Loader: If the drive belongs to the loader, select 1. If it is a single tape drive, select No loader option. (Number 0 defines the virtual loader.) As of 4.4.3 Beefalo V2, you can also select ACSLS, see Configuring ACSLS-Managed Libraries.
    • Drive no. in loader: Check the information you got by using slu topology:
    • For example, for the Drive no. in loader with the value 0 you would enter the related persistent name of the drive into the field Device (non-rewinding).
    • Device server: The name of the server or RDS to which the drive is connected. The drop-down list displays all available hosts.
    • Drive group: Is already selected, based on your previous choice when starting with drive configuration.
    • Device (non-rewinding): Based on slu topology output, you have to match the drive's persistent name with the drive number. In our example, for the Drive no. in loader with the value 0 you would insert the persistent drive name Tape2147483644. For details on checking the output, see above section Using slu topology for detecting devices.
    • Configure drives-persistent name.jpg
    • Device Block Size: As of v. 4.4.3 Beefalo V2, it is possible to change the default write density for tapes to achieve better tape performance by using the Device Block Size option. See Setting device block size.
    • Tape in drive: If a medium is loaded into the drive, SEP sesam label is displayed.
    • Information: If indicated, the messages from the drive hardware are displayed.
    • Max. channels: The number of simultaneous backups that can be operated through drives.
    • Encryption capable: For already configured drives, it shows whether they are encryption capable. The field is shaded for new drives. Note that SEP sesam provides native support for managing LTO-based encryption; the LTO encryption of tape drives can be enabled on a media pool level. For details, see LTO Encryption.
  5. Click OK to (re-)configure the drive.
  6. Repeat the procedure for each drive by entering its persistent name.


Configuring a Data Store

Configuring a Data Store/en

Configuring Si3 Deduplication Store

SEP sesam v. 5.0.0 Jaglion has introduced a new generation Si3 data store: Si3 NG. It offers significantly increased performance for backup, restore and migration, as well as direct backup to S3, resulting in improved performance, scaling and resource savings.

  • The new Si3 NG can detect duplicate data fragments, optimizing the recovery process.
  • When configuring deduplication, you should consider the performance factors of deduplication. These include infrastructure (storage types), network speed, storage disk set up, achievable deduplication ratio, etc. For details, see Deduplication.
  • The new immutable storage feature (introduced in Jaglion V2) is also based on Si3 NG store (set up on a dedicated Linux server). SiS is SEP Immutable Storage, based on the File Protection Service (FPS), which scans the file system and sets the immutable bit for all new objects. This means that all data stored in SiS is marked immutable at the time of storage. Even with full admin access to the SEP sesam backup server, attackers cannot delete, modify, or encrypt data stored on SiS. For details, see SEP Immutable Storage – SiS.

Seeding Si3 deduplication store is currently not supported (see the Si3 and Si3 NG comparison section below).

How to upgrade from the old Si3 to the new Si3 NG?

SEP sesam does not support a direct upgrade from the old Si3 to Si3 NG. However, to use the new Si3 NG you can:

  • Back up all data again to the newly configured Si3 NG deduplication store.
  • You can create a replication job to replicate from the Si3 to the Si3 NG store. Replication reads all data from the source-side store on the source-side RDS and sends it to the target store using the source-side deduplication function. For details, see the section Replicating from Si3 to Si3 NG.
SEP Tip.png Tip
You can also configure a new Si3 NG and an old Si3 in parallel on the same host by enabling the key enable_gui_allow_multi_dedup.

Deduplication types

SEP sesam provides target-based (Si3T) and source-based deduplication (Si3S). For details on the deduplication concept and recommendations, see Deduplication.

  • Both Si3T and Si3S require a configured Si3 deduplication store.
  • In general, only one Si3 or Si3 NG deduplication store can be configured on a server. There is only one exception to this rule: You can use the enable_gui_allow_multi_dedup key to configure both Si3 deduplication store types on the same backup server or RDS to perform a smooth upgrade from Si3 to Si3 NG.
  • A valid licence is required for each Si3 NG deduplication store.
  • You can also configure an Si3 NG deduplication store via a command line. For details, see Configuring and Administering Si3 Deduplication Store with CLI.

SEP sesam support for S3-compatible cloud and Blob storage

With SEP sesam Si3 NG, you can back up your data directly to the S3 cloud and to Azure Blob storage (≥ Jaglion V2). As S3 is an open API standard and AWS Simple Storage Service is a sample implementation of the standard, SEP sesam Si3 NG can also be used with other S3-compatible cloud implementations. The configuration and management of Si3 NG in an S3-compatible cloud implementation is similar to the example shown in Backup to S3 Cloud Storage and must follow the same process and rules provided for using Si3 NG with S3. For more details, see Backup to S3 Cloud Storage. For the list of supported object storage, see the support matrix.

SEP Warning.png Warning
In Azure, read access carries higher costs. Tasks such as housekeeping, consistency checks, and restores will incur higher expenses. Consider this when planning your operations.

Updating Si3 NG on S3 from 5.0.0.4 to the new version

If you use Si3 NG on S3 and update from 5.0.0.4 to the new version, the structure of the existing stores will change as the structure of Si3 NG on S3 is automatically recreated (this includes recreating the index after the renaming). Example:

  • The S3 bucket is called seps3, the Si3 NG deduplication store name is newNG. The S3 structure with version 5.0.0.4 of NG is: seps3/pages; seps3/pages-trash; seps3/objects-trash.
  • When updating to the next version of NG, the structure changes to: seps3/newNG/pages; seps3/newNG/pages-trash; seps3/newNG/objects-trash. During this renaming, the Si3 NG service is not available.

Prerequisites

  • For the minimum Si3 hardware requirements that apply to SEP sesam Si3 deduplication server, see Hardware requirements.
  • For details on the required Java version, see Java Compatibility Matrix. Si3 NG is not mandatory, so there is no dependency rule for it in the RPM/DEB packages.
  • When estimating the maximum size of a deduplication store, you have to ensure that there is enough space available for dedup trash, otherwise the deduplication store will run out of space. You should calculate the required disk space based on a representative sample of your full backup and add the additional storage space equal to approximately 50% of the representative full backup.

Required additional amount of RAM

The following table shows the required additional amount of RAM for the Si3-NG data store. The TB value corresponds to the capacity of the Si3-NG data store.

Information sign.png Note
These requirements relate solely to the need for deduplication. In addition to these requirements, the amount of memory for the operating system and other services should be taken into account.
Si3-NG data store capacity (check initial size limit) RAM
<20 TB 16 GiB
20-40 TB 32 GiB

You can use the following command (from the admin command line) to find out how much RAM is needed at what capacity of Si3 NG. Note that you need to set the sesam profile to run the command: sm_dedup_interface -T dedup2 propose jvmconfig <Si3-CAPACITY>

Required additional amount of CPU cores

The following table shows the number of CPU cores required for a Si3 NG data store. The TB value is the amount of data backed up (before deduplication)!

Backed up data (before dedup) CPU cores
10 TB 4
20 TB 4
40 TB 8

Performance tip

Applies to Windows only: SEP AG recommends using the High performance power plan to increase the performance of your backup. Note that Windows sets all computers to the Balanced power plan by default and you must manually switch to the High Performance power plan. This way, your Windows computer will use more power, but the systems with Si3 NG will always operate at the highest performance level.

  • From the Start menu, go to Control Panel -> System and Security -> Power Options and change the setting to High performance.

Restrictions

  • Si3 NG deduplication store is not supported for NSS and MooseFS volumes.
  • To avoid problems resulting from the combination of excessively large Si3 deduplication stores and inefficient hardware, the maximum initial Si3/Si3-NG deduplication store size is currently limited to 40 TB. Please contact SEP sesam support if your specific requirements are different.
  • This limitation applies to the creation of a new Si3 NG deduplication store in the GUI.
Information sign.png Note
It is recommended to run Si3 deduplication (SEP sesam Server or RDS) on the physical host. It is also possible to run it on a virtual machine. In this case, take into account that deduplication consumes a lot of server resources for reading, processing and writing the deduplicated data, as well as for some other deduplication tasks such as housekeeping and various checks. These tasks require a large amount of IO and a large amount of memory. Si3 performance can be affected by other VMs running on the same host. Therefore, if you are running Si3 on a VM, you should be aware of possible bottlenecks and shortcomings.

Configuration procedure

The SEP sesam data store is a disk based storage that allows savesets (backed-up data) to be backed up directly to configured storage locations, including S3 cloud storage and Azure. Note that configuration procedure for the latter differs from the one described below. For details, see Backup to S3 Cloud Storage and Backup to Azure Storage.

Enable Si3 NG setup on the same host

To make the upgrade from Si3 to Si3 NG smoother, you can configure a new Si3 NG and an old Si3 on the same backup server or RDS by using the enable_gui_allow_multi_dedup key.

  1. Open the global settings in the GUI: In the menu bar, click Configuration -> Defaults -> Settings.
  2. Set the key value of enable_gui_allow_multi_dedup to 1.
  3. Si3 key.jpg

Configure Si3 NG

SEP Si3 target deduplication is easy to configure and ready to use by selecting the Si3 NG deduplication data store type. Note that Si3 NG deduplication store is not supported for NSS and MooseFS volumes. For other limitations, see Restrictions.

SEP Tip.png Tip
Si3 NG store can also be used to back up your data directly to S3 cloud or Azure. In this case, the configuration is slightly different depending on the type of storage cloud. For more information, see Backup to S3 Cloud Storage and Backup to Azure Storage.
  1. In the Main selection -> Components, click Data Stores to display the data store contents frame.
  2. From the Data Stores menu, select New Data Store. A New Data Store dialog appears.
  3. Under Data store properties, enter a meaningful name for the Si3 NG deduplication store in the Name field. Entering the name also creates the name of the drive group for your Si3 deduplication store in the Create new drive group field.
  4. From the Store type drop-down list, select SEP Si3 NG Deduplication Store.
  5. Si3 NG Jaglion 01.jpg
  6. Ensure that the Create drive option is enabled under the Drive parameter properties. The predefined value for the drive is automatically entered in the Drive number field.
  7. It is recommended to also activate the option Create second drive. Without this option, SEP sesam can only assign one drive for either reading or writing, with one job on the same drive at a time. If you use the additional dedicated drive for restore, you can perform a backup on the first drive and restore your data from the second drive simultaneously. You can also add a third drive for migration. (See section Drive access mode.)
  8. The name in the Create new drive group is already created. You can change it by simply entering a new name.
  9. The predefined number of channels is already available in the Max. channels drop-down list. The number of available channels depends on your SEP sesam Server package. For details on licensing, see Licensing.
  10. From the Device server drop-down list, select the device server for your data store.
  11. In the Path field, enter the location of your data store or use the Browse button to select it. Click OK.
    If you use the Browse button, the New Data Store information window appears with predefined recommended values for the size of your Si3 NG deduplication store. Click OK to confirm the selected location and recommended size values. You can change the size of your Si3 NG deduplication store later under Size properties (see section Size properties).
  12. Si3 NG Jaglion 02.jpg

After configuring the Si3 deduplication store, configure the media pools first then set up your backup strategy. Make sure to test your newly created Si3 NG store by running a test backup on it.

Run a test backup on Si3 NG

  1. Create a new backup task: In the Main Selection -> Tasks -> By clients, select your RDS client and then click New Backup Task. Configure your backup task and save it. For details, see Creating a Backup Task.
  2. Test the backup on the newly created Si3 NG store: From the menu bar, select Activities -> Immediate start -> Backup. In the Immediate start: Backup dialog, select the previously created media pool for Si3 NG as the target media pool for the backup. Click Start and check if your backup was successful by viewing the status of your backup job in the GUI (Monitoring -> Last Backup State or Job State -> Backups) or SEP sesam Web UI – Last backup state.

Now you can create different backup tasks to apply deduplication and enable the best possible scenarios for efficient backup in different environments. For details on how to select your deduplication method, see Deduplication. For details on how to configure a backup job, see Standard Backup Procedure.

Replicating from Si3 to Si3 NG

As SEP sesam does not support a direct upgrade from the old Si3 to the new Si3 NG, you can create a replication task to replicate from Si3 to the Si3 NG store. Replication reads all data from the source-side store on the source-side RDS and sends it to the target store using the source-side deduplication function. Once your new Si3 NG is set up, you should configure regular replication from one NG to another NG.

Configure a replication task

To configure a replication from Si3 to Si3 NG, proceed as follows.

  1. Create a replication task: In the Main selection -> Tasks -> Replication Tasks, click New Replication Task. The New Replication Task window is displayed.
  2. In the Name field, enter a name for the replication task, e.g., Si3-2-Si3NG.
  3. Enter the following information under Parameters:
    • Media pool
      • Pool: Select the name of the source media pool of the Si3 deduplication store from which the data will be replicated.
      • Drive: Select the drive number of the drive to be used to read the data.
      • Interface: Optionally, specify the network interface of the RDS to be used for data transfer.
    • Destination
      • Pool: Select the name of the target media pool you previously created for the new Si3 NG and to which the data will be replicated.
      • Drive: Select the drive number of the drive that will be used to write the data.
      • Interface: Optionally, enter the network interface of the RDS to be used for data transfer, e.g., the name of the RDS.
    • Leave the Relative backup date (From) set to -99,999 and To set to 0.
    • In the drop-down list based on, the Sesam days option is selected by default.
    • Replication task-si3ng.jpg
  4. Click Save to save your replication task.

After you have configured a replication task, start replication as follows.

Start replication

Note that any initial replication requires a large amount of CPU, network bandwidth and time to complete successfully.

Start replication manually as follows:

  1. In the GUI menu, select Activities -> Immediate start -> Replication.
  2. In the Immediate Start: Replication window, from the Task name drop-down list select the replication task you created earlier, e.g., Si3-2-Si3NG, and click Start.
Si3 NG data encryption

To configure Si3 NG data encryption, you have to create a security password for deduplication:
Main selection -> Components -> click Data Stores -> select your Si3 NG deduplication store and double-click it, then double-click the first drive of your Si3 NG deduplication store.
In the Encryption password field, specify the encryption password and repeat it.

Si3 NG drive-encryption Jaglion.jpg

For details, see Encrypting Si3 NG Deduplication Store.

Si3 NG deduplication store size properties

To change data store size properties, go to Main selection -> Components -> click Data Stores -> select your Si3 NG deduplication store and double-click it. Then under Size properties specify or modify the following:

  • Capacity: Specify the size (in GiB) of the partition for backups.
  • High watermark: Specify the value (in GiB) for the high watermark (HWM). The HWM defines the upper value for the used storage space. When this value is reached, the status of a datastore changes from OK to Warning, but backups continue to be performed. Make sure that you provide enough storage space for your backed up data.
  • Si3 repair area: Specify the value (in GiB) for the Si3 repair area. The Si3 repair area (subdirectory trash) defines the space for Si3 files that were identified by a garbage collection job and are no longer used. These files are still kept in the repair area to allow for a possible repair of Si3 in case of structural problems (which may be caused by a file system error or an operating system crash). The files in the repair area are automatically removed after the specified period of time (SEP sesam default: 4 days) or when the disk usage threshold is reached. The Si3 repair function is disabled when the value is set to 0.
  • Information sign.png Note
    The Si3 repair area for managing the disk space allocated for Si3 files is available only in advanced UI mode (formerly expert GUI mode). To see the Si3 repair area field, make sure your UI mode is set to advanced. For details, see Selecting UI mode.

The Disk space usage properties are used by SEP sesam to report the following:

  • Used: Total used space (in GiB) on the partition.
  • Total: Maximum available space (in GiB) on the partition as reported by the operating system.
  • Free: Available disk space (in GiB) for SEP sesam.
  • Deduplication rate: Deduplication takes place as soon as the backup process has started. SEP sesam analyses blocks of data and determines whether the data is unique or has already been copied to the Si3 NG data store. Only single instances of unique data are sent to the data store and replace each deduplicated file with a stub file. The deduplication ratio indicates the extent of data reduction achieved by Si3 deduplication, i.e. the ratio between the protected size of data and the actual physical data size stored. A ratio of 10:1 means that 10 times more data is protected than the physical capacity needed to store it. The deduplication ratio depends greatly on the deduplication method used (si3T or Si3S), the type of data, the backup level used (the deduplication ratio is higher when there are copy and full backups and when there is a larger amount of data), etc. For details, see Deduplication.

Monitoring deduplication status

You can view the status of your of your Si3 deduplication in the GUI (Si3 deduplication store properties -> Si3 State tab) or SEP sesam Web UI. The data store status overview provides detailed information about consistency, utilization, sanity status, size, disk space usage as well as related media pools, media and drives, dependencies, data size before/after deduplication, etc. Si3 NG-datastore Jaglion web status details.jpg

Information sign.png Note
If fsck (file system consistency check) detects irregularity in the Si3 file system, the affected pages and chunks are recorded in the recovery.log. The Si3 deduplication store in GUI and Web UI is marked red and the Si3 purge is no longer executed. The purge is stopped to prevent the files in the Si3 repair area to be deleted as they may be required to repair Si3 in case of problems. Once the errors are fixed and the recovery.log is empty, the Si3 NG data store is no longer marked red and the Si3 purge is working again.

Comparison of Si3 and Si3 NG

SEP sesam v. 5.0.0 Jaglion has introduced a new generation Si3 deduplication store: Si3 NG. Si3 NG offers significantly higher performance for backup, restore and migration, as well as backup to S3 cloud and backup to Azure, the new immutable storage feature SiS, resulting in improved performance, scaling, and resource savings.

Function Si3 Si3 NG
Si3 backup YesY YesY
Si3 deduplication (source-side and target-side) YesY YesY
Si3 replication: local to remote store Notea YesY Si3 to Si3 YesY Si3 to Si3 NG; Si3 NG to Si3 NG
Si3 replication: to S3 cloud YesY NoN (provides more powerful features for backing up directly to the cloud, see the next two lines)
Backup to S3 Cloud Storage NoN YesY
Backup to Azure Storage NoN YesY (as of Jaglion V2)
SiS (SEP Immutable Storage) NoN YesY (as of Jaglion V2)
Si3 restore YesY YesY
Si3 encryption YesY YesY (as of Jaglion V2)
Seeding Si3 deduplication store Noteb YesY NoN
Usage of tachometer YesY NoN
Notea

SEP sesam does not support a direct upgrade from the old Si3 to Si3 NG. However, to use the new Si3 NG you can:

  • Back up all data again to the newly configured Si3 NG deduplication store.
  • After configuring a new Si3 NG, you can also create a replication job to replicate from the Si3 to the Si3 NG store. Replication reads all the data from the source-side store on the source-side RDS and sends it to the target store using the source-side deduplication function. For details, see Replicating from Si3 to Si3 NG.
  • You can also configure a new Si3 NG and an old Si3 in parallel on the same host by enabling the key enable_gui_allow_multi_dedup.
Noteb

The Initial Seed feature does not work in v. 5.0.0 Jaglion, but you can use it in earlier SEP sesam versions.



Configuring a Media Pool

Configuring a Media Pool/en

Part VI: Authentication

About Authentication and Authorization

SEP sesam operations, such as backup and restore, can only be performed by users who have the appropriate permissions. SEP sesam v. 5.0.0 authentication concept - which is used to grant and restrict access to SEP sesam Server(s) and specific objects - has changed. Now only a user with Superuser privileges can configure authentication and attach permissions (ACLs) to created users.

