IBM i Backups with IBM Power

Virtual Server
An IBM Systems Lab Services Tutorial

Cesar Salinas
Vess Natchev
[email protected]
TABLE OF CONTENTS

CHAPTER 1: SOLUTION OVERVIEW............................. 1

Introduction................................................................................ 1
Use Cases .................................................................................. 1
Full-system Snapshot and Restore ........................................... 1

Full-system Backups .............................................................. 1

Object-level Backups .............................................................. 2

Solution Components and Requirements ........................................ 2

Components .......................................................................... 2

Requirements ........................................................................ 3

Diagrams ................................................................................... 5
BRMS integration to move backup to COS ................................. 5

Configure a Reverse-proxy Centos VSI .............................. 20

CHAPTER 2: IMPLEMENTATION ................................ 29

Full-system Snapshot and Restore ................................................ 29

Use Cases ............................................................................ 29

Examples ............................................................................. 29

Create Cloud Resource – using a Direct Link Private Endpoint

(Recommended)......................................................................... 36
Create Cloud Resource – using a Public Endpoint ............................ 49
Full-System Backups from the Cloud ............................................. 54
Full-System Recovery from the Cloud using IBM i as an NFS Server .. 65
 Setting up IBM i Network Install Server with NFS Server and NFS
Client .................................................................................. 65

Object-level Backups ................................................................ 134

Automatic Transfers of Media to Cloud Storage ....................... 134
User Initiated Transfers of Media to Cloud Storage .................. 145

CHAPTER 3: TROUBLESHOOTING ............................ 157

Media status *TRF ....................................................................... 157

Resolving cloud transfer problems ..................................................... 158
ICC Flight Recorder Directory ......................................................... 158
Verify the cloud resource is functioning correctly.................................... 159
Restore problems ......................................................................... 160

CHAPTER 4: ADDITIONAL RESOURCES ................... 161

Chapter 1: Solution Overview

Introduction

A key client expectation of IBM Power Virtual Server (PowerVS) is the

ability to deploy a similar backup strategy to the one they use on-
premise for their IBM i workloads. Most clients employ a strategy of
weekly or monthly full-system backups, combined with more frequent
library- or object-level backups.

PowerVS provides IBM i clients with similar capabilities. However, the

method and interfaces in PowerVS are somewhat different from
those on-premise.

This tutorial will provide step-by-step instructions for performing full-

system or object-level backups in IBM i in three common scenarios.

Use Cases

Full-system Snapshot and Restore

In this case, we will provide examples of how to use the new

snapshot/restore application programming interfaces (APIs) to perform
full-system image backups.

Full-system Backups

Here we will show how to perform full-system saves and restores using
Backup, Recovery and Media Services (BRMS) and IBM Cloud Object
Storage (COS).
Object-level Backups

Lastly, we will demonstrate how to perform library- and object-level

saves and restores using Backup, Recovery and Media Services
(BRMS) and IBM Cloud Object Storage (COS).

Solution Components and Requirements

Components

The following components need to be setup in the IBM Cloud UI.

1. Open an IBM Cloud account

2. Create one or two Power PowerVS location Services and a
private subnet in each PowerVS location.
3. Provision AIX or IBM i VSIs in each PowerVS location
4. Order Direct Link Connect Classic to connect each PowerVS
location to IBM Cloud
5. Create and configure a Reverse-proxy Centos VSI to connect
each PowerVS location to IBM Cloud

2
Components to IBM i backup in the Cloud

Requirements

Open an IBM Cloud account

Login to https://cloud.ibm.com and follow the procedure to open an Internal to external
account.
For internal accounts, you can use your IBM intranet ID and password. For external
accounts you will need to provide a billing source such as a credit card.

Create PowerVS location Service and Subnet(s)

All Power VSIs are provisioned in what is called a PowerVS location. This is a separate
datacenter adjacent to IBM Cloud datacenters. In order to setup your PowerVS location,
you will setup a PowerVS location service in the IBM Cloud UI. The PowerVS location
service is a service within IBM Cloud which allows you to provision Power AIX and
IBM I VSIs. There is a limit of one PowerVS location service per datacenter in IBM

3
Cloud. In our scenario we have created two PowerVS locations, one is Toronto and one
in London datacenters.
Prior to provisioning Power VSI in the PowerVS location, you will need to create at least
one subnet. You can have as many subnets as you require in each PowerVS location
service on which you can provision your Power VSIs.

Provision AIX or IBM i VSIs in each PowerVS location

In each PowerVS location service you can create AIX or IBM i VSIs. The details are
provided in the next section.

Order Direct Link Connect Classic to connect PowerVS location

to IBM Cloud
You will need to order Direct Link (DL) Connect Classic to allow your Power VSIs to
communication with Linux/Window VSIs in IBM Cloud and also with all other IBM
Cloud services such as VMWare VMs, and Cloud Object Storage (COS). Ordering a DL
may take 1-2 weeks to complete. There is no charge for this service as of June 2020.

IBM i Software Requirements

This solution requires that product IBM Cloud Storage Solutions for i is
installed on the system and the following BRMS PTF(s) must be
installed on a stand-alone BRMS system or on all the systems in a
BRMS network:

• 7.3 - SI61153

• 7.2 - SI61152

• 7.1 - SI61151

NOTE: If a BRMS network contains a 6.1 system please contact a

service representative before applying the PTF(s) to any of the
systems in the BRMS network.

IBM Cloud Storage Solutions for i Direct Link (DL) Reverse Proxy
Server Support. Support Google Cloud Storage.

5733ICC V1R2M0

• SI73401 - Cloud Storage Solutions Proxy Support

4
BRMS Recovery Reports

As with other recoveries that are performed using BRMS, a recovery

report is used to assist with successful recoveries from save media
that has been transferred to the cloud. You will need the following two
reports:

• Recovery Report QP1ARCY

• Recovery Volume Summary Report QP1A2RCY

Diagrams

BRMS integration to move backup to COS

5
IBM i Backup in the Cloud

6
Create PowerVS location Services and Subnet(s)

You will need an IBM Cloud account to start this process.

Go to the main IBM Cloud UI page and click on “Catalog” on upper right side of the UI.

Search for “Power”

Select “Power System Virtual Servers”.

7
Under Select Region, choose your region. You are limited to only one service per region.

Select a “Service Name” or chose default name provided.

Then press “Create”

8
Your PowerVS location service will now appear under the Services tab.

You will repeat this process to create a second PowerVS location service. In our case we
have two PowerVS location services, one in London and one in Toronto.

Next you will need to click on the PowerVS location Service you created and provision a
subnet to be used by your Power VSI servers.

9
Choose “Subnets” from the menu on the left.

Provide the following information:

• name for your subnet
• CIDR range. This can be any private IP subnet ranges. For example,
192.168.5.0/24. You may choose /21 to /30 based on how many
IPs you will require. You may use your own private CIDR if you
wish.
• The rest of the fields will be automatically populated based on the
CIDR you provided.
Press “Create Subnet”

10
There should be a VLAN ID associated with the subnet.
At this point, you will need to open a Support Ticket with Power System to request that
the subnet be configured to allow local communication between any Power VSI you
create in this PowerVS location service. Provide your PowerVS location service location,
and your subnet in the ticket.
Without this step, the Power VSI you create will not be able to ping between each other
even if they are on same subnet in the same PowerVS location.

Provision AIX or IBM i VSIs in each PowerVS location

The procedure is similar for both AIX and IBM i VSI provisioning. Here is a procedure
to create an AIX 7.2 VSI. The cost shown are monthly costs, but you are being charged
hourly.
Go to the IBM Cloud Catalog and press the “IBM Cloud” on top left side of the UI.

Choose “Services” from the list shown.

11
Click on the service for datacenter in which you have created a PowerVS location power
service. In this case we will choose Toronot01 PowerVS location service.

Since we have already provisioned several VSIs, we see the list show above. If you are
creating VSIs for the first time, your list will be empty.
Press “Create Instance” on upper right-hand side.

12
This is where you provision AIX or IBM i VSIs.
Choose a name for your VSI, i.e., AIX-72-Tor01 and select how many VSIs you need to
configure. The names of the VSI will be appended with a “-1”, “-2” etc. if you select
more than one VSI.
You may leave VM pruning and SSH key as is since the VSIs will have no passwords
when you create them for the first time. You will need to create a password via the OS
command.

Scroll down to choose other options.

13
On IBM i VSIs, scroll down and choose “IBM i Cloud Storage Solutions” in order to
perform backups using Backup Recovery and Media Services (BRMS) to Cloud Object
Storage (COS).

Here you will choose the following options:

• Operating System – AIX or IBM i or any other image you may
have imported via the “Boot Image” menu on the left.
• Image type: AIX 7.1 or 7.2, IBM i 7.2, 7.3 or 7.4
• Disk types: Type 1 or 3. Type 3 is a less expensive option which
we selected.
• Machine type: S922 or E980. S922 is what we selected.
• Processor: Dedicated or Shared or Shared Capped. We choose
“shared” as its less expensive.
• Choose the number of cores and RAM you will need. The
minimum core is “0.25”.
• You can also attach additional volume to the VSI is you wish. We
did not do that here and only used the root volume which is
included.
Next you will scroll down to choose your subnet on which these VSIs will be
provisioned. It is assumed you have already created one or more subnets prior to this
step.
Click on the “Attached Existing” under networks.

14
Choose the subnet you wish to attach, and the press “Attach”

Choose “Public networks” if you wish to attach to a public network, and change to “On”

15
Now check the box “I agree to the ….” And press “create Instance” in lower right-hand
side.
Your VSI is now being provisioned.

Order Direct Link Connect Classic to connect PowerVS location

to IBM Cloud
You will need to order Direct Link (DL) Connect Classic to allow your Power VSIs in
the PowerVS location to communication with Linux/Window VSIs in IBM Cloud and
also with all other IBM Cloud services such as Cloud Object Storage and VMware
services. This process may take 1-2 weeks to complete.
There are several steps involved in completing DL ordering:

• Order Direct link connect classic service on IBM Cloud UI – see

steps below
• Next a support ticket will be created, and Support will send you a
word document with questionnaires to be completed concerning
various DL settings.
• Complete the questionnaires and upload it to support in the ticket.
• Support will then request that you create a new support ticket with
the Power System so they can complete their side of the DL
provisioning. Attach information about the DL in the original ticket
to this ticket.
• The DL will be provisioned, and you will be notified when complete.
• You can now test connection to any Linux/Windows VSI you may
have in IBM Cloud and other IBM Cloud services.

