A good security policy always includes backups. We tend to think of these backups as being for recovery of your system from catastrophic loss. But more frequently they are also used to recover individual data and other objects that are lost due to a wide variety of reasons, many of which fall into the security area. Having a method for quick and easy restore for individual objects is important in the overall security plans for your iSeries shop.
Many shops resolve this issue by using third-party automated save/restore utilities that provide this function as a standard feature. Others rely on their own methods to get individual objects restored. Too frequently, I have seen this method rely on a lengthy DSPTAP of the backup tape to reach a point where the lost objects to be restored have been listed with their save criteria. For some backups this process can take forever, losing precious time in getting your application back up and running.
A simple solution to this problem is to keep a database on your system with details about each active backup set for your shop. This can be done easily using the OUTPUT parameter on the SAVLIB and/or SAVOBJ command, along with its related parameters OUTFILE, OUTMBR and INFTYPE.
To get started, create a separate library on your system to hold your backup database. This will end up being a multiple member database. For purposes of this example, we'll use the library name of BACKUPDTA and we'll name our database BACKINFO. To get started, run a backup of a single object and specify the following parameters on the SAVOBJ command:
SAVOBJ OBJ(MYFILE) LIB(RLIBR) DEV(TAP01) OBJTYPE(*FILE) OUTPUT(*OUTFILE) OUTFILE(BACKUPDTA/BACKINFO) OUTMBR(B030904 *ADD) INFTYPE(*MBR)
This will create the file as a multiple member database that will become your online backup database. It will add a member to this database named "B030904" that will now contain information about the backup that you just ran.
Then, modify your backup process always to specify these additional parameters. Make sure that you vary the OUTMBR member name to something that will be unique to each backup operation. In this case, I have used the letter 'B' followed by the date in yymmdd format. This makes it easy to identify the correct backup member in the file when it is time to go looking for restore parameters.
You will also need to add a step to the process you use when backup sets are scratched and returned to your pool of blank tapes. When you do that, you'll need to find the associated member and delete it. That will keep this file from getting too large over time.
When it is time to find and restore an individual object, use your favorite file utility to browse the appropriate member and you'll quickly find more than you ever thought you needed to know about a saved object including its sequence number, saved tape label information, the ASP it was saved from and much more. With this information, the exact form of the RSTOBJ command can be easily and quickly determined.
As an additional step, you might also consider saving the database as the last operation in your backup step. That way your database will always be included as a part of the backup set and can be restored to help with problem determination and restore preparation if the online version is also lost.
Finding and restoring individual objects on a backup can be painless and quick using this method. If you have time, you can even add logical file views to your database to locate backup information even more quickly with your file browser.
About the author: Rich Loeber is president of Kisco Information Systems Inc., in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.
================================== MORE INFORMATION ON THIS TOPIC ==================================
Automate disaster recovery restores
Part of the job of a security officer is creating, maintaining and testing your disaster recovery plan. A major part of disaster recovery is recreating your computing environment on a completely different system, and that always involves data and program restores. You might be one of the fortunate ones that has access to a comprehensive third-party save/restore application that automates the disaster recovery restore process for you. If you're in that group, this article is not for you. But, if you're a small- to medium-sized shop that can't afford (or won't consider) one of those products, then you're on your own to create a workable disaster recovery method.
Are your backups complete?
There are many layers to security. You have to make sure that intruders don't get in. And if they do get in, they must not be allowed to do anything harmful. One way to minimize that security risk is to make sure that your backup plan is up to date -- and that it works. This has gotten more difficult as the iSeries has gotten more complex. This tip provides information on iSeries backups, objectives and implementations. You probably have a plan already, but does it have everything you need?
Automating the backup procedure
One user writes, "We are on an iSeries 730 box. We're doing our backups manually using the GO SAVE command (option 21 - Entire Systems). I would like to automate this procedure. I've written a CL program that will perform the SAVSYS, SAVLIB (*nonsys) and SAVDLO libraries. Am I on the right track, or should I be looking in a different direction?" Read what backup & recovery expert Ken Graap had to say.
This was first published in October 2003