Authentication is a two-step process. First, the identity of a user accessing a SEP sesam Server is authenticated by verifying the user credentials (username and password). After successful authentication SEP sesam checks if the authenticated user has the appropriate permissions to access a specific resource or operation within the SEP sesam Server.

Authorization is implemented through permissions based on the user type that defines the connection to the SEP sesam Server and the available GUI objects. Additionally, custom user roles can be set by configuring ACLs by a user with Superuser privileges.

Authentication methods

After the initial installation of SEP sesam, no users are configured except the Superuser. SEP sesam provides several authentication methods that are mutually exclusive (and may be version dependent): database-based authentication, which is simply called authentication, and policy-based authentication. By default, policy-based authentication is active. Note that only one authentication method can be active at a time.

Information sign.png Note
You can bypass authentication for local server for all users by setting the parameter localFullAccess in the <SESAM_ROOT>/var/ini/sm.ini file to true as described in the section below.

Database-based authentication

It allows Superusers to configure users and grant them appropriate permissions to perform SEP sesam operations by setting individual passwords and assigning users to the appropriate user group.

You can use LDAP/AD authentication in combination with database-based authentication. This way SEP sesam can authenticate users against an external LDAP/AD directory. If LDAP/AD authentication is enabled in SEP sesam and users are correctly mapped, they can log in to SEP sesam according to their entry in the LDAP/AD directory and user mapping information. For details, see Configuring LDAP/AD Authentication.

If database-based authentication is enabled, users can also authenticate with a signed certificate by simply selecting a (signed) certificate at login instead of entering a password. For details, see Configuring Certificate-Based Authentication.

The assigned user group (based on user type) determines the actions that the group members can perform. The database-based authentication can be enabled from GUI by activating authentication under the Configuration ‐> Permission Management. This is the only way to set the password for the Superuser (Administrator).

When database-based authentication is enabled, the authEnabled parameter in the <SESAM_ROOT>/var/ini/sm.ini file on the SEP sesam Server is set to true. For details on database-based permissions, see Configuring Database-Based Authentication.

Policy-based authentication

Policy-based authentication represents a traditional approach to managing user's privileges. SEP sesam GUI is based on Java and uses the sm_java.policy file to grant the required permissions. The policy file is located at <SESAM_ROOT>/var/ini/sm_java.policy, where <SESAM_ROOT> is the pathname of the SEP sesam home directory.

For policy-based authentication, the permissions are assigned to the user/host combination in the sm_java.policy file. You can also grant users the required permissions by using GUI: Main Selection -> Configuration ‐> User Permissions. For details on policy-based permissions, see Configuring Policy-Based Authentication.

Configuring localFullAccess in sm.ini

localFullAccess determines whether a user logged to the SEP sesam Server is allowed to use SEP sesam CLI and GUI without any authentication. If set to true, authentication is not required. If set to false, the authentication is mandatory for all users. SEP sesam will prompt for the username and password to log in.

If database-based authentication is enabled, the flag localFullAccess is automatically set to false. A certificate is passed from the SEP sesam command line to the SEP sesam Server, where it is verified. The certificate file is stored in <SESAM_ROOT>/var/ini/ssl.

Information sign.png Note
  • On Unix, only the system root user can access this directory and use the command line without authentication.
  • On Windows, use Windows User Account Control (UAC) to restrict access to the certificate file.

How to change the localFullAccess flag

  1. Locate the <SESAM_ROOT>/var/ini/sm.ini file on the SEP sesam Server (where <SESAM_ROOT> is the pathname of the SEP sesam home directory). Open the sm.ini file using a text editor and set the flag for the localFullAccess parameter to true.
  2. Once you have changed the settings, save your changes and restart the SEP sesam Server for the changes to take effect. The sm.ini file is preserved when you upgrade your SEP sesam Server.

Implementing authentication and authorization

After enabling the appropriate authentication method (database-based or policy-based authentication as described above), perform the following steps to manage users and implement authentication and authorization:

  1. Create new users.
  2. Add users to groups.
  3. Assign user types (roles) to the new users.
  4. In addition to user roles (and permissions based on the user type), there are several user permissions (ACLs) that you can set (assign to a role) to control access to specific resources or operations.

Authentication and authorization concept.png

Managing users

Once authentication is enabled, you can create new users and add them to groups (Superuser, Admin, Backup, Restore, or Operator). When selecting a user type (role), it represents a specific role in SEP sesam with associated permissions (e.g. Superuser has full control over SEP sesam). The permissions based on the selected user type (default permissions) control access to SEP sesam Server, a specific resource, operation, and available UI options.

Note that the procedure for managing users differs depending on the authentication method selected, so you must ensure that you follow the appropriate procedure:

Attaching user permissions

In addition to the default permissions (described above) based on the selected user type, you can also set custom user roles by configuring ACLs if you have Superuser privileges. For more details on permissions, see User Roles and Permissions.

ACLs allow you to configure permissions for each user or group with fine-grained access rights for locations, clients, backup tasks (or groups), media pools, and schedules. For example, if you assign the Restore user permission to a specific backup task, that user can start the task-specific backup. For more information, see Using Access Control Lists.


Configuring Database-Based Authentication

Overview

SEP sesam provides different authentication methods that are mutually exclusive: policy-based authentication and database-based authentication which can be combined with Lightweight Directory Access Protocol (LDAP) or/and Active Directory. Only one method (policy-based or database-based authentication) can be active at a time. By default, policy-based authentication is active.

Activating database-based authentication has to be done via the GUI to set the superuser/admin password. Note that superuser has replaced the former admin role with SEP sesam version 5.0.0 Jaglion.
After restarting SEP sesam GUI Server and Client, the superuser/admin (depending on the version) can configure default user access rights that are based on predefined user type.SEP sesam currently provides 5 user types. The following list shows the available user types and their corresponding rights.

  • Superuser (≥ Jaglion): The only user type with full control over the SEP sesam environment (previously Admin). This user type with superuser rights is automatically assigned to the Administrator and sesam users.
  • Administrator: Administrators can administer the SEP sesam system and access the GUI objects (except permission management) if not restricted by ACLs.
  • Operator: Operators can monitor the whole environment.
  • Backup (≥ Jaglion): Backup users can access the GUI objects granted by ACLs. They are allowed to start backups.
  • Restore: Restore users can access the GUI objects granted by ACLs. They are allowed to start restores.Which GUI components are displayed depends on the user type. For details, see Available interface options according to user type.

As of v. 5.0.0 Jaglion, it is also possible to authenticate users with a signed certificate instead of a user password if database-based authentication is enabled. For step-by-step procedure, see Configuring Certificate-Based Authentication.

Prerequisite

  • Make sure that reverse DNS resolution (from IP address to host name) is set up correctly. If the name resolution for the selected host is not correct, the connection to the GUI server fails. For details, see How to check DNS configuration.

Activating database-based authentication in the GUI

  1. In the GUI, from the menu bar select Configuration ‐> Permission Management.
  2. Click Activate Authentication. Set up the password for the Administrator user; note that this is the only way to set the administrator's password.
  3. Authentication activate Beefalo V2.jpg
  4. After activating the authentication mode and confirming your action, SEP sesam GUI will restart automatically. You have to restart SEP sesam Client manually for the changes to take effect.
  5. Authentication restart Beefalo V2.jpg
  6. LDAP/AD authentication is enabled by default. For details on how to configure LDAP/AD authentication, see Configuring LDAP/AD Authentication.
  7. You have to log in to configure users and add them to the selected group. The way you need to log in depends on the version. In v. ≥ 5.0.0 Jaglion log in as Administrator with the user type superuser. In earlier versions, log in with the administrator user type. The following user types are available: Administrators, Operators, Backup users (≥ 5.0.0 Jaglion), Restore users.
  8. You can create your own subgroups (e.g., SUB_ADMIN) to grant users more specific roles. Under the Groups tab, click Create New to configure a new subgroup. The Sub Group window opens.
  9. Specify a group name and from the drop-down list select the relevant role to be applied to the whole group: Administrator, Operator, Backup (in v. ≥ 5.0.0 Jaglion), or Restore. For more details, see User Roles and Permissions.
  10. Authentication sub group Jaglion.jpg
    Information sign.png Note
    If you want to combine LDAP/AD, you have to use the external groups. Add the group from LDAP/AD and select the Based on group option to map to this particular SEP sesam group; see Configuring LDAP authentication in the GUI.
  11. Under the Users tab, click Create New to configure a new user. The Create User window opens.
  12. Enter a name (e.g., mustermann) and a password and assign the user to the relevant group, for example, RESTORE.
  13. Authentication create user Jaglion.jpg
  14. A user can be a member of one or more groups. Under the Groups tab, double-click the relevant group and (de)select the users to assign them to or remove them from the respective group.
  15. Permission management groups Beefalo V2.jpg
  16. Now you can configure ACLs (access control lists) to specify which users or groups are granted access to location (group of clients) or a specific client. As of v. 5.0.0 Jaglion, you can also configure ACLs for backup tasks, media pools and schedules. For details, see Using Access Control Lists.
Information sign.png Note
When activating database-based authentication via GUI, parameter authEnabled is changed to true in the sm.ini file. Setting the flag to false enables policy-based authentication and deactivates database-based authentication.

Resetting user password

To reset the password of another user, you must have superuser/admin privileges. Resetting a password is a two-step process: The superuser/admin has to reset the password in the command line by using the sm_cmd command and then use the newly generated password to be able to change the password in the Permission Management in GUI.

Resetting the password in the command line

An access control list (ACL) is a list of permissions attached to an object (e.g., client, location, backup, etc.). The ACLs configuration in SEP sesam is version specific.

ACLs can be administered in the command line by using sm_cmd command with the appropriate superuser (previously admin) rights.

sm_cmd reset user

To reset a user password, log in to SEP sesam Server console and enter the following command:

sm_cmd reset user <ID or name>

The output of the above command is shown in the example.

Example:
In this example, the user name is mustermann.

sm_cmd reset user mustermann
C:\Program Files\SEPsesam\bin\sesam>sm_cmd reset user mustermann
bouryper39
Information sign.png Note
After resetting a user password in the command line, you have to change a password under the Permission Management in the GUI. For details, see Changing password in the GUI.

sm_cmd list acl

You can check all objects which have ACLs defined by using sm_cmd list acl command.
Example:
If you want to check the user ID, use list acl command (ID: 10, Name: mustermann). The output of the command is shown in the example.

G:\Jenkins\master-w86\su\src\msi>sm_cmd list acl
id      object  label   origin  value
1       2       HIGHSECURITY    Locations       [{ID: 3, Type: GROUP, Name: RESTORE, Permissions: [Access : Deny]}, 
{ID: 10, Type: USER, Name: mustermann, Permissions: [Access : Allow]}]
2       7       SEP/Hyper-V     Locations       [{ID: 3, Type: GROUP, Name: RESTORE, Permissions: [Access : Deny]}, 
{ID: 7, Type: USER, Name: restricted_user, Permissions: [Access : Deny]}, 
{ID: 5, Type: USER, Name: restore, Permissions: [Access : Allow]}] 

sm_cmd check acl

You can check the access to a specific object for a specific user by using sm_cmd check acl command together with an object ID, the object origin and a username.
Examples:

  • Check access to the locations object with ID 2 for administrators:
C:\Program Files\SEPsesam\bin\gui>sm_cmd check acl -o Locations 2
  • Check access to the locations object with ID 2 for user restore:
C:\Program Files\SEPsesam\bin\gui>sm_cmd check acl -o Locations 2 -u restore
  • Check access to the clients object with ID 0 for administrators:
C:\Program Files\SEPsesam\bin\gui>sm_cmd check acl -o Clients 0
  • Check access to the clients object with ID 0 for user restricted_user:
C:\Program Files\SEPsesam\bin\gui>sm_cmd check acl -o Clients 0 -u restricted_user

sm_cmd remove acl

You can also delete all configured ACLs by using sm_cmd remove acl all command. In this case the users get default user access rights that are based on predefined user type:


Changing password in the GUI

After resetting a user password with the sm_cmd reset user command, you can change the password for the respective user in the Permission Management in the GUI by using the automatically generated password from the command output. Note that only a superuser/admin user has sufficient permissions to use the Permission Management and configure users.

  1. From the menu bar select Configuration ‐> Permission Management. The Permission Management window opens.
  2. Select the user for which you want to reset the password and click Change. In our example, the user is named mustermann.
  3. Permission management Jaglion.jpg
  4. In the Change User window, click Change Password.
  5. Change user Beefalo V2.jpg
  6. The Change Password window opens. Enter the password you obtained by resetting a password in the command line (in our example bouryper39), enter a new password and click OK.
  7. Change password Beefalo V2.jpg

Deactivating database-based authentication

  1. In the GUI, from the menu bar select Configuration ‐> Permission Management -> tab Activation.
  2. Click Deactivate Authentication.
  3. After deactivating the authentication mode and confirming your action, SEP sesam GUI will restart automatically. You have to restart SEP sesam Client manually for the changes to take effect.
  4. Now policy-based authentication is enabled and the flag authEnabled is set to false in the sm.ini file.


Configuring LDAP/AD Authentication

4 4 3 Beefalo:Configuring LDAP/AD Authentication V2/en

Part VII: SEP sesam Backup

About Backup

About Backup/en

Configuring SESAM_BACKUP

SEP sesam Server Disaster Recovery/en

Creating Exclude List

Creating Exclude List/en

Enforcing Full Backup

Enforcing Full Backup/en

Backup on the Remote Device Server

SEP sesam Remote Device Server (RDS) is a storage management component that controls the preparation of data, intended for backup on a SEP sesam Client and writes the backup data to the backup media. During a restore it locates the savesets and sends the data to a client.

RDS consists of three components: Sesam Transfer Protocol Server (STPD), Sesam Multiplex Stream Server (SMS), and SEP sesam Client (SBC) including remote access. The control of the tasks is maintained by the SEP sesam Server. It is available for installation as a separate – RDS installation package.

Key features

If your network spans multiple locations, you can administer storage devices across locations using a SEP sesam Server (e.g., removed tape libraries or SAN devices.) However, if your infrastructure spans several sites that do not allow for fast data transfer to the central SEP sesam Server, you should use a Remote Device Server to back up data to locally attached storage at a remote location. RDS enables efficient data transfer, takes the workload off the primary SEP sesam Server and uses the storage resources available at the site.

Hence, at remote locations RDS acts as a backup server and can either serve as a backup proxy to deliver data to the main backup server or save data to locally attached storage. By using RDS you can easily and and conveniently manage many remote locations from one central console.

License

RDS requires a separate license. The RDS license includes one backup client and updates for 12 months. To learn more about SEP sesam licensing options, see Licensing.

Configuration and launch of SEP sesam RDS: Basic Scenario

This scenario describes how to set up an RDS on Linux. The configuration assumes two sites with the following situation:

  • Site A (Munich): SEP sesam Server with NAS storage and virtual disk images
  • Site B (Chemnitz): 5 clients are going to be backed up via RDS to NAS storage (virtual disk images) that is connected in Chemnitz

All clients and devices are managed centrally from the site in Munich.

In this scenario, it is assumed that both systems are running on Debian GNU\Linux (Lenny) and that you have already performed all installation-related preparations. If you need help with these requirements, refer to SEP sesam Basics Administrator (SBA).

Installing SEP sesam Server and RDS

In this scenario, you will install the following components at the respective sites:

  • Munich: SEP sesam Server
  • Chemnitz: SEP sesam RDS

Prerequisites

Make sure that the hardware and software requirements are met. For details, see What are the hardware and software requirements for a SEP sesam Server. In addition to these requirements, the following prerequisites must also be fulfilled:

  • Before starting the SEP sesam installation, make sure that you are logged in as a local administrator or domain administrator.
  • To install SEP sesam Server or Remote Device Server on Linux, you will require an installation file which can be downloaded from Linux download (https://www.sep.de/downloadportal/linux/). The installation files are names as sesam_srv-<version> (SEP sesam Server) and sesam_rts-<version> (SEP sesam RDS). Make sure to download the correct file for your processor type.
    To install SEP sesam on Windows, you will require an installation file which can be downloaded from Windows download (https://www.sep.de/downloadportal/windows/). SEP sesam for Windows provides all SEP sesam components in one package. During installation, you have to specify which of the four SEP sesam components you want to install (SEP sesam Server, SEP sesam Remote Device, SEP sesam GUI or SEP sesam Client). You can install GUI together with RDS. For details on installation, see SEP sesam Quick Install Guide.
  • GUI requires Java Runtime Environment (JRE) to be installed on the system. For details on the required Java version, see Java Compatibility Matrix. For 64-bit operating systems, a PostgreSQL database must be installed.
  • SEP sesam uses network resolution for server to client communication. Before installing, you should test DNS name resolution. For details, see How to check DNS configuration.
  • Ensure that any used SCSI devices are recognized by the operating system to which you are installing SEP sesam. SEP sesam checks the SCSI bus attached storage devices during the installation and adds its data to the database. SEP sesam can only see devices recognized by the operating system.
  • It is recommended to disable firewall to avoid problems during the SEP sesam installation. Once SEP sesam is installed, you can enable the firewall with exceptions made for the SEP sesam services.
  • On Windows, the .Net Framework 4 is required for server installation and can be deselected for all other SEP sesam components during installation.
  • On Windows, x86 operating systems with more than 3.25 GB RAM must either reduce the amount of RAM to below to 3.25 GB or migrate to an x64 operating system. This is necessary because SEP sesam requires 64 KB blocks for LTO (Linear Tape Open) whereas an x86 system can only write 32 KB blocks to tape drive because the PAE (Physical Address Extension) is automatically activated. Also, a loader cannot be accessed properly by SEP sesam.
Information sign.png Note
On RHEL, the SEP sesam installation changes the permissions of /var/run/postgresql to grant SEP sesam users PostgreSQL access privileges.

Sample Linux installation

Configuring RDS

To configure a SEP sesam RDS, you have to create a location, used for logical grouping of SEP sesam clients, including RDS. Each client is always created within (and assigned to) a location, which can be defined as a group of clients and further specified as sub-locations. In our example, we will create a new location named Chemnitz and then assign the RDS with the same name Chemnitz to it. For details, see Configuring Clients.

Prerequisites

Embedding the SEP sesam RDS

Create a new location as follows:

  1. In the Main selection -> Components -> Clients, go to the content pane and click New Location. Note that the location LOCAL is always created by default.
  2. In the New Location window, enter the name Chemnitz.
  3. Click OK. Your new location is displayed in the Clients content pane.

Now add the Chemnitz RDS as a client to your newly created location:

  1. In the Clients content pane, right-click Chemnitz and then click New Client. Enter the name of the RDS – Chemnitz. The name has to be resolvable either by DNS or hosts file. If there is a name server (DNS) in the network, SEP sesam automatically selects the TCP/IP address. Otherwise you have to enter it manually in the etc/hosts file.
  2. From the Platform drop-down list, select the relevant platform, in our example, LINUX. Note that by selecting the LINUX platform, the LINUX operating system is selected automatically.
  3. From the Access mode drop-down list, leave the default SMSSH (default) access mode.
  4. Click OK. A new dialog box appears, asking whether you want to create a new backup job for this client. Click No. Your new client Chemnitz is displayed in the Clients content pane.
  5. RDS client Apollon.jpg
Information sign.png Note
Once your RDS is added as a client, check the access to get a proper identification entry in the sesam database.