To start the DL order process, go to IBM Cloud UI and log in.

Choose “Catalog” from upper right-hand side, and search for “direct”.

16
Select “Direct Link Connect on Classic”.

Press “Create”. There are no options to select.

17
Now choose “Order Direct Link Connect” from top right-hand side.

• Choose a “name” for the DL.

• Choose a location for the DL. This should be the same location as
where you created your PowerVS location Service.
• Choose “link speed” under network provider menu.
• Choose “Local Routing (free)”
Global routing will require additional charges and will allow for easier PowerVS
location-to-PowerVS location communication. You will also need to order a Vyatta
Gateway Router to complete your Global routing option via use of a GRE tunnel. Support
can help you with this further.

18
In our case, we decided to use Local Routing and then order a Vyatta Gateway in each
PowerVS location and provision a GRE tunnel end-to-end.

• Check the box to accept the offer and press “Create”

A support case will be opened with the information required.

19
After this is complete, you will then be contacted by support and
requested to complete and answer some questions in an attached
document and send it back as attachment to the same ticket.

After this step is complete, support will request that you open a new
IBM support ticket and address it to the Power System. Include the
information in the original DL ticket. This new ticket will be sent to the
PowerVS location support to configure their side of the DL connection.

This should be the last step before DL communication works. You can
test your connection by pinging IBM Cloud Linux/Windows VSI from
your Power VSIs and in reverse.

Configure a Reverse-proxy Centos VSI

We used the official IBM cloud procedure to configure the reverse-proxy server.
https://cloud.ibm.com/docs/direct-link?topic=direct-link-using-ibm-cloud-direct-link-to-
connect-to-ibm-cloud-object-storage

• You will need to first provision a Centos VSI in IBM cloud with both public and
private interface.
• Login to the VSI.
• Upgrade your operating system OS (yum update).
• Install the EPEL repository (yum install epel-release).
• Install NginX (yum install nginx).
• Start nginx (systemctl start nginx or just nginx)
• To allow service to run after reboot: systemctl enable nginx

Now Test your nginx deployment:

Open a browser and put in the following URI.

http://<IP address of the Centos VSI>

Now we will customize this nginx deployment to allow COS access.

• Make a backup of nginx.conf

• Replace the nginx.conf with nginx.conf file shown below. Keep

the same name: nginx.conf

20
https://cloud.ibm.com/docs/direct-link?topic=direct-link-using-ibm-cloud-direct-link-to-
connect-to-ibm-cloud-object-storage

• Generate ssl self-signed keys:

Login to the Centos vs

cd to root

provide unique value for items in RED.

openssl genrsa -des3 -passout pass:test123abc -out acstest.key 2048

This command will generate a file called acstest.key in your present directory.

Next:
Item in blue is from the previous command output file name.
Items in red you will need to provide with your own information.

openssl req -new -newkey rsa:2048 -nodes -keyout acstest.key -out acstest.csr

[root@centos-reverseproxy-tor01-fg ~]# openssl req -new -newkey rsa:2048 -

nodes -keyout acstest.key -out acstest.csr
Generating a 2048 bit RSA private key
...+++
............................................................................................................+++
writing new private key to acstest.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields, but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:us
State or Province Name (full name) []:pa
Locality Name (e.g., city) [Default City]:Philadelphia
Organization Name (e.g., company) [Default Company Ltd]:IBM
Organizational Unit Name (e.g., section) []:labser
Common Name (e.g., your name or your server's hostname) []:centos-
reverseproxy-tor01-fg
Email Address []:[email protected]

21
 Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:test123
An optional company name []:
[root@centos-reverseproxy-tor01-fg ~]#

Next:
Items in blue are two files generated from previous command.
Now this command will generate the .crt file which you need.

openssl x509 -req -sha256 -days 365 -in acstest.csr -signkey acstest.key -out
acstest.crt

[root@centos-reverseproxy-tor01-fg ~]# openssl x509 -req -sha256 -days 365 -in

labser.csr -signkey labser.key -out labser.crt
Signature ok
subject=/C=us/ST=pa/L=philadelphia/O=ibm/OU=labser/CN=centos-
reverseproxy-tor01-fg/[email protected]
Getting Private key

copy these files to location shown in the above link.

• cp acstest.key /etc/pki/tls
• cp acstest.crt /etc/pki/tls
• Edit nginx.conf file and add the new acstest.key and acstest.crt file to
the path in the file.
• Proxy_Path: use the private endpoint of COS at IBM cloud.
o https://s3.private.us-east.cloud-object-storage.appdomain.cloud;
• Save the file

22
The final nginx.conf looks like this. This file looks different than what is in the above
IBM link. We had to add additional fields to make it work for IBM i COS interface via
this reverse-proxy. Items shown in Red are the ones which may need to be updated.
This also now works for AIX, so we will use this nginx.conf file.

Restart nginx.

• nginx -t
output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

• nginx -s quit; sleep 3; nginx

Your Power VSI client can now submit COS requests to the IP or URLs of the NginX
(proxy).

You will need to generate a HMAC credential.

23
https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-uhc-hmac-
credentials-main

Enter your credentials from the COS HMAC. Make sure when u create a new credential
under Service Credential in COS GUI, you choose Advanced Option and check Include
HMAC Credential check box.

The new credential will now show aws credential too which you used above.
{
"apikey": "2x7rTtJuYFuivMKR3C7iP3Mnausq81t6A42GZoNt6FVb",
"cos_hmac_keys": {
"access_key_id": "e111daebd3…….",
"secret_access_key": "58f6de7f965ef528edc2e9…21036c8d623de"
},
"endpoints": "https://control.cloud-object-
storage.cloud.ibm.com/v2/endpoints",
"iam_apikey_description": "Auto-generated for key e111daeb-d379-42ff-
aa1e-2c8b6994c71……….
}

24
Accessing the VM/LPAR from your PC without Direct Link

• First start the SSHD server on the VM/LPAR:

STRTCPSVR *SSHD
• Start Telnet: STRTCPSVR *TELNET
• Change the following SYSVALs:

• QAUTOVRT to something greater than 0

• QLMTSECOFR to 0

• On Linux or a Mac you would run a command similar to

this:

ssh -L 50000:localhost:23 -L 2001:localhost:2001 -L

2005:localhost:2005 -L 449:localhost:449 -L 8470:localhost:8470 -L
8471:localhost:8471 -L 8472:localhost:8472 -L 8473:localhost:8473 -
L 8474:localhost:8474 -L 8475:localhost:8475 -L 8476:localhost:8476
-o ExitOnForwardFailure=yes -o ServerAliveInterval=15 -o
ServerAliveCountMax=3 <myuser>@<myIPaddress>

• Note: If you have permission denied errors, you may

have to use sudo in front of the ssh command.
• In ACS change the port to 50000 for the 5250 session:

25
 • On Windows you can use PuTTY to run this:
• Open PuTTY and for the Host Name use the public IP
address of the VM/LPAR in the Cloud.
• Create a new name for your Session and Save.

• Select SSH>Tunnels

• Verify you have a check in both boxes

— Local ports accept connections from other hosts
— Remote ports do the same (SSH-2 only)

26
 — Add the following new forwarded ports one at a time:
Source port Destination
2001 localhost:2001
2004 localhost:2004
2005 localhost:2005
2010 localhost:2010
449 localhost:449
50000 localhost:23
8470 localhost:8470
8471 localhost:8471
8472 localhost:8472
8473 localhost:8473
8474 localhost:8474
8475 localhost:8475
8476 localhost:8476
— Select Sessions and Save again
— Now you can Open your new PuTTY Session
— Login with your IBM i User ID and password
— Leave your PuTTY Session running
— If you close the PuTTY Session you will be
disconnected from the IBM i. Just minimize
the PuTTY session.

27
 — You can now start your IBM i Client Solutions (ACS)
5250 session.
— Destination Address = localhost
— Destination Port = 50000
— Screen Size = 27x132

28
Chapter 2: Implementation

Full-system Snapshot and Restore

PowerVS recently introduced the capability to perform snapshots,

restores and clones of Power Virtual Server Instances (VSIs). As of
the time of this writing, the capability is available only via API.

Use Cases

Examples

Legal notices

Note that these samples are AS IS and no normal support will be

provided. Here is the standard text related to the sample code (applies
to this document):

#
# (C) COPYRIGHT International Business Machines Corp. 2020
# All Rights Reserved
# Licensed Materials - Property of IBM
#
# US Government Users Restricted Rights - Use, duplication or
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
#

29
# THE SOURCE CODE EXAMPLES PROVIDED ARE ONLY INTENDED TO ASSIST IN THE
# DEVELOPMENT OF A WORKING SOFTWARE PROGRAM. IN ADDITION, THE SOURCE
# CODE EXAMPLES MAY NOT COMPILE AND/OR BIND SUCCESSFULLY AS WRITTEN.
##
# INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THE SOURCE CODE
# EXAMPLES, BOTH INDIVIDUALLY AND AS ONE OR MORE GROUPS, "AS IS" WITHOUT
# WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
# LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
# PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE
# OF THE SOURCE CODE EXAMPLES, BOTH INDIVIDUALLY AND AS ONE OR MORE GROUPS,
# IS WITH YOU. SHOULD ANY PART OF THE SOURCE CODE EXAMPLES PROVE
# DEFECTIVE, YOU (AND NOT IBM OR AN AUTHORIZED DEALER) ASSUME THE ENTIRE
# COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

# No warranty is given that the contents of the source code examples, whether
# individually or as one or more groups, will meet your requirements or that
# the source code examples are error-free.

General use information about IBM Cloud PowerVS API use

Following example/sample code shows how to use Cloud API. Following

sample focusses on use of VM shutdown and such operations. This
sample should be modified to perform any snapshot/restore such
operations.

