Migration from Encrypted Library to Non-Crypted library

wsimps01

ADSM.ORG Member
Joined
Mar 20, 2008
Messages
39
Reaction score
1
Points
0
PREDATAR Control23

Greetings All,
Here is what I am trying to do and would like to know if anyone has any insight. I have two logical libraries, one is using EKM and the other is not encrypted.
Is this possible?

I attempted to do a migration from the EKM instance to the non one and noticed that my scratch tape count was going down because it was marking them as private. Just curious if anyone has tried this and if so were you successful. I am using a TS3500 (3584) and LTO4 drives, TSM version is 6.3.400 OS is AIX.
Thanks,
Bill
 
PREDATAR Control23

Hi,
I have a TS3500 with four logical libraries. Two of these has library encryption enabled. Works like a charm.
I need some more info about your config to help.

For tsm part, create a new stgpool on the non-encrypted library, and start migrating
 
PREDATAR Control23

Hi,
I have a TS3500 with four logical libraries. Two of these has library encryption enabled. Works like a charm.
I need some more info about your config to help.

For tsm part, create a new stgpool on the non-encrypted library, and start migrating

Hi,
I have a TS3500 with four logical libraries. Two of these has library encryption enabled. Works like a charm.
I need some more info about your config to help.

For tsm part, create a new stgpool on the non-encrypted library, and start migrating

I am using an IBM 3584 (TS3500) Library. I have 8 LTO4 drives. I am using two logical libraries. One is set to use Hardware Encryption (EKM) and the other is not using any type of encryption. Encryption set thru Library GUI.

Each logical library has 4 drives assigned to it.

My servers are as follows:
TSMLIB (Library Manager) 6.3.4 (Lib Manager using EKM 2.1, set at Hardware level @ Library GUI)
DELTSM (Library Client & Library Manager) 6.3.4 (Lib Manager not using encryption)

tsm: DELTSM>q driv
Session established with server DELTSM: AIX
Server Version 6, Release 3, Level 4.300
Server date/time: 04/13/2015 09:33:48 Last access: 04/1


Library Name Drive Name Device Type On-Line
------------ ------------ ----------- --------
LTO4 LTO-1RMT LTO Yes
LTO4 LTO4-3RMT LTO Yes
LTO4 LTO4-4RMT LTO Yes
LTO4 LTO4-6RMT LTO Yes



tsm: TSMLIB>q path

Source Name Source Type Destination Destination On-Line
Name Type
----------- ----------- ----------- ----------- -------
TSMLIB SERVER 3584 LIBRARY Yes
TSMLIB SERVER LTO4-1 DRIVE Yes
TSMLIB SERVER LTO4-3 DRIVE Yes
TSMLIB SERVER LTO4-6 DRIVE Yes
TSMLIB SERVER LTO4-8 DRIVE Yes
DELTSM SERVER LTO4-1 DRIVE Yes
DELTSM SERVER LTO4-3 DRIVE Yes
DELTSM SERVER LTO4-6 DRIVE Yes
DELTSM SERVER LTO4-8 DRIVE Yes

tsm: DELTSM>q stg

Storage Device Estimated Pct Pct High Low Next Stora-
Pool Name Class Name Capacity Util Migr Mig Mig ge Pool
Pct Pct
----------- ---------- ---------- ----- ----- ---- --- -----------
ARCHIVEPOOL LTO 1,275,062 0.2 0.5 90 70
G
BACKUPPOOL DISK 6,738 G 99.4 81.0 95 75 LTOPOOL
COPY_OFF LTO 1,320,259 10.1
G
LTO4POOL LTO4 1,560,938 0.0 0.1 90 70
G
LTOPOOL LTO 1,173,745 10.9 25.0 90 70
G
SPACEMGPOOL DISK 0.0 M 0.0 0.0 90 70

Currently the LTO4POOL is the only pool associated with the non encrypted drives and library (LTO4)

tsm: DELTSM>q libr

Library Name: 3584
Library Type: SHARED
ACS Id:
Private Category:
Scratch Category:
WORM Scratch Category:
External Manager:
Shared: No
LanFree:
ObeyMountRetention:

Library Name: LTO4
Library Type: SCSI
ACS Id:
Private Category:
Scratch Category:
WORM Scratch Category:
External Manager:
Shared: Yes
LanFree:
ObeyMountRetention:

Let me know if you need anything else and thanks in advance for your help!
-Bill
 
PREDATAR Control23

Hi,

I assume that paths/drives/library are ok.

