Recovering the server and client data by using DRM

Edit online

Use the disaster recovery manager (DRM) function to recover the IBM Storage Protect server and client data when a disaster occurs.

Before you begin

IBM Storage Protect is set up to use the Secure Sockets Layer (SSL) protocol for client/server authentication. When you start the server, a digital certificate file, cert.kdb, is created as part of the process. This file includes the server's public key, which allows the client to encrypt data. The digital certificate file cannot be stored in the server database because the Global Security Kit (GSKit) requires a separate file in a certain format.

  1. Keep backup copies of the cert.kdb, cert.sth, and cert256.arm files.
  2. If both the original certificate files and any copies are lost or corrupted, generate new certificate files.

The master encryption key is stored in a new GSKit-managed key database, dsmkeydb.kdb. If the server has an existing master encryption key, the master encryption key is migrated from the dsmserv.pwd file to the key database, dsmkeydb.kdb. Keep backup copies of the dsmkeydb.kdb and dsmkeydb.sth files. You can configure the BACKUP DB command to back up the master encryption key, or you can manually back up the dsmkeydb.kdb and dsmkeydb.sth files yourself. You cannot recover from a disaster without the master encryption key.

  1. Keep backup copies of the dsmkeydb.kdb and dsmkeydb.sth files.

Procedure

  1. Get the latest recovery plan.
  2. Review the recovery steps that are described in the RECOVERY.INSTRUCTIONS.GENERAL stanza of the plan.
  3. Separate the stanzas of the plan file into individual files for general preliminary instructions, IBM Storage Protect server recovery scripts, and client recovery instructions.
  4. Retrieve all required recovery volumes (as listed in the plan) from the vault.
  5. Review the device configuration file to ensure that the hardware configuration at the recovery site is the same as the original site. Any differences must be updated in the device configuration file. The following example configuration changes require updates to the configuration information:
    • Different device names.
    • For automated libraries, the requirement of manually placing the database backup volumes in the automated library and updating the configuration information to identify the element within the library. This allows the server to locate the required database backup volumes.
  6. Set up replacement hardware for the IBM Storage Protect server, including the operating system and the IBM Storage Protect base release installation.
  7. Run the IBM Storage Protect server recovery scripts from the recovery plan. The RECOVERY.SCRIPT.DISASTER.RECOVERY.MODE and RECOVERY.SCRIPT.NORMAL.MODE stanzas contain executable command files that can be used to drive the recovery of the IBM Storage Protect server by calling other command files that were generated in the plan. The RECOVERY.SCRIPT.DISASTER.RECOVERY.MODE script recovers the server to the point where clients can begin restores directly from the copy storage pool volumes.
  8. Restore the primary storage pools by using the RECOVERY.SCRIPT.NORMAL.MODE script.
  9. Start client restore operations in order of highest priority, as defined in your high-level planning.

What to do next

The IBM Storage Protect server can now be used for normal server operations. Ensure that all required operations are scheduled. For instructions, see Defining schedules for server maintenance activities and Scheduling backup and archive operations.