#!/bin/bash

### START OF VARIABLES

API_KEY="ENTER YOUR API KEY HERE"
CLOUD_CRN="ENTER YOUR CLOUD CRN"
INSTANCE_NAME="ENTER YOUR INSTANCE NAME"
## Acceptable values are stop, start ,hard-reboot, soft-reboot
OPERATION="stop"

################
IFS=":" read -ra ADDR <<< "${CLOUD_CRN}"
CLOUD_INSTANCE_ID=${ADDR[7]}
CLOUD_URL=(${ADDR[5]}.power-iaas.cloud.ibm.com)

30
## FIRST WE GET THE TOKEN FROM THE CLOUD IAM SERVICE USING THE API KEY

GET_TOKEN=$(curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -H "Accept:

application/json" -d "grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-
type%3Aapikey&apikey=$API_KEY" https://iam.bluemix.net/oidc/token | jq -r '.access_token')

## THIS IS THE POST CALL TO INVOKE the OPERATION

curl -X POST https://$CLOUD_URL/pcloud/v1/cloud-instances/$CLOUD_INSTANCE_ID/pvm-
instances/$INSTANCENAME/action -H "CRN: $CLOUD_CRN " -H "Authorization: Bearer
$GET_TOKEN" -H 'Content-Type:application/json' -d '{ "action":"'$OPERATION'" }'

sleep 30

## THIS IS A GET CALL

curl -X GET https://$CLOUD_URL/pcloud/v1/cloud-instances/$CLOUD_INSTANCE_ID/pvm-
instances/$INSTANCE_NAME -H "CRN: $CLOUD_CRN " -H "Authorization: Bearer $GET_TOKEN" -H
'Content-Type:application/json'

Examples of Disk/Volume Snapshot/Restore/Clone operations

Pre-Conditions:

The body of the Snapshot, Restore and Clone (PVM and Volume) API
would have to be modified with user defined values.

Before running the Restore API, the PVM instance would have to be
SHUTOFF.

Create a new Snapshot:

curl -X POST https://< Cloud IP >/pcloud/v1/cloud-instances/<Cloud

Instance ID>/pvm-instances/<PVM Instance ID>/snapshots \

-H "authorization: <AuthToken>" \

31
-H "content-type: application/json" \

-H "crn: <CRN>" \

-d "{\"name\": \"VM1-SS\",\"description\": \"Snapshotfor

VM1\",\"volumeIDs\": [\"VM1-7397dc00-0000035b-boot-
0\",\"vm1dv1\"]}"

Expected Response:

{"snapshotID":"65ea39fd-cab6-46b3-b88c-3c28479ab019"}

Get Snapshot Details:

curl -X GET https://< Cloud IP >/pcloud/v1/cloud-instances/<Cloud

Instance ID>/snapshots/<Snapshot ID>\

-H "authorization: <AuthToken>" \

-H "content-type: application/json" \

-H "crn: <CRN>"

Expected Response:

"action": "snapshot",

"creationDate": "2020-04-13T08:51:21.000Z",

32
 "description": "Snapshotfor VM1",

"lastUpdateDate": "2020-04-13T08:51:54.000Z",

"name": "VM1-SS",

"percentComplete": 100,

"pvmInstanceID": "7397dc00-f328-4bfb-bef2-27200ca42cb9",

"snapshotID": "65ea39fd-cab6-46b3-b88c-3c28479ab019",

"status": "available",

"volumeSnapshots": {

"398344bb-a64d-4fd5-b3cd-14ddfea6dd0e": "72f07383-ca5b-
46a0-94a2-3d1e7a7faceb",

"7a7a5b6e-1177-400a-82a4-0784957bbe75": "33f91096-f204-
4ed2-8110-c497a258c29c"

Restore to Snapshot:

curl -X POST "https://< Cloud IP >/pcloud/v1/cloud-instances/<Cloud

Instance ID>/pvm-instances/<PVM Instance
ID>/snapshots/<Snapshot ID>/restore?restore_fail_action=" \

-H "authorization: <AuthToken>" \

-H "content-type: application/json" \

-H "crn: <CRN>" \

-d "{\"forceRestore\":\"false\"}"

33
Expected Response:

"action": "restore",

"creationDate": "2020-04-13T08:51:21.000Z",

"description": "Snapshotfor VM1",

"lastUpdateDate": "2020-04-13T08:55:28.000Z",

"name": "VM1-SS",

"pvmInstanceID": "7397dc00-f328-4bfb-bef2-27200ca42cb9",

"snapshotID": "65ea39fd-cab6-46b3-b88c-3c28479ab019",

"status": "available",

"volumeSnapshots": {

"398344bb-a64d-4fd5-b3cd-14ddfea6dd0e": "72f07383-ca5b-
46a0-94a2-3d1e7a7faceb",

"7a7a5b6e-1177-400a-82a4-0784957bbe75": "33f91096-f204-
4ed2-8110-c497a258c29c"

34
Create Volume Clone:

curl -X POST \

https://<Cloud IP>/pcloud/v1/cloud-instances/<Cloud Instance

ID>/volumes/clone \

-H 'authorization: <Auth Token>' \

-H 'content-type: application/json' \

-H 'crn: <CRN>' \

-d '{

"displayName": "PerfClone",

"volumeIDs": ["VMT-1422dbc9-00000063-boot-0", "vmtdv1"]

}'

Expected Response:

"clonedVolumes": {

"6342e6a9-716d-4686-b644-7f089bceb332": "fd99a7ae-3e15-
4f7e-af79-f5637e9a27f8",

"8461389f-e8fb-403f-8f48-81edcc9ef46f": "16ed7611-26cc-
4b93-945d-760cd6a52c58"

35
Create Cloud Resource – using a Direct Link Private
Endpoint (Recommended)

This Example show how to use a Private Endpoint.

1. Create a cloud resource by running the following command:

o CRTS3RICC

Note: Add https:// at the beginning of the Private Endpoint

o Resource name: Can be anything you want

o Resource description: Make it something meaningful

o Access key id: Copy this from your Cloud Object Storage
Resource

a. Click on Service credentials

36
 b. Click on the pull down associated with your Key
name

c. Look for “cos-hmac-keys”:

d. Copy the “access_key_id” without the quotes

o Secret access key: Copy this from your Cloud Object

Storage Resource:

a. Click on Service credentials

b. Click on the pull down associated with your Key

name

c. Look for “cos-hmac-keys”:

d. Copy the “secret_access_key” without the quotes

o Bucket: Copy this from your Cloud Object Storage

Resource

a. Click on Buckets

b. Find your Bucket name

37
 o Resource URI: Copy this from your Cloud Object Storage
Resource

a. Click on Buckets

b. Find your Bucket name

c. Click on the three dots and select Configuration

d. Select the Endpoint for your network connection

38
NOTES:

Depending on where your service or applications is located you will

want to use one of the three endpoint types.

Private - Whenever possible use a private endpoint.

Public - Public endpoints can accept requests from anywhere and

charges are assessed on outgoing bandwidth.

Direct - Direct endpoints can accept requests from within the VPC and
charges are assessed on outgoing bandwidth.

In our scenario, we are using the Public endpoint. Best practice

recommends to use Private or Direct endpoints and NOT Public.

2. Load and Apply PTF Direct Link (DL) Reverse Proxy Server
Support. Support Google Cloud Storage.

• SI73401 - Cloud Storage Solutions Proxy Support

• Run any special instruction on the cover letter
3. Create Data Area QICCS3PRXY in library QICC
o CRTDTAARA DTAARA(QICC/QICCS3PRXY) TYPE(*CHAR)
LEN(256) TEXT('10.166.112.144')
o Text ‘description’ = Private IP address of the Reveres
Proxy Server created in the cloud.

39
 4. Display the Data Area QICC/QICCS3PRXY
o Verify the IP address

5. Configure SSL Encryption for the IBM Cloud Storage Solutions

Application
1) Create a *SYSTEM certificate keystore
a. Log into IBM Navigator for i as a user with authority to use
the DigitalCertificate Manager.

http://localhost:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0

b. In the navigation pane, click Internet Configurations.

c. Click Digital Certificate Manager.

40
 d. Click Create New Certificate Store.
e. Select *SYSTEM, and then click Continue.

Note: If the only option is Other System Certificate Store, a *SYSTEM

certificate store already exists. Click Cancel and proceed to Step 2.

In this Example, we had already created a Certificate Store for 5250 SSL
connections.

f. Select No - Do not create a certificate in the certificate

store.
g. Enter a password for the certificate keystore, enter it again
to confirm it, and then click Continue.
h. Click OK. Do not log out.
2) Copy and Download the certificate authorities from the resource
URI location (Reverse-Proxy Server). For example, using
Microsoft Windows take the following steps:
a. Have the Reverse-Proxy Server Admin send you the
generated ssl self-signed keys you created in the
previous steps. You only need the *.crt text file.
b. Have the admin open the *.crt text file, copy and
paste the text in a note, and then send to you.
c. On you Windows desktop create a text file for your
new *.crt.
d. Open the text file, copy and paste the ssl self-signed
certificate information.

41
 e. Save and rename the new text file with a “.crt”
extension.

Example: labser.crt

3) Upload xxxx.crt text file to IBM i directory:

a. Connect to the IBM i using IBM I Access Client
Solutions.
b. Select your IBM i system name or ip address.
c. Select your System (localhost was created using
PuTTY)
d. Select “Integrated File System”.

e. It will open in your HOME/<USER Profile> directory

you signed on with.

42
 f. Select “Actions” then “Upload”.

g. Select “Browse” to locate the directory and .crt file

on your PC.
h. Click open.

i. Select OK.

43
 4) Import the certificate into the *SYSTEM keystore:
a. In IBM Navigator for i, open the Digital Certificate
Manager.
b. In the navigation pane, click Select a Certificate Store.
c. Select *SYSTEM, and then click Continue.

d. In the Certificate store password field, enter the *SYSTEM

keystore password you created in Step 1, and then click

44
 Continue. The navigation pane displays tasks that you can
perform with the *SYSTEM keystore.

e. In the navigation pane, click Manage Certificates> Import

certificate.
f. Select Certificate Authority (CA)as the type of certificate to
import, and then click Continue.

g. Enter the path and file name of the certificate file that you
copied to the IBM i computer in Step 2, and then click
Continue.

45
 h. Enter a label for the certificate, and then click Continue.
The certificate is imported into the *SYSTEM keystore.
Click OK. Do not log out of the Digital Certificate Manager.

5) Add Cloud Storage Solutions to the list of client applications:

a. In the Digital Certificate Manager navigation pane, click
Manage Applications> Add applications.
b. Select Client, and then click Continue.

46
 c. In the Add application page, in the Application ID field,
type IBM_QICC.
d. Select Application description and in the field type IBM
Cloud Storage Solutions for i.

e. In the Define the CA trust list field, select Yes.

f. Select any SSL values that match your enterprise policies,
such as the SSL protocol, SSL cipher, or SSL signature
algorithm. (I took the defaults *PGM)
g. Click Add, then click OK.