1. Can you do a q vol enc-volume f=d and a q vol non-enc-volume f=d. They should state what type of encruption is in use.
2. What does the actlog say when you migr data?
3. Do you have collocation enabled? This will eat tapes.
4. Are tapes assigned as shared/dedicated on 3584?
5. Firmware level on 3584?
 
PREDATAR Control23

Hi,

I assume that paths/drives/library are ok.

1. Can you do a q vol enc-volume f=d and a q vol non-enc-volume f=d. They should state what type of encruption is in use.
2. What does the actlog say when you migr data?
3. Do you have collocation enabled? This will eat tapes.
4. Are tapes assigned as shared/dedicated on 3584?
5. Firmware level on 3584?

I do see the differences in the device classes for each Logical Library:
tsm: DELTSM>q devc lto f=d

Device Class Name: LTO
Device Access Strategy: Sequential
Storage Pool Count: 3
Device Type: LTO
Format: DRIVE
Est/Max Capacity (MB):
Mount Limit: DRIVES
Mount Wait (min): 15
Mount Retention (min): 2
Label Prefix: ADSM
Library: 3584
Directory:
Server Name:
Retry Period:
Retry Interval:
Shared:
High-level Address:
Minimum Capacity:
WORM: No
Drive Encryption: Allow
Scaled Capacity:
Primary Allocation (MB):
Secondary Allocation (MB):
Compression:
Retention:
Protection:
Expiration Date:
Unit:
Logical Block Protection: No
Last Update by (administrator): SSTEWART
Last Update Date/Time: 11/14/2013 07:28:48


tsm: DELTSM>q devc lto4 f=d

Device Class Name: LTO4
Device Access Strategy: Sequential
Storage Pool Count: 2
Device Type: LTO
Format: DRIVE
Est/Max Capacity (MB):
Mount Limit: DRIVES
Mount Wait (min): 60
Mount Retention (min): 60
Label Prefix: ADSM
Library: LTO4
Directory:
Server Name:
Retry Period:
Retry Interval:
Shared:
High-level Address:
Minimum Capacity:
WORM: No
Drive Encryption: Off
Scaled Capacity:
Primary Allocation (MB):
Secondary Allocation (MB):
Compression:
Retention:
Protection:
Expiration Date:
Unit:
Logical Block Protection: No
Last Update by (administrator): ADMIN
Last Update Date/Time: 02/25/2015 08:07:18

If I kick off a manual migration from the diskpool to the LTO4 pool it works fine.
Last night I changed it to backup from disk to the LTO4 (unencrypted pool) and it failed.
I see the following errors in the actlog:
04/16/2015 05:30:49 ANR8985E The drive LTO4-3RMT (/dev/rmt3) in library LTO4
is using an encryption method that is incompatible with
the current server settings. (SESSION: 22794, PROCESS:
159)
04/16/2015 05:31:37 ANR8985E The drive LTO4-3RMT (/dev/rmt3) in library LTO4
is using an encryption method that is incompatible with
the current server settings. (SESSION: 22794, PROCESS:
159)
04/16/2015 07:18:46 ANR2017I Administrator WSIMPS01 issued command: QUERY

&

04/16/2015 05:30:49 ANR8355E I/O error reading label for volume C40363L4 in
drive LTO4-3RMT (/dev/rmt3). (SESSION: 22794, PROCESS:
159)
04/16/2015 05:31:37 ANR8355E I/O error reading label for volume C40365L4 in
drive LTO4-3RMT (/dev/rmt3). (SESSION: 22794, PROCESS:
159)
04/16/2015 07:19:55 ANR2017I Administrator WSIMPS01 issued command: QUERY
ACTLOG begint=-02:00 search=anr8355e (SESSION: 22996)

Not everything is collocated I have a couple of colloc groups but that's about it.

