REGISTER NODE (Register a node)
Use this command to register a node to the server.
- In earlier product releases, the REGISTER NODE command automatically created an administrative user ID whose name matched the node name. Beginning with IBM Spectrum Protect Version 8.1, the REGISTER NODE command does not automatically create an administrative user ID that matches the node name.
- If you plan to use the LAN-free option with this node, you must register an administrative ID that matches the node name. To register the administrative ID, use the USERID parameter or manually register the administrator and grant owner authority to the node.
If a client requires a different policy domain than STANDARD, you must register the client node with this command or update the registered node.
sslrequired=serveronly
in a
REGISTER NODE command, the admin SSLREQUIRED setting reverts
to YES. To use a non-SSL session with a storage agent, rename the admin with the identical name by
issuing the RENAME ADMIN command.- V7.1.1 or later, is installed on the source and target replication servers.
- The REPLRECOVERDAMAGED system parameter is set to ON. The system parameter can be set by using the SET REPLRECOVERDAMAGED command.
- The source server includes at least one file that is marked as damaged in the node that is being replicated.
- The node data was replicated before the damage occurred.
Setting for the REPLRECOVERDAMAGED system parameter | Value of the RECOVERDAMAGED parameter on the REPLICATE NODE command | Value of the RECOVERDAMAGED parameter on the REGISTER NODE and UPDATE NODE commands | Result |
---|---|---|---|
OFF | YES, NO, or not specified | YES or NO | During node replication, standard replication occurs and damaged files are not recovered from the target replication server. |
OFF | ONLY | YES or NO | An error message is displayed because files cannot be recovered when the REPLRECOVERDAMAGED system parameter is set to OFF. |
ON | YES | YES or NO | During node replication, standard replication occurs and damaged files are recovered from the target replication server. |
ON | NO | YES or NO | During node replication, standard replication occurs and damaged files are not recovered from the target replication server. |
ON | ONLY | YES or NO | Damaged files are recovered from the target replication server, but standard node replication does not occur. |
ON | Not specified | YES | During node replication, standard replication occurs and damaged files are recovered from the target replication server. |
ON | Not specified | NO | During node replication, standard replication occurs and damaged files are not recovered from the target replication server. |
Privilege class
To issue this command, you must have system privilege, unrestricted policy privilege, or restricted policy privilege for the policy domain to which the client node is assigned.
Syntax
- 1 The PASSEXP command does not apply to administrators who authenticate with a Lightweight Directory Access Protocol (LDAP) directory server.
- 2 The VALIDATEPROTOCOL parameter is deprecated.
- 3 The BACKUPINITIATION parameter is ignored if the client node operating system is not supported.
- 4 You can specify the BKREPLRULEDEFAULT, ARREPLRULEDEFAULT, or SPREPLRULEDEFAULT parameter only if you specify the REPLSTATE parameter.
- 5 The default value can change if you issued the SET DEFAULTAUTHENTICATION command and specified LDAP.
- 6 The SSLREQUIRED parameter is deprecated.
Syntax for IBM Spectrum Protect Plus
For copying data from IBM Spectrum Protect Plus to IBM Spectrum Protect
Parameters
- node_name (Required)
- Specifies the name of the client node to be registered. The maximum length of the name is 64
characters.
You cannot specify a node name of NONE.
Do not use a single node to host an IBM Spectrum Protect backup-archive client and a data center (which includes one or more file spaces that represent virtual machines).
- password
- Specifies the client node password. The minimum length of the password is 8 characters unless a
different value is specified by using the SET MINPWLENGTH command. The maximum
length of the password is 64 characters. Restriction: This parameter is not supported for object client nodes.
If you authenticate passwords locally with the IBM Spectrum Protect server, you must specify a password. The password is not case-sensitive.
If you authenticate passwords with an LDAP server, do not specify a password on the REGISTER NODE command.
- PASSExp
- Specifies the number of days the password remains valid. You can set the password expiration
period 0 - 9999 days. A value of 0 means that the password never expires. This parameter is
optional. If you do not specify this parameter, the server common-password expiration period is
used. The common password expiration period is 90 days unless changed by issuing the SET
PASSEXP command.