47
 6) Add the certificate authorities to the Cloud Storage Solutions
trust list:
a. In the Digital Certificate Manager navigation pane, click
Manage Applications> Define CA trust list.
b. Select Client, and then click Continue.

48
 c. Select IBM Cloud Storage Solutions for i, and then click
Define CA Trust List.

d. Select all of the certificate authorities that you imported in

Step 3, and then click OK.

Create Cloud Resource – using a Public Endpoint

Note: Skip this step if you are already using a Private Endpoint.

Jump to:

Full-System Backups from the Cloud

OR

Object-level Backups

This Example show how to use a Public - Public Endpoint if you don’t
have a Private Endpoint.

49
 2) Create a cloud resource by running the following command:

2) CRTS3RICC

3) Resource name: Can be anything you want

4) Resource description: Make it something meaningful

5) Access key id: Copy this from your Cloud Object Storage
Resource

a. Click on Service credentials

b. Click on the pull down associated with your Key

name

c. Look for “cos-hmac-keys”:

d. Copy the “access_key_id” without the quotes

6) Secret access key: Copy this from your Cloud Object

Storage Resource:

50
 a. Click on Service credentials

b. Click on the pull down associated with your Key

name

c. Look for “cos-hmac-keys”:

d. Copy the “secret_access_key” without the quotes

7) Bucket: Copy this from your Cloud Object Storage

Resource

a. Click on Buckets

b. Find your Bucket name

8) Resource URI: Copy this from your Cloud Object Storage

Resource

51
 a. Click on Buckets

b. Find your Bucket name

c. Click on the three dots and select Configuration

d. Select the Endpoint for your network connection

NOTES:

Depending on where your service or applications is located you will

want to use one of the three endpoint types.

Private - Whenever possible use a private endpoint.

Public - Public endpoints can accept requests from anywhere and

charges are assessed on outgoing bandwidth.

52
Direct - Direct endpoints can accept requests from within the VPC and
charges are assessed on outgoing bandwidth.

In our scenario, we are using the Public endpoint. Best practice

recommends to use Private or Direct endpoints and NOT Public.

53
Full-System Backups from the Cloud

The following save data must be restored from physical media before BRMS can begin
restoring save data directly from the cloud:

• SAVSYS is required to install the operating system

• product IBM Backup, Recovery and Media Services for i and BRMS save
information is required before automatic recovery can be performed

• product IBM TCP/IP Connectivity for i and configuration information is

required to allow communications with cloud storage providers

• product IBM Cloud Storage Solutions for i and configuration information is

required to establish connections with cloud storage providers

BRMS provides specific control groups that can be used to automatically save this data to
media in the cloud and the cloud media can be used to create physical media. The control
groups will create cloud media that is formatted so it can be downloaded and burned
directly to physical optical media. All remaining data on the system can be backed up to
media in the cloud and restored directly from the cloud without a need to create physical
media.

Control group QCLDBIPLnn can be used to do full backups of all data that must be
recovered from physical media. Likewise, QCLDBGRPnn can be used to do cumulative
incremental saves of the data that must be recovered from physical media.

NOTE: The Journaled objects control group field must be changed to *YES for a
QCLDBGRPnn control group before the control group is used to do an incremental
backup. Run the WRKCTLGBRM command and change the Journaled objects field by
specifying option 8=Change attributes for QCLDBGRPnn.

Control group QCLDBSYSnn can be used to do a full backup of the data which can be
restored directly from the cloud. Likewise, control group QCLDBUSRnn can be used to
do cumulative incremental backups of the data which can be restored directly from the
cloud.

54
NOTE: The Journaled objects control group field must be changed to *YES for a
QCLDBUSRnn control group before the control group is used to do an incremental
backup. Run the WRKCTLGBRM command and change the Journaled objects field by
specifying option 8=Change attributes for QCLDBUSRnn.

It is critical to run the cloud control groups in the correct order otherwise all necessary
media information will not be available to do a recovery. The control groups that
produce media that will be burned to optical must be run after the control groups that
produce media that can be recovered directly from the cloud. For example:

First run BRMS Control Group QCLDBSYS01:

STRBKUBRM CTLGRP(QCLDBSYS01) SBMJOB(*NO)

Second run BRMS Control Group QCLDBIPL01:

STRBKUBRM CTLGRP(QCLDBIPL01) SBMJOB(*NO)

This example will show you how to run the Full-System Backups from the Console.

1. Log in to the IBM Cloud with your IBMid and Password:

o Select your Service (Example shows Toronto 01)

o Select your Virtual server instance:

1) Find your server name “i922brmc-ibmi-cs”

2) Click the three dots on the right
3) Select Open console

55
 2. Sign On using your Dedicated Service Tools (DST) User and password.

- OR -

Select PF18 to Bypass,

1) Select Next
2) Press PF18

NOTES:

56
 • The Console will timeout if inactive after 5 minutes. You may have to end your
Console browser and start a new Console connection.

• If you see a Break Message during the Backup, press Enter once to bring you
back to the screen where you entered the STRBKUBRM command so you can see
the progress of the backup.

3. First run the BRMS Control Group QCLDBSYS01

o Put the system in restricted state
1. ENDSBS SBS(*ALL) DELAY(120)

4. Display QSYSOPR MSGQ, type command DSPMSG QSECOFR and look for
the following messages:

o System ended to restricted condition.

o A request to end TCP/IP has completed.

57
 5. Change subsystems to process for Control Group QCLDBSYS01

o Use the WRKCTLGBRM command

o Find QCLDBSYS01

o Select Option 9=Subsystems to process

o Change Restart to *NO for Seq 10 Subsystem *ALL

58
 6. Run the First backup from the console

STRBKUBRM CTLGRP(QCLDBSYS01) SBMJOB(*NO)

7. Check the backup for errors. Its normal to have some errors:

o Objects not saved. (Some objects are not required for the recovery).

o Media not transferred. (You will complete this step manually after the
Second backup).

8. Check subsystems after the backup completes. You should only have subsystem
QCTL in a status of RSTD. If not, end all subsystems again.

o ENDSBS SBS(*ALL) DELAY(120)

59
 9. Change BRMS Control Group QCLDBIPL01

o Use the WRKCTLGBRM command

o Select Option 8=Change attributes

o Page down once, change Automatically backup media information to

*LIB, also Append to media to *NO.

o Select Option 9=Subsystems to process

o Change Restart to *YES for Seq 10 Subsystem *ALL

60
 10. Run the Second backup from the console

STRBKUBRM CTLGRP(QCLDBIPL01) SBMJOB(*NO)

61
 11. Check the backup for errors. It’s normal to have some errors:

o Objects not saved. (Some objects are not required for the recovery).

o Media not transferred. (Will complete this manually after the Second
backup).

12. Now you will Identify the Volumes used the BOTH backups QCLDBSYS01 and
QCLDBIPL001 and transfer to IBM Cloud Object Storage (COS).

13. Check the status of the transfer.

o Run command WRKSTSICC STATUS(*ALL)

o If the Status in Failed, this is normal. We will transfer the volumes in the
next step.

14. Identify which Volumes were used for the backups:

o WRKMEDBRM TYPE(*TRF)

62
 15. Transfer the Volumes to IBM Cloud Object Storage (COS)
o Run command STRMNTBRM

o Run command WRKSTSICC STATUS(*ALL)

o You will see the Volume Name, Status, and Complete% for each file
transfer. Wait until all Volumes have Successfully been completed to
proceed to the next step.

16. Verify that all the Volumes used for the Full-System Backup no longer have a
status of *TRF
o WRKMEDBRM TYPE(*TRF)
o You should not see any Volumes in the list

17. As with other recoveries that are performed using BRMS, a recovery report is
used to assist with successful recoveries from save media that has been transferred
to the cloud. To generate a report for recovery from the cloud, run the following
command:

STRRCYBRM OPTION(*CTLGRP) ACTION(*REPORT)

CTLGRP((QCLDBSYS01 1) (QCLDBIPL01 2))

NOTES:

• It is important to review the recovery report to ensure it is complete. If any of the

media produced during the backup has not been successfully transferred to the
cloud, it will not be included in the recovery report. The CTLGRP and PERIOD
parameters that were specified on the STRRCYBRM command above will help
identify objects that were saved to volumes that have not been transferred to the

63
 cloud. If objects are on volumes that were not included in the recovery report,
they will be listed in a missing objects Attention section near top of the report.

• Once the recovery report has been verified, the report should be stored in a safe
location so it can be referred to during a recovery.

• On Monday through Saturday you can run daily incremental backups using the
following control groups:

STRBKUBRM CTLGRP(QCLDBUSR01) SBMJOB(*NO)

STRBKUBRM CTLGRP(QCLDBGRP01) SBMJOB(*NO)

64
Full-System Recovery from the Cloud using IBM i as
an NFS Server

Setting up IBM i Network Install Server with NFS Server and

NFS Client

1. Provision an IBM i VSIs in target PowerVS location to be an NFS Server.

2. IBM i NFS Server should have a minimum of Version 7.2 with current
PTFs.
3. To use virtual optical images through an NFS server, the IBM i NFS client
must meet the following requirements:
4. The IBM i must have a Version 4 Internet Protocol (IP) address.
- During set up, the shared NFS server directory must be mounted over a
directory on the IBM i client.
- Either an IBM i service tools server or a LAN console connection must
be configured using a Version 4 IP address.
- A 632B-003 virtual optical device must be created using the IP address
of the NFS server.

Note: The IBM i IP address and the IBM i service tools server (LAN
console connection) IP address may be the same.

Requirements creating a PowerVSI NFS Server Example:

1. Create IBM i VSI NFS Server in PowerVS location

o Make sure you have enough disk storage to support the size of the SAVSYS
or Control Group QCLDBIPLxx.
2. Create IBM i VSI Client in Server in the same PowerVS location
o Make sure you have double the disk storage to support the size of the
IMAGE Catalog volumes (User Data), and the Full-System Restore.
3. Verify that the IBM I VSI Client Server can ping itself and the ip address of IBM i
VSI NFS Server.
4. Verify that the IBM i VSI NFS Server can ping itself and the ip address of IBM i
VSI Client Server.