Adding storage hardware to RDS

A Remote Device Server can be used with attached disk storage, tape libraries or single tape drives. In case of a disk storage, you can configure different data stores, e.g., default data store Path, SEP Si3 Deduplication Store, etc. Depending on the type of storage you want to configure, select one of the following:

Backup on the Remote Device Server

Generally speaking, all data of the clients in the Chemnitz location (backed up onto media in the media pool PoolChemnitz) is only moving on the net segment of that particular site. Therefore, no data is transported to the SEP sesam Server over WAN.

To test this, set up a test backup task in the SEP sesam GUI (Main Selection -> Tasks -> By Clients-> New Backup Task) that will perform a quick self-backup of the SEP sesam RDS (directory /etc) to the storage mounted on RDS. For details, see Creating a Backup Task.
RDS bck task.jpg
Once you have configured a test backup, start it:

  1. In the Main Selection -> Tasks -> By Clients, right-click the test backup task and select Immediate Start.
  2. In the Immediate Start:Backup window, select the Media pool referring to the data store you have previously configured on RDS, in our example, PoolChemnitz and click Start.
  3. SEP Tip.png Tip
    You can view the status of your backup jobs in the SEP sesam GUI -> Main Selection -> Last Backup State. As of 4.4.3 Beefalo V2, you can also check the details of your backups online by using new Web UI. For details, see SEP sesam Web UI.

    RDS immediate start Apollon.jpg
    You can also schedule your test backup. For details, see Creating a Schedule.

Now your RDS is configured and ready to use.

Information sign.png Note
Make sure that you follow the general recommendations and configure required exclusions with your antivirus product as well as ensure that the antivirus scans are not scheduled during backup operations.


Part VIII: Scheduling

Creating a Custom Calendar

4 4 3 Beefalo:Creating a Custom Calendar/en

Special Schedules

Special Schedules/en

Part IX: SEP sesam Operation in the Network

Backup over an alternate network

Your license must first be modified to match the new server name and/or IP address. Send the original license, the new server name, and the IP address to info@sep.de. When you receive the new license information, you can change the SEP sesam Server name using sm_setup.

  1. Set the SEP sesam profile and enter the following command:
  2. sm_setup change_servername <mynewserver>
  3. After executing the command, check the interfaces of the renamed SEP sesam Server: Main selection -> Components -> Clients -> double-click the server (Client) to open its properties. In the Interfaces field, manually remove the old interfaces and enter the new interfaces for http and https.
  4. RDS interfaces.jpg

Configuring SSL Secured Communication for SEP sesam Backup Network

Configuring SSL Secured Communication for SEP sesam Backup Network/en

List of Ports Used by SEP sesam

SEP sesam client-server communication requires certain TCP ports to be open to enable SEP sesam components to communicate with each other through a firewall. Daemons are specific to the SEP sesam Client/SEP sesam Server/RDS installation and are using different port numbers.

The required ports may be SEP sesam version-specific. As of version ≥ 4.4.3 Beefalo, SEP sesam uses fewer ports by default than in previous versions:

Ensure that all required ports are available on the system for SEP sesam daemons and are not blocked by a firewall; these ports must not be assigned to another service. If the required ports are not available, SEP sesam will not function correctly.

Additionally, you might need to open relevant network ports to ensure communication between SEP sesam Server or SEP sesam data mover and additional modules, e.g., VMware vSphere, NDMP, etc. A list of module-related ports can be found below in the section Module-related ports.

Used default ports

If a firewall is used, only the following TCP ports must be allowed for SEP sesam backup. SEP recommends SMSSH for secure control communication between SEP sesam Server and SEP sesam Clients/RDS and the HTTP protocol for data transfer from SEP sesam Client to SEP sesam device server. SMSSH and HTTP are the default protocols if no other protocol is specified in the client configuration and in the various events (backup/restore/migration etc.).

Component/Description Direction Source port Destination port Protocol Configuration in the GUI
SEP sesam Server
SMSSH: Encrypted communication to the client outbound random 11322 TCP/SSH Client properties -> Access Mode -> select SMSSH
Backup data over HTTP inbound random 11000 TCP/HTTP Client properties -> Interfaces -> enter <http://hostname:11000>
SEP sesam Client
SMSSH: Encrypted communication to the client inbound random 11322 TCP/SSH Client properties -> Access Mode -> select SMSSH
Backup data over HTTP outbound random 11000 TCP/HTTP Client properties -> Interfaces -> enter <http://hostname:11000>
SEP sesam Remote Device Server
SMSSH: Encrypted communication to the client inbound random 11322 TCP/SSH Client properties -> Access Mode -> select SMSSH
Backup data over HTTP inbound random 11000 TCP/HTTP Client properties -> Interfaces -> enter <http://hostname:11000>

SEP sesam complete ports list

The following is the complete list of ports used by SEP sesam. You only need to open the ports in your firewall that you use. If you decide to configure all control communication via SMSSH, you do not need to open CTRL port 11301 in the firewall.

Port numbers for SEP sesam Server

Port number Description Configuration in the GUI/Example
11301 CTRL: Unencrypted communication to client Client properties -> Access Mode -> select CTRL
11322 SMSSH: Encrypted communication to the client Client properties -> Access Mode -> select SMSSH
11001 Data over FTP Client properties -> Interfaces -> enter <hostname> or <ftp://<hostname>:11001>
11000 Data over HTTP Client properties -> Interfaces -> enter <http://hostname:11000>
11443 Data over HTTPS Client properties -> Interfaces -> enter <https://hostname:11443>
11002-11007 Port range for 3 parallel data transfers via FTP Client properties -> Options tab -> Firewall Settings -> enter the port range in the STPD options
11701+drive number Replication and source-side deduplication (SDS) port For example:
  • If you replicate from dedup drive 2 (source) to RDS drive 5 (target), the port is 11703 (daemon on machine with drive 2).
  • If you replicate from dedup drive 5 (source) to RDS drive 2 (target), the port is 11706 (daemon on machine with drive 5).
11401 GUI/WEB UI (RMI) listen port
Information sign.png Note
For external backups (BSR, SAP, Informix, MaxDB ...) the client must always be able to reach the SEP sesam Server via ports 11000 (for HTTP backups), 11443 (for HTTPS backups) and 11001 (for FTP backups), and not only the RDS. This must be taken into account in the firewall rules.

Port numbers for SEP sesam Remote Device Server

Port number Description Configuration in the GUI/Example
11301 CTRL: Unencrypted communication to client Client properties -> Access Mode -> select CTRL
11322 SMSSH: Encrypted communication to the client Client properties -> Access Mode -> select SMSSH
11001 Data over FTP Client properties -> Interfaces -> enter <hostname> or <ftp://hostname:11001>
11000 Data over HTTP Client properties -> Interfaces -> enter <http://hostname:11000>
11443 Data over HTTPS Client properties -> Interfaces -> enter <https://hostname:11443>
11002-11007 Port range for 3 parallel data transfers via FTP Client properties -> Options tab -> Firewall Settings -> enter the port range in the STPD options
11701+drive number Replication and source-side deduplication (SDS) port For example:
  • If you replicate from dedup drive 2 (source) to RDS drive 5 (target), the port is 11703 (daemon on machine with drive 2).
  • If you replicate from dedup drive 5 (source) to RDS drive 2 (target), the port is 11706 (daemon on machine with drive 5).
Additional ports for SEP sesam Remote Device Server with GUI
- no incoming ports for GUI on RDS

Port numbers for SEP sesam Client

Port number Description Configuration in the GUI/Example
11301 CTRL: Unencrypted communication to client Client properties -> Access Mode -> select CTRL
11322 SMSSH: Encrypted communication to client Client properties -> Access Mode -> select SMSSH
11002-11007 Port range for 3 parallel data transfers via FTP Client properties -> Options tab -> Firewall Settings -> enter the port range in the STPD options

Port numbers for SEP sesam GUI PC (not SEP sesam Server)

Port number Description Configuration in the GUI/Example
- no incoming ports to GUI PC
Additional ports for SEP sesam GUI PC with installed SEP sesam Client
11301 CTRL: Unencrypted communication to client Client properties -> Access Mode -> select CTRL
11322 SMSSH: Encrypted communication to the client Client properties -> Access Mode -> select SMSSH
11002-11007 Port range for 3 parallel data transfers via FTP Client properties -> Options tab -> Firewall Settings -> enter the port range in the STPD options

Module-related ports

The following tables show the required network ports used for communication (connection or data transfer) between SEP sesam Server or SEP sesam data mover and extra modules.

Port numbers for VMware vSphere

From To Description Port number Protocol
SEP sesam Server vSphere (vCenter/ESXi) Connection to vCenter Server or ESXi Server 443 HTTPS/TCP
SEP sesam data mover vSphere (vCenter/ESXi) Connection to vCenter Server or ESXi Server 443 HTTPS/TCP
SEP sesam data mover ESXi server Data transfer to ESXi host 902 TCP

Port numbers for Citrix XenServer

From To Description Port number Protocol
SEP sesam data mover Citrix XenServer Connection to Citrix XenServer 443 HTTPS/TCP
SEP sesam data mover Citrix XenServer Required for backups with CBT 10809 HTTPS/TCP

Port numbers for NDMP

From To Description Port number Protocol
SEP sesam data mover NDMP server Data transfer between components
(for NetApp see also NDMP firewall settings)
10000 NDMP

Port numbers for HPE StoreOnce

From To Description Port number Protocol
SEP sesam Server HPE StoreOnce Default command port; for communication with HPE StoreOnce 9387 TCP
SEP sesam Server HPE StoreOnce Default data port; for communication with HPE StoreOnce 9388 TCP


Configuring clients in the firewall environment

SEP sesam Client is a system that has a SEP sesam Client package installed, is added to the SEP sesam environment as a client, and is included in backup plans for data protection. Clients can be workstations, PCs, virtual machines or file servers with gigabytes of data.

The abbreviation SBC (sesam backup client) is used in a more technical sense for programs that execute backup, migration, and restore tasks. SBC collects and consolidates backup data on the client system and delivers it to the Sesam Transfer Protocol Server (STPD – a service that requests backup data from the SMS Server and manages the data flow between the SEP sesam Server and a client). The SBC module can also be controlled directly without other SEP modules by using SEP sesam CLI.

In the SEP sesam GUI you can check if an update is available for your clients. You can simultaneously update all clients in the same location or decide to update only the Linux or Windows clients that belong to the selected location. You can also exclude a specific client from updating or install SEP sesam component(s) on new Windows clients. For details, see Updating client(s).

SEP sesam allows you to configure permissions (ACLs) for a location (group of clients) or a specific client. For details, see section Permissions and access.

Procedure

SEP Tip.png Tip
VMs only

If you intend to back up multiple VMs, you can automate the process by automatically generating tasks for VMs that are connected to the same host; you can also automatically create clients for VMs to which the created tasks and ACLs can be assigned. It is recommended to use these features when a new hypervisor is added and many new VMs need to be backed up. For details, see Automating Backup Process.

  1. In the Main selection -> Components -> Clients, select the desired location (LOCAL is always created by default), and then click New client. Enter the name of the client – this has to be the network host name of the computer. The name has to be resolvable either via DNS or the hosts file. If there is a name server (DNS) in the network, SEP sesam automatically selects the TCP/IP address. Otherwise you have to enter it manually in the etc/hosts file.
  2. Select the Virtual machine check box when adding a VM. For VMs with SEP sesam backup Client installed, also select the check box SEP sesam client. Then select the appropriate host and name from the Virtualization server name (host) and Virtual machine name drop-down lists.
  3. Note that setting these options automatically sets the client access mode. In most cases, you can change the mode at any time to suit your needs.
  4. From the Platform drop-down list, select the relevant platform: LINUX, WINDOWS, UNIX, NDMP, VMS, NETWARE, or STORAGE (HPE-related). In most cases, the Operating system is automatically selected when you select the Platform.
  5. If not set, select the appropriate client operating system from the Operating system drop-down list.
  6. If the client is to be managed as a VM server, select the Virtualization server check box and then select the appropriate VM server type from the drop-down list, e.g. vCenter, Hyper-v Cluster, KVM Server, etc. This allows you to browse the virtual environment when creating backup tasks, for example.
  7. If not already set, select the communication method and access type between the client and the SEP sesam Server from the Access Mode drop-down list. The following access modes are available: CTRL, SMSSH, PROXY, VIRTUAL, SSH, and RSH. For details, see Access Modes.
  8. Information sign.png Note
    In v. 5.0.0 Jaglion, the Access mode was only available if you used the user interface in advanced or expert UI mode (see Selecting UI mode). With 5.0.0 Jaglion V2, the Access mode is visible regardless of the UI mode.
  9. Optionally, you can specify the following fields:
    • The Notes field provides an option to comment your configuration.
    • The Interfaces field is only for specifying additional interfaces for SEP sesam Server or Remote Device Server (RDS).
      • If there is an additional network for backups, you can enter the resolvable and changed DNS name of a second network card of the SEP sesam Server in a new line. If there are several network cards, they need to be known to the DNS, otherwise the connection to the SEP sesam Server will fail.
      • The network protocols for data transfer can be specified with the common prefixes ftp:// (default), http:// or https://.
      • For each protocol one interface has to be added in the interfaces box separated by single spaces. One interface for the HTTP protocol http://<hostname>:11000 and one interface for the HTTPS protocol https://<hostname>:11088.
    • Do not update this client should only be enabled if you want to exclude a specific client from updating.
    • Execution off should only be used in special cases when you want to exclude a client from backups for technical or other reasons. As long as this option is set, the client will be excluded from all scheduled backups.

    Configuring client.jpg

  10. If your client is behind a firewall, you have to configure the communication ports. By default, SEP sesam uses random ports specified by the operating system. However, if you want to back up a client that is behind a firewall, you need to set the ports manually. Switch to the Options tab and set the following:
    • In the Access options field, enter the port over which the client is reachable by using the -p <port_no> command (e.g., -p 17301). The default listen port for the CTRL daemon on clients is 11301 and for SMSSH is 11322.
    • Use STPD options to set up the communication port for transferring data from the backup client to the SEP sesam Server. Note that each backup running simultaneously on a client requires two ports; e.g., three simultaneous backups on the backup client use ports 11002-11007. If HTTP protocol is used for data transfer (SEP sesam Server interface is http://<SEP sesam server>:11000), TCP port 11000 is used.
    • Configuring client-options.jpg
      Information sign.png Note
      Once your client is configured, additional options are available on the Options tab. (Double-click the client to open its properties.) You can change the default listen port and enable Wake-on LAN (WOL) on Windows clients. For details, see Client properties.
  11. In the OS Access tab, you have to enter credentials as an administrator to access the respective systems. Use the format DOMAIN\USER for domain accounts or HOST\USER for local accounts. If set, you can select an existing credential set from the drop-down list.
  12. Configuring client-access.jpg
  13. When you have set all the options, click Create New or OK. Clicking Create New will leave the dialog window open, allowing you to quickly configure multiple clients one after another. Then a new dialog box appears asking whether you want to create a new backup task for this client. Click Yes to create a backup task or No if you intend to configure your backup later. For details, see Standard Backup Procedure.

Your new client is displayed in the Topology content pane.

Permissions and access

In the client properties, additional tabs are available for specifying permissions and access. Double-clicking the client opens its properties and you can specify these additional settings.

The Permissions tab allows you to set the required permissions for your client. For details, see Using Access Control Lists.

Client permissions.jpg

When configuring clients to be backed up by specific task types, you need to specify some additional settings. An additional tab is available for the following task types: Micro Focus Open Enterprise Server (formerly Novell OES), VMware, Citrix XEN, MySQL, PostgreSQL, NetApp, RHV. For example, if you configure vCenter Server as a SEP sesam Client, you need to specify the vCenter credentials with the highest administrator privileges and select the appropriate data mover. For more information on specific task types, see the corresponding wiki articles under Extensions.

Client VMware.jpg

SEP Tip.png Tip
You can generate a report for each client with details of client backup tasks, media pools, and data size by selecting the client, right-clicking it, and then selecting Client Report. You can also use the right-click menu to check client access and update status.


Part X: SEP sesam Events

Newday Event

4 4 3 Beefalo:Newday Event/en

Creating a Backup Event

Creating a Backup Event/en

Creating a Media Event

Creating a Media Event/en

Creating a Migration Event

Creating a Migration Event/en

Creating a Command Event

A command event enables the execution of any program on a SEP sesam Client. A user must be authorized to run the commands on a specific client. By default, only commands entered in the system directory at <SESAM_ROOT>/bin/sesam can be executed. If you want to allow starting commands in other directories, see the section Setting permission to run commands.

In the SEP sesam GUI, you can start command events immediately or schedule the events for automatic execution.

Steps

To create a new command event, follow the steps below:

  1. From Main Selection -> Scheduling -> Schedules, select the schedule to which you want to add a command event. Then right-click the desired schedule and select New Command Event. The New Command Event window is displayed.
  2. Note that if you have not already configured a schedule, you must first configure it by clicking the New Schedule button in the Schedules window. For details, see Creating a Schedule.
  3. Under the Parameter tab, specify the following settings:
    • Priority: Optionally, define a priority for the command event. SEPuler always executes schedules with higher priority first. The default priority level is 1, which is the lowest priority (the highest is 99). The highest priority level is 99. The only exception is schedules with priority 0, which override all other priorities and are always executed. For details, see Event Priority.
    • Blocking date: This should be used in conjunction with high priority for special events. When this check box is selected, lower priority events of the same type are blocked, ensuring that the command event is processed if other command events are also scheduled at the same time. See Blocking Events.
    • Name: Select the name of the existing command from the drop-down list. When selected, the full command is displayed in the Preview field below.
    • SEP Tip.png Tip
      You can access the configured commands from the menu bar -> Configuration -> Command. You can define your own commands to use when creating a command event, and modify, delete, or copy the existing commands. For details, see Configuration: Commands.
    • Client: Select a client on which to execute the command.
    • User: Enter the user name of a user who has sufficient rights to execute the command on the client.
    • Retention time: Specify how long (in days) to retain the command event results and logs (default 30).
    • Additional Parameter: Optionally add additional parameters to the command.
    • Follow up (available in v. ≥ 5.0.0 Jaglion): Optionally use this field to configure a follow up event to be started on the SEP sesam Server once the command event has completed. For details, see Creating Follow-up Events.
    • New command event Jaglion.jpg
  4. Click OK to add your command event to a schedule. You can review your schedules and assigned events, trigger events to start immediately, or delete them by right-clicking the selected schedule/event.

Setting permission to run commands

Not every user on a specific client is authorized to run all commands. Without additional entries authorizing selected users to run certain commands, commands can only be run from the system directory <SESAM_ROOT>/bin/sesam. If a command is to be started from another directory before the regular backup is started, this must be entered/allowed on the target client.

UNIX

Copy the file sesam_cmdusers.allow from the directory <SESAM_ROOT>/skel to /etc on the client and modify the file. You can now enter a line for the user and the command in the format {user} {command}. If you use a wildcard (*), all commands will be executed.