You can change the password expiration period by using the UPDATE NODE or SET PASSEXP commands. You can issue the SET PASSEXP command to set a common expiration period for all administrators and client nodes. You can also use the command to selectively set password expiration periods. If you selectively set a password expiration period by using the REGISTER NODE command, the UPDATE NODE command, or the SET PASSEXP command, the expiration period is excluded from common password expiration periods that were created by using the SET PASSEXP command.
You can use the RESET PASSEXP command to reset the password expiration period to the common expiration period. The PASSEXP command does not apply to nodes that authenticate with an LDAP server.
Restriction: This parameter is not supported for object client nodes. - USerid
- Specifies the administrative user ID with client owner authority. This parameter is optional.
You can specify one of the following values:
- NONE
- Specifies that no administrative user ID is created. This is the default value.
- user_id
- Specifies that an administrative user ID is created with the specified name. You can use this parameter to grant client owner authority to an existing administrative user ID.
If you register a node that has the same name as an administrator, the administrator authentication method and SSLREQUIRED setting change to match the authentication method of the node. Passwords that are shared between same-named nodes and administrators are kept synchronized during an authentication change.
If you plan to use the LAN-free option with this node, use the USERID parameter to register an administrative ID that matches the node name.
For users of LDAP servers: If you plan to authenticate the node with an LDAP server, keep the default setting (USERID=NONE) or specify an administrative user ID that differs from the node name. If the administrative user ID matches the node name, you might see unexpected behavior because of automatic password changes that update the same password twice. As a result, the password might become unknown to the administrative user ID. Alternatively, the password update operation might fail. - CONtact
- Specifies a text string of information that identifies the node. The parameter is optional. The maximum length of the text string is 255 characters. The contact information must be enclosed in quotation marks if it contains any blanks.
- DOmain
- Specifies the name of the policy domain to which the node is assigned. The parameter is
optional. If you do not specify a policy domain name, the node is assigned to the default policy
domain (STANDARD). For users of IBM Spectrum Protect Plus: You must specify an existing object domain.
When a source server is registered as a node, it is assigned to a policy domain. Data from the source server is stored in the storage pool that is specified in the archive copy group of the default management class of that domain.
- COMPression
- Specifies whether the client node compresses its files before it sends these files to the server
for backup and archive. The parameter is optional. The default value is CLIENT.Restriction: This parameter does not apply to nodes with a type of NAS or SERVER.
You can specify one of the following values:
- Client
- Specifies that the client determines whether to compress files.
- Yes
- Specifies that the client node compresses its files before it sends these files to the server for backup and archive.
- No
- Specifies that the client node does not compress its files before it sends these files to the server for backup and archive.
- ARCHDELete
- Specifies whether the client node can delete its own archive files
from the server. The parameter is optional. The default value is YES.
You can specify one of the following values:
- Yes
- Specifies that the client node can delete its own archive files from the server.
- No
- Specifies that the client node cannot delete its own archive files from the server.
- BACKDELete
- Specifies whether the client node can delete its own backup files
from the server. The parameter is optional. The default value is NO.
You can specify one of the following values:
- No
- Specifies that the client node cannot delete its own backup files from the server.
- Yes
- Specifies that the client node can delete its own backup files from the server.
- CLOptset
- Specifies the name of the option set to be used by the client. The parameter is optional.
- FORCEPwreset
- Specifies whether to force a client to change or reset the password. The parameter is optional.
The default value is NO. Restriction: This parameter is not supported for object client nodes.You can specify one of the following values:
- No
- Specifies that the password expiration period is set by the SET PASSEXP command. The client does not need to change or reset the password while the client is logging on to the server.
- Yes
- Specifies that the client node password expires at the next logon. The client must change or
reset the password then. If a password is not specified, you receive an error message.Restriction: For nodes that authenticate with an LDAP server, password expiration is set by using LDAP server utilities. For this reason, do not specify FORCEPWRESET=YES if you specify AUTHENTICATION=LDAP.
- Type
- Specifies the type of node that is being registered. The parameter
is optional. The default value is CLIENT. You can specify one of the
following values:
- Client
- Specifies that the client node is a Backup-Archive Client, IBM Spectrum Protect for Space Management client, or application client.