65
Creating an IBM i PowerVSI NFS Server Example:

• Create IBM i VSI NFS Server in your PowerVS location

• Follow the steps in the section called:
• Provision AIX or IBM i VSIs in each PowerVS location
• Once you have completed the provisioning and added your storage you can
continue with the next steps
• Create a mount directory for the IBM i VSI NFS server
• First run the command MKDIR DIR(‘/install’)
• Second run the command MKDIR DIR(‘/install/sysipl’)
• This will create a new directory in the IFS called /install/sysipl

• From the Cloud, copy the volumes created with the QCLDBIPL01 backup. In our
example we had three volumes.
Example: (Q06990, Q07898, Q08807)
• Resource name = the cloud resource that was created
• Submit to batch = *YES (you can submit all 3 at the same time)
• Cloud file name = Full name of the volume on the cloud
• Display the volumes on the COS
• Cloud Object Storage>Bucket>Object name>Details
• Local file name = Full directory path plus volume name
Note:
BRMS stores media in the cloud as files under directory
QBRMS_XXXXXXXX, where XXXXXXXX is the name of the system that
performed the backups.

66
 Use the command CPYFRMCLD

• Check the status of the transfer jobs

• WRKSTSICC STATUS(*ALL)

• Go to the next step once all volumes have completed the transfer and show a
status of “Success”

67
Create Virtual Optical Device on IBM i VSI NFS Server

1. Create Virtual Optical Deive called “INSTALL”

CRTDEVOPT DEVD(INSTALL) RSRCNAME(*VRT) LCLINTNETA(*N)

2. Vary on Virtual Optical Device

WRKCFGSTS *DEV INSTALL

3. Create Image Catalog

o Image catalog = SYSIPL
o Directory = ‘/install/sysipl’

CRTIMGCLG IMGCLG(SYSIPL) DIR('/install/sysipl')

4. Add Image Catalog Entry

68
 ADDIMGCLGE
o For the First volume Q06990

5. Add the next 2 using the same name for the TOFILE (To image file)

6. Load Image Catalog

o Image catalog = SYSIPL
o Virtual device = INSTALL

69
 7. Verify Image Catalog
o WRKIMGCLG
o Select Option 10=Verify for image catalog “SYSIPL”
o Verify type = *LIC
o Sort image catalog = *YES
o Network file server share = *YES

8. Work with Entries

o Select Option 12=Work with entries for image catalog “SYSIPL”
o Verify the Directory
o Verify the Index order of the image file name ( the image file that contains
the SAVSYS should be the first one)
o Verify the status (Mounted or Loaded)

70
 9. Work with Object Links
o WRKLNK OBJ('/install/sysipl/*')
o Verify that a BOOTP DIR was created
o Verify that a VOLUME_LIST was created

10. Run command to start NFS Servers

STRNFSSVR SERVER(*ALL)
11. Run command to change NFS export options
CHGNFSEXP OPTIONS('-i -o ro') DIR('/install/sysipl')

71
 12. Run command to change Object Authority
CHGAUT OBJ('/install/sysipl') USER(*PUBLIC) DTAAUT(*RWX)
SUBTREE(*ALL)

13. Run command to change TFTP Attributes

CHGTFTPA AUTOSTART(*YES) ALTSRCDIR('/install/sysipl')

Specify the Alternate source directory where the volumes are stored

14. Run command to change Object Authority

CHGAUT OBJ('/install/sysipl') USER(QTFTP) DTAAUT(*RX) SUBTREE(*ALL)

72
 15. End TCP Server TFTP
ENDTCPSVR SERVER(*TFTP)
16. Start TCP Server TFTP
STRTCPSVR SERVER(*TFTP)

Creating an IBM i PowerVSI Client Server Example:

1. Create IBM i VSI Client Server in your PowerVS location

o Follow the steps in the section called:
• Provision AIX or IBM i VSIs in each PowerVS location
2. Once you have completed the provisioning and added your storage you can
continue with the next steps

Configure IBM i PowerVSI Client Server (TARGET), NFS Network LAN install
device

3. Start System Service Tools (SST)

o STRSST and Sign On

4. Select Option 8=Work with service tools user IDs and Devices

73
 5. Select F13=Select STS LAN adapter
o Press Next, then F13 on the bottom of the console screen

6. Option 1=Select

74
 o Use the same resource used to communicate with the IBM i VSI NFS
Server

Note:

The CMNxx Resource needs to be on the same VLAN (public, direct, or DL) as
your IBM i VSI NSF Server. You also need to End TCP/IP and Vary Off the Line
Description using that CMNxx.

7. Configure Service Tools LAN Adapter

o IP version allowed = IPV4
o Internet address = you can use the same ip address of the client
(TARGET) IBM i VSI
o Gateway router address = use the same gateway on the client (TARGET)
o Subnet mask = use the same
o Press F7=Store
o Press F13= Deactivate
o Press F14=Activate

75
Note:

After you press F14 Activate, the addapter will restart, which may not be ready
right away.

8. Select F3=Exit to exit out of Service Tools

9. Work with IP IPv4 Connection Status and verify port 3000 status
o Command NETSTAT
o Option 3=Work with IPv4 connection status
o Press F14=Display port numbers
o Check to see that port number 3000 (as-sts) is running which is (Service
Tools Server)

76
 10. On the Client Server Create Optical Device
o CRTDEVOPT
o Press F4 to prompt
o Local internet address = *SRVLAN
o Remote internet address = the ip address of the IBM i VSI NFS Server
o Network image directory = ‘/install/sysipl’

11. WRKCFGSTS *DEV INSTALL

o Option 1= Vary On for device INSTALL

77
 12. Verify you can access the remote image catalog
WRKIMGCLGE IMGCLG(*DEV) DEV(INSTALL)

13. Verify the Catalog, Type, and Directory

o /install/sysipl
o Volumes should be Mounted and Loaded

78
Install Licensed Internal Code LIC on IBM i PowerVSI Client Server (TARGET)
using NFS Network Server

**WARNING**

Before you begin the scratch install on the (TARGET) IBM i VSI, be sure to document all
your current network information. You will have to recreate these after the install in
order to complete the restore:

As an Example: You should document the following:

• CFGTCP
- Work with TCP/IP interfaces
Internet Subnet Line Line
Address Mask Description Type

127.0.0.1 255.0.0.0 *LOOPBACK *NONE

192.168.6.117 255.255.255.0 CLOUDINIT1 *ELAN
192.168.142.76 255.255.255.248 CLOUDINIT2 *ELAN

- Work with TCP/IP routes

Route Subnet Next Preferred
Destination Mask Hop Interface

*DFTROUTE *NONE 192.168.6.101 *NONE

*DFTROUTE *NONE 192.168.142.73 *NONE
10.166.112.0 255.255.255.0 192.168.6.101 *NONE
• DSPLIND
- CLOUDINIT0
- CLOUDINIT1
- CLOUDINIT2
▪ Line description . . . . . . . . . : CLOUDINIT2
▪ Option . . . . . . . . . . . . . . : *BASIC
▪ Category of line . . . . . . . . . : *ELAN
▪ Resource name . . . . . . . . . . : CMN04
• WRKHDWRSC *CMN
- Display all the CMNxx resource detail you have and document the
Location and resource name
▪ Resource name . . . . . . . : CMN03
▪ Location : U9009.22A.788D380-V5-C4-T1

79
 1. Start Network Install
o STRNETINS press F4 to prompt
o Network optical device = INSTALL
o Installation option = *LIC
o Keylock mode = MANUAL

2. Press F16 to confirm power down

COMM657 was displayed for around 15 minutes.

3. Select Option 1=Install Licensed Interanl Code

80
 4. Select Option 2=Install Licensed Internal Code and Initialize System

81
 5. Press F10 to Continue

This took about 15 minutes plus 5 minutes for the IPL to complete.

82
 6. Press F10 to Accept the problems and continue
o You will get this screen if you have more disk to add to the ASP

7. At the IPL or Install the System Menu

o Select Option 3 = Use Dedicated Service Tools (DST)

83
QSECOFR upper case for the password

8. Change the service tools user ID QSECOFR password

84
 9. On the Use Dedicated Service Tools (DST) Menu
o Select Option 4=Work with disk units
• This is when you can add non-configured disk to you system

10. Select Option 1=Work with disk configuration

85
 11. Select Option 3=Work with ASP configuration

12. Select Option 3=Add units to ASPs

86
 13. Select Option 3=Add units to existing ASPs

14. Specify ASP 1 for each unit to add

87
 15. Press F10 to Ignore problems and continue

16. Press Enter to confirm your choice for Add units

88
89
 17. Verify disk units have been added
o Select Option 1=Work with disk configuration

18. Select Option 1=Display disk configuration

90
 19. Select Option 1=Display disk configuration status

or

Select Option 2=Display disk configuration capacity

20. Press F3=Exit three times and take Option 1. Exit Dedicated Service Tools (DST)

91
Install the Base Operating System IBM i Power VSI Client Server (TARGET) using
NFS Network Server

1. Select Option 2=Install the operating system

2. Select Option 5=Network device

92
 3. Configure the Network Device
o Server IP = the IP address of the SOURCE NFS IBM i VSI Server
o Path Name = the name of the Directory where the image volumes are
located
o Press F10 =Continue

4. Press Enter to confirm

5. Press Enter again

93
 6. Press Enter to confirm

7. Select Option 2=Change install options

94
 8. Select Option 1=Restore programs and language objects from the current media
set (this will restore system information from the SOURCE system backup)
o Select Option 2=Keep for Job and output queues
o Select Option 1=Yes for distribute operating system and on available disk
units

9. Change System information 1=Restore

95
 10. User = QSECOFR

96
 11. Change the following:
o Start print writers = N
o Start system to restricted state = Y
o Set major system options = Y
o Define or change system at IPL = Y

12. Verify… Enable automatic configuration = Y

97
 13. Select Option 3= System value commands

14. Select Option 3=Work with system values

98
 15. Select Option 2=Change for each of the System Values
o Change and document any of the changes made from the list below:

----- Attention ---------------------------------------------------

To prevent the recovery from failing, change the following system

values to the new settings when you reach the "Define and Change the

System at IPL" task during operating system recovery.

Record the current setting for use after the recovery is complete.

