Search This Blog

Friday, 29 August 2014

Details about the schema of the Data Protector internal database


As far as I can tell, HP don't document the schema of the PostgreSQL internal database. What follows is my investigations as I was chasing up a customer for whom thousands of sessions were giving strange results. (When they looked at a medium and went to the Objects tab to find, the GUI responded with "in order to delete this medium, export it first".)

There are seven important database tables which are affected in the normal operations of running a backup.

The first one is dp_management_session.
  • It has a column "name" which looks like this: "2014/07/14 0007" - in other words, the session name as it appears in every command, except that it has a space instead of a dash.
The name is used as a unique key (as it should be unique!) in conjunction with the column 'application_uuid'. I haven't figured out exactly what that's doing, but I'm presuming it's something to do with the manager-of-managers product, where you might have centralised all your media into one cell. In this case you could have two or identical session names referred to in the database, one from each of the client cells and one from the manager cell. To simplify things, I've ignored the application_uuid column(s) in the diagram.

Obviously, the backup should write something. If this is the first time this filesystem (or database or Exchange server, etc.) has been backed up, then the dp_objects table will have a new row added to it, with the hostname, mountpoint and label of the object being backed up. The columns uuid and dp_numkey act like the primary key for this table, which means that if you aren't running manager-of-managers, the dp_numkey will be unique.

Each time a backup of that filesystem runs, a row is added to dp_catalog_object_version. If there are several filesystems being backed up in one job, this table may have many rows added for each backup run.
  • There is a column backup_name which partly references dp_management_session.name. I say partly, because there is no foreign key between them, and in fact, sometimes backup_name is null. Presumably what's going on is that a backup could have a copy made, and then the original expires, delete the original session, leaving a catalog object version which doesn't correspond to a session.
  • The column object_seq_id references dp_objects (together with the usual uuid story).
  • The primary key is the combination of application_uuid (as usual) and a field called seq_id.

There is a row created in db_catalog_object_datastream and also one in dp_catalog_object_versession for each row added to dp_catalog_object_version. These don't seem very interesting: the former looks like it's something to do with enforcing device policies, and the latter a record of a post-backup verification.

The oddly and painfully named dp_catalog_position_seqacc_med maps backup objects to positions on tapes. This is obviously a very large table!

  • The column objver_seq_id references the dp_catalog_object_version's seq_id column, essentially "what is backed up here?"
  • The column medium_name references the unique header ID of the tape, for example '7b5ba8c0:53c3ae35:07eb:0014'

There is another table called dp_positions which is a little bit more accessible, but inserts, updates and deletions from this table trigger a function instead (presumably to update dp_catalog_position_seqacc_med). In a few tests this table got populated and dp_positions did not.

If you are backing up to a StoreOnce device, or to a file library then there's a good chance that this backup will cause a new medium to be created. This will also happen when you format a new tape in either a physical tape library of a virtual tape library.

The tapes are all listed in dp_medmng_media_pool_media. The column medium_seq_id (which is not the medium header, it's just an ID) is the key into the dp_medmng_medium tape.

There seems to be a distinction made between the medium itself, and the cartridge holding it. The dp_medmng_cartridge table has a barcode, a physical_location and a contained medium_seq_id. The dp_medmng_medium table has a unique seq_id and a name. The name is the header on the tape.

I still haven't figured out the way that file names are stored. Presumably this is in DCBF files until you run omnimigrate. In this transition time (which seems to be the default on new installs as well), some records get written to dp_catalog_dcbf_directory and dp_catalog_dcbf_info.

Greg Baker is an independent consultant who happens to do a lot of work on HP DataProtector. He is the author of the only published book on HP Data Protector (http://x.ifost.org.au/dp-book). He works with HP and HP partner companies to solve the hardest big-data problems (especially around backup). See more at IFOST's DataProtector pages at http://www.ifost.org.au/dataprotector






Friday, 15 August 2014

Upgrading from 6.2 to 9.x is better, but there's a bug you need to work around

Upgrading to HP Data Protector version 9 is much faster than upgrading to version 8.x. It's amazing what some good indexes on a database can do! My most recent customer had a 50GB database and the upgrade for the cell manager was complete in under an hour.