- NAS
- Specifies that the node is a network-attached storage (NAS) file
server whose data is protected by using NDMP operations. The node
name cannot be SERVER. Note: The name of the NAS node must be the same as the data mover. Therefore, the name cannot be changed after a corresponding data mover is defined.
- Server
- Specifies that the client node is a source server that is being registered on the target server.
- OBJECTClient
- Specifies that the client node is an object client. This node type is valid only for IBM Spectrum Protect
Plus. An object client node transfers data to the
IBM
Spectrum Protect server using the S3 protocol for object
storage. An object agent must be configured and running to back up data from an object client. To
configure an IBM
Spectrum Protect object agent, see the
DEFINE SERVER command.
An access key ID and secret access key combination is generated when you issue the REGISTER NODE command. Authenticate object clients by using this key combination.
Restriction: If the file size from an object client node exceeds the MAXSIZE parameter that is set in the DEFINE STGPOOL command, file backup will fail even if the NEXTSTGPOOL parameter is set on the storage pool. Object client data will never be stored in the NEXTSTGPOOL of a directory-container storage pool.
- URL
- Specifies the URL of the IBM
Spectrum Protect web client
that is configured on the client system. You can use the URL in a web browser and in the Operations Center to remotely manage the client node.
This parameter is optional. The URL must include the DNS name or IP address of the client system, and the port number that is defined on the client system for the IBM Spectrum Protect web client. For example,
http://client.mycorp.com:1581
- UTILITYUrl
- Specifies the address of the IBM
Spectrum Protect client
management services that are configured on the client system. This URL is used by the Operations Center to access client log files so that you can remotely
diagnose client issues from the Operations Center.
This parameter is optional. You can specify a URL of up to 200 characters in length. The URL must start with
https
. It includes the DNS name or IP address of the client system, and the port number that is defined on the client system for the IBM Spectrum Protect client management services. For example,https://client.mycorp.com:9028
If you omit the port number, the Operations Center uses the port number 9028, which is the default port number when you install the client management services on the client system.
- MAXNUMMP
- Specifies the maximum number of mount points a node is allowed to use on the server or storage
agent only for operations such as backup, archive, and IBM
Spectrum Protect for Space Management migration. The parameter is optional and only
applies to nodes with a type of CLIENT. The default value is 1. You can specify an integer in the
range 0 - 999. A value of 0 specifies that a node cannot acquire any mount point for a client data
store operation. The MAXNUMMP value is not evaluated or enforced during client data read operations
such as restore, retrieve, and IBM
Spectrum Protect for Space Management recall.
However, mount points in use for data read operations are evaluated against attempted concurrent
data store operations for the same client node and might prevent the data store operations from
being able to acquire mount points. Restriction: This parameter does not apply to nodes with a type of NAS or SERVER.
For volumes in a storage pool that is associated with the FILE or CENTERA device type, the server can have multiple sessions to read and one process to write to the same volume concurrently. To increase concurrency and provide efficient access for nodes with data in FILE or CENTERA storage pools, increase the value of the MAXNUMMP parameter.
For nodes that store data into primary storage pools with the simultaneous-write function that is enabled, you must adjust the value of the MAXNUMMP parameter to specify the correct number of mount points for each client session. A client session requires one mount point for the primary storage pool and one mount point for each copy storage pool and each active-data pool.
For server-to-server backup, if one server is at a different version than the other server, set the number of mount points on the target server to a value higher than one. Otherwise, you receive an error.
A storage agent independently tracks the number of points that are used during a client session. If a node has a storage agent that is installed, it might exceed the MAXNUMMP value. The MAXNUMMP value might also be exceeded under conditions where the node does not have to wait for a mount point.
Note: The server might preempt a client operation for a higher priority operation and the client might lose a mount point if no other mount points are available. - KEEPMP
- Specifies whether the client node keeps the mount point for the
entire session. The parameter is optional. The default value is NO.
You can specify one of the following values:
- Yes
- Specifies that the client node must retain the mount point during the entire session. If policy definitions cause data to be stored to a disk storage pool after the data is stored to a sequential access storage pool, any mount points that are held by the session will not be released.