System value Current setting New setting

QALWOBJRST _______________ *ALL

QFRCCVNRST _______________ 0

QINACTITV _______________ *NONE

QJOBMSGQFL _______________ *PRTWRAP

QJOBMSGQMX _______________ 30 (minimum, 64 recommended)

QLMTDEVSSN _______________ 0

QLMTSECOFR _______________ 0

99
 QMAXSIGN _______________ *NOMAX

QPFRADJ _______________ 2

QPWDEXPITV _______________ *NOMAX

QSCANFSCTL _______________ *NOPOSTRST

QVFYOBJRST _______________ 1

16. Press F3=Exit, two times or until you get the next screen.

100
 17. Press Enter to continue

18. Change Password

Current password = QSECOFR

101
 19. At the IBM i Main Menu notice the System name changed

20. At the command line type GO LICPGM

- Option 10=Display Installed Licensed Programs

Notice you have the Base IBM i installed and Library QGPL and QUSRSYS are
*BACKLEVEL

102
Recover the BRMS Product and Associated Libraries on the IBM i Power VSI
Client Server (TARGET) using NFS Network Server

1. On the Client Server Create Optical Device

o CRTDEVOPT
o Press F4 to prompt
o Local internet address = *SRVLAN
o Remote internet address = the ip address of the IBM i VSI NFS Server
o Network image directory = ‘/install/sysipl’

2. WRKCFGSTS *DEV INSTALL

o Option 1= Vary On for device INSTALL

3. Verify you can access the remote image catalog

WRKIMGCLGE IMGCLG(*DEV) DEV(INSTALL)

103
 4. Verify the Catalog, Type, and Directory
o /install/sysipl
o Volumes should be Mounted and Loaded

Note:

You will find your BRMS Recovery Report from file name “QP1ARCY”

“Recovery Report”

5. Follow Step 004 in the BRMS Recovery Report

- STEP 004 : Recover the BRMS Product and Associated Libraries

Change the QSYSOPR message queue to prevent messages not related to

the recovery from interrupting the recovery process.

To do so, type the following command and press "Enter".

CHGMSGQ MSGQ(QSYSOPR) DLVRY(*NOTIFY) SEV(99)

- Recover the libraries listed below, specifying the saved-item, the

name of the standalone device or media library you are using,

and the volume identifiers and sequence numbers listed.

For type *FULL, run the following command.

RSTLIB SAVLIB(saved-item) DEV(device-name)

VOL(volume-identifier) OPTFILE('')

104
Saved Save ----- ASP ------ Save Save Not Sequence

Item Type Name Number Date Time Saved Saved Number

---------- ------- ---------- ----- -------- -------- -------- ------ ---------

QBRM *FULL *SYSBAS 00001 7/06/20 10:37:08 1184 0 48

OPTFILE('/BRMSOPTSAV2248801200706103706I922BRMC/QBRM ')

QMSE *FULL *SYSBAS 00001 7/06/20 10:37:09 8 0 49

OPTFILE('/BRMSOPTSAV2248801200706103706I922BRMC/QMSE ')

QUSRBRM *FULL *SYSBAS 00001 7/06/20 10:37:41 264 0 58

OPTFILE('/BRMSOPTSAV2248801200706103708I922BRMC/QUSRBRM ')

105
 6. Follow Step 005 in the BRMS Recovery Report
- STEP 005 : Recover BRMS Related Media Information

You must recover this information for the BRMS product to accurately

guide you through the remaining recovery steps.

Recover the libraries listed below, specifying the saved-item, the

name of the standalone device or media library you are using,

and the volume identifiers and sequence numbers listed.

To do so, type the following command and press "Enter".

RSTOBJ OBJ(*ALL) SAVLIB(saved-item) DEV(device-name)

VOL(volume-identifier) OPTFILE('')

MBROPT(*ALL) ALWOBJDIF(*COMPATIBLE)
Saved Save ----- ASP ------ Save Save Not Sequence

Item Type Name Number Date Time Saved Saved Number

---------- ------- ---------- ----- -------- -------- -------- ------ ---------

QUSRBRM *QBRM *SYSBAS 00001 7/06/20 10:37:48 16 0 59

7. Follow Step 006 in the BRMS Recovery Report

- STEP 006 : Initialize BRMS Functional Authority Information

INZBRM OPTION(*SETAUT)

SETUSRBRM USER(QSECOFR) USAGE(*ADMIN)

8. Follow Step 009 in the BRMS Recovery Report

- STEP 009 : Initialize BRMS Device and Media Library Information

INZBRM OPTION(*DEVICE)

WRKDEVBRM

106
 - Verify your “INSTALL” device is in the list

9. Follow Step 010 in the BRMS Recovery Report

- STEP 010 : Recover User Profiles

----- Attention --------------------------------------------------

THIS REPORT CONTAINS ITEMS FROM A CLOUD BACKUP.

PLEASE RUN THE FOLLOWING PROGRAM CALL TO SET UP THE CLOUD

VOLUMES:

CALL QBRM/Q1AOLD PARM('CLOUD ' 'FIXDRVOL '

'Q06990' 'Q07898' 'Q08807' 'Q13692' 'Q32656')

Note:

You will find your VOLUMES from the BRMS Report file name “QP1A2RCY”

“Recovery Volume Summary Report”

- OR -

107
---------------------------------------------------------------------

You should restore a current version of your user profiles.

To do so, type the following command and press "Enter".

STRRCYBRM OPTION(*SYSTEM) ACTION(*RESTORE)

----- Attention ---------------------------------------------------

Press F9 on the Select Recovery Items display to go to the Restore

Command Defaults display.

__ Ensure the tape device name or media library device name is

correct for the Device prompt.

__ Ensure *SAVLIB is specified for the Restore to library prompt.

__ Ensure *SAVASP is specified for the Auxiliary storage pool prompt.

__ ENSURE *YES IS SPECIFIED FOR THE CREATE PARENT DIRECTORIES

PROMPT.

If you are recovering to a different system or a different logical

partition, you must specify the following:

__ *ALL for the Data base member option prompt.

108
__ *COMPATIBLE for the Allow object differences prompt.

__ *NONE for the System resource management prompt.

Press "Enter" to return to the Select Recovery Items display.

10. Press F9= Restore Command Defaults and make the following changes

109
 11. Page down once and make the following changes
o System resource management = *NONE (needs to be when you restore to
a different system)

12. Select Option 1=Select “*SAVSECDTA” and press Enter

110
Note:

If you get a message “Waiting for reply to message on message queue QSYSOPR. Select
SysReq and type 6 to display QSYSOPR system messages.

If your asked to Load volume Qxxxxx on INSTALL (C G).

Type C to cancel and to continue with the restore.

13. Follow Step 011 in the BRMS Recovery Report

- STEP 011 : Change QSECOFR User Profile Password

CHGUSRPRF USRPRF(QSECOFR) PASSWORD(new-password)

14. Follow Step 012 in the BRMS Recovery Report

- STEP 012 : Recover Configuration Data
o Select Option 1=Select “*SAVCFG” and press Enter

111
 15. Follow Step 013 in the BRMS Recovery Report
- STEP 013 : Recover Required System Libraries
o Select Option 1=Select for all of the “Saved Item” and press Enter

112
Work with TCP/IP Interfaces and add Internet Address from TARGET IBM i

Before you began the scratch install on the (TARGET) IBM i VSI, you document all your
current network information. You will NOW have to recreate these in order to complete
the restore:

1. Work with TCP/IP Interfaces

o Command CFGTCP
o Select Option 1= Work with TCP/IP interfaces
o Select Option 1=Add (enter the IP Address you used to connects to the
Cloud Object Storage (COS)

Use the IP Address information you documented from the TARGET IBM i VM created
in previous Step “Install Licensed Internal Code LIC on IBM i PowerVSI Client
Server (TARGET) using NFS Network Server”

Internet address = ip address x.x.x.x

113
Subnet mask = 255.255.255.x

Line description = use one of the 3 CLOUDINITx line description that was restored or
use the same one that was documented

2. Work with TCP/IP Interfaces to Start the Interface

o Command CFGTCP
o Select Option 1= Work with TCP/IP interfaces
o Select Option 9= Start

3. Find the Resource URI used for the Cloud Object Storage (COS), this is where
you volumes are stored.
o Work with ICC Resources
o Command WRKCFGICC press Enter
o Select Option 5=Display

114
 4. Document the Resource URI

5. See if you can ping the Resource URI to verify the connection
- If the ping was successful you have a working network to the Cloud Object
Storage.
- If the ping was unsuccessful, END the IP Interface and Vary off the Ethernet Line.
Change the Ethernet line description to another CMNxx Resource you haven’t
used yet and try to ping again.

6. Create a virtual tape device:

o CRTDEVTAP DEVD(TOR1CLDTAP) RSRCNAME(*VRT)

115
 7. Vary on the virtual tape device:

o VRYCFG CFGOBJ(TOR1CLDTAP) CFGTYPE(*DEV)

STATUS(*ON)

At this point the recovery, physical media is no longer required, media will be
downloaded from the cloud.

Since the system is in restricted state, TCP/IP must be started so BRMS can transfer the
media.

----- Attention ---------------------------------------------------

If done in a previous step, this is not required to be run again

TCP/IP must be started so BRMS can transfer media required by a

recovery from the cloud.

If you wish to continue the recovery in restricted state, run the

following commands:

• STRTCP STRSVR(*NO) STRIFC(*NO) STRPTPPRF(*NO) STRIP6(*YES)

• STRTCPIFC INTNETADR('nnn.nnn.nnn.nnn')

Where 'nnn.nnn.nnn.nnn' is the internet address of the

recovery system. nnn is a decimal number ranging from 0

116
 through 255.

NOTE: Use of restricted state TCP/IP requires that 5770SS1

option 3 was installed when the backups were run.

Otherwise, start all subsystems by running the following commands:

• STRSBS SBSD(QCTL)

• STRTCP

-----------------------------------------------------------------------------------------------------------

8. Move volumes from Cloud Object Storage (COS) to the TARGET IBM i VSI
Client

o WRKMEDBRM press Enter

o Find your volumes from the BRMS Recovery Report

If you volume has a plus (+) to the right, it is part of a serial set.

o Select Option 6=Work with serial set

Notice the Location of the volumes, they should still be in the Cloud Object Storage
(COS) Location.