I have found one interesting bug in the import process, though. It seems that one of the columns in the import gets mis-imported. After the upgrade, I found sessions like this (truncated output from omnidb -session -detail) :

SessionID : 2014/08/09-4
        Backup Specification: hpdp.IFOST@cellmgr.ifost.org.au
        Session type        : Copy
        Started             : Saturday, 9 August 2014, 7:06:02 PM
        Finished            : Monday, 11 August 2014, 5:13:37 PM
        Status              : Completed
        Number of warnings  : 0
        Number of errors    : 0
        User                :
        Group               :
        Host                :  

When previously, the session looked like this:

SessionID : 2014/08/09-4
        Backup Specification: Weekly Tape Copy
        Session type        : Copy
        Started             : Saturday, 9 August 2014, 7:06:02 PM
        Finished            : Monday, 11 August 2014, 5:13:37 PM
        Status              : Completed
        Number of warnings  : 0
        Number of errors    : 0
        User                : hpdp
        Group               : IFOST
        Host                : cellmgr.ifost.org.au

The user / group / host has been turned into the specification name! As far as I can tell, this is just a once-off, sessions run on the cell manager after the upgrade are named correctly.

This bug appears to be triggered in two situations:
  1. For all copy jobs.
  2. For backup jobs where the backup specification no longer exists. (e.g. you used to have a job called "Daily Sydney"; you ran it every day last year; then you deleted it; then you upgraded - congratulations, those jobs will now have a username instead of a backup specification name. 
So presumably somewhere in the upgrade script there is some code which calls out to omnidb -datalist "..." because this is the only thing I can think of which would exhibit exactly these kind of failure modes.

When you actually look into the database, there's a column on the dp_management_session table called "scratch_area" and a column called "owner". It seems that for the bad sessions, these end up with owner being the empty string, and scratch_area ending in two slashes.

The way to confirm this is to check with a SQL query like this:

     select owner,name,datalist,scratch_area 
       from dp_management_session where owner = '';

Just save this to a file and run omnidbutil -run_script filename.sql -detail
For me, the output looked like this:


 owner |      name       |           datalist              |   scratch_area
-------+-----------------+---------------------------------+--------------------
       | 2014/08/09 0010 | hpdp.IFOST@cellmgr.ifost.org.au | Daily job //
       | 2013/04/29 0016 | hpdp.IFOST@cellmgr.ifost.org.au | Weekly tape copy //
       | 2014/08/09 0004 | hpdp.IFOST@cellmgr.ifost.org.au | Daily job //
....

There were 111 other lines truncated. Here's what I ran (with omnidbutil -run_script) to fix it:

     update dp_management_session 
        set owner = datalist where owner = '';

     update dp_management_session 
        set datalist = trim(trailing ' // ' from scratch_area) 
        where scratch_area like '%//%';

The GUI console caches, so don't be surprised if you have to disconnect and reconnect before you see it reflected in the GUI.

Greg Baker is an independent consultant who happens to do a lot of work on HP DataProtector. He is the author of the only published books on HP Data Protector (http://x.ifost.org.au/dp-book). He works with HP and HP partner companies to solve the hardest big-data problems (especially around backup). See more at IFOST's DataProtector pages at http://www.ifost.org.au/dataprotector

Thursday, 14 August 2014

Congratulations to Maryam Mirzakhani

A Field's medal is roughly equivalent to a Nobel prize, except that it's awarded for great work in mathematics. It's not awarded every year, and only mathematicians under 40 are eligible. This makes it very much more difficult for women to win it as its more common for women to take time off full-time work at the time that you need to be working extremely hard on some complicated problem.

I wonder how her first mathematics teacher -- the one who didn't think she had any talent and wasn't surprised when Maryam got bad marks -- wasn't able to see her brilliance.