- No
- Specifies that the client node releases the mount point during the session. If policy definitions cause data to be stored to a disk storage pool after the data is stored to a sequential access storage pool, any mount points that are held by the session will be released.
- AUTOFSRename
- Specify whether file spaces are automatically renamed when you
upgrade the client system to support Unicode or specify whether file
spaces are renamed by the client, if needed. The parameter is optional.
The default is NO. Setting the parameter to YES enables automatic
renaming, which occurs when the client runs one of the following operations:
archive, selective backup, full incremental backup, or partial incremental
backup. The automatic renaming changes the names of existing backed-up
file spaces that are not in Unicode in server storage. Then, the file
spaces are backed up in Unicode. You can use this parameter for Unicode-enabled IBM
Spectrum Protect clients
by using Windows, Macintosh
OS X, and NetWare operating systems.
After the client with support for Unicode is installed, any new file spaces that the client backs up are stored in server storage by using the UTF-8 code page. UTF-8 is a byte-oriented encoding form that is specified by the Unicode Standard.
You can specify one of the following values:- Yes
- Existing file spaces are automatically renamed when you upgrade
to a client that supports Unicode and the client runs one of the following
operations: archive, selective backup, full incremental backup, or
partial incremental backup. The renaming occurs whether the client
uses the graphical user interface, the command line, or the client
scheduler.For example, the server renames a drive as follows:
The new name indicates that the file space is stored on the server in a format that is not Unicode.Original name: D_DRIVE New name: D_DRIVE_OLD
- No
- Existing file spaces are not automatically renamed when the client system upgrades to a client that supports Unicode, and the client runs one of the following operations: archive, selective backup, full incremental backup, or partial incremental backup.
- Client
- The option AUTOFSRENAME in the client's option file determines whether file spaces are
renamed.
By default, the client option is set to PROMPT. When the client system upgrades to a client that supports Unicode and the client runs an IBM Spectrum Protect operation with the graphical user interface or the command line, the program displays a one-time prompt to the user about whether to rename file spaces.
When the client scheduler runs an operation, the program does not prompt for a choice about renaming, and does not rename file spaces. Backups of existing file spaces are sent as before (not in Unicode).
- VALIdateprotocol (deprecated)
-
Specifies whether IBM Spectrum Protect completes a cyclic redundancy check (CRC) to validate the data that is sent between the client and server. The parameter is optional. The default is NO.Important: Beginning with IBM Spectrum Protect V8.1.2 and Tivoli® Storage Manager V7.1.8, this parameter is deprecated. The validation that was enabled by this parameter is replaced by the TLS 1.2 protocol, which is enforced by the SESSIONSECURITY parameter. The VALIDATEPROTOCOL parameter is ignored. Update your configuration to use the SESSIONSECURITY parameter.
However, if your environment includes an IBM Spectrum Protect backup-archive client that is earlier than V7.1.8 or V8.1.2, and the client is connected to a server that is at V7.1.8 or later, or V8.1.2 or later, communication errors can occur. On the client side, you might see error message ANS1029E. On the server side, you might see error message ANR8601E.
To avoid these errors, ensure that the VALIDATEPROTOCOL parameter is set to NO.
- TXNGroupmax
Specifies the number of files per transaction commit that are transferred between a client and a server. The parameter is optional. Client performance might be improved by using a larger value for this option.
The default value is 0. Specifying 0 indicates that the node uses the server global value that is set in the server options file. To use a value other than the server global value, specify a value of 4 through 65,000 for this parameter. The node value takes precedence over the server value.
Attention: Increasing the TXNGROUPMAX value increases the recovery log usage. Higher recovery log usage might increase the risk of running out of log space. Evaluate the performance of each node before you change the parameter.- DATAWritepath
- Specifies the transfer path that is used when the client sends
data to the server, storage agent, or both, during storage operations
such as backup or archive. The parameter is optional. The default
is ANY. Note: If a path is unavailable, the node cannot send any data. For example, if you select the LAN-free option but a LAN-free path is not defined, the operation fails.