9. Select Option 8=Move (all the volumes at the same time) press Enter

117
 10. Change the Storage location to *HOME and press Enter

11. Check the ICC Status transfer

o WRKSTSICC STATUS(*ALL)
o Check Status is “Active”
o Oper = FRMCLD (From Cloud)
o Once all the jobs have a Status of Success, you can continue with the
BRMS restore

WRKSTSICC STATUS(*ALL)

118
 12. Follow Step 014 in the BRMS Recovery Report
- STEP 014 : Reset BRMS Device and Media Library Information
- INZBRM OPTION(*DEVICE)
- WRKDEVBRM
- You should see Virtual Tape Device “TOR1CLDTAP *VRTTAP”

119
Recover IBM Product Libraries on the IBM i Power VSI Client Server (TARGET)
using Cloud Object Storage (COS)

1. Follow Step 017 in the BRMS Recovery Report

- STEP 017 : Recover IBM Product Libraries

STRRCYBRM OPTION(*IBM) ACTION(*RESTORE)

-------------------------------------------------------------------

The Restore Command Defaults should be used to specify the correct Device
parameter and change the Create parent directories prompt back to *NO.

----- Attention ---------------------------------------------------

Press F9 on the Select Recovery Items display to go to the Restore

Command Defaults display.

__ Ensure *MEDCLS is specified for the Device prompt.

__ Ensure *NO is specified for the Create parent directories prompt.

Press "Enter" to return to the Select Recovery Items display.

-----------------------------------------------------------------------

2. Review the list of Recovery Items and Remove any that have already been
restored.
o Select Option 4=Remove and press Enter
▪ You can also see that the “Volume Serial” is from the optical
media
▪ Once you remove the items, they will drop off the list

120
 3. Change the Recovery Defaults
o Select F9=Recovery defaults
o Device = TOR1CLDTAP
o Option = *ALL
o Data base member option = *ALL
o Restore spooled file data = *NEW
o Allow object differences = *COMPATIBLE

4. Page down
o System resource management = *NONE
o Create parent directories = *NO

121
 o Press Enter to return to “Select Recovery Items”

5. Select the saved items

o Review the list again
o Select Option 1=Select for each item
or
o Select F16= Select (this will select all the items for you)
o Press Enter to recover the saved items

122
Recover User Libraries on the IBM i Power VSI Client Server (TARGET) using
Cloud Object Storage (COS)

1. Follow Step 018 in the BRMS Recovery Report

- STEP 018 : Recover User Libraries

STRRCYBRM OPTION(*ALLUSR) ACTION(*RESTORE)

2. Review the list of Recovery Items and Remove any that have already been
restored.
o Select Option 4=Remove and press Enter
▪ You can also see that the “Volume Serial” is from the optical
media
▪ Press F11=Object View (will show you which Control Group
created the saved item)
▪ Remove items created by “QCLDBIPL01”
▪ Once you remove the items, they will drop off the list

123
 3. Select the saved items
o Review the list again
o Select Option 1=Select for each item
or
o Select F16= Select (this will select all the items for you)
o Press Enter to recover the saved items

124
Recover Document Library Objects on the IBM i Power VSI Client Server
(TARGET) using Cloud Object Storage (COS)

1. Follow Step 019 in the BRMS Recovery Report

- STEP 019 : Recover Document Library Objects

STRRCYBRM OPTION(*ALLDLO) ACTION(*RESTORE)

2. Select the saved item
o Select Option 1=Select
o Press Enter to recover the saved items

125
Recover Directories and Files on the IBM i Power VSI Client Server (TARGET)
using Cloud Object Storage (COS)

1. Follow Step 020 in the BRMS Recovery Report

- STEP 020 : Recover Directories and Files

STRRCYBRM OPTION(*LNKLIST) ACTION(*RESTORE)

2. Review the list of Recovery Items and Remove any that have already been
restored.
o Select Option 4=Remove and press Enter
▪ You can also see that the “Volume Serial” is from the optical
media
▪ Press F11=Object View (will show you which Control Group
created the saved item)
▪ Remove items created by “QCLDBIPL01”
▪ Once you remove the items, they will drop off the list

2. Select the saved items

o Select Option 1=Select
o Press Enter to recover the saved items

126
 3. You can see the progress of the “processing objects” and “completed objects” as
they get restored

Complete Final Steps in BRMS on the IBM i Power VSI Client Server (TARGET)

1. Follow Step 025 in the BRMS Recovery Report

- STEP 025 : Update Program Temporary Fix Information

UPDPTFINF

2. Follow Step 026 in the BRMS Recovery Report

- STEP 026 : Recover Authorization Information

RSTAUT USRPRF(*ALL)

127
 3. Follow Step 027 in the BRMS Recovery Report
- STEP 027 : Verify System Information
- This will restore your System Values

UPDSYSINF LIB(QUSRSYS) TYPE(*SYSVAL)

4. Follow Step 030 in the BRMS Recovery Report

- STEP 030 : Print Job Log

DSPJOBLOG JOB(*) OUTPUT(*PRINT)

5. Change IPL Attributes

- CHGIPLA
- Start to restricted state = *YES
• After the IPL you can verify the system

128
 • Check network, software license keys, etc..

6. Change System Value for QIPLTYPE

- WRKSYSVAL QIPLTYPE
- Select Option 2=Change

7. Select 0=Unattended IPL

8. Follow Step 031 in the BRMS Recovery Report

129
 - STEP 031 : Perform IPL

PWRDWNSYS OPTION(*IMMED) RESTART(*YES)

Press F16=Confirm

9. At the IPL or Install the System Menu

- Select Option 3=Use Dedicated Service Tools (DST)

10. Sign On to Dedicated Service Tools (DST)

130
 11. Select Option 7=Start a service tool

12. Select Option 7=Operator panel functions

131
 13. IPL mode:
o Select Option 2=Normal
o Press F8 to set the IPL attributes and restart the system

132
 14. Press Enter to confirm

15. Your System will IPL to a Sign On Screen

133
Object-level Backups

Automatic Transfers of Media to Cloud Storage

Control groups that have a QCLD prefix will cause BRMS to

automatically create and transfer media to the cloud during a backups.

NOTES:

1. The automatic transfer will begin after the first volume switch if
the save spans media

2. Using SAVxxxBRM commands will not trigger the automatic

transfer of media.

3. When using virtual optical media, the automatic transfer will only
start once the save job is completed.

BRMS control groups for automatic transfers to the cloud -

QCLDBxxxxx

Control groups that have a QCLDB prefix are created by BRMS for each
cloud resource defined on the system. The QCLDB control groups
should not be changed by the user but users can tailor control groups
that will automatically transfer media to the cloud, see section User
control groups for automatic transfers to the cloud -
QCLDUxxxxx below for more information.

Note: When using IBM Cloud Storage Solutions for i V1.2.0, a full
system backup requires that the data from QCLDBIPLnn and
QCLDBGRPnn control groups are backed up using a cloud connector
resource that does not use encryption and/or compression. To use
cloud connector resources with encryption and/or compression for a
full system save scenario, you must create two different sets of cloud
connectors to the same resource. One control group pair using
compression and/or encryption and another pair using neither
compression nor encryption to back up all the system data needed for
a Disaster Recovery.

134
The control groups QCLDBSYSnn and QCLDBUSRnn can be backed up
with a cloud connector resource using any configuration.

The following control groups will be created by BRMS:

• QCLDBIPLxx - Used to do SAVSYS and full backups of system

and user objects to media that will be transferred to the cloud
but must be burned to optical media before use during recovery.
This group is not created for cloud connectors using compression
or encryption.

• QCLDBGRPxx - Used to do cumulative incremental backups of

system and user objects to media that will be transferred to the
cloud but must be burned to optical media before use during
recovery. This group is not created for cloud connectors using
compression or encryption.

• QCLDBSYSxx - Used to do full backups of system and user

objects that can be restored from cloud media without burning
the cloud media to physical optical media.

• QCLDBUSRxx - Used to do cumulative incremental backups of

system and user objects that can be restored from cloud media
without burning the cloud media to physical optical media.

where xx is a unique number for each cloud resource.

NOTES:

1. Control groups that have a QCLDB prefix cannot be

deleted. QCLDBxxxxx control groups should not be changed by
the user.

2. QCLDBIPLxx and QCLDBGRPxx BRMS control groups only work

for basic cloud connectors. These groups cannot be used with
cloud connectors created using IBM Cloud Storage Solutions for i
V1.2.0 with compression or encryption.

135
 3. Do not copy the QCLDBIPLxx and QCLDBGRPxx control
groups and modify the copies to use encryption or compression
connectors. They will not work in a Disaster Recovery scenario.

User control groups for automatic transfers to the cloud -

QCLDUxxxxx

QCLDBxxxxx control groups should not be changed by the

user. Instead, a QCLDBxxxxx control group can be copied to a
QCLDUuuuuu control group, where uuuuu is a user specified suffix,
which the user can then change. Since the user's QCLDUuuuuu control
group has a QCLD prefix, it will also cause BRMS to automatically
create and transfer media to the cloud when it is used to do a backup.

After a QCLDBxxxxx control group has been copied to QCLDUuuuuu,

QCLDUuuuuu will be associated with the move policy that was created
by BRMS for the cloud resource. The move policy associated with the
control group can be changed but the move policy that is used must
contain a cloud location at sequence 10 otherwise automatic cloud
transfers will not work properly.

Saving a Single Library to Cloud Object Storage (COS)

This scenario will copy a single library and name it (CLDLIB),

automatically transfer the media to the cloud and then transfer media
back to the system during a restore.