No-one is really expecting any practical applications of general moduli spaces at the moment, but if anything does come out of this area of mathematics, Maryam Mirzakhani's work has cut through the complexity so clearly that it will be in the centre of whatever happens. It's hard to come up with an equivalent example -- the best I can come up with is comparing it the discovery of fast fourier transform.


Wednesday, 6 August 2014

Cybersecurity, children's use of social media, what's actually dangerous, and the research of Professor Donna Cross

Professor Donna Cross researches children's well-being, including cyber-safety. I had the privilege of hearing her give a quick summary of her research last night.

Unlike almost every other age group, the health of adolescents and children hasn't improved in recent decades. There are several dangers to children, which are of far greater significance than cyber-safety.
  • Children are still getting sunburnt regularly, with the attendant risk of skin cancer.
  • Children are becoming obese at a terrifying rate, and not getting enough exercise. This has short-term and long-term health implications.
  • Children can't cross roads safely. Particularly children under 10, who are cognitively challenged:
    • They expect moving objects to change shape. A horse running changes shape. A soccer ball spins. Cars don't, so they have a cognitive block that makes it harder for them to perceive that the car is moving.
    • Audio-location (identifying where a sound comes from) doesn't really come together until after age 10. Between not being able to hear or see that a car is moving, there aren't many ways you can sense the danger of a distant car.
    • Very young children assume that if they can see the driver, the driver can see them.
  • Children are spending less time engaging with their peers face-to-face, so they are less able to understand subtle facial expressions. This makes them less able to build and maintain friendships. In addition, they are talking to adults less.
It turns out that this last risk (which sounds unimportant) is actually quite significant. One of the best predictors of school and personal achievement turns out to be the ability to engage socially with others. Children need to have a strong social network in order to thrive. It even affects the strength of their immune response to infection. Against this, cyber-security seems like a very minor concern. But since I can't really say anything useful about physical safety or paediatric development, I'll focus on the cyber issues anyway.

Professor Cross mentioned the well-known decline in Facebook usage among young teens. Facebook is how middle-aged women reconnect with their school peers now. Instead, children are using Tumblr, Twitter, Instagram and Reddit. She spoke about much else, but as someone who can talk for hours about the impact of computing on society, this was something that grabbed my attention. The "adult" social media platforms (such as LinkedIn, Quora and Facebook) are very strong on mapping user accounts to individuals. These are sites where you build reputation and invest time and effort to show your significance to your peers. These are not the sites that young teens are involved in. Instead they are flocking to sites where the culture is that the matching of your username to a real person is a matter of some shame, embarrassment or at least disaster

There are throwaway accounts on Facebook, but on reddit (for example) there are cultural norms about using them.

  • Creating a throwaway to gripe about your school teacher is the safest thing to do; don't use your normal account. 
  • Don't create a throwaway to vote up your post, though, that's inappropriate; use your normal account instead. 
  • Similarly to adults on ebay, don't get too attached to your reputation on any of these sites because you might need to discard it quickly.
Most children won't understand this initially. Some pick it up intuitively immediately: my daughter has more than one instagram account, and switches depending on what she's trying to do. But most children will need it explained. We have pushed the message "have different passwords on different sites", but it is far more important to explain to you children "you need to have many nicknames, and be prepared to create new ones, and discard the old like you do with clothes". Children see the behaviours of celebrities on-line as "normal". Very few children realise that it is a polished image with many of their other interactions completely hidden from the public. We need to help our children cultivate personae, and to understand the limits of reasonable disinformation and obscurity. I think this is a reasonable laundry list of discussions every parent should have with their children:
  • Have you thought up a couple of different usernames? Are they in use by anyone else in the world? Are these usernames so different that no-one could guess that they belong to the same person?
  • For each username, what impression do you want it to portray? Is this the account you use for comedy? Or is this the account you will use for your deep, artistic content? Do you have an account you could use safely if you were confessing something bad you had done?
  • Which accounts will you let your friends know are yours, and which ones are you going to keep secret?
  • Do you know how to make a throwaway account? Do you know what a throwaway account is, and why it might be useful?
  • When will you use a throwaway?
  • On which sites and with which accounts will you put real information?
  • Is it appropriate to lie to create an account?
  • If you had to abandon this account, or if the account was taken over by someone maliciously, would you lose anything you cared about?
The challenge is of course, that most parents don't have the time to connect to Tumblr, Instagram, Twitter and Reddit. Not least because Reddit can be dangerously addictive, as I've discovered. And even then, many adults aren't use to thinking in terms of multiple accounts, having grown up with their (solitary) corporate Active Directory account and their (solitary) Facebook account.