You can specify one of the following values:
- ANY
- Specifies that data is sent to the server, storage agent, or both, by any available path. A LAN-free path is used if one is available. If a LAN-free path is unavailable, the data is moved by using the LAN.
- LAN
- Specifies that data is sent by using the LAN.
- LANFree
- Specifies that data is sent by using a LAN-free path.
- DATAReadpath
- Specifies the transfer path that is used when the server, storage
agent, or both read data for a client, during operations such as restore
or retrieve. The parameter is optional. The default is ANY.Note: If a path is unavailable, data cannot be read. For example, if you select the LAN-free option but a LAN-free path is not defined, the operation fails. The value for the transfer path also applies to failover connections. If the value is set to LANFree, failover cannot occur for the node on the secondary server.
You can specify one of the following values:
- ANY
- Specifies that the server, storage agent, or both use any available path to read data. A LAN-free path is used if one is available. If a LAN-free path is unavailable, the data is read by using the LAN.
- LAN
- Specifies that data is read by using the LAN.
- LANFree
- Specifies that data is read by using a LAN-free path.
- TARGETLevel
Specifies the client deployment package that is targeted for this node. The parameter only applies to nodes with a type of CLIENT. You can substitute an applicable release package for Version.Release.Modification.Fix (V.R.M.F) Level. For example:
TARGETLevel=7.1.0.0
.You must specify each segment with a number that is applicable to a deployment package. You cannot use an asterisk in any field as a substitution for a valid number. The parameter is optional.Restriction: The TARGETLEVEL parameter does not apply to nodes with a type of NAS or SERVER.- SESSIONINITiation
Controls whether the server or the client initiates sessions. The default is that the client initiates sessions. The parameter is optional.
- Clientorserver
- Specifies that the client might initiate sessions with the server by communicating on the TCP/IP port that is defined with the server option TCPPORT. Server-prompted scheduling might also be used to prompt the client to connect to the server.
- SERVEROnly
- Specifies that the server does not accept client requests for sessions. All sessions must be initiated by server-prompted scheduling on the port that is defined for the client with the REGISTER or UPDATE NODE commands. You cannot use the client acceptor, dsmcad, to start the scheduler when SESSIONINITIATION is set to SERVERONLY.
- EMAILADdress
- This parameter is used for more contact information. The parameter is optional. The information that is specified by this parameter is not acted upon by IBM Spectrum Protect.
- DEDUPlication
- Specifies where data deduplication can occur for this node. The
parameter is optional. You can specify one of the following values:
- Clientorserver
- Specifies that data that is stored by this node can be deduplicated on either the client or the server. This value is the default. For data deduplication to take place on the client, you must also specify a value of YES for the DEDUPLICATION client option. You can specify this option in the client option file or in the client option set on the IBM Spectrum Protect server.
- SERVEROnly
- Specifies that data that is stored by this node can be deduplicated on the server only.
- BACKUPINITiation
- Specifies whether the non-root user ID on the client node can
back up files to the server. The parameter is optional. The default
value is ALL, indicating that non-root user IDs can back up data to
the server. You can select one of the following values:
- All
- Specifies that non-root user IDs can back up files to the server. ALL is the default if BACKUPINITIATION is not specified.
- ROOT
- Specifies that the root user ID can back up files to the server. If you are using the V6.4 or
later backup-archive client, authorized users have the same privileges as the root user ID. Restriction: The attribute is ignored by the server if the backup-archive client connects from an operating system other than AIX®, Linux®, or Mac OS.Remember: The application programming interface (API) is affected by the BACKUPINITIATION parameter on the server. By default, all API users are allowed to back up data. Setting the parameter to
ROOT
on an API node is not recommended.
- REPLState
- Specifies whether data that belongs to the client node is ready
to be replicated. This parameter is optional. Specify this parameter
only if you are issuing the REGISTER NODE command
on a server that is configured to replicate data to a target replication
server. If you register a client node on a source replication server
and set up replication for the node, do not register the node on the
target replication server. The client node is created automatically
on the target server the first time that replication occurs.You can select one of the following values:
- ENabled
- Specifies that the client node is configured for replication and
is ready to replicate. When you specify this parameter, the replication
mode in the client node definition on the source replication server
is automatically set to SEND. This setting indicates that data that
belongs to the client node is sent to a target server during replication.