1. Configure BRMS objects required to use the cloud resource:

o INZBRM OPTION(*DATA)

2. The pre-defined cloud control groups that BRMS created for the
cloud resource should be setup to work as defined.

136
 3. To simplify this example, copy one of the pre-defined control
groups:

o WRKCTLGBRM TYPE(*BKU)

• specify 3=Copy next to QCLDBUSR01

▪ specify QCLDUUSR01 for the New Name field

4. Copy a library to save to the cloud:

o WRKLIB LIB(QUSRTOOL)

• Specify 3=Copy next to QUSRTOOL

137
 • Specify New library = CLDLIB

5. Change the entries in the control group to save the library

created in the previous step:

o WRKCTLGBRM TYPE(*BKU)

• specify 2=Change entries next to QCLDUUSR01

▪ clear all entries from the control group by

removing all the numbers from the Seq column

▪ add and entry for library CLDLIB:

▪ Seq - 10

▪ Backup Items - CLDLIB

▪ Retain Object Detail - *OBJ (Object detail

is kept in the BRMS backup history). You
can still restore objects from the library if
*ERR default value is used.

o WRKCTLGBRM TYPE(*BKU)

• specify 8=Change attributes next to QCLDUUSR01

• Sign off interactive users - *NO

138
 • page down once

• Automatically backup media information - *NONE

• Append to media - *NO

• page down once again

• IPL after backup - *NO

139
 6. Run the control group:

o STRBKUBRM CTLGRP(QCLDUUSR01) SBMJOB(*NO)

7. View the media to verify that it is at the cloud location:

o WRKMEDBRM FILEGRP(QCLDUUSR01)

• verify the volume is in *ACT status

• verify the location is the cloud resource created in

step 1

8. Delete the library:

o DLTLIB LIB(CLDLIB)

9. Restore the library:

o WRKMEDIBRM CTLGRP(QCLDUUSR01)

• specify 7=Restore next to the saved item

▪ specify 1=Select next to the saved item

140
 10. Verify that the library was restored:

o DSPLIB LIB(CLDLIB)

11. Verify that the library was restored from the Cloud Object
Storage Location

o WRKSTSICC STATUS(*ALL)

• Volume name – Q21041

• Status – Success

• Oper – FRMCLD (From Cloud)

12. View the media to verify that it is at the home location:

141
 o WRKMEDBRM FILEGRP(QCLDUUSR01)

• verify the volume is in *ACT status

• verify the location is *HOME

13. Clear the library:

o CLRLIB LIB(CLDLIB)

o WRKLIB LIB(CLDLIB)

• Specify 12=Display

14. Restore objects to library CLDLIB:

o WRKMEDIBRM CTLGRP(QCLDUUSR01)

• Press F11 once

• Saved library CLDLIB with *ERR (Obj Dtl =*NO)

• Saved library CLDLIB with *OBJ (Obj Dtl = *YES)

142
 15. Restore objects with *ERR (Obj Dtl =*NO)

• specify 7=Restore next to the saved item

▪ specify 7=Specify object

• Objects = QATTCMD, QATTINFO (You will need to

know the object names with *ERR).

▪ Take the defaults and press Enter

143
 16. Restore objects with *OBJ (Obj Dtl =*YES)

• specify 9=Work with saved objects

• specify 7=Restore object on (QATTBAS, QATTCBL)

• press Enter

• press Enter

17. Verify that the objects were restored:

o DSPLIB LIB(CLDLIB)

144
NOTES:

1. Media created with automatic transfer to the cloud can be

marked for duplication, but the duplication requires that the
media be moved out of the cloud location before the duplication
can be performed.

2. Automatic duplication, specified through a media policy, is not

supported for media that is created with automatic transfer to
the cloud.

User Initiated Transfers of Media to Cloud Storage

Virtual media from an image catalog is transferred to the cloud when

the media is moved to a cloud location. Media can be moved to a cloud
location by using one of these methods:

1. Change the location of the media to a cloud location using one of

the following interfaces:

• WRKMEDBRM option 2=Change

145
 • WRKMEDBRM option 8=Move

• use the BRMS GUI client to change the media location

2. Add an entry for a cloud location to a move policy, associate

virtual media with the move policy and run movement for the
move policy using one of the following commands:

• MOVMEDBRM

• MOVMEDBRM with a subsequent VFYMOVBRM

• STRMNTBRM MOVMED(*YES)

This scenario assumes Media and Storage Extensions (product

5770SS1 option 18) is installed on the system so it uses virtual tape
media. If Media and Storage Extensions is not installed on the system,
virtual optical media can be substituted in the example.

This scenario will save a single empty library to virtual tape media,
manually transfer the media to the cloud and then automatically
transfer media back to the system during a restore.

3. Create a cloud resource named TOR1CLD by running the

following commands if not already created:

o CRTS3RICC

146
 9. Configure BRMS objects required to use the cloud resource:

o INZBRM OPTION(*DATA)

10. The pre-defined cloud control groups that BRMS created

for the cloud resource should be setup to work as defined.

11. Create a virtual tape device:

o CRTDEVTAP DEVD(TOR1CLDTAP) RSRCNAME(*VRT)

12. Vary on the virtual tape device:

o VRYCFG CFGOBJ(TOR1CLDTAP) CFGTYPE(*DEV)

STATUS(*ON)

147
 13. Create an image catalog:

o CRTIMGCLG IMGCLG(TOR1CLDTAP) TYPE(*TAP)

DIR('/tmp/TOR1CLDTAP') CRTDIR(*YES)

o WRKIMGCLG

14. Add a volume to the image catalog:

o ADDIMGCLGE IMGCLG(TOR1CLDTAP)
FROMFILE(*NEW) TOFILE(*GEN) VOLNAM(TORCLD)

148
 15. Load the image catalog on the device:

o LODIMGCLG IMGCLG(TOR1CLDTAP)
DEV(TOR1CLDTAP)

o WRKIMGCLG

16. Configure the virtual tape device in BRMS:

149
 o WRKDEVBRM

▪ specify 1=Create for the Opt field

▪ specify TOR1CLDTAP for the Device field

▪ specify *VRTTAP for the Category field

▪ Press Enter and take defaults for all other fields

17. Add a media class for the virtual tape media:

o WRKCLSBRM TYPE(*MED)

▪ specify 1=Create for the Opt field

150
 ▪ specify TOR1CLDTAP for the Class field

▪ specify *VRT256K for the Density field

▪ specify *NO for the Shared media field

18. Add volume TORCLD to the BRMS media inventory:

o ADDMEDBRM VOL(TORCLD) MEDCLS(TOR1CLDTAP)

IMGCLG(TOR1CLDTAP)

151
 o WRKMEDBRM VOL(TORCLD)

19. Add a media policy for the virtual tape media:

o WRKPCYBRM TYPE(*MED)

▪ specify 1=Create for the Opt field

▪ specify TOR1CLDTAP for the Policy field

▪ specify TOR1CLDTAP for the Media class field

152
 20. Create a library to save to the cloud:

o CRTLIB LIB(CLDLIB)

21. Save the library to the virtual tape volume:

o SAVLIBBRM LIB(CLDLIB) DEV(TOR1CLDTAP)

MEDPCY(TOR1CLDTAP)

22. Move volume TORCLD to the cloud location:

o WRKMEDBRM VOL(TORCLD)

▪ verify the volume is in *ACT status

▪ verify location *HOME

▪ specify 8=Move for the Opt field

153
 ▪ specify TOR1CLD for the Storage location field

▪ verify the volume is in *ACT status

▪ verify location TOR1CLD

▪ verify the volume is in Cloud Object Storage

154
 23. Delete the library:

o DLTLIB LIB(CLDLIB)

24. Restore the library:

o RSTLIBBRM SAVLIB(CLDLIB) DEV(TOR1CLDTAP)

25. Verify that the library was restored:

o DSPLIB LIB(CLDLIB)

155
NOTES

• When control groups are run that have a name with a QCLD
prefix will, BRMS will automatically create and transfer media to
the cloud. For more information regarding automatic cloud
transfers see Automatic Transfers of Media to Cloud Storage.

• If using user created images, BRMS will not manage these image
catalog entries. As such, when the data is transferred to the
cloud, the images will not be cleared or deleted. Users will need
to manage these themselves. it is recommended
using CHGIMGCLGE with the parameter IMGCLG(*MIN) to
shrink the size down as much as possible.

156
Chapter 3: Troubleshooting

Media status *TRF

Each BRMS volume has a status. The status how the volume is currently being used.
Status *TRF has been added to indicate a volume has pending cloud operations. Run the
following command to see all media that has a status of *TRF:

WRKMEDBRM TYPE(*TRF)

Most cloud transfers will be started by BRMS but run in jobs in subsystem
QICCSBS. To determine which jobs have been used to process cloud transfers for
BRMS run the following command:

WRKSTSICC STATUS(*ALL)

157
Use the job information from the failed transfer to work with the job. The job log will
contain information about the transfer:

WRKJOB JOB(015970/QSECOFR/L000000010)

option 4=Work with spooled files

option 5=Display

Resolving cloud transfer problems

When a transfer to the cloud fails, the volumes may be left in *TRF status. Once the
transfer problem has been understood and fixed, if the volume still has a status of *TRF
and the location is the cloud location, do the following recovery on the source system:

• Use WRKMEDBRM option 8 'Move' to change the Storage location to *HOME

• Run STRMNTBRM MOVMED(*YES) or MOVMEDBRM to retry the cloud
transfer

ICC Flight Recorder Directory

The ICC flight recorder is used to further diagnose file transfer to and
from the Cloud.

WRKLNK /QIBM/ProdData/QICC

Select the most current STMF file. Option 5=Display

158
You can verify the IP address your using for the Direct Link (DL)
Private connection and the COS Bucket.

Verify the cloud resource is functioning correctly

CPYTOCLD and press F4.

• You must create a cloud resource.

• You must have IBM® i Read (*R) authority on the file that you will
copy, and Execute (*X) authority on all directories in the path
leading to the file. For example, if you will copy the file
/home/user/jdoe/file.txt, you must have Execute authority on the
home, user, and jdoe directories, and Read authority on file.txt.

• Example: Using “/tmp/lpume.log”

o Resource name = TOR1CLD (was created earlier)
o Submit to batch = *NO (should be a small text file)

159
 o Local file name = /tmp/plume.log (verify it is in your directory
path)
o Cloud file name = test1cs (this can be any name, don’t forget
to cleanup file in COS if successful after your test)

You should see “File copied.”

Restore problems
CPF41B0 – Incorrect image catalog name specified.

Check the current location of the volume BRMS is trying to restore from in
WRKMEDBRM. If the volume does not have a status of *ACT and the location is not
the cloud location, run STRMNTBRM MOVMED(*YES) on the source and remote
system and verify the volume has a status of *ACT and the location is the cloud. Retry
the restore.

160
Chapter 4: Additional Resources

IBM Cloud Storage Solutions for IBM i User's Guide

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd
=2&ved=2ahUKEwjypYrCkMXpAhUCH80KHV69D5wQFjABegQIAxAB&ur
l=https%3A%2F%2Fwww.ibm.com%2Fsupport%2Fknowledgecenter%
2Fssw_ibm_i_73%2Ficc%2Ficcumstpdf.pdf&usg=AOvVaw01p3eqw7Tu
0eqXHGmqWLsX

BRMS and Cloud Storage Solutions

https://helpsystemswiki.atlassian.net/wiki/spaces/IWT/pages/1656422
70/BRMS+and+Cloud+Storage+Solutions

161