Release Notes 4.4.3 Grolar

From SEPsesam
Revision as of 19:27, 14 September 2018 by Sta (Talk | contribs)

Jump to: navigation, search

Copyright © SEP AG 1999-2018. All rights reserved.

Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.

What's new in SEP sesam 4.4.3 Grolar

SEP sesam new release, a hybrid Grolar, brings a fistful of features that may help improve protecting data in your environment and ease administrative tasks.

Version 4.4.3 Grolar introduces new S3 cloud storage to be able to safely store and retrieve your business data. Also new is enhanced capability to utilize NetApp hardware storage snapshots for backup.

SEP sesam no longer supports Hyper-V multiple virtual machine backup (by specifying all as a source) in one backup task. You have to configure a backup task for each virtual machine.

New backup levels are available for Citrix XenServer backups.

SEP sesam allows administrators to configure access control lists (ACLs) for locations and clients, if they are granted appropriate permissions.

Direct access recovery (DAR) is now enabled by default during NDMP backup to enable selective restore. Previous special configuration of DAR is no longer required nor supported.

With Self-Service Restore Assistant you can now restore a data from a regular Path, NDMP and NSS backups as well as email(s) from Kopano backup.

Default access mode is now changed from CTRL to SM_SSH to provide more secure communication.

You can now exclude patterns (directories or files) from BSR image backup (BSR Pro 2.0) and activate compression. For details, see SEP sesam BSR Pro – Backup Configuration.

This release provides improved functionality for exclude processing for Windows VSS writers and for mounting savesets containing umlauts (ä, ü, ö, ...).

GUI enhancements enable you to check the Si3 deduplication store state, set your preferred GUI mode, clear the GUI cache memory, disable a particular backup task or a task group from running for a certain period of time, manage multiple drives, and set additional options.

Rythm templates can be used for customized advanced reporting. They are installed in the <SESAM_BIN>/skel/templates/rythm directory. Note, however, that such custom reports are beyond the scope of SEP sesam standard support; they require additional technical assistance provided by SEP Consulting Service.

SEP sesam Server requirements

JavaFX
JavaFX is required for the web dashboard and user-defined schedules. For details on the exact version, see Java Compatibility Matrix.
64-bit or PowerPC (PPC) architecture required
SEP sesam Server requires an operating system running on 64-bit or a PowerPC (PPC) architecture. PowerPC (PPC) is supported for several Linux distributions, see SEP sesam Support Matrix.

For details, see SEP sesam Support Matrix and SEP sesam Server hardware requirements.

Installation and upgrades

SEP sesam 4.4.3 Grolar was released on 23rd of July, 2018. Direct upgrade for versions 3.6/4.x to version 4.4.3 Grolar is supported.

Latest released versions are:

  • SEP sesam 4.4.3.61 Linux Tux.gif – released: 25th of July, 2018.
  • SEP sesam 4.4.3.61 Windows Win7.gif – released: 25th of July, 2018.
Win7.gif Windows specific

The 4.4.3 Grolar installation package on Windows also includes:

  • VMware® Virtual Disk Development Kit (VDDK) version 6.5 for Windows.
  • Callback File System® (CBFS®) version 6.1.181 from EldoS Corporation, used to create virtual file systems and disks for savesets which are stored on SEP sesam local data store or Si3 deduplication store.
Information sign.png Note
A CBFS driver is needed for the virtual file system layer (Cross Platform Recovery File System – XPRFS). The installation/update of this driver requires a reboot of your newly installed or updated Windows SEP sesam Server unless this driver is already installed with a previous SEP sesam 4.4.3.xx installation.

SEP sesam Server and Client components should be upgraded to the latest version during the upgrade process. This ensures that SEP sesam Clients are fully protected. Customers with a valid license are eligible for a free upgrade of SEP sesam to any new release for the duration of the license. See also Automatic Updates and Automatic Installation on Windows.

Information sign.png Note
As of Grolar release, SEP sesam executables are single signed with SHA256. Because of the buffer limitation of the GetCertHash() function on Windows Server 2008 SP2, the SEP sesam executables which are now signed with a SHA256 certificate cannot run on Windows Server 2008. To install/upgrade SEP sesam on the respective Windows Server version, you have to install a special Windows update first. For details and update download, see any of the following links:

Previous release

Known issues and limitations

Information sign.png Note
Antivirus programs may disrupt network communication and cause SEP sesam processes, such as backup and replication, to fail. One program that is known to cause SEP sesam processes to terminate is Sophos Firewall with IPS (Intrusion Prevention System) enabled. Make sure that there are no antivirus, firewall, IDS or IPS programs preventing interaction with SEP sesam.
SEP sesam v. 4.4.3.59-62 known issues:
SEP sesam Server v. 4.4.3.61/.62 – VMware mount/attach does not work with Windows data mover v. 4.4.3.48
  • If SEP Server version is 4.4.3.61, but the Windows data mover is still 4.4.3.48, VMware mount/attach does not work.
Resolve: New backups can be mounted/attached without problems when both, the Windows data mover and SEP sesam Server have the same version – update the data mover to the same version as your SEP sesam Server!
SEP sesam Server v. 4.4.3.61/.62 – VMware mount/attach does not work for incremental (INCR) backups performed with previous version
  • If SEP Server version is 4.4.3.61 and INCR VMware backups have been performed with the previous SEP sesam version, attaching and mounting VMDK is not possible. The problem is that in the .lis file the date format of INCR savesets is incorrect, while sm_vfs expects a date and time greater than the time of the corresponding FULL backup.
Workaround:
  • Please contact SEP sesam support at support@sep.de for assistance OR
  • Perform the following tasks manually to fix the date in the .lis files: Delete all .lsl and .lst files. Then use a plain text editor, such as Notepad++, to modify the dates in all .lis files: Use Windows Explorer to navigate to lis folder and search for: *_V?201*.lis. Select all found files and use the right mouse button to open them. Then find and replace (use Search > Replace) the date "0000-00-00 00:00:00" with any real date, for example, "2018-01-01 01:01:01". In all subsequent INCR files there must be a time stamp that is more recent, e.g. "2018-01-01 01:01:02", "2018-01-01 01:01:03"!
  • SEP sesam v. 4.4.3.56-4.4.3.62 – After the last Windows 10 update, system state restore fails to set standard attributes for Windows Defender files and directories
    • After automatically updating Windows 10, system state restore finishes with warnings because standard attributes for Windows Defender files and directories are not set.
    Workaround: SEP support is working on this issue and will provide a solution as soon as possible.
    SEP sesam v. 4.4.2.xx and 4.4.3.xx – Restore of multiple Oracle archive log files from tape fails
    • When restoring multiple Oracle archive log files that were written at different time intervals to the same tape, restore fails. The problems is that RMAN starts a restore for every Oracle log file with no drive number set, thus the restore job is submitted into queue manager without drive number, using different drives. Then restore requires a tape which is already mounted on another drive and, consequently, fails.
    Workaround: To ensure that only one tape drive is used during the backup, start the RMAN restore with only one drive by setting the value of SESAM_DRIVE.
    Fixed with SEP sesam version 4.4.3.62:
    SEP sesam v. ≤ 4.4.3.61 – Paramiko transport.py authentication bypass in the SSH Server functionality; possible security risk because SM_SSH access mode uses weak ciphers
    • SEP sesam uses Paramiko transport.py for the SM_SSH access mode. A vulnerability in Paramiko transport.py could allow unauthorized access to SEP sesam because transport.py in the SSH server implementation of Paramiko does not properly check whether authentication is completed before processing other requests. By using a customized SSH client, an attacker can skip the authentication step and gain unauthorized access to resources on the SEP sesam system.
    • Weak ciphers/MAC are available for connection with SM_SSH access.
    Fixed: New python paramiko module solves issues with unauthorized access and weak ciphers. Update all SEP sesam Clients to version 4.4.3.62 including Remote Device Servers and SEP sesam Server.
    SEP sesam v. 4.4.3.61 – Citrix XenServer new FULL/DIFF/INCR backup levels with CBT do not handle correctly the master/slave configuration
    • After update, Citrix XEN module supports FULL/DIFF/INCR backup levels with CBT but this new feature does not handle master/slave configuration. Note: In 4.4.3.61 the backup worked if the task was configured for the master system, but it did not work if configured for the slave.
    SEP sesam v. 4.4.3.61 – SEP sesam default access mode SM_SSH converts UTF-8 characters to a non-UTF-8 locale which can result in data loss
    • Due to newly introduced default SM_SSH access mode, SEP sesam installations with special backup source encoding (e.g., a multi-byte character set such as Chinese or Japanese) may face issues due to incorrect conversion of UTF-8 characters to a non-UTF-8 local encoding which does not provide the required characters. Such conversion may result in data loss.
    Fixed: Special characters are transferred with URI (Uniform Resource Indicator) encoding.
    SEP sesam v. 4.4.3.61 – Browsing RHV/RHEV does not work 
    • Browsing the RHV management system fails with invalid AccessMode: PROXY.
    SEP sesam v. 4.4.3.61 – No operations possible anymore with SAP Business One license
    • If the license used is SAP Business One and the drive is set to more than 1 stream in the database, then operations related to the drive are no longer possible.
    SEP sesam v. 4.4.3.56/4.4.3.59 (beta) – After upgrading to Windows server 2016, Windows restore fails
    Fixed with SEP sesam Server 4.4.3.61:
    SEP sesam v. 4.4.3.60 – Starting a command event by using Activities -> Immediate start button does not work
    • Trying to start a command event from menu: Activities -> Immediate Start -> Command fails to open the dialog box and the command cannot be started manually.
    SEP sesam v. 4.4.3.60 – Windows Installation on x86 creates MSI Exception
    • In case of Windows systems with x86 architecture an MSI exception appears in the event log during the update of the SEP sesam together with SEP sesam BSR Pro Windows installation; however, all sesam services are running and SEP sesam is working properly.

    Limitations

    SEP sesam backup for hypervisors (VMware, Hyper-V, Citrix Xen, KVM, OpenNebula) cannot back up the data on external disks

    The data of such disks is silently skipped from backup, hence the backup saveset contains no data for the external disk while the backup succeeds and no warning about the missing data is issued (except for VMware, see below).

    • In case of VMware, SEP sesam cannot back up the data on the independent or Raw Device Mapping (RDM) disks due to a VMware limitation that does not support including independent/RDM disks in virtual machine snapshots. As of Grolar, SEP sesam issues a warning about the missing data for VMware independent/RDM disk. To avoid the warnings and have a successful backup, you should exclude the independent disks/RDMs from the backup task or install a SEP sesam Client in the virtual machine and perform an additional file or application backup to back up this data.
    • In case of other hypevisors (Hyper-V, Citrix Xen, KVM, OpenNebula), SEP sesam cannot back up the data on the RDM disks or on a VM without attached SCSI controller(s). To back these hypervisors, you have to add one or more SCSI controller to the virtual machine before performing a backup, even if there are no devices to use the SCSI, or you have to install a SEP sesam Client in the virtual machine and perform an additional file or application backup to back up this data.
    SEP Warning.png Warning
    If a restore of a VM with external disk is performed to the original VM by using the option overwrite, the disk is re-created and all existing data on the restore target is lost.
    Old disk_info Linux backup task is no longer supported – its usage may result in data loss

    During update all customers which are still using backup task with source disk_info backup task are notified that the disk_info Linux backup task is no longer supported. It has been replaced by BSR Linux/REAR. If you still use the obsolete disk_info backup task, you will no longer be able to restore your data.

    • Reconfigure your old disk_info Linux backup tasks by selecting the Linux BSR as a task type in the task properties or create new backup tasks with type Linux BSR. For details, see Disaster Recovery for Linux 3.0.
    SEP Warning.png Warning
    SEP AG is not responsible for potential data loss that may occur as a result of backing up data with unsupported backup task.
    BSR Pro Direct forensic imaging method does not work with SEP sesam versions Tigon V2 and Grolar

    BSR Pro Direct forensic imaging method is only possible if a special snapshot driver is installed and the system is rebooted after installation. It is otherwise not possible to create a consistent image.

    • The existing BSR Pro installation package containing the driver is stored in the <SESAM_BIN>/skel directory. Follow the steps for installing additional driver as described in Steps for using Direct forensic option.

    Enhancements and changes

    S3 cloud storage

    An S3 (simple storage solution) cloud storage can now be used to safely store and retrieve your business data. SEP sesam treats the S3 cloud storage like any other devices. It creates the snapshots and synchronizes data to the cloud. For details, see S3 Cloud Storage Backup.

    NetApp storage snapshots

    SEP sesam provides backup and restore integration built on NetApp Snapshot copies. You need to configure a new data store type – NetApp Snap Store to easily use hardware snapshots as usual backups. For details, see NetApp Storage Snapshots Backup.

    Hyper-V backup and restore

    Separate task for each VM
    It is no longer possible to back up multiple VMs running on a Hyper-V with a single task. Now you have to create a separate task for each VM running on a Hyper-V standalone server or Hyper-V cluster. However, you can assign individual backup tasks to a task group and then trigger the backup of all tasks belonging to that group with a single event. For details, see Hyper-V Backup.

    Citrix XenServer new backup levels

    SEP sesam introduces new backup levels (FULL, INC and DIFF) for Citrix XenServer backups. For details, see Citrix XenServer Backup.

    Access control lists (ACLs)

    The administrators can configure ACLs to enable or disable access to location (group of clients) or specific client. Note that before configuring ACLs, database-based authentication must be activated and users configured and added to the relevant group. For details, see Using Access Control Lists.

    NDMP direct access recovery (DAR)

    Direct access recovery (DAR) index is required to restore a directory or a single file from a NDMP backup (selective restore). As of version 4.4.3 Grolar, DAR is enabled by default (no configuration is required). While DAR can greatly reduce the time it takes to restore individual files, it might be unnecessary in case you want to backup and consequently restore only the whole volume. In such case, you may disable DAR to improve backup performance. For details, see NDMP Backup.

    Self-Service Restore Assistant

    It is now possible to use web restore assistant to restore data not only from regular Path backups, but also from NDMP and NSS file system Path backups as well as emails from Kopano backups with a few simple steps. You can connect to web restore assistant and perform a restore if you have appropriate permissions. If a backup is encrypted and the password is not stored in the SEP sesam database, it is now possible to enter the encryption password online. For details, see Self-Service Restore Assistant.

    New default access mode

    The default access mode is now SM_SSH (previously CTRL) which provides strong authentication and secured data communication for clients and servers in the SEP sesam environment. SSL libraries now iclude libmicrohttpd, libcurl, and libopenssl.

    Improved functionality

    GUI enhancements

    • SEP sesam introduces a number of data store enhancements (S3 credentials tab, Si3 State tab, new data store type, etc.). For details, see Configuring a Data Store and Configuring Si3 Deduplication Store.
    • Database-based authentication and authorization are extended and can be combined with the LDAP authentication and authorization and/or with AD (Active Directory). SEP sesam authorizes the users based on the mapped roles and their associated privileges. For details, see About Authentication and Authorization, Configuring LDAP/AD Authentication, and Configuring Database-Based Authentication.
    • SEP sesam features a GUI that can be customized and now also adjusted by selecting one of the following UI modes: basic, advanced or expert. The mode can be changed in GUI: from the menu bar select Configuration -> Defaults -> Extras -> UI Mode. For details, see UI Mode.
    • A force refresh can be used to clear the GUI cache memory and consequently to update the view. For details, see All Results by State.
    • Rather than deactivating a schedule (and all related jobs), you can now deactivate a single task but keep it in the list of tasks. You can also disable a whole task group by using the same option the Execution is blocked. You can enable a disabled task and/or task group again at any time. For details, see Disabling and Enabling Backup Task and Disabling and Enabling Task Group.
    • New Manage multiple drives option is introduced to enable you to easier change drives properties (e.g., maximum number of parallel streams (max channels), delete drives, create new drives, etc). It lists all configured drives and allows you to change the properties settings of multiple drives, after which SEP sesam restarts the drives automatically. For details, see Manage multiple drives. Now it is also possible to reconfigure all drives by using Configure all drives option.

    Changes in SEP sesam License

    • New license editions VM Essential and VM Essential Plus introduce a CPU socket based license for VMware and Hyper-V backup.
    • New license for 'source Side Deduplication'

    End of maintenance and support

    Unsupported SEP sesam Server OS

    The following operating systems are no longer supported for SEP sesam Server:

    • Ubuntu 14.04
    • Windows Server 2008 Win7.gif
    • Information sign.png Note
      The limitation applies only to SEP sesam Server systems and does not affect SEP sesam Clients. Windows Server 2008 R2 SP1 is still supported. For a complete list of supported SEP sesam Clients, see SEP sesam support matrix.

    For a complete list of supported SEP sesam clients, see SEP sesam Support Matrix.

    Major fixes and changes

    SEP sesam recommends that you apply the following patches for the Grolar version 4.4.3.61. The patches are available at http://download.sep.de/servicepacks/4.4.3/4.4.3.61/. These patches provide necessary fixes for:

    • GUI issues -> download GUI patch to fix the following issues: Browsing the RHV management system fails. Incorrect processing of character '&' in password or backup source. Master server GUI does not start.
    • Common issues (download the required Linux or Windows version):
      1. Program execution may get stuck with SEP sesam ONE -> download sm_config_drives patch
      2. Media readcheck starts two jobs -> download sm_sepul_event_sm_arch patch
      3. Migration does not find any savesets if the number for the copy counter is set -> download sm_copy patch
      4. Citrix Xen restore of older backup savesets not possible, master/slave configuration is not handled correctly. OpenNebula supports NFS-based volumes. -> download sbc_proxy patch
      5. Restore improvements for OpenNebula, Citrix Xen, and BSR Pro problems -> download sm_sbc_com patch
    • Windows specific backup and restore problems -> download TBD_sbc_upcoming patch.

    For more details, see Change report 4.4.3.62 Grolar. See all changes at SEP sesam download – changes.

    See also

    SEP sesam Release Versions