When replication first occurs for the client node, the replication state of the node on the target replication server is automatically set to ENABLED. The replication mode on the target replication server is set to RECEIVE. This setting indicates that data that belongs to the client node is received from a source replication server. To determine the replication state and mode, issue the QUERY NODE command on a source or a target replication server.
- DISabled
- Specifies that the node is configured for replication but that replication does not occur until you enable it.
- BKREPLRuledefault, ARREPLRuledefault, and SPREPLRuledefault
- Specifies the replication rule that applies to a data type if the file space rules for the data
type are set to DEFAULT.Restriction: You can specify the BKREPLRULEDEFAULT, ARREPLRULEDEFAULT, or SPREPLRULEDEFAULT parameter only if you specify the REPLSTATE parameter.
- BKREPLRuledefault
- Specifies the replication rule for backup data.
- ARREPLRuledefault
- Specifies the replication rule for archive data.
- SPREPLRuledefault
- Specifies the replication rule for space-managed data.
You can specify normal-priority replication or high-priority replication rules. In a replication process that includes both normal and high-priority data, high-priority data is replicated first. Before you specify a rule, consider the order in which you want the data to be replicated.
You can specify the following rules:- ALL_DATA
- Replicates active and inactive backup data, archive data, or space-managed data. The data is replicated with a normal priority.
- ACTIVE_DATA
- Replicates only active backup data. The data is replicated with a normal priority. This rule is
valid only for BKREPLRULEDEFAULT.Attention:
If you specify ACTIVE_DATA and one or more of the following conditions are true, inactive backup data on the target replication server is deleted, and inactive backup data on the source replication server is not replicated.
- When a release version earlier than Version 7.1.1 is installed on either the source or target replication servers.
- When you are using the REPLICATE NODE command with the
FORCERECONCILE=YES
parameter. - When you are running the initial replication of a file space after you configure replication, restore the database, or upgrade both the source and target replication servers from a release version earlier than V7.1.1.
If the previous conditions are not true, all new and changed files since the last replication are replicated, including inactive files, and files are deleted when they expire.
- ALL_DATA_HIGH_PRIORITY
- Replicates active and inactive backup data, archive data, or space-managed data. Data is replicated with a high priority.
- ACTIVE_DATA_HIGH_PRIORITY
- This rule is the same as the ACTIVE_DATA replication rule except data is replicated with a high priority. This rule is valid only for BKREPLRULEDEFAULT.
- DEFAULT
- Replicates data according to the server replication rule for backup data.
For example, suppose that you want to replicate the archive data in all the file spaces that belongs to a client node. Replication of the archive data is a high priority. One method to accomplish this task is to specify ARREPLRULEDEFAULT=DEFAULT. Ensure that the file space rules for archive data are also set to DEFAULT and that the server rule for archive data is set to ALL_DATA_HIGH_PRIORITY.
Restriction: If a node is configured for replication, the file space rules are set to DEFAULT after the node stores data on the source replication server. - NONE
- Data of the specified type is not replicated.
For example, if you do not want to replicate space-managed data that belongs to a client node, specify SPREPLRULEDEFAULT=NONE
- RECOVERDamaged
- Specifies whether damaged files can be recovered for this node
from a target replication server. The parameter is optional. The default
value is YES. You can specify one of the following values:
- Yes
- Specifies that recovery of damaged files from a target replication server is enabled for this node.
- No
- Specifies that recovery of damaged files from a target replication
server is not enabled for this node.Tip: The value of the RECOVERDAMAGED parameter is only one of several settings that determine whether damaged files are recovered. For information about how to specify the settings, see Settings that affect the recovery of damaged files.
- ROLEOVERRIDE
Specifies whether to override the reported role of the client for processor value unit (PVU) estimation reporting. The default is USEREPORTED. The parameter is optional.
The role reported by the client is either client-device (for example, a workstation) or server-device (for example, file/print server, application server, database). By default, the client reports its role that is based on the client type and the operating system. All clients initially report their role as server-device, except for Backup-Archive Clients running Microsoft Windows workstation distributions (Windows Vista) and Macintosh OS X.