But that's OK. As a parent, it's perfectly OK to fob off some of this kind of "geek" conversation to other more qualified adults. It's important for children to have relationships with adults. Boys in particular are very reluctant to talk their parents or teachers about any problems they have. Is there a cousin or family friend that spends too much time on the internet, who you would trust to explain this sort of thing to your children? Make the effort to make this conversation happen with them then. Conversely, if you are a child reading this post, and you don't really have an answer to the questions on the laundry list, it would be well worthwhile talking to someone about this. Perhaps your parents, perhaps a teacher, or someone else that your parents trust.

Here are the three books I can find on Amazon that she has written:

Greg Baker is an author, computer geek, inventor, consultant, and parent. He is not particularly good at any of these. (gregb@ifost.org.au)

Tuesday, 5 August 2014

VPNs

I have customers ranging from the very large to the very small all over the world and I'm seeing some rapid change in the way that I "remote into" customers. I'm also seeing product use that doesn't make any sense to me.

I've been thinking about this since I was posed this as a quora question: "How will the VPN industry evolve over the next 10 years?"


Here's what I wrote:



The majority of sales of VPN products today are for staff connecting into a company's private network. As companies hollow out their internal infrastructure and rely more on third-party cloud-delivered solutions, this will become less necessary. I would predict sales for end-point VPN solutions to drop off quite dramatically.
VPNs between networks on the other hand will become much more common. Companies may choose to spread their virtual servers across multiple cloud hosting providers. These will be joined by VPNs. However, as these will be configured by experienced technicians they are probably more likely to use the built-in capabilities of OpenBSD, Linux, Cisco or Huawei to do this.
So in summary: I would predict a major collapse of the VPN marketplace over the next 5 years.

For this post I'll ignore the part about network-to-network VPNs. Stepping back, what are we trying to do with host-to-network VPN? We're trying to connect to some resources at a different site. So here's my list of how I currently connect to my different customers, in decreasing order of common-ness:


  • A Cisco VPN service, which can be accessed through the built-in OS X VPN client. This seems to be the majority among large corporates.
  • A Cisco VPN service, which only works with the Cisco VPN client. I don't understand how this can happen, but I have customers where this is the case.
  • Juniper Secure Gateway. This seems to be the only one where two-factor authentication is used regularly, and it seems to be more government rather than commercial.
  • Fully cloudy: the customer has essentially no internal infrastructure, so I just log into whatever web-based application it is that they need my help with. This seems to be more common with smaller companies, because they are the ones that tend to be the early adopters for having a cloud.
  • A plain RDP server accessible over the internet. Usually this is behind a firewall, but the firewall port forwards to the RDP server. This used to be the standard for almost all small organisations, but I see fewer and fewer Windows servers in small organisations now. Now it's the mid-size organisations that are using RDP gateways.
  • No remote access whatsoever, or nothing I'm allowed to use. This is not that unusual.
  • Just log into the router and forward whatever ports you need. Generally this is for customers where I've helped them with their network infrastructure.
  • PPTP to a Microsoft server
  • TeamViewer and/or other connect-to-a-webservice-screensharing, such as Chrome Remote Desktop.
  • Guacamole which then proxies an RDP or VNC session.
  • Some other ipsec solution from someone other than Cisco or Juniper (usually something open source like openvpn)
  • Lastly, as the least common option: secure shell sometimes combined with mosh.

Reflecting on that list