No explicit permissions are required to execute SEP sesam commands such as sm_loader.

Windows

To set access rights for the user and command, use the following key: \\HKLM\SOFTWARE\SEP Elektronik GmbH\sesam\CommandEvents\<user>\<command>

In addition, on the client computer, the entry CTRLD_Path=ID/bin/sesam;ID/bin/sms in the file ID/var/ini/sm.ini in the section [CTRLD_Server] must be extended to include the directories in which the desired programs are located.

  1. Open the Regedit editor.
  2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\SEP Elektronik GmbH\sesam\ and create a new key named CommandEvents. If it does not already exist, right click and select New Key.
  3. Enter <user> and then <command> with the full path information as the key.

The available commands are:

Command Execution
* all commands
cmd /c all DOS commands (dir, etc.)
DOS command (e.g., dir) specific DOS command only (e.g., dir)
specific command (e.g., ping) specific command only (e.g., ping)

If there are other commands, the last command is executed. If you use a wildcard (*), all commands are executed.

Registryentry.JPG

Below is an example of a registry file (*.reg) that allows all command events for the administrator and the sesam user:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\SEP Elektronik GmbH\sesam\CommandEvents\sesam\*]
[HKEY_LOCAL_MACHINE\SOFTWARE\SEP Elektronik GmbH\sesam\CommandEvents\Administrator\*]
Information sign.png Note
The most common errors when setting up the desired user permissions and allowed commands are:
  • The necessary entries are not entered in the directories of the target clients, are not entered on the server, or are entered incorrectly.
  • Instead of entering a command as a key, it is entered as a string.


Copyright © SEP AG 1999-2024. All rights reserved.
Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.

Scheduling Restore

4 4 3 Beefalo:Scheduling Restore/en

Follow-up Events

Follow-up Events/en

Part XI: SEP sesam Log Files

Interpreting Error Messages/en

Analyzing SEP sesam Log Files

4 4 3:Analyzing SEP sesam Log Files/en

Tips for Backup Troubleshooting

Tips for Backup Troubleshooting/en

Part XII: SEP sesam Configurable Interfaces

Using Pre and Post Scripts

Using Pre and Post Scripts/en

How to Configure Mail Notification

How to Configure Mail Notification/en

Part XIII: Managing Media

Retention time and EOL

Retention time defines a specific duration (in days) for which a backup or data set is protected against deletion or overwriting. It ensures that backups are retained for a predetermined period to meet operational, regulatory, or other requirements. Once the retention time for a backup expires, it may be deleted or overwritten based on the backup retention policies in place.

To set the retention time for backup data, SEP sesam uses the EOL attribute (End-of-Lifetime). The EOL is the expiration date of a backup or a saveset and defines the date when a backup or a saveset reaches the end of its defined retention time and can be removed or overwritten.

Retention time and EOL determine when backups can be safely removed from storage to free up space and resources. This ensures that data remains accessible for a specific period of time, and enables efficient management of storage resources by allowing the removal of backups that are no longer needed for recovery or compliance purposes.

Retention time is defined on a media pool level. When a saveset is written to a medium in a specific media pool, the expiration date is calculated and set, and retention begins. For example, a media pool has retention time of 30 days. If a saveset is created and written to this pool on January 1st, its EOL is set to January 31st. To maintain consistency of the backed-up data and keep the backup chain available for restore, SEP sesam automatically manages retention and adjusts the EOL of backups and media.

You can also manually adjust the EOL of your data, as described in Changing Retention (EOL).

Information sign.png Note
Retention time and EOL refer only to backups and related migrated and replicated savesets. SEP sesam logs, readability check logs, calendar sheet entries, and restore tasks have separate retention parameters. For details, see retention periods.

Backup chain and EOL

For a backup chain, SEP sesam manages the EOL values of backups according to the rules of dependency-based retention, synchronizing the EOL of interdependent savesets in the chain. This ensures that no backup is prematurely removed from the system and prevents interruption of the backup chain. Interdependent backups remain available throughout their retention time to ensure the recoverability of the entire backup chain.

For more information refer to Backup Chain Dependencies.

Storage management

When the EOL is reached, the protection for a saveset expires. However, the storage space occupied by an expired saveset isn't immediately freed. When space is required, the savesets with the oldest EOL are deleted first. SEP sesam uses the GET_OLDEST policy to preserve data on the media for as long as possible.

To overwrite a saveset and reuse the storage space, there should be no other savesets dependent on a particular saveset. Automatic retention management tracks dependencies and synchronizes the expiration dates to prevent deletion of savesets that might be still required for restore. This condition can be bypassed by modifying the expiration date (EOL) of the backup chain manually.

Media can be reused when the EOL of all stored savesets expires and is not write-protected (locked).

SEP sesam automatically allocates the media in a media pool with the oldest expired EOL for reuse. The media that has the longest time since EOL expired is reused first.

EOL types

SEP sesam manages the EOL property for three main object types: savesets, backups, and tape media.

Saveset EOL
The expiration date of a single saveset. It is initially calculated by adding the backup day (the date when the data is written to the medium) and the retention time specific to the media pool.
For example, in a media pool with 30 days retention time, a full backup is run on January 1st. EOL of this backup is set to January 31st. Five days later a differential backup is run, with EOL set to February 5th. Because differential backup depends on the preceding full backup, the EOL of the full backup is adjusted to match the EOL of the differential backup and is also set to February 5th.
Backup EOL
The expiration date of all savesets belonging to the same backup, including migrated and replicated savesets.
For example, you extend the backup EOL for a saveset. The EOL is adjusted for all savesets belonging to this backup (original, migrated and replicated savesets) to match the new EOL.
Information sign.png Note
By default, failed backups are also retained for the configured media pool retention time. This backup retention behavior can be changed by modifying the EOL-related keys, as described in Customize the default retention behavior for backups and migration. These keys are not supported in versions prior to 4.4.3 Beefalo V2, where failed backups were automatically deleted after 3 days.
Media EOL
The expiration date of a tape medium, determined by the longest saveset EOL on that medium. In case an interdependent saveset exists on another medium or datastore, the media EOL (Locked until attribute in tape properties) is adjusted accordingly. The tape can be reused after EOL of all savesets on tape expires (provided that the tape is not locked or write-protected). When another saveset is added to tape or EOL of an existing saveset on tape is changed, SEP sesam checks which EOL is the longest. If new EOL exceeds the current EOL of the tape, media EOL is automatically extended, otherwise it remains unchanged.
For example, a media EOL is set to February 3rd. A saveset is added to the tape with EOL set to February 25th. The media EOL is extended to February 25th. Another saveset with EOL February 20th is added to the tape, and the media EOL remains set to February 25th.

Automatic adjustment of retention and EOL

If the retention time is considered from the perspective of an individual backup, it can ensure restorability of data only for that backup. To enable complete restore of data backed up in the backup chain, SEP sesam tracks all dependent backup savesets and manages their retention time according to their dependencies.

Automatic adjustment of EOL follows the rules of dependency-based retention and is based on the longest EOL of interdependent savesets in a backup chain. This ensures that a backup, on which other backups depend for restore, is not removed prematurely from the system, which could potentially disrupt the backup chain. If a saveset is missing from the backup chain, data recovery to a specific point in time is not possible. SEP sesam maintains control over the dependencies among individual backup savesets and provides rules for automatic retention management based on these dependencies.

INCR backups require all previous savesets (FULL, DIFF and INCR) in a chain to be available for a successful restore. INCR backup taken as the third INCR after the FULL requires the FULL, the first, the second, and the third INCR to provide complete restore capability.

Example

For example, the following backup strategy is employed:

  • Monthly full backup every 4th Sunday, in media pool MONTHLY with retention time 31 days
  • Weekly differential backup every Sunday, in media pool WEEKLY with retention time 14 days
  • Daily incremental backup, in media pool DAILY with retention time 7 days

Backup chain starts with the full backup and ends with an incremental backup. Full backup in a chain is a standalone backup and doesn’t require any other backups to successfully restore data. Therefore, the EOL of the full backup doesn’t affect any other saveset EOL.

Differential backup depends on the full backup for restore. Therefore, if EOL of differential backup exceeds EOL of the full backup on which it depends, the EOL of the full backup is extended to match retention of the differential backup.

Incremental backup requires previous savesets of all backup levels in a chain for a successful restore. INCR backup taken as the third INCR after a DIFF requires the FULL, the last DIFF, and the last three INCRs to provide complete restore capability. The EOL of incremental backups is adjusted with every new dependent incremental backup. In addition, if EOL of incremental backup exceeds EOL of the differential and full backups on which it depends, the EOL of the differential and full backups is extended accordingly.

In case the entire backup chain is stored on tape, the media EOL matches with the longest EOL of saveset on the tape. If any of the subsequent savesets on the tape exceeds this EOL, the media EOL is adjusted accordingly.

The figure below illustrates the adjustment of saveset EOLs. Only the most significant backups are filled in to retain clarity for informational purposes and to avoid cluttering the image. Note that media EOL is initially set to match the first FULL backup, and is adjusted later with the second DIFF backup to match the longest saveset EOL on the tape.

EOLcalendar.png

Rules for the automatic EOL adjustment

Rule #1: Full backups do not expire as long as dependent DIFF/INCR exist

Full backups will not be allowed to expire or be deleted as long as there are dependent DIFF/INCR backups that rely on them. The EOL of a full backup is extended if the EOL of subsequent backups exceeds the EOL of the full backup they depend on. If the EOL of the dependent backups is shorter, the EOL of the full backup remains unchanged.

For example, A full backup has EOL set to February 1st. A subsequent DIFF backup has EOL set to January 23rd. Because the DIFF backup expires before the FULL backup (EOL of the FULL is longer), the backup chain is not broken and the EOL of the FULL is not adjusted. Another subsequent DIFF backup has EOL set to February 6th. Because the FULL backup expires before the dependent DIFF (EOL of the FULL is shorter), and the backup chain could become unrestorable, the EOL of the FULL is adjusted to February 6th.

Rule #2: An increased EOL of a DIFF/INCR saveset results in an increased EOL of all dependent savesets

If the EOL of a DIFF or INCR saveset is increased, SEP sesam also increases the EOL of all preceding savesets (FULL and other DIFF and INCR) on which it depends. SEP sesam ensures that EOL of the FULL saveset and other DIFF and INCR is not shorter than the potentially modified EOL of the dependent DIFF or INCR saveset.

Rule #3: A decreased EOL of a DIFF/INCR saveset leads to decreased EOL of all dependent savesets

If the EOL of a DIFF or INCR saveset is decreased, SEP sesam decreases the EOL of all dependent subsequent savesets (DIFF and INCR). Note that you cannot set the EOL in the past.

Rule #4: A too short EOL of DIFF/INC savesets leads to an increased EOL

If the DIFF/INCR backup detects that a saveset belonging to an FDI chain has an EOL that is too short, then any subsequent DIFF/INCR backup that runs on a pool with a longer retention time will increase the EOL of the saveset from that particular pool.

Information sign.png Note
If the EOL of a saveset belonging to an FDI chain has already expired, it will not be extended. In this case, the next DIFF/INCR backup will be executed as a FULL backup, with settings that were defined for that DIFF or INCR backup (most notably, the media pool).

Rule #5: A new or migrated DIFF/INC backup leads to adjusted EOL for dependent savesets

When a new INCR or DIFF backup is run or an INCR or DIFF backup is migrated, SEP sesam automatically adjusts the EOL of all related savesets to match.

Rule #6: The last successful backup or migration is automatically retained

SEP sesam automatically retains the last successful backup or migration saveset if the next backup/migration fails. By extending the EOL of the last successful backup/migration, SEP sesam ensures that at least one successful backup is retained. This behavior is enabled by default and can be changed by setting the values of the corresponding keys, as described in Customizing Global Retention Policy.

Information sign.png Note
SEP sesam also allows you to manually adjust EOL if the default retention does not meet the requirements, but you should be careful with this option. Manually adjusted EOL overrides the EOL defined by the retention time in the media pool configuration.

Rule #7: Media EOL cannot be shorter than the longest saveset EOL on that tape

For tape media, SEP sesam adjusts the media EOL to match the longest EOL of the savesets stored on the tape. The media EOL and saveset EOL are interdependent and changes affect one another.

If a saveset EOL on tape is increased or decreased, the media EOL is adjusted accordingly. Similarly, modifying media EOL impacts saveset EOL.


Viewing EOL

EOL for savesets and backups, and for tape media is displayed in GUI and Web UI in several views. In GUI you can also modify the EOL.

Where in Web UI

In Web UI the EOL is read-only and cannot be modified.

Backup & Saveset EOL
  • Monitoring -> Last Backup State -> click a backup task -> task properties – Storage Location -> in the storage locations table: Saveset EOL
  • Monitoring -> Backups -> click a backup task -> task properties – Storage Location -> in the storage locations table: Saveset EOL
  • Infrastructure -> Data Stores -> click the selected data store to open the properties -> in tab Properties click View savesets for this data store: columns Backup EOL and Saveset EOL
  • Infrastructure -> Tapes -> click the selected tape to open the properties -> in tab Properties click View savesets for this tape: columns Backup EOL and Saveset EOL
Tape media EOL
Infrastructure -> Tapes, column Media EOL

Where in GUI

You can use the GUI to modify the EOL parameter in several different ways:

Backup & Saveset EOL
  • Job State -> Backups -> double-click a backup task -> task properties – Info 1 -> in the Storage location table: Saveset EOL
  • Components -> Tapes -> Media -> select the media and open properties -> Savesets tab -> columns Backup EOL and Saveset EOL
  • Components -> Media Pools -> select the media pool and expand it to open media -> double-click to open the media properties -> Media properties – Properties 1 -> tab Savesets: columns Backup EOL and Saveset EOL
  • Components -> Data Stores -> double-click the selected data store to open the properties -> tab Savesets: columns Backup EOL and Saveset EOL
Tape media EOL
  • Components -> Tapes -> Media -> select one or more tapes -> right-click and select Change Media EOL
  • Components -> Tapes -> Media -> select the tape to open its properties -> Locked until

Tracking the adjusted EOL

SEP sesam provides insight into how and when EOL values were modified. In Web UI, in the backup results window the Backup EOL displays EOL changes triggered manually or by automatic EOL adjustment process (in GUI this information can be found in the EOL changed by column in the Media view). Note that to display further details in the backup results window, you may have to switch to Advanced view in the Web UI.

When EOL adjustments occur automatically due to dependency-based retention or system-driven policies, this column displays the associated Backup ID or Saveset ID that initiated the adjustment, and helps you trace the specific backups or savesets responsible for the EOL change.

When a user manually alters the EOL, the EOL changed by column will show the username responsible for the modification.

The modified EOL is also recorded in the main log. You can generate these logs for audit and compliance purposes, providing a clear history of all EOL adjustments made (see also Audit Logging).

Information sign.png Note
Adjusting the Backup EOL of savesets stored on tape media may affect the Media EOL. The media EOL may also depend on the EOL of FULL/DIFF/INCR savesets stored on other media or even in datastores.


Changing Retention

Retention time is configured at the media pool level and is specified in days. It defines the duration for which the backed-up data must be retained in storage. The retention starts from the date a saveset is written to the media (at the end time of the first backup) and defines the expiration date of the saveset (saveset EOL). When the protection (EOL) expires, SEP sesam can reuse the media for new backups.

To maintain integrity of a backup chain and protect against data loss, SEP sesam provides a dependency-based retention strategy through automatic EOL adjustment. This strategy is used to manage and preserve the recoverability of the backup chain.

If the default retention does not meet your requirements, SEP sesam enables you to manually change the expiration date – EOL (End of Lifetime) – of your data.

saveset EOL
You can change the EOL date of any individual saveset that is stored in the data store, see Changing Saveset EOL.
backup EOL
You can change the EOL date for all savesets that belong to the same backup (original, migrated and replicated savesets). Unlike the saveset EOL, which is applied individually to each selected saveset, changing the backup EOL always affects all dependent backup versions that are part of the same backup, see Changing Backup EOL.
(tape) media EOL
Some special rules apply to tape media, as the expiration date of the tape corresponds to the maximum retention time (the longest EOL) identified on the tape, see Changing Media EOL.
SEP Tip.png Tip
In Web UI, in the backup results window the Backup EOL (in GUI, in the Components -> Tapes -> Media view, the column Media EOL changed by) shows the Backup ID/Saveset ID for changes that were made by automatic EOL adjustment, or username if it was changed manually by the UI user. This information can also be generated for audit trail purposes, see Audit Logging.

Modifying EOL (expiration date)

You can extend EOL to prolong the retention of specific backup data, or reduce it to expire backups and free up the storage space. If you want to decrease the EOL, note that you cannot set the expiration date to a time in the past; the minimum allowed date is the current date.

Manual changes to the EOL do not affect automatic retention management. When you manually shorten the EOL, and as a result, subsequent backups have longer EOL settings than the backups they depend on:

  • If the savesets have not yet expired, the EOL is extended.
  • If a saveset has already expired, the next backup (INCR or DIFF) is performed as a full backup.

For more information on how manual and automatic retention management interact, see rules for automatic EOL adjustment.

To free up space or remove backup data you no longer need, you can delete backups before their EOL is reached. If you want to preserve certain backup data indefinitely, you can also lock a backup or a tape.

Additionally, you can configure global retention settings to customize the default retention behavior for backups and migrated savesets.

Changing Backup EOL

The backup EOL parameter sets the expiration date for all savesets that belong to the same backup, including migrated and replicated savesets.

If you extend the backup EOL, it is adjusted only for the saveset that already has the longest EOL, while the EOL of other savesets remains unaffected. Decreasing the backup EOL can affect all data belonging to the same backup (the entire backup chain), including migrated and replicated savesets.

You can make changes to Backup EOL in various views in the GUI:

  • From Main Selection -> Job State -> Backups: Double-click the backup task (tab Info 1), click the Backup EOL to access the drop-down calendar and select a new date.
  • From Main Selection -> Components -> Data Stores: Double-click the selected data store, go to the Savesets tab, and find the column Backup EOL. Click the date to open the drop-down calendar and select a new date.
  • From Main Selection -> Components -> Media Pools: Expand the target media pool, double-click the selected item, and in the properties, click the Savesets tab. Then, click the date in the Backup EOL column to open the drop-down calendar and select a new date.
  • From Main Selection -> Components -> Tapes -> Media: Filter the media, e.g., by using the Media EOL column, or select the target media from the list. Then, double-click the target item to open its properties. In the Savesets tab, look for the Backup EOL column and click the date to open the drop-down calendar and select a new date.

Changing Saveset EOL

The Saveset EOL parameter sets the expiration date for individual savesets stored in a datastore or on tape media.

If you extend the Saveset EOL of a saveset that is part of an FDI backup chain, then the EOL of the preceding savesets in the chain will also be extended. If you shorten the saveset EOL, the new expiration date is set only for the selected individual saveset.