Specify one of the following values:- Client
- Specifies a client-device.
- Server
- Specifies a server-device.
- Other
- Specifies that this node is not to be used for PVU estimation reporting. This value can be useful when multiple nodes are deployed for a physical system (for example, virtual environments, test nodes, retired nodes, and nodes not in production or clustering).
- Usereported
- Use the reported role that is provided by the client.
- AUTHentication
- This parameter specifies the password authentication method for
the node. Specify one of the following values: LDAP or LOCAL. The
parameter is optional and defaults to LOCAL. The default can change
to LDAP if you use the SET DEFAULTAUTHENTICATION command
and specify LDAP.
- LOcal
- Specifies that the local IBM Spectrum Protect server database is used.
- LDap
- Specifies that the node uses an LDAP server for password authentication.
- SSLrequired (deprecated)
-
Specifies whether the node must use the Secure Sockets Layer (SSL) protocol to communicate with the IBM Spectrum Protect server. The parameter is optional. When you authenticate passwords with an LDAP directory server, you must protect the sessions by using SSL or another network security method.
Important: Beginning with IBM Spectrum Protect V8.1.2 software and Tivoli Storage Manager V7.1.8 software, this parameter is deprecated. The validation that was enabled by this parameter is replaced by the TLS protocol version 1.2 , which is enforced by the SESSIONSECURITY parameter. The SSLREQUIRED parameter is ignored. Update your configuration to use the SESSIONSECURITY parameter. - SESSIONSECurity
- Specifies whether the node must use the most secure settings to communicate with an IBM
Spectrum Protect server. This parameter is optional.
You can specify one of the following values:
- STRict
- Specifies that the strictest security settings are enforced for the node. The STRICT value uses the most secure communication protocol available, which is currently TLS 1.2. The TLS protocol is used for SSL sessions between the server and the node. To specify whether the server uses TLS 1.2 for the entire session or only for authentication, see the SSL client option.
- TRANSitional
- Specifies that the existing security settings are enforced for the node. This is the default
value. This value is intended to be used temporarily while you update your security settings to meet
the requirements for the STRICT value.
If SESSIONSECURITY=TRANSITIONAL and the node has never met the requirements for the STRICT value, the node will continue to authenticate by using the TRANSITIONAL value. However, after a node meets the requirements for the STRICT value, the SESSIONSECURITY parameter value automatically updates from TRANSITIONAL to STRICT. Then, the node can no longer authenticate by using a version of the client or an SSL/TLS protocol that does not meet the requirements for STRICT. In addition, after a node successfully authenticates by using a more secure communication protocol, the node can no longer authenticate on the same server by using a less secure protocol. For example, if a node that is not using SSL is updated and successfully authenticates by using TLS 1.2, the node can no longer authenticate by using no SSL protocol or by using TLS 1.1. This restriction also applies when you use functions such as virtual volumes, when the node authenticates to the IBM Spectrum Protect server as a node from another server.
- SPLITLARGEObjects
- Specifies whether large objects that are stored by this node are automatically split into smaller pieces, by the server, to optimize server processing. The parameter is optional. Specifying YES causes the server to split large objects (over 10 GB) into smaller pieces when stored by a client node. Specifying NO bypasses this process. Specify NO only if your primary concern is maximizing throughput of backups directly to tape. The default value is Yes.