The tapes are assigned to each Logical Library instance. I am not sure how to share them among both library instances.
It looks like maybe the tapes are marked as using encryption and when I run label libvol on the un-encrypted library it's still retaining that setting and I don't know how to correct that.

I have looked and looked in the Library GUI but I cannot locate how to see the current firmware version only Update It. Any suggestions?

Thanks,
Bill
 
PREDATAR Control23

From the GUI, select service, then select node cards, aand you should se firmware version on all your cards.

It appears you are running encryption per tape drive, not per library.

I have library enabled encryption, and it looks a bit different

Volume Name: P50002L5
Storage Pool Name: BF-CP
Device Class Name: ENC-LTO5C
Estimated Capacity: 1.9 T
Scaled Capacity Applied:
Pct Util: 92.1
Volume Status: Full
Access: Read/Write
Pct. Reclaimable Space: 7.9
Scratch Volume?: Yes
In Error State?: No
Number of Writable Sides: 1
Number of Times Mounted: 2
Write Pass Number: 1
Approx. Date Last Written: 03/24/2015 21:48:20
Approx. Date Last Read: 03/24/2015 10:11:12
Date Became Pending:
Number of Write Errors: 0
Number of Read Errors: 0
Volume Location:
Volume is MVS Lanfree Capable : No
Last Update by (administrator):
Last Update Date/Time: 03/24/2015 10:10:56
Begin Reclaim Period:
End Reclaim Period:
Drive Encryption Key Manager: Library
Logical Block Protected: No


It looks like maybe the tapes are marked as using encryption and when I run label libvol on the un-encrypted library it's still retaining that setting and I don't know how to correct that.

You can try label libvol ....... force=yes. Otherwise, you can give it a new label, and then do label libvol ..... force=yes.
 
PREDATAR Control23

From the GUI, select service, then select node cards, aand you should se firmware version on all your cards.

It appears you are running encryption per tape drive, not per library.

I have library enabled encryption, and it looks a bit different

Volume Name: P50002L5
Storage Pool Name: BF-CP
Device Class Name: ENC-LTO5C
Estimated Capacity: 1.9 T
Scaled Capacity Applied:
Pct Util: 92.1
Volume Status: Full
Access: Read/Write
Pct. Reclaimable Space: 7.9
Scratch Volume?: Yes
In Error State?: No
Number of Writable Sides: 1
Number of Times Mounted: 2
Write Pass Number: 1
Approx. Date Last Written: 03/24/2015 21:48:20
Approx. Date Last Read: 03/24/2015 10:11:12
Date Became Pending:
Number of Write Errors: 0
Number of Read Errors: 0
Volume Location:
Volume is MVS Lanfree Capable : No
Last Update by (administrator):
Last Update Date/Time: 03/24/2015 10:10:56
Begin Reclaim Period:
End Reclaim Period:
Drive Encryption Key Manager: Library
Logical Block Protected: No


It looks like maybe the tapes are marked as using encryption and when I run label libvol on the un-encrypted library it's still retaining that setting and I don't know how to correct that.

You can try label libvol ....... force=yes. Otherwise, you can give it a new label, and then do label libvol ..... force=yes.[/QUOTE

When I initially did the label libvol I didn't use the force=yes option so I will try that. Out of curiosity if I take the existing "scratch" volumes for the non encrypted library and delete the volumes and then run the lab libvol with force should that work in lieu of new labels (barcodes)?
 
PREDATAR Control23

The last time I had this task, I ended up with adding a new label to tapes moving from one library to another. Then label with force=yes

tsm is quite picky when it comes to labeling tapes that has a label already.
 
Top