You can make changes to Saveset EOL in various views in the GUI:

  • From Main Selection -> Job State -> Backups: Double-click the backup result and then click the date in the Saveset EOL column in the table Storage Location to open the drop-down calendar and select a new date.
  • From Main Selection -> Components -> Data Stores: Double-click the selected data store, go to the Savesets tab, and find the column Saveset EOL. Click the date to open the drop-down calendar and select a new date.
  • From Main Selection -> Components -> Media Pools: Expand the target media pool, double-click the medium, and in the properties, click the Savesets tab. Then, click the date in the Saveset EOL column to open the drop-down calendar and select a new date.
  • From Main Selection -> Components -> Tapes -> Media: Filter the media, e.g., by using the Media EOL column, or select the target media from the list. Then, double-click the target item to open its properties. In the Savesets tab, look for the Saveset EOL column and click the date to open the drop-down calendar and select a new date.

Changing tape Media EOL

To adjust the EOL of tape media, you can modify the Media EOL parameter. Tape media EOL is shown as Media EOL in the Media view or as Locked until in tape properties.

The lock icon next to the EOL date in the Media view list indicates:

  • Gray open lock: tape EOL has expired and the medium can be overwritten.
  • Blue lock: The medium is protected until the displayed date (Media EOL). Current data cannot be overwritten, but there is still free space on the tape and new savesets can be appended.
  • Red lock: The tape is full and protected until the displayed date.

For more information see Changing tape EOL.

If you don't want to reuse the tape after the EOL date of the tape media has been reached, you can also lock the tape using write protection. This option overrides the Media EOL.

Locking a backup or a tape

In case you want to preserve backup data after its EOL has expired and ensure that it is not deleted or overwritten, you can lock a backup. A lock has no time limit and backup remains locked until you unlock it.

The lock status is automatically applied to all savesets in a backup chain on which the locked backup depends on for restore. All backups belonging to the same chain are protected from deletion until one of them is unlocked. This ensures that no backup is removed prematurely from the system, which could render the locked backup unrestorable.

To lock a backup in Web UI, click Monitoring and then select Last backup state or Backups. Click the backup task of the backup you want to lock and in the properties window click Lock this backup.

In GUI, you can lock a backup in various views:

  • Job State -> Backups -> double-click a backup task -> backup properties – Info 1 -> above the Storage location table on the right select the check box Lock state
  • Components -> Tapes -> Media -> select the media and open properties -> Savesets tab -> double-click to open the saveset properties -> select the check box Lock state
  • Components -> Media Pools -> select a media pool and expand it to open the media -> double-click to open the Media properties -> Media properties – Properties 1 -> tab Savesets -> double-click to open the saveset properties -> select the check box Lock state
  • Components -> Data Stores -> double-click the selected data store to open the properties -> Savesets tab -> double-click to open the saveset properties -> select the check box Lock state

To lock a tape media, you can enable the Write Protection option for a tape. This option overrides the media pool retention time and any individually adjusted EOL values, providing permanent protection for savesets on tape. Write-protected media cannot be used until write protection is manually deactivated (unlocking the media). Once write protection is removed, the set retention time of the media pool is applied to the tape media.

To enable write protection, in the Main Selection -> Components -> Tapes -> Media, in the list of media find the required tape and toggle the On/Off button in the column Write Protection.

Deleting savesets, backups or data on tape media

If you want to remove backup data you no longer need before the EOL expires, you can delete a single saveset, a backup (all savesets that belong to a backup), or an entire backup chain.

Before deleting a saveset or backup, SEP sesam checks if any dependent backups will become unusable for restore. A list of any dependent backups that will also be deleted is displayed for review, ensuring that no important backups are inadvertently deleted. Deleting a saveset or backup in SEP sesam also removes redundant and unusable savesets or backups from storage to optimize space utilization.

For more information see Deleting Backups.

You can delete data on tape when the EOL of all savesets stored on the tape has expired and the tape is not locked (write-protected). In case the tape EOL hasn’t yet expired, you have to expire the tape to remove protection before you can delete or overwrite the tape.

For more information see Deleting Media.

Customizing the default retention behavior for backups and migration

You can configure global retention settings to customize the default retention behavior for backups and migrated savesets. You can configure longer retention time of different media pools for migrated savesets, decrease retention time for failed backups, and change the automatic retention of the last successful backup and/or migration.

To change the global retention policy, you can add or modify the keys associated with retention. In Web UI, in the navigation menu click System Configuration -> System Settings (in GUI, in the SEP sesam menu bar click Configuration -> Defaults -> Settings) and find the EOL-related keys. See Customizing Global Retention Policy for details.

The screenshot shows the System Settings table with the EOL-related parameters.

EOL global parameters.jpg


Backup Chain Dependencies

Backup Chain Dependencies/en

Managing Tape Media

SEP sesam provides efficient backup media management for all common physical media types (disk, tape, and cloud (object) storage). It also provides some specific tape management tasks and features for tape storage.

All tape management operations are recorded in the audit trail. For details, see Audit Logging.

Terminology

  • Barcodes can be used instead of tape labels in a tape library with barcode support.
  • The inventory stores the list of known tapes (and their status information) and is checked by a process called archive adjustment. This compares the tape media in the loader with the SEP sesam media archive database.
  • A saveset is a set of data, such as files and directories, copied to backup media by a backup or migration. The period for which a saveset is retained is defined by the retention time (EOL). You can verify savesets after the backup is complete by configuring a follow-up event.
  • A tape drive is a device used to read and write data to a tape. They can be standalone drives or drives in the tape library.
  • Tape labels are used to uniquely identify a tape. Each medium (a tape cartridge or a virtual tape) is given a unique label that is written to the beginning of a medium during initialization. The label consists of the pool name (e.g., DAY, WEEK, MONTH) and a five-digit number that is automatically assigned by SEP sesam to each medium in the selected pool. See Checking and Labeling Tape Media.

Features

Some of the features are:

  • Protection from overwriting savesets with expired retention when they are part of a backup chain, with a dependency-based retention strategy performed by automatic retention management.
  • Media pools that enable you to group large sets of media according to your needs without having to worry about each individual medium.
  • Spare pools prevent failed backups due to missing media.
  • Recording and tracking of all media and their status: used capacity, EOL, user-defined write protection, etc.
  • Barcode support.
  • Support for EOM (End of Media): SEP sesam automatically requests new media from the appropriate media pool when the tape is full.

Tape storage configuration

SEP sesam can detect and automatically configure storage hardware in your environment if the hardware is supported and recognized by the operating system (it must be listed in the OS device manager), where the SEP sesam Server or Remote Device Server is installed. For a list of supported hardware, see Supported Storage Hardware.

There are certain types of loaders (also called tape library or autoloader) where the connection between loader and drives cannot be recognized automatically. You have to manually verify and configure such devices. You must also manually configure each backup device that is connected after the SEP sesam installation. For details, see Configuring a Loader.

Media pool configuration

With loaders, you set up a media pool that will be used to back up directly to tapes. All tapes managed by SEP sesam belong to a specific media pool. Once a pool is configured, four tabs are available in the media pool properties. For details on configuring a media pool, see Configuring a Media Pool – Spare Pool.

Media Pool
It shows the Drive group and the Retention time [days] setting. The retention time of a media pool is used as the basis for determining the expiration date (EOL) of the backed up data. The retention time is applied to all tapes in the same media pool. During the retention period, SEP sesam does not overwrite the data on the tape. The tape media EOL follows a different logic than the individual savesets stored in a data store: the tape is not re-used until all savesets on it have expired. For more details, see the Tape availability and data-protection section below.
Readability Check
This check is used to verify the readability of the data on the tape and its structure, and to ensure that the savesets on the tape are recorded in the database and vice versa. For details, see Configuring a Readability Check.
Encryption
SEP sesam provides native support for managing LTO hardware-based encryption by enabling LTO encryption of tape drives at the media pool level. For details, see LTO Encryption and Encryption Support Matrix.
Options
These settings control the use and sharing of media across media pools. SEP sesam automatically selects the most appropriate media for backup based on the get_oldest strategy. You can specify how media are selected for backup based on the media allocation criteria, including using any suitable media for backup (unknown media and/or media with expired EOL) and using media from the SPARE (if configured) and/or another pool.

Get_oldest policy

When there is a single media pool linked to a media event or schedule, the GET_OLDEST policy is always applied. This preserves the data on the media for as long as possible.

If the media event contains a specific label, the system will try to find it and load it into a drive. The autoloader magazine must be accessible to SEP sesam or the backup will be blocked.

The GET_OLDEST strategy determines which media to use next. The tape media are prioritized according to the following criteria:

  • Media with expired media EOL (expired EOL of all savesets on tape).
  • The oldest media – media with the oldest locked until (is backup day + media EOL) date in the media pool.

Spare pools

A spare pool is a media pool that you can configure to allow sharing of spare media across media pools; spare pools are used by media events when media from the actual pool cannot be accessed. Spare media are automatically moved from the compatible spare pool to the pool currently being accessed by the backup, eliminating the need for administrator intervention when media is unavailable. Migration of spare media to the working pools results in a dynamic increase of the media pool size, depending on the amount of data being backed up. The use of spare pools is optional.

A spare pool has some characteristics you should consider before using it.

  • The name of a spare pool must begin with SPARE_.
  • Each drive type requires its own compatible spare pool with free media.
  • Is different from a regular pool and should not be used for allocation.
  • You cannot move protected media to a spare pool.

Media are moved between a regular and spare pool on two occasions:

  • If there are no more free media in the regular pool, SEP sesam allocates media from the spare pool and moves them to the regular pool.
  • If all data on the medium expires (and the medium is in a regular pool), you can move it to the spare pool manually. Delete the medium from the regular pool and then add it to the spare pool through initialization or archive adjustment.

For details on configuring a spare pool, see Configuring a Media Pool – Spare Pool.

Tape management

The tapes used by SEP sesam belong to one of the media pools. They are displayed in the Components -> Media view and Media Pools view.

  • This view shows all media in a media pool, regardless of their online or offline state (loaded into the tape drive, or offloaded from the tape drive).
Initializing media

You need to initialize media (tape cartridges, removable drives, etc.) before you use them for backup. However, when adding new media using the options Accept without initialization and Automatically assign next number, initializing the media as a separate step is not required. SEP sesam initializes new media automatically when they are selected for a backup.

The initialization process writes unique identification information to the media used by SEP sesam for backup and restore operations. The identification label is placed at the beginning of the media during physical initialization and is used for identification during backups and restores. This information is entered into the SEP sesam database. SEP sesam keeps track of all media that are loaded into tape libraries and their status.

To initialize media, go to Activities -> Immediate Start -> Media Action. Choose Media action init, select the Media Pool and the Media you want to initialize. Click OK to start the initialization of the media. Initializing media can also be configured to run automatically. For details, see Initializing media.

Adding new media

Select the media pool to which you want to add the media: In Components -> Media Pools, right-click the tape media pool you created earlier and click the New Media button. In the Adding a New Media window, specify the appropriate Media Pool, Drive, Type. By default, the options Accept without initialization and Automatically assign next number are selected so that SEP sesam can determine a sequential number for the label, initialize the cartridge and add the media to the database.

SEP Tip.png Tip
When adding a large number of tapes to a loader at once, use the automatic method; fill the magazine with raw media and then go to Main Selection -> Loaders, right-click the target loader and select Archive adjustment. For details, see Setting up Archive Adjustment.


Archive adjustment: Automatic introduction of a new tape

An archive adjustment is required whenever the contents of your loader have changed. Typically, you need to perform archive adjustment whenever new media or used media that have not yet been registered (initialized) by SEP sesam are inserted to identify unrecognized tapes. For details, see Setting up Archive Adjustment and Checking and Labeling Tape Media.

Migrating media

Migration creates an identical copy of the saveset data to a newly created saveset. It is only available after a backup has been performed. You can move either the original media or the copies offsite (to a safe location) for long-term data retention and keep the other set of media on site for restore/recovery purposes. For details, see Configuring Migration.

Readability check

Used to check the readability of the data on the tape and its structure. The check involves reading the data on the tape media in blocks and checking and recording the structure of the tape. It also checks whether all backup sets on the tape are recorded in the database and vice versa.

  • The readability check can only be applied if the media EOL has not expired; it is not applicable to EOL-free media.
Checking and labeling tape media

Each medium, whether a tape cartridge or a virtual tape in a VTL, is given a unique label for identification purposes. The label is written to the beginning of the media during initialization. The media label consists of the pool name (e.g., DAY, WEEK, MONTH) and a five-digit number that is automatically assigned by SEP sesam to the respective media of the selected pool.

In the standalone tape drive environment it might happen that multiple tapes are incorrectly labeled with the same label. In this case, you have to manually identify the tape with the original label that was duplicated to resolve duplicate media label conflicts and avoid problems with potential data loss. For details, see Checking and Labeling Tape Media.

Filtering media

You can use Filter in the Components -> Media view to search and select media in a media pool or storage device. Filtering can be done based on the EOL, i.e. by specifying the availability of the tape in time. Filtering helps you find and select specific media without having to search the entire media list.

Setting the write protection

By default, write protection is disabled for all media in SEP sesam, as it is recommended not to use write-protected media with SEP sesam. However, you can switch on write protection manually in the media properties (Properties 1 - Write protection).

When write protection is enabled, media that is currently in use will be used for further write operations (backup, migrations) until it is filled or other media is initiailized for this pool and drive. Write-protected media will not be initialized even after their EOL expired.

Deleting media

When you no longer need the data stored on the tape, you can delete the tapes. There are two ways to delete data: normal Delete by clicking the Delete button or checking the special checkbox Delete all metadata and re-initialize tape.

  • Normal deletion removes the metadata of the tape and deletes the media from the SEP sesam database.
  • Selecting the checkbox Delete all metadata and re-initialize tape and then clicking the Delete button deletes all metadata of the tape media and initializes the tape provided that the tape is available to SEP sesam; if it is, the tape is loaded into a drive and physically deleted, removing access to all existing data on the tape.
Information sign.png Note
You cannot delete tapes with an existing EOL. To delete such tapes, you have to expire their EOL and remove the protection. For details, see Expire tape below.

Delete media.jpg

Creating a media event

A media event can be a user-defined event or an internal event created by SEP sesam. For example, if the specified media are not available when a backup is started, or if the end of media (EOM) is reached during data transfer, SEP sesam creates an internal media event that determines the next media for the backup.

SEP recommends performing regular media-related checks, such as the readability check and archive adjustment, to ensure optimal media selection and preparation for backup. Readability check can be set when configuring a media pool (or later in the media pool properties) or triggered by a media event. For details, see Configuring a Readability Check and Creating a Media Event.

Information sign.png Note
You can specify a media event with media initialization to reinitialize the tapes as soon as EOL expires. This is useful when you need to fulfill the GDPR requirements.
Monitoring media actions

You can monitor media-related events for the selected media in the Media view (double-click to open Media properties) in GUI or use Web UI (-> Monitoring) to check the details of all performed media events (event type: initialize, purge, readcheck..., status, start time, duration etc.). For more details, see Monitoring and Reporting.

Viewing tape properties

You can view the properties of all media used by SEP sesam in the Components -> Media view. The Properties window displays characteristics, such as the media label, barcode, write protection status (on/off), storage location, media type, corresponding media pool, etc.

Double-clicking the selected medium opens the Media Properties window, where you can view and edit some of the tape media properties. For example, in the Properties 2 view you can check the tape occupancy – the size of the currently stored data and the total tape capacity (note that tape capacity depends on tape capability (a tape type can have different write densities in different tape drives), encryption and compression), and also change any of the following options:

  • Properties 1: Write protection, Locked until, Loader, and Slot (better use archive adjustment!)
  • Savesets: Backup EOL, Locked. Double-clicking the task (saveset) opens the corresponding saveset window with additional information:
    1. Info 1: Information about saveset, backup level, drives, backup EOL, etc.
    2. Info 2: Information about media number, backup source, SBC start and run time, status of encryption and compression, etc.
    3. Main Log: The log of events that occur during a backup job (startup/shutdown information, errors, etc.), including EOL change, depending on the configured log level.
    4. Trace log: Detailed information about the backup process (depending on the configured log level) that can be used for analysis and debugging purposes.
    5. Information sign.png Note
      The Trace log tab is only available in Expert UI mode. If you are running the GUI in Basic or Advanced UI mode, you must first change the mode to Expert as described in Selecting the UI mode.
    6. Savesets: Lists all currently saved backups; see also the next section Viewing savesets on tapes. To learn how to check the backup dependencies, see Backup Chain Dependencies.
Viewing savesets on tapes

You can use the saveset tree view in Media view (double-click to open Media properties -> tab Savesets -> double-click the task -> tab Savesets) to determine dependencies and EOL of an FDI backup chain. This information is useful if you intend to shorten or extend the EOL parameter to avoid breaking the backup chain.

The saveset tree overview displays details of a saveset along with potentially dependent savesets that belong to the same backup chain. It provides instant information about the location and status of savesets available for restore. By checking the summary, e.g., availability 5, you can search for savesets that are not readily available and then migrate them to enable mounting and selective restore. For more details, see Backup Chain Dependencies.

Tape availability and retention

Typically, you specify a retention time for data when creating a media pool. This retention time is used as the basis for determining the EOL (End of Lifetime) for backed up data. It specifies the time period for which the backed up data is protected after has been written to the media, so that the savesets are preserved and available for restore. The retention time period begins on the date a saveset is written to the media and defines the expiration date (EOL) after which the saveset can be deleted. When the protection expires, SEP sesam can re-use the media for new backups.

There are some special rules for tape media retention: The tape media EOL always corresponds to the maximum retention time (the longest EOL) identified on the tape; if a tape contains multiple savesets, it will expire when the saveset with the longest EOL expires. Only when the retention time of all savesets on the tape has expired and the tape is no longer locked (write-protected) can the tape be used again.

Information sign.png Note
The tape media EOL may also depend on savesets that are not stored on the same tape. This is the case if the tape contains savesets that reference FULL/DIFF/INCR savesets stored on other media or even data stores. For this reason, SEP sesam maintains control over dependencies between individual backup savesets and provides dependency-based automatic retention (EOL) management. That is, if a tape contains a saveset that is part of a backup chain that spans from one tape to another tape or disk storage, it will not expire until the saveset with the longest EOL expires.
SEP Tip.png Tip
The tape media EOL can be checked in the Media view (Components -> Media) as Media EOL and in the media properties as setting Locked until.
Changing tape EOL

It is not recommended to adjust EOL manually. This will override the EOL defined by the retention time (in the media pool configuration) and started on the date a saveset is written to the media. Manual EOL adjustment should be used for special cases and exceptions, e.g., to increase the retention time of a specific backup chain that needs to be kept longer than defined by the current EOL, or to re-use the tapes with outdated data by setting a shorter retention time.

Information sign.png Note
Extending the backup EOL of savesets stored on tape media may extend the EOL of the tape media!
  • For savesets stored on tape media, it is not possible to set a specific retention time that would apply to only one of the saved savesets. Each saveset stored on a tape has its own EOL, but this does not represent the actual expiration date of the tape.
  • The tape media EOL is the maximum EOL of all savesets stored on the same tape. It may also depend on savesets that are not stored on the same tape. This is the case if the tape contains savesets that refer to FULL/DIFF/INCR savesets stored on other media or even data stores.

To decrease or increase the tape media EOL, you can adjust the media EOL (identified by the tape label and displayed in the Media view in the Media EOL column) or change the Locked until setting in tape properties. The extended EOL can affect all savesets on the tape.

SEP Tip.png Tip
If the tape media EOL date has been reached, but you do not want to reuse the tape, you can simply lock the tape by setting Write Protection to On in the media properties.
  • Write protection overrides the media EOL (and the retention settings of the media pool) and prohibits overwriting, deleting, or appending data to the protected tape while protection is enabled.
  • It is recommended to use this protection only in special cases, e.g., to protect media that contain extremely valuable data.
Expire tape

You can delete tape media containing data you no longer need when the EOL of all savesets stored on the tape has expired and the tape is not locked (write-protected). To do this, use the Expire function (with the right mouse button) in the Media view or open the tape properties and click the Expire Media button.

When the protection expires, SEP sesam can use the tape for backups again. Unlike the Delete function, expiring the tape only removes the metadata of the tape; the tape media is not removed from the SEP sesam database. Clicking the button Expire Media opens a dialog with the following options:

  • Delay deletion until next purge marks the tape for deletion according to the selected deletion option. The deletion is not started immediately but is postponed until the next purge.
  • Delete all metadata removes the tape's metadata but leaves the tape media listed in the database.
  • Delete all metadata and re-initialize tape deletes all metadata of the tape media and initializes the tape (if the tape is loaded into a drive), removing access to all existing data on the tape.

Expire media.jpg

Setting tape media rotation strategy

Backup tape rotation is an essential part of any backup plan. There are many tape media rotation strategies you can use to back up your data. Perhaps the best known is the GFS backup rotation strategy, where backups are rotated daily. While this strategy has proven to be efficient, its main drawback is that the backups are only stored on tapes, so GFS does not provide optimal protection against data loss. For more information on how to successfully protect your environment, see Backup Strategy Best Practices.

Restore data from tape media without SEP sesam DB

There are two ways to restore SEP sesam Server from tape via sbc when SEP sesam database is not available:

Checking and Labeling Tape Media

Checking and Labeling Tape Media/en

Configuring Removable Media

4 4 3:Configuring Removable Media/en

LTO Encryption

LTO Encryption/en

Part XIV: Monitoring & Reporting

Monitoring, logging, reporting and notifications





Part XV: Web Interface

SEP sesam Web UI

SEP sesam Web UI is a modern web client consisting of the web dashboard and the Restore Assistant. It enables you to securely monitor your environment from anywhere. You can use it to check the status of SEP sesam events, such as backups, restores, migrations, replications, and media actions. You can also scan your entire environment to see the status of your data stores, check and customise various reports, check system logs, etc.

Through the web interface, you can perform various operations such as starting or locking backups, restarting failed jobs and starting online restores using the Restore Assistant.

The Web UI is configured to work over your HTTP or HTTPS (Hypertext Transfer Protocol Secure). The latter provides the mechanism to secure your web management traffic. You can use the latest versions of the major web browsers: Google Chrome, Firefox, Edge, and Safari. Note that MS Internet Explorer is not supported.

Note that the operations and options available after login may differ depending on the user type. Other Web UI display restrictions may depend on the custom roles with specific permissions and the UI mode. For details, see User Roles and Permissions.

Accessing SEP sesam Web UI

You can access the Web UI in one of the following ways:

  • When you run the SEP sesam GUI as a superuser or administrator, Web UI landing page opens by default with link to the Web UI (and links to documentation, etc).
  • You can prevent the Web UI from opening automatically on startup: In the GUI menu bar -> Configuration -> Defaults -> General tab, deselect the check box Show SEP sesam web client landing page on startup.
  • In the GUI, click the Dashboard icon on the toolbar. The Web UI is also available under menu bar -> Activities -> Dashboard or via Main Selection -> Monitoring -> Dashboard.
  • You can also access the Web UI by entering the following information in the address bar of your browser:
  • http://[servername]:11401/sep/ui
    or
    https://[servername]:11401/sep/ui.
    Example: On the SEP sesam Server, the following 'localhost' link will open the Web UI: http://localhost:11401/sep/ui

If authentication is required by the SEP sesam Server, provide the username and password or authenticate with a signed certificate. The authentication policy is based on the configured user authentication method and can only be configured by a superuser. For details, see About Authentication and Authorization.

Information sign.png Note
You can reach the Web UI through a valid user account. If you do not have access to Web UI because of the invalid user account, check the authentication settings or contact your administrator. For details, see About Authentication and Authorization.

Navigating Web UI

Left (side) navigation menu

Use the SEP sesam Web UI left menu to navigate directly to a specific view: Server name (to open its properties), Status, Dashboard, Monitoring, System Logs, Current Messages, Notifications, Reports and Restore Assistant.

You can also access information about the SEP CAPS solution, check the latest Release notes, and configure settings: Click the last item View in the left menu of SEP sesam Web UI and the Settings window opens.

Web UI menu Apollon.jpg

Server properties

Click the first option Server name (e.g. diagnostix) to open a new window with the server properties. In addition to the properties, other tabs are also available: Process Log and Configuration file sm.ini. By clicking these tabs, you can view and download the process log, configuration file sm.ini, sm_gui_server.log and ini directories. You can manually refresh the viewer by clicking the refresh icon or set the automatic refresh interval to automatically update the contents of the individual log files and specific views by clicking the icon with the three dots and then specifying the time interval. By default, auto-refresh is not activated.

Web UI menu server Apollon.jpg

Notifications, help, language, theme & account

In the upper right corner you will find the following icons: Notifications, Help, Language, Theme and Account. These icons are always present and allow you to quickly access notifications and the online help, select or change the display language, select the light/dark theme for the display of Web UI and change the general settings of Web UI (Login/Account icon).

Web UI other menus Jaglion.jpg

Notifications
Notifications inform you about the latest available issues and patches (via RSS feeds), information about license violations and unconfigured interfaces, announcements of new versions, etc. See the Notifications section.
Web UI notifications Jaglion.jpg


Help
The Help icon provides access to various types of user support:
Web UI help (this article)
  • The Web UI topic provides a description of all dashboard reports and functions.
  • The Restore Assistant topic provides a description of the functions of the online restore.
  • The Sesam REST API Reference Guide provides information about SEP sesam functions and services.
SEP sesam Help
  • Release Notes and Known Issues provide release-related enhancements, known issues and fixes.
  • Error messages and Troubleshooting guides provide known issues with associated solutions.
  • SEP sesam Wiki (you are currently using it) is a collection of wiki topics documenting SEP sesam concepts, procedures and tasks.
  • RSS Feeds inform you about new releases and features. You can subscribe to the SEP sesam RSS feeds by using your email application or web browser.
  • SEP news, events, training, videos takes you to the SEP page with the latest news, events, etc.
  • SEP Support takes you to the SEP Support Portal where various support options are available.
Web UI help Jaglion.jpg


Language and Theme
If you click the language symbol Globe, you can switch between English and German. If you click the Moon symbol, you can select the preferred light or dark theme for your Web UI.
Web UI language Jaglion.jpg


Login (Account and Settings)
Clicking the Settings opens the window with the tabs General, Data tables, File viewer, Dashboard, and Reset to default.
  • You can change the UI mode (simple or advanced) in the View options. While simple mode is a good choice for performing typical tasks, some functions are only accessible in advanced mode, such as the advanced restore options. Note that the available options may also differ depending on the user type. For details, see Available interface options according to user type.
  • The General tab options also allow you to customise your UI by changing the default setting for the data size units (decimal or binary), selecting the date and time format, and filtering the date range by sesamDate, startTime or stopTime.
  • Use the Data Tables tab to customise the display of your views and limit the content displayed.
  • The File viewer tab offers additional options for customising the display of logs and files (text wrapping and scrolling).
  • The Dashboard tab allows you to set the visibility of the dashboard widgets. By default, all widgets are enabled: Backup state, Restore state, Backup state by application, Backup data size, Restore data size.
  • To reset your settings to the default values, select the Reset to defaults tab and click the button.
  • To log out of Web UI, click Sign out in the Account (Login) menu.
Web UI account Jaglion.jpg


Common buttons and menus

Date range selector
The date range selector appears at the top of UI views and reports. It allows you to set the custom date range for the selected view or display a report for a predefined time period, such as today (default), 2 days (2D), 3 days (3D), or 1 week (1W). Clicking the arrow next to the existing date opens the controls that allow you to open the calendar and select the start and end dates. To select only a specific day, click it twice and then click Apply. You can view reports for any time periods (days, weeks, months, and years).
Web UI calendar Jaglion.jpg
Automatic refresh
SEP sesam Web UI is updated every time you log in. By default, automatic refresh is not enabled. You can manually refresh the dashboard data by clicking the Refresh button (in the upper right corner) of the page or enable automatic refresh by selecting the arrow and the refresh interval (e.g., every 30 seconds).
Web UI automatic refresh.jpg
Toggle dates
Click the toggle switch to select your preferred date/time format (absolute or relative date/time) in the table. To toggle the date/time display for a specific column only, click on any date/time in the column.
Web UI toggle Jaglion.jpg


Status

Status is the default start page of the SEP sesam Web UI. It provides a status overview of your jobs, data stores, events, clients, etc. You can define the date range for the status overview and set the refresh option for your status window.

Clickable links in the tables open the associated item status in a new window, e.g., clicking on Backups in the Job status table opens the Backups monitoring window where you can check the details of all backups performed; for more information, see the Monitoring section.

Each table has a variety of clickable details, for example, the Job status table displays the number of failed, successful, and total backups, migrations, replications, and restores for a specific date range; clicking the displayed numbers opens a new window with the associated details.

The status overview consists of the following reports:

  • Job status: Shows the status of all jobs (backups, restores, migrations and replications). Next to it is the table Active jobs, which shows the number of jobs currently running.
  • Web UI job status corr Jaglion.jpg
  • Data stores: Displays the status of your data stores along with the total number of data stores and their type. If there is a problem with a data store, the error message is displayed next to the name. If you click the Data Stores link, all configured data stores are displayed with their status. To find out the meaning of the status symbols displayed next to the names of the data stores, click the info symbol.
  • Web UI data stores Jaglion.jpg
  • Next events: Displays the list of next events along with the start time, event type, related task and schedule. If you click the info icon in the row, more details about the selected event are displayed. If you click the Next events link, all scheduled events are displayed with details, e.g., start, task type, schedule, object, level, priority, media pool, retention, drive.
  • Web UI next events Jaglion.jpg
  • Clients: Displays the total number of clients, followed by the numbers of inaccessible, disabled (Backup execution off), and updatable (New version available) clients.
  • Web UI clients Jaglion.jpg
    When clickable items are selected, all associated clients are listed. You can check the access or update state of clients under new tabs. You can filter the results by backup execution (on/off), access state (accessible/inaccessible), access mode (SMSSH, PROXY, etc.), update state (new version available or up to date), or client type (client, server, or RDS). Web UI clients details Jaglion.jpg
    If you need detailed information about a particular client, click it to display the window with more details (location, OS, SEP sesam version, etc.). On the other tabs, you can check if software updates are available and enabled (Software Update), view a chart showing the data size of backup jobs for a client (Backup data size), and check server-related drives (Drives). Hovering over a chart displays the details of the selected item.
    Web UI client data size.jpg
  • Server: Displays SEP sesam Server details (status, license, release, package, and software update details). If you click the info (i) icon, you can check license details or SEP sesam Server update information.
  • Web UI server Jaglion.jpg

Dashboard

Selecting the Dashboard from the side menu opens the backup and restore related overview. It enables you to check if all your backups and restores completed successfully and view statistics about the total size of backed up and restored data. You can set the date range for your reports and set the time interval or the dashboard reports to refresh automatically. You can also search for saveset, restore, migration, replication, or media results by specifying the full ID in the Search field. If it is found in the database, its details are displayed.

The dashboard contains the following reports:

Application-based backup state

The application-based backup report provides an overview of all backups performed in a given period of time, by application type – SEP sesam extensions and associated task types. The information includes: the number of successful backups, the number of error (failed) backups and the number of backups that completed with warning.

Dashboard applic bck status Jaglion.jpg

Click the link View backup state by application over time (or click the table row) to open a report with backup graphs for each application. If you want to check the details for a specific application only, enter its name in the field Filter by application name. To filter the information by backup status, use the buttons Filter by backup status above the graph (successful, with warning, cancelled, error) or use the Sort drop-down list. You can remove all filters by clicking the red icon Remove filters.

Dashboard applic bck status-by client Jaglion.jpg

Backup state over time

This report provides an overview of all backups performed in a given period of time in the form of a bar chart. Each bar represents the results of a sesam backup day (depending on the newday event). The information includes: the number of successful backups, failed backups (errors), backups that completed with warning, and aborted backups. Hovering the mouse pointer over the report displays additional details.

Dashboard bck status Jaglion.jpg

You can filter the results by date, by state, or by client.

  • To filter the results by job state, click the status you want to exclude from the report.
  • Dashboard bck status filtered Jaglion.jpg
  • To filter the results by client, click the View backup state by client link. A report with backup graphs for each client will be displayed. If you want to check the details for a specific client only, enter its name in the Filter by client name field.
    Use the legend buttons above the graph – successful, warning, cancelled, error - or use the Sort drop-down list to filter information to be displayed in a graph. You can remove all filters by clicking the Remove filters icon.
  • Dashboard bck status-by client Jaglion.jpg

Total backup data size over time

This report provides information about the total and average size of data backed up during a specified time period in the form of a line chart for all clients and tasks. The size chart can help administrators analyze and predict growth trends for the SEP sesam environment. This report can also be useful to estimate the amount of data to restore.

Dashboard total data size bck Jaglion.jpg

Restore state over time

This report provides an overview of all restores that have occurred during a specified time period in the form of a bar graph. Each bar represents the results of a sesam backup day (depending on the newday event). The information includes: the number of successful restores, failed restores (errors), restores that completed with a warning, cancelled restores. Hovering the mouse cursor over the report displays additional details.

You can filter the results by date, by state or by client.

  • To filter the results by job state, click the status you want to exclude from the report.
  • Dashboard rst status Jaglion.jpg
  • To filter the results by client, click the View restore state by client link. A report with restore graphs for each client will be displayed. If you want to check the details for a specific client only, enter its name in the Filter by client name field.
    Use the legend buttons above the graph – successful, warning, cancelled, error - or use the Sort drop-down list to filter the information to be displayed in a graph. You can remove all filters by clicking the Remove filters icon.
  • Dashboard rst status-by client Jaglion.jpg

Total restore data size over time

This report provides information about the total and average size of data restored during a specified time period in the form of a line graph.

Dashboard total data size rst Jaglion.jpg

Monitoring

Selecting Monitoring from the side menu opens a submenu with several options that allow you to check the details and status of listed events and active jobs, as well as perform various operations, such as running or locking backups, restarting failed jobs, etc.

Web UI monitoring menu Apollon.jpg

Last backup state

This report displays the last run of each backup task configured on the server. By using the tabs (Active backup tasks, Inactive backup tasks, Unscheduled tasks, Tasks without backups, Backups without task) you can quickly list the backup tasks by their activity, get the list of backups with no active tasks, check unscheduled tasks, and list tasks with no backups or backups with no tasks.

If you want to prevent older tasks from showing, click the Show all backup tasks (default) option in the upper left and filter tasks older than 3 months, 6 months, 1 year, or 2 years. The buttons in the top right corner allow you to easily filter the results by state, by backup level, by task type, by backup task, by drive, and by client.

Web UI last bck state filters Jaglion.jpg

Backup jobs are displayed in a table format, with each row representing a specific backup task and its information: task name, last execution status, backup level, task type, last backup and its duration, last successful backup, last full backup, progress message, client name (and on-click its properties and details, such as backup size, are displayed) and media pool. Clickable links provide additional information on the respective object.

Clicking the arrow next to the backup task name displays task-related history: the status of all previous jobs for the selected task (in queue, active, successful, with warning, cancelled, error, without backups), backup level (COPY, FULL, DIFF, INCR), start and stop time, and data size.

You can also set different options when monitoring your backups by clicking the more options icon (3 vertical dots) in front of the task name. You can review task properties, use various filters, and download your logs as a ZIP file.

Web UI last bck state Jaglion.jpg

Actions

When monitoring your backups, you also set the following options.

Information sign.png Note
The available options may differ depending on the user type. For details, see Available interface options according to user type.

Start Backup immediately

You can start the backup immediately by clicking the more options icon (3 vertical dots) in front of the task name or by clicking the backup task name link and clicking the Immediate Start button.

Web UI immediate start.jpg
If selected, a new Immediate Start wizard appears, where you have to select a backup level, media pool, and optionally, drive and interface. In the next step, you can configure the system to check the execution time and cancel the job after a certain number of days if necessary.

Web UI immediate start wizard.jpg

Restart failed backups

You can restart one or more failed backups by selecting the check box(es) next to the backup task(s) and clicking the Restart failed backups button above the table. Then set the event priority and restart the backup(s).

Web UI restart.jpg

Lock backups

You can lock the backup to prevent it from being deleted after its retention time has expired. Click the link of the backup task you want to lock; a new view with Details is displayed. Scroll down and select the red button Lock this backup next to the Lock state.

Information sign.png Note
How SEP sesam handles backups that are part of the backup chain depends on the version (see Automatic Retention (EOL) Management).
  • In the current 5.0.0 Jaglion version, the lock status is automatically applied to all savesets of a backup (backup chain, migrated and replicated savesets). All backups belonging to the same chain are protected from deletion until one of them is unlocked.
  • In v. < 4.4.3 Befalo V2 the lock status was only applied to the selected backup. If you want to lock all backups of a backup chain as well as migrated and replicated backups while using some of the older SEP sesam versions, you have to lock each backup manually.

Web UI lock bck Jaglion.jpg

Restore

To restore any of the listed backups, click the link of the backup task you want to restore, then click the Restore button in the bottom corner and select the restore option from the Restore drop-down list. The options may vary depending on the task type, but generally Restore by task type, Restore as path and Restore in dump file are available. Once selected, you will be redirected to the task-specific restore procedure in SEP sesam Restore Assistant.

Web UI restore Jaglion.jpg

Active jobs

This report shows all active jobs (backups, media events, migrations, etc.) on the server. The jobs are listed in a table, with each row representing a specific job and its information. Clickable links of the task (event/job) type provide more details and additional information about the particular job, as well as some action buttons for the selected job. Details displayed in the table list of tasks include: object, start time of the active job, its duration, task and client name, and clickable SEP sesam progress message.

You can filter the results by task types and/or backup level, by tasks and by clients.

Monitoring active jobs Jaglion.jpg

Next events

This report shows an overview of all scheduled events (backups, restores, migrations, etc.) for the current day, sorted by date & time in ascending order. Upcoming scheduled events are listed in a table, with each row representing a specific event and its information. By default, upcoming events are displayed in a Grouped view, where tasks are listed according to the task group. You can switch to the Flat view to see the list of all events without considering their task group.

If you click the arrow >> at the beginning of the listed event, the event details are displayed. Clicking the link in the Object column displays the task properties. You can also search for a specific event by entering the task name or event type in the Search field at the top of the window and filter the events using the Event Types filter.

Monitoring next events Jaglion.jpg

Data store status

The data store status provides information about configured data stores (Path, SEP Si3 Deduplication Store, HPE StoreOnce, HPE Cloud Bank, NetApp Snap Store, and HPE Cloud Volume) and their status, capacity, utilization, size of actual used (filled) space, free space, stored space, Si3 repair area, and deduplication ratio (if applicable).

If the size of the actually used (filled) storage space is larger than the configured capacity on the data store (data store size overflow), the utilization color changes to red.

Information sign.png Note
The status of the data store uses its own status icons to indicate the different states of the data store: OK, not enough space, connection error, access failed, Si3 service not running and other errors. For more information, see the legend Data store status icons at the top.

Web UI data store Jaglion.jpg

Clicking the name of a data store display its properties. Use the tabs Media Pools, Media, Drives (configured media pools/media), Dependencies, Savesets (overview of savesets), Actions (media-related events), Detailed Status and Storage Utilization (data store utilization) for more useful details.

SEP Tip.png Tip
Click the Dependencies tab to see the diagram of all dependencies of the datastore and Drives - RDS (first tab) or the datastore and Media Pools - Drive Groups - Drives - RDS (second tab). Hovering the cursor over the diagram shows a tooltip with details for each object.

Web UI data store dependencies Jaglion.jpg

All results: Job status reports

All results show an overview of all jobs and allows you to customize the jobs view according to your filters. The jobs are listed with the following details: clickable event type, status, task name, job's start and end time, its date, clickable message, client, drive and job's ID.

You can filter the results by date using the date range selector and different filter buttons in the upper right corner (results by state, task (event) type, object, backup task name, client).

You can set different options by clicking the more options icon (3 vertical dots) in front of the task name. You can review task properties, use various filters, download your logs as a ZIP file, etc.

Monitoring all results Jaglion.jpg

Backups

Backups view shows an overview of all results of backup tasks and allows you to customize the view according to your filters. The tasks are listed with the following details: clickable task name, status, start and end time, backup ID, backup level, clickable message, clickable client, media pool, data size, etc.

You can filter backups by date using the date range selector and different filter buttons in the upper right corner (results by state, backup level, task type, object, backup task, drive, client).

When monitoring your backups, you can set the following:

  • Switch the view between individual backups (first tab) and task group backups (second tab).
  • Set different options by clicking the more options icon (3 vertical dots) in front of the task name. You can review task properties, use various filters, download your logs as a ZIP file, etc.
  • Perform various actions, e.g., starting your backups immediately, locking the backups, restarting failed backups, or restoring the backups online, as described in the Actions section.

Monitoring backups Jaglion 01.jpg

Migrations

Migrations view shows an overview of all results of migration tasks and allows you to customize the view according to your filters. The tasks are listed with the following details: clickable task name, status, start and end time, sesam date, clickable message, ID, source and target media pool, data size, etc.

You can filter migrations by date using the date range selector and different filter buttons in the upper right corner (results by state, migration task, backup task).

When monitoring your migrations, you can also set the following:

  • Switch the view between individual migrations (first tab) and grouped migrations (second tab).
  • Set different options by clicking the more options icon (3 vertical dots) in front of the migration task name. You can review task properties, use various filters, download your logs as a ZIP file, etc.
  • Restart failed migrations by clicking one or more check boxes in front of the migration task(s) and then selecting Restart failed migrations.

Monitoring migrations Jaglion.jpg

Replications

Replications view shows an overview of all results of replication tasks and allows you to customize the view according to your filters. The tasks are listed with the following details: clickable task name, status, start and end time, clickable sesam date, clickable message, source and target media pool, data size, etc.

You can filter replications by date using the date range selector and different filter buttons in the upper right corner (results by state, replication type, replication task).

You can set different options by clicking the more options icon (3 vertical dots) in front of the replication task name. You can review task properties, use various filters, download your logs as a ZIP file, etc.

Monitoring replications Jaglion.jpg

Restores

Restores view shows an overview of all results of restore tasks and allows you to customize the view according to your filters. The tasks are listed with the following details: clickable task name, status, start and end time, clickable message, media pool, restore type, etc.

You can filter restores by date using the date range selector and different filter buttons in the upper right corner (results by state, task type, restore task, backup task).

By clicking the more options icon (3 vertical dots) in front of the restore task name, you can review task properties and download your logs as a ZIP file.

Monitoring restores Jaglion.jpg

Media Actions

Media actions view shows an overview of all results of media actions and allows you to customize the view according to your filters. The actions are listed with the following details: clickable actions, status, start and end time, clickable sesam date and message, client, data store, etc.

You can filter media actions by date using the date range selector and different filter buttons in the upper right corner (results by state, media actions, data store).

By clicking the more options icon (3 vertical dots) in front of the selected media action, you can check its properties.

Monitoring media actions Jaglion.jpg

System logs

SEP sesam creates different logs for each backup day. They are available under the System logs. These logs also contain the content of the SEP sesam interfaces.

SEP Tip.png Tip
It is recommended to configure the Alarm, Disaster and/or Notify interfaces to automate the sending of email reports about errors and license violations as well as log files and to support the disaster recovery process in case of a SEP sesam Server failure.

If these interfaces are not configured, the content windows of the Alarm log, Disaster log and Notify log are empty. For details on how to activate the interface, see Configuring interfaces.

Web UI logs Apollon.jpg

The System logs contain the following reports:

  • State log: Displays the status for the SEP sesam backup day in chronological order, e.g., Backup completed successfully.
  • Day log: Displays a log for each backup day. The daily logs are the first and most important starting point for problem analysis.
  • Error log: Displays critical errors that occurred during the backup day. It is the subset of the complete daily log, but only the error messages are recorded.
  • Alarm log: When the alarm interface is enabled, the alarm log displays functional errors and other messages, such as information about license violation and various alarm messages about functional errors, such as a backup failure or connection denied. This interface can be programmed to filter desired messages and forward them to an authorized person. For details, see Alarm interface.
  • Disaster log: The disaster interface should always be configured to support the disaster recovery process. When the disaster interface is enabled, it sends an email with a description of the disaster recovery process and an attachment containing the SEP sesam bootstrap database with all important data for disaster recovery. The disaster log contains the information for the SEP sesam disaster recovery. For details, see SEP sesam Server Disaster Recovery.
  • Notify log: When the notify interface is enabled, the notify log displays the report of successfully finished events, such as backup, restore, start/finish of a NEWDAY event, etc., depending on the configuration of sm_notify. For details, see Configuring interfaces.

You can wrap text and then download the logs. Use the refresh button to refresh the window immediately or set the time interval for automatic refresh (e.g. every 30 seconds).

Current messages

The Current Messages displays drives, associated current sessions, and drive status.

You can wrap text and then download your messages. Use the refresh button to refresh the window immediately or set the time interval for automatic refresh (e.g., every 30 seconds).

Web UI current messages Apollon.jpg

Notifications

SEP sesam Server sends different types of messages – notifications. They are intended to notify users about important messages they should know about, such as information about the latest available issues and patches (sent via RSS feeds), information about license violations and unconfigured interfaces, announcements of new releases, etc. You can access them from the left menu of Web UI or from the Notifications icon at the top of the page.

Web UI notifications-details Jaglion.jpg

The status of the notifications can be open or acknowledged. You can filter displayed notifications using the States drop-down list. You can acknowledge an open notification in Web UI. The following acknowledgements are available:

  • Fix - the notification is accepted and remains open
  • Remind - the notification remains open and a reminder will be issued at the date you specify
  • Resolve - the notification is resolved and closed
  • Dismiss - the notification is dismissed and closed

Web UI notifications-details status-menu Jaglion.jpg

Reports

SEP sesam Web UI provides several reports that can help you identify problems in your backup environment and prevent potential data loss or other negative impact on business operations.

The following reports are available as a drop-down list in the upper left corner: Available Media, Backup Storage, Client Backup Summary, Failed Jobs (by Media Pools), Jobs Overview, Media - Readability Check, Used Media, and License Report (MSP Unit and MSP Data Volume).

Web UI reporting Jaglion.jpg

Filter options may vary depending on the report selected, but in general you can filter reports by date using the date range picker or selector, by sesam_date, start_time, stop_time, by client, or by location.

You can choose English or German language for your report.

Jobs overview report

The jobs overview report is open by default. It shows the status of your jobs, i.e. backup tasks, task groups, migrations and replications.

Reporting jobs overview Jaglion.jpg

Media-related reports

You can view reports on available media, used media and media readability check. The reports show information about the media pool, media label, media status, barcode, library ID, etc.

Reporting media Jaglion.jpg

Backup storage report

Displays the details of your backup storage, such as backup task, backup, status, saveset, pools, etc.

Reporting bck storage Jaglion.jpg

Client backup summary

Displays the details of client backup tasks, media pools and data size. You can filter client reports by clients or by locations.

Reporting clients Jaglion.jpg

Failed jobs reports

Display an overview of failed jobs (backups, migrations, etc.) and failed jobs by media pools. Clicking on the task or task group will open a new window with the job details.

Reporting failed job Jaglion.jpg

License reports

You can check the following license reports:

  • The MSP Unit License Report shows the number of clients within the location with the individual MSP Unit License (Standard, Enterprise and Enterprise Plus).
  • The MSP Data Volume License Report displays the details on the front-side data volume size. It includes information about backup tasks, associated media pools, and backup task size.

You can filter the license reports by locations or by clients.

Reporting license Jaglion.jpg

Restore Assistant

You can use Restore Assistant to restore and recover files, virtual machines, and emails online if you have been given the appropriate permissions. The Restore Assistant options differ depending on the UI mode you select (simple or advanced). For details, see Restore Assistant.


Restore Assistant

There are two ways to restore your data in SEP sesam: via GUI restore or via the web interface Restore Assistant. Although most options are the same in both restore interfaces, the web Restore Assistant is more intuitive and offers additional advanced options thus making it easy to restore your data.

The enhanced and redesigned Restore Assistant supports new task types and features advanced restore options. It also provides simple and flexible single file restore (SFR) for almost all VMs (except Proxmox VE) if you have the appropriate permissions. For more details on SFR, see Web Single File Restore for Virtual Machines.

Additional task types are supported with SEP sesam v. 5.0.0 Jaglion V2: NetIQ/Micro Focus eDirectory, Micro Focus iFolder, PostgreSQL and MySQL. You can perform a regular restore or write your backups to dump files (equivalent to the GUI option Write saveset into file). This actually restores the data to a single file rather than to its original location.

Authentication required

Only authenticated users who have been granted the appropriate permissions can access Restore Assistant and restore their data. These permissions are defined according to the user type. For details, see User Roles and Permissions.

Restoring encrypted backups

You can perform an online restore of data from password-protected encrypted backups. If you restore encrypted data with a password stored in the SEP sesam database, the password is automatically used for decryption during the restore. If the password is not stored in the database, you will be prompted to enter it online. In the latter case, if you do not know the password, you cannot restore an encrypted backup (it will remain locked).

Simple and advanced web restore

The Restore Assistant provides simple and advanced online restore features. Switching between simple and advanced mode is version-dependent, see Setting UI mode, and related to user permissions. The operations and options available after logging in may differ depending on the user type. For details, see User Roles and Permissions.

Restore features

Restore Assistant provides the following features:

  • You can restore:
    • Data from regular Path backups, NDMP and NSS file system Path backups.
    • Email from Kopano, Dovecot IMAP, Courier and Cyrus backups.
    • Micro Focus GroupWise, HCL Domino, MS Exchange, and MS SQL backups; for the latter two, special procedure is required. See Web Exchange Restore and Web MS SQL Restore.
    • Virtual machine backups for all supported virtual environments (VMware, Hyper-V, RHV, OLVM, Citrix Hypervisor, KVM/QEMU, OpenNebula, Proxmox VE, and Nutanix AHV).
    • Single files from almost all VMs (except Proxmox VE): VMware vSphere, Microsoft Hyper-V, Citrix Hypervisor, KVM/QEMU, Nutanix AHV, Oracle Linux Virtualization Manager (OLVM), Red Hat Virtualization (RHV), and OpenNebula. For details, see Web Single File Restore for Virtual Machines.
  • VMware sandbox restore provides improved functionality and usability of the recovery options, i.e. the use of run and execution commands of the VMware guest tools. See VMware Sandbox Restore.
  • With the flexibility to switch between simple and advanced restore modes, experienced users can fine-tune their restore.

Accessing the Restore Assistant

You can access the restore assisstant in one of the following ways:

  • via the GUI: by clicking the Restore Assistant icon in the toolbar or from Activities -> Restore Assistant
  • from SEP sesam Web UI: left menu -> Restore Assistant
  • or by entering the following address in the browser bar: http://[sesamserver]:11401/sep/ui/restore/.
Information sign.png Note
  • If you cannot access the web Restore Assistant, check if you have received the appropriate permissions for online restore.
  • The operations and options available after logging in may differ depending on the user type. Other Web UI display restrictions may depend on the custom roles with specific permissions and the UI mode.
    For details, see About Authentication and Authorization and User Roles and Permissions.

Setting UI mode

You can easily switch from simple to advanced restore mode to refine the restore with additional options. Simple restore mode is enabled by default. Note that the simple restore options cover the most common restore cases and are the recommended method for performing a restore. The advanced options should only be used by experienced users.

To switch from simple to advanced restore mode, enable the Advanced View option in the lower left corner.

Restore assistant restore mode.jpg

SEP Tip.png Tip
In the upper menu you can change the display language (German or English). The Monitoring, Web UI, Help and Account icons (in the upper right corner) allow you to quickly check the status of all restore jobs (Monitoring -> Restores), access the SEP sesam Web UI and online help, and log in and out via Restore Assistant.

Online restore in simple UI mode

The available restore options in simple mode cover the most common restore cases and are the recommended method for performing a restore. The restore procedure includes selecting the savesets to restore, the restore target, etc., and provides a step-by-step restore assistant depending on the type of data to restore. Note that for more experienced users, some additional restore options are available in advanced restore mode. For details, see Online restore in advanced UI mode.

Depending on the type of data, different procedures can be used for restore:

Restoring path, mail, HCL Domino, and Micro Focus Groupwise backups

The procedures for restoring path, HCL Domino, Micro Focus Groupwise, and mail (Kopano Groupware, Dovecot IMAP, Courier, and Cyrus) backups are almost identical, but some options (such as the Execution options) may vary depending on the task type selected. Note that a separate procedure applies for restoring MS Exchange and MS SQL, which is described in the articles Web Exchange Restore and Web MS SQL Restore.

  1. Open Restore Assistant in the browser.
  2. In the Start window, select appropriate task type: Files and directories, Micro Focus GroupWise, HCL Domino, Kopano Groupware, Dovecot IMAP, Courier, or Cyrus. Select the appropriate restore type and click Next.
  3. Restore assistant restore type Jaglion.jpg
  4. In the Client window, select your client. You can filter clients by name, location, or operating system. Click Next.
  5. Restore assistant client Jaglion.jpg
  6. In the Task window, select your backup task from the Task selection. A backup task defines the source data that was backed up by the client.
  7. SEP Tip.png Tip
    You can search for a file or directory by entering your search term in the Search for files or directories in all backups field.

    Under Backup selection, select the exact backup version you want to restore. You can use the calendar function in the upper right corner to set a date range for the displayed backups.
    Then select (in the lower right corner) whether you want to perform a selective or complete restore and click Next. Note that an additional step is required for a selective restore. For a complete restore, you are immediately taken to step 6 (Target tab).

    Restore assistant task Jaglion.jpg

  8. If you are performing a selective restore, select a single saveset in the Files window and click Next.
  9. The options in the Target window differ slightly depending on whether you want to restore from a path, GroupWise, HCL Domino backups, or from email backups.
  10. Restore from path, GroupWise or HCL Domino backups
    1. Select the target client for the restore.
    2. Restore assistant select target Jaglion.jpg
    3. In most cases, the Restore to original target path option is enabled by default to restore the files to the original location. Deselect this option if you want to restore your data to a new restore destination and specify a new target path; you can type or browse the path where you want to restore your data.
    4. Restore assistant target path Jaglion.jpg
    5. Under the Execution options, you can set additional restore options:
    6. Restore assistant execution options Jaglion.jpg
      Do not overwrite existing items: Files are only restored if they do not already exist on the target system.
      Create new version: Restore files under a new name.
      Overwrite existing items: If the data exists on the target server, it is replaced with the restored version.
    7. Decide how you want to restore your data (keep the original tree structure or flat):
    8. Keep original tree structure: When restoring to the original location, the Keep original tree structure option is selected by default. The directory structure of the restored files is the same as the original directory structure of the backed up data.
      Restore all items flat in the selected target directory: The backup is simply restored to a file without recreating the directory structure.
      Click Next.
    9. In the Finish window, review the summary of your restore task (restore type (based on task type, client, backup level, restore options) and click Start restore.
    10. Restore assistant finish Jaglion.jpg

    Kopano Groupware, Dovecot IMAP, Courier, or Cyrus mail restore

    Information sign.png Note
    You can also restore MS Exchange mailbox databases using SEP sesam Exchange Recovery Pro in the Restore Assistant, but the procedure is different from the mail restore procedure described below. For details, see Web Exchange Restore.
    1. Check the target client for the restore.
    2. Restore assistant select target Kopano Beefalo.jpg
    3. Under the Target mail folder and user, enter a new mail user (the option Change user to ) and/or folder (Change folder to option) if you want to restore mail(s) to a different user mailbox or folder. Skip this step to restore mails to the original location (default).
    4. Restore assistant new target Kopano Beefalo.jpg
    5. Under the Execution options, you can specify additional restore options:
    6. Do not overwrite existing folders and mails: Folders and mails are only restored if they do not already exist on the target system.
      Overwrite existing folders and mails: If the data exists on the target server, it will be replaced with the restored version.
      Information sign.png Note
      The Auto recover after restore option required for Kopano restores is enabled by default and cannot be changed.

      Click Next.
      Restore assistant execution options Kopano Jaglion.jpg

  11. In the Finish window, review the summary of your restore task (restore type (based on task type, client, backup level, restore options) and click Start restore.

For more restore options in advanced UI mode, see Restoring path, mail, HCL Domino, and Micro Focus Groupwise backups in advanced UI mode.

Restoring virtual machines

If you want to restore a virtual machine (VM), you can choose what to restore from a list of VM types. The restore procedure in simple mode is almost identical for all VM types, except that additional options are available for some VM types, notably VMware with an additional step.

Information sign.png Note
The advanced restore options such as VMware instant recovery, VMware sandbox restore, VM single file restore, writing backups to the file system, etc. are only available in advanced UI mode.
  1. Open the Restore Assistant in the browser.
  2. In the startup window, select your target restore type: VMware vSphere, Microsoft Hyper-V, Citrix Hypervisor, KVM/QEMU, Proxmox VE, Red Hat Virtualization (RHV), OpenNebula, or Nutanix-AHV. In our example, the procedure for VMware is shown with an additional step in the Files window. Click Next.
  3. Restore assistant VM restore type Jaglion.jpg
  4. In the Virtual Machine window, under Selection of the server, select your target server.
  5. Then, under Selection of the virtual machine select the VM you want to restore. You can filter VMs by name, location, or OS.
    Click Next.
    Restore assistant select VM Jaglion.jpg
  6. In the Task window, under Task selection, select your source task. A backup task defines the source data that was backed up by the client.
  7. Under Backup selection, select the exact backup version you want to restore. You can use the calendar feature in the upper right corner to filter a date range for the displayed backups.
    Click Next. Note that an additional step is required for a VMware restore. For other VMs (Hyper-V, OpenNebula, etc.), you are immediately taken to step 6 (Target window).
    Restore assistant select VM backup Jaglion.jpg
  8. In the Files window (available for VMware VM only), under the Virtual disk (VMDK) selection enable or disable the target VM disk(s) and/or Configuration you want to restore.
  9. Click Next.
    Restore assistant select VM disk Jaglion.jpg
  10. In the Target window, under the Target selection select your target environment for restore. You can use the drop-down list to check virtual machines.
  11. Then set additional restore options under the Execution options:
    Do not overwrite an existing virtual machine: The VM is restored only if it does not already exist on the target system.
    Restore an existing virtual machine with a new name: The VM is restored with a new name, MAC address and UUID.
    Overwrite an existing virtual machine: If the VM exists on the target server, it will be replaced with the restored version. The original MAC address and UUID of the VM are preserved.
    (Do not) start virtual machine after restore: You can also define if you want to start a virtual machine after restore or not.
    Click Next.
    VMware-RA VM target Jaglion.jpg
  12. Modify or set additional restore options under the Virtualization restore options:
  13. Data mover: Select the data mover.
    Recovery options: Specify whether or not to start the VM after restore.
    Under Target options of the virtual machine from the drop-down lists select ESX server and Datastore.
    Click Next.
    VMware-RA VM options Jaglion.jpg
  14. In the last step, check the summary of your restore task (restore type (based on task type, selected backup, its date and details, restore options, etc.) and click Start restore.
  15. VMware-RA VM finish Jaglion.jpg

Additional VM restore options are available in advanced UI mode, see Restoring VMs in advanced UI mode.

Online restore in advanced UI mode

For more experienced users, some additional restore options are available in advanced UI mode. In the startup window, you can select additional restore types, such as restoring backups and VMs to the file system, writing backups and VMs to dump files, restoring a single file from a VM, performing VMware sandbox restore, etc. An additional Options tab is also available for all task types.

Restore assistant advanced start Jaglion.jpg

As with the options in simple mode, the advanced options differ depending on the type of restore:

Restoring path, mail, HCL Domino, and Micro Focus Groupwise backups in advanced UI mode

The following additional restore options may be available when you restore path, mail, HCL Domino, and Micro Focus Groupwise backups in advanced UI mode:

Information sign.png Note
Restoring MS Exchange and MS SQL backups requires a special procedure that is described in the Web Exchange Restore and Web MS SQL Restore articles.
  • In the Start window, you can restore backups to the file system or write backups to dump files.
  • If you want to restore backups to the file system (this corresponds to the GUI option As path backup and allows you to restore your data directly to the file system without requiring any additional action), follow the procedure described in the above section Restoring path, mail, HCL Domino, and Micro Focus Groupwise backups. Note that the procedures are very similar, but some options may not be available (e.g., the Client window). If you want to write your backups to dump files (this corresponds to the GUI option Write saveset into file and restores the data to a single file rather than to its original location), you must specify a restore destination path in the Target window (by browsing or typing the path). Optionally, you can change the name of the dump file. If the dump file name is not specified, it is automatically generated. For step-by-step procedure, see MS SQL example Restoring MS SQL databases by writing backups to dump files.
    Restore assistant dump file Jaglion.jpg
  • Additional execution options are available when restoring Path and MS SQL backups:
    • Overwrite existing items with newer items from backup: If the data exists on the target server, it is replaced with newer items from the backup.
    • Overwrite existing items with older items from backup: If the data exists on the target server, it is replaced with older items from the backup.
    • RA advanced execution options Jaglion.jpg
  • The Options tab (available for all task types) allows you to set the following options:
  • At Optional data source selection, you can select your preferred media pool, drive, used media|barcode, and interface from the drop-down lists.
    Restore assistant options optional data Jaglion.jpg
    The Include/Exclude Filter tab allows you to specify which files or directories you want to include or exclude from the restore, for example, enter *.docx in the appropriate filter to include or exclude all MS Word *.docx files from the restore. You can use the include or exclude filter on the client side or the exclude filter on the server side. The latter is not available for complete restores. Advanced options filter Jaglion.jpg
    Under the Advanced restore options, you can further refine your restore:
    • Use the Log, Special Options tab to change the log level for your specific restore, see Setting Log Level. You can specify additional commands that may be useful for specific options of the sbc command. For details about the commands, see SBC CLI.
    • Advanced options log Jaglion.jpg
    • Use the Retention, Generation, Pre/Post tab if you want to specify the retention period parameter for the restore (how long (in days) the restore task is kept), enable/disable a generation restore, and specify whether to apply a pre- or post-script to the restore task, see Pre/Post options.
    • Advanced options retention Jaglion.jpg

Restoring virtual machines in advanced UI mode

If you enable advanced UI mode, you can set additional restore options. Advanced mode is recommended only for experienced users, as the options in the default simple mode are sufficient for most recovery cases. The following additional options are available in advanced UI mode.

  • In the Start window, you can restore virtual machines to a file system, write virtual machines to dump files, perform VM single file restore, VMware instant recovery, or VMware sandbox restore:
  • In the Options window, additional restore options are available:
    • In the case of a VMware restore, under Virtualization restore options, you can select the desired transport mode from the list of available transport modes (HOTADD, SAN, NBD, or NBDSSL); click the transport mode that appears and reorder the modes to suit your needs.
    • VMs RA virtualization options Jaglion.jpg
    • Under Target options of the virtual machine you can specify additional target options, such as network interface(s), folder, storage repository, etc. Note that the available target options depend on the selected task type (VMware, Citrix, Hyper-V, etc.).
    • VMs RA target options Jaglion.jpg
    • You can modify the Recovery options: By clicking the Edit button (in the upper right corner), you can enable/disable different recovery actions: conf, remove, start, etc., and perform VM-related checks: VM power state, VM guest tools state and VM network IP address.
    • VMs recovery options Jaglion.jpg
      To add your custom action or your check, select the template from the Actions or Checks drop-down lists or manually enter your action/check commands. To activate your custom action/check, click Save. You can easily remove any action/check by clicking the recycle bin icon. VMs recovery options modify Jaglion.jpg
    • Under the Optional data source selection, you can select your preferred media pool, drive, used media|barcode, and interface from the drop-down lists.
    • VM advanced options optional data Jaglion.jpg
    • An additional set of options is available under the Advanced restore options: You can specify the retention period parameter for the restore (how long (in days) the restore task will be kept), enable/disable a generation restore, and decide whether apply a pre- or post script to the restore task, see Pre/Post options.
      In the case of a VMware restore, you can also specify the transport hierarchy (if you have not previously changed the transport mode under Virtualization restore options); see Selecting the best VMware transport mode for your environment for details.
    • VMs advanced restore options Jaglion.jpg

Monitoring restores

You can view the status of your restore jobs by clicking the monitoring icon (second icon in the upper right corner), via SEP sesam Web UI (Monitoring -> Restores) or SEP sesam GUI (Main Selection -> Job State -> Restores). For details, see Monitoring and Reporting.


Part XVI: SEP sesam Command Line Interface

SEP sesam CLI

The SEP sesam CLI reference contains an overview of the SEP sesam CLI commands and their usage. The use of SEP sesam CLI is version dependent. If you are using an older SEP sesam version, see SEP sesam CLI in v. Beefalo.

The SEP sesam command line interface (CLI) is a utility that provides an alternative way to execute SEP sesam commands in UNIX and Windows environments. SEP sesam command line interface provides two CLI components: the administration utility SEP sesam CLI and the client utility SBC CLI. The latter is used to back up and restore data locally on the host.

The SEP sesam CLI administration utility provides all the functions available via SEP sesam graphical management interface and also additional CLI commands that are not available in the GUI. Note that different commands may be available depending on your SEP sesam license.

SEP sesam CLI commands can be used to install and configure a SEP sesam environment automatically without a GUI. They enable administrators to access the SEP sesam database and manage the entire SEP sesam environment, e.g., to install, configure and manage SEP sesam Servers and Clients centrally without a GUI. Every CLI command (except a native SQL statement) checks and follows the internal structure and dependencies of the SEP sesam database.

Information sign.png Note
Some changes have been made to CLI for version ≥ Jaglion compared to the previous version. See below SEP sesam CLI usage for details.

Features

  • Automatic configuration of SEP sesam environments after installation (e.g., on implementation)
  • Modify SEP sesam configuration without using the SEP sesam GUI
  • Script-based mass installation and configuration (e.g., provider environment)
  • Perform tests for installation and configuration in SEP sesam environments
  • Get SEP sesam status, log and version information
  • Determine SEP sesam object information for further use in other programs

Running CLI commands

You must have SEP sesam administrator privileges to run SEP sesam CLI commands and use the command prompt as an administrator. All commands are run from the <SESAM_ROOT>/bin/sesam/ directory. If you want to execute SEP sesam commands globally (and not from the actual run directory), set the SEP sesam profile as described in What happens when I set a profile?.

Understanding the command structure

The general SEP sesam syntax for a CLI command is:

sm_cmd [BASE PARAMETERS] <command> <object> [OPTIONS]

where the following information is provided for each command

  • sm_cmd: A command line tool that invokes the command line interface.
  • Usage: The actual syntax of the command, including arguments.
  • Description: A brief summary of what the command does.
  • Arguments: The definition of the options used in the command.
  • Example: An example of how to use the specified command and its options.
sm_cmd base parameters
BASE PARAMETERS:
       -F [param]     Set output status messages (including error) in JSON format
       -P [param]     Password to connect with (old: -password)
       -S [param]     Server to connect to (old: -s -server)
       -U [param]     User to connect with (old: -user)
       -a [0|1]       Show all hidden parameters (old: -showall)
       -drymode [0|1] dryMode (old: -drymode)
       -f [param]     Read commands from file in this path (old: -path)
       -h [0|1]       Print help (old: -help)
       -p [param]     Port to use (old: -port)
       -t [param]     Connection timeout in seconds (Defaults to 0 [== off]). (old: -timeout)
       -v [param]     The verbose level
       -z [param]     Certificate file used for user authentication (X.509, PEM) (old: -certificate)

Command conventions

The parameters for a command are order-dependent and may include required and optional values or keyword choices, depending on how the information is bracketed. Required parameters are marked with an asterisk (*). An example is provided below.

| vertical bar
Separates the choices between two or more options or arguments.
[ ] square brackets
Indicate optional values.
< > angle brackets
Indicate that the enclosed element is mandatory.
Example:
sm_cmd <get|list|add|modify|start|remove> taskevent [OPTIONS...]

One of the actions bracketed with < > symbols, in this case <get|list|add|modify|start|remove>, is mandatory, while the [OPTIONS...] are enclosed with [ ] symbols, therefore the requested information is optional. The following options are available for our example taskevent command.

  sm_cmd start taskevent ID [OPTIONS...]
    Immediately start the given backup task or task group.
    Task (-j) or task group (-G) must be set

       -@ [param]     follow up (command to be run after the event completes)
       -B [date]      start date and time, supported date format is <yyyy-MM-dd hh:mm:ss>
       -G [param]     task group
       -K [0|1]       blocking date
       -M [param]     subsequent migration task
       -R [0|1]       restart flag
       -S [param]     name of the interface
       -Z [param]     time frame after which the scheduled event will be canceled in days and/or hours <hh:mm> (stop task if it runs longer than, e.g. 48:00)
       -d [number]    drive number
       -e [0|1]       enforce full backup if last full backup has failed (if -l is not equal to Full or Copy)
       -j [param]     backup task
       -l [param]     backup level: <C = Copy|F = Full|D = Differential|I = Incremental>
       -m [param]     media pool
       -p [number]    event priority (lowest: 1 (default), highest: 99)
       -s [0|1]       source-side deduplication
       -x [param]     schedule that triggered the task event
       -z [param]     duration of start time frame (e.g. 06:00) which specifies the amount of time in hours for which an event can be in the queue

Suppose we want to run a backup event for a backup task named win-cli_c_drive and use the target media pool (to which the data is backed up) MP_disk_week. The command would look like this:

sm_cmd start taskevent -j win-cli_c_drive -m MP_disk_week

Getting help

To list all available options, use the main help sm_cmd help. To show help for a specific object, use sm_cmd help <object>, e.g., sm_cmd help client.

Common action commands

The action command is used to perform an action or retrieve information/status about the resource. Most SEP sesam CLI resources have the following action commands:

get
The get command retrieves information about the resource or the currently defined operation.
list
The list command returns a list of objects for the specified resource. If the optional <object_name_or_id> is also specified, the results are filtered by this value.
add
The add command creates a new object or event. If the optional <object_name_or_id> is also specified, then the objects are created according to the specified value.
modify
The modify command changes an existing resource based on the specified object options.
remove
The remove command deletes the specified object.

Before you start

SEP sesam CLI is a very powerful command-line tool. You should be aware of its implications on your entire environment before you start using it.

Recommendations for using SEP sesam CLI

  • SEP sesam's optional command line commands change the SEP sesam database directly. Therefore all command line entries should be checked and verified!
  • SEP sesam executes the commands immediately when the <Enter>/<Return> key is pressed. This means that entries cannot be corrected, as is the case with the SEP Sesam GUI. It is extremely important that you are familiar with CLI and use it wisely to avoid a system failure of the backup environment. Note that an incorrect entry may result in a complete data loss or other damage to the database. Such errors may void the warranty of your SEP sesam license agreement.
Information sign.png Note
Before you start scripting with SEP sesam CLI, you should familiarize yourself with the SEP sesam environment. Read the SEP sesam documentation carefully and work on the SEP sesam installation and configuration to understand how the SEP sesam objects work together.


SEP sesam CLI usage

Command Description
sm_cmd <get|list|add|modify|remove|send> account Create and administer email accounts.
sm_cmd <get|list|remove|check> acl List or delete access control list (ACL).
sm_cmd list allevent List all SEP sesam events.
sm_cmd list allresult List all results within the specified time period.
sm_cmd backup Start the backup task or the backups of the task group.
sm_cmd clear cache Clear the entire server cache.
sm_cmd <get|list|add|modify|remove> calendar Create and administer calendars.
sm_cmd <get|list|add|modify|remove> calendarevent Create and administer calendar events.
sm_cmd <download|show> calendarsheet Display or download calendar information.
sm_cmd <get|list|add|modify|remove|dir> client Create and administer clients.
sm_cmd <get|list|add|modify|start|remove> command Create and administer commands.
sm_cmd <get|list|add|modify|remove> commandevent Create and administer command events.
sm_cmd <get|list|add|modify|enable|disable|link|unlink|remove> credential Configure and administer credentials.
sm_cmd <download|show> current Display or download the current drive information.
sm_cmd <get|list|add|modify|remove> datastore Create and administer data stores.
sm_cmd <get|list|add|modify|remove> default Configure and administer default keys.
sm_cmd dir <argument> List all specified clients, elements, VMs, etc.
sm_cmd <get|list|add|modify|remove|start|mount|dismount|unload> drive Create and administer drives.
sm_cmd <get|list|add|modify|remove> drivegroup Create and administer drive groups.
sm_cmd <get|list|add|modify|remove> group Create and administer user groups.
sm_cmd <get|list|add|remove> interface Create and administer interfaces.
sm_cmd start inventory Start archive adjustment.
sm_cmd <show|update|report> license Check the SEP sesam license information and update the license.
sm_cmd <get|list|add|modify|remove|load|unload|import|export> loader Create and administer loaders.
sm_cmd <get|list|add|modify|remove> loaderdevice Create and administer loader devices.
sm_cmd <get|list|add|modify|remove> location Create and administer locations.
sm_cmd <download|show|list> log Monitor and download log files from the server.
sm_cmd <get|list|add|modify|remove> media Create and administer storage media.
sm_cmd <get|list|add|modify|remove> mediapool Create and administer media pools.
sm_cmd <get|list|add|modify|start|init|remove> mediapoolevent Create and administer media events.
sm_cmd list mediaresult List all media results, filtered by list options.
sm_cmd migrate Start a migration immediately.
sm_cmd <get|list|add|modify|remove|start> migration Create and administer migration events.
sm_cmd <list|restart|cancel> migrationresult Check, restart or cancel migration events.
sm_cmd <get|list|add|modify|remove> migrationtask Create and administer migration tasks.
sm_cmd <get|list|add|modify|start|remove> newdayevent Create and administer NEWDAY events.
sm_cmd <get|list|add|modify> notification Create and modify notifications.
sm_cmd <get|list> opersystem List a specific OS or all operating systems.
sm_cmd render Renders the specified template.
sm_cmd <get|list|add|modify|remove|start|cancel> replication Create and administer replication events.
sm_cmd <list|cancel> replicationresult List and cancel replication events.
sm_cmd <get|list|add|modify|remove> replicationtask Create and administer replication tasks.
sm_cmd <list|restart> Check and restart backups/migrations.
sm_cmd <get|list|add|modify|restore|start|remove|cancel> restore Create and administer restore events.
sm_cmd <list|cancel> restoreresult Check and cancel restore events.
sm_cmd <get|list|add|modify|restore|start|remove> restoreevent Create and administer restore events.
sm_cmd <get|list|add|modify|start|remove> restoretask Create and administer restore tasks.
sm_cmd <get|list> result Monitor the results according to set filters (e.g., clients, tasks).
sm_cmd <dir> saveset Browse a saveset.
sm_cmd <get|list|add|modify|rename|remove|start> schedule Configure and administer schedules.
sm_cmd stop server Stop the SEP sesam server. Note that this command can be executed only from the SEP sesam server console.
sm_cmd <download|show> services Monitor and download different files or logs.
sm_cmd list session List all active sessions.
sm_cmd sql Execute an SQL query and define its output format.
sm_cmd start <task|restore|migration|command> Start an event.
sm_cmd start report Create a customized report.
sm_cmd <get|list|add|modify|start|remove> task Create and administer tasks.
sm_cmd <get|list|add|modify|backup|remove|restart> taskevent Create and administer task events.
sm_cmd add taskgen Generate tasks according to the specified task type.
sm_cmd <get|list|add|modify|start|remove> taskgroup Create and administer task groups.
sm_cmd modify taskgroup {task_group} -j {task}[,{task}] Modify task group relations. Example: sm_cmd modify taskgroup taskgroup1 -j task1,task2
sm_cmd <download|list> update Monitor and download JAR (.jar) updates.
sm_cmd <get|list|add|modify|remove|reset> user Create and administer users.
sm_cmd show version Display the SEP sesam Server and Client package version.
sm_cmd <resetcbt|check|generate|list> vsphere Reset CBT, monitor vSphere environment and generate vSphere task group.

SEP sesam CLI for Jaglion: changes

Some changes were made in the CLI for the Jaglion version.

Obsolete
The object taskgrouprelation has been removed. Use sm_cmd modify taskgroup {task_group} -j {task}[,{task}] instead. Example: sm_cmd modify taskgroup taskgroup1 -j task1,task2
New objects
Mediaresult, Migrationresults, Replication, Replicationresult, Replicationtask, Restore, Restoreresult, Server, SQL.


Part XVII: Appendix

SEP sesam Matrices


Cross-Platform Recovery File System Layer

Cross-Platform Recovery File System Layer/en

Using SEP sesam REST API

4 4 3 Beefalo:Using SEP sesam REST API/en