Example: Register a client node that only the root user can back up
Register the client nodemete0rite
with
password KingK0ng to back up files from only the root
user to the server.register node mete0rite KingK0ng
backupinit=root
Example: Register a client node and password and set compression on
Register the client nodeJOEOS2
with
the password SECRETCODE and assign this node to the DOM1
policy
domain. This node can delete its own backup and archive files from
the server. All files are compressed by the client node before they
are sent to the server. This command automatically creates a JOEOS2
administrative
user ID with password SECRETCODE. In addition, the administrator
now has client owner authority to the JOEOS2
node.register node joeos2 secretcode domain=dom1
archdelete=yes backdelete=yes
compression=yes
Example: Grant client owner authority for an existing administrative user
Grant client owner authority to an existing administrative user ID,HELPADMIN
, when you register the client node JAN
. This step would
not automatically create an administrator ID named JAN
, but would grant client
owner authority for this node to the HELPADMIN
administrator.register node jan pwd1safe userid=helpadmin
Example: Register a NAS file server node that uses NDMP operations
Register a node name ofNAS1
for a NAS file server that is using NDMP operations. Assign this
node to a special NAS
domain.register node nas1 pwd4nas1 domain=nasdom type=nas
Example: Register a node and specify the maximum number of files per transaction commit
Register a node name ofED
and set the TXNGroupmax to
1000.register node ed pw459twx txngroupmax=1000
Example: Register a node and allow it to deduplicate data on the client system
Register a node name ofJIM
and allow it to deduplicate data on the
client
system.register node jim jimspass deduplication=clientorserver
Example: Register a node name of ED and set the role as a server-device for PVU estimation reporting
Register a node name ofED
and set the role as a
server-device for PVU estimation
reporting.register node ed pw459twx roleoverride=server
Example: Register a node on a source replication server
Define NODE1 to a source replication server. Specify a replication rule for the backup data that belongs to NODE1 so that active backup data is replicated with a high priority. Enable replication for the node.register node node1 bkreplruledefault=active_data_high_priority replstate=enabled
Example: Register a node that authenticates with an LDAP server
Register a node name of NODE17 that must authenticate with an LDAP server.register node node1pwd authentication=ldap
Example: Register a node to communicate with a server by using strict session security
Register a node name of NODE4 to use the strictest security settings to authenticate with the server.register node node4pwd sessionsecurity=strict
Example: Register a node and enable recovery of damaged files
Register a node name of PAYROLL. For the PAYROLL node, enable the recovery of damaged files from a target replication server.register node payroll recoverdamaged=yes
Example: Register a node as an object client
Register a node name of OCO10. The node will be used to copy data from IBM Spectrum Protect Plus.register node oco10 objectclient=yes
Related commands
Command | Description |
---|---|
DEFINE ASSOCIATION | Associates clients with a schedule. |
DEFINE DATAMOVER | Defines a data mover to the IBM Spectrum Protect server. |
DEFINE MACHNODEASSOCIATION | Associates an IBM Spectrum Protect node with a machine. |
DELETE FILESPACE | Deletes data associated with client file spaces. If a file space is part of a collocation group and you remove the file space from a node, the file space is removed from the collocation group. |
DEFINE SERVER | Defines a server for server-to-server communications. |
LOCK NODE | Prevents a client from accessing the server. |
QUERY FILESPACE | Displays information about data in file spaces that belong to a client. |
QUERY NODE | Displays partial or complete information about one or more clients. |
QUERY PVUESTIMATE | Displays an estimate of the client-devices and server-devices being managed. |
QUERY REPLNODE | Displays information about the replication status of a client node. |
REGISTER ADMIN | Defines a new administrator. |
REMOVE NODE | Removes a client from the list of registered nodes for a specific policy domain. |
REMOVE REPLNODE | Removes a node from replication. |
RENAME NODE | Changes the name for a client node. |
REPLICATE NODE | Replicates data in file spaces that belong to a client node. |
RESET PASSEXP | Resets the password expiration for nodes or administrators. |
SET DEFAULTAUTHENTICATION | Specifies the default password authentication method for any REGISTER NODE or REGISTER ADMIN commands. |
SET PASSEXP | Specifies the number of days after which a password is expired and must be changed. |
SET CPUINFOREFRESH | Specifies the number of days between client scans for workstation information used for PVU estimates. |
SET DEDUPVERIFICATIONLEVEL | Specifies the percentage of extents verified by the server during client-side deduplication. |
SET REPLRECOVERDAMAGED | Specifies whether node replication is enabled to recover damaged files from a target replication server. |
UNLOCK NODE | Enables a locked user in a specific policy domain to access the server. |
UPDATE ADMIN | Changes the password or contact information associated with any administrator. |
UPDATE FILESPACE | Changes file-space node-replication rules. |
UPDATE NODE | Changes the attributes that are associated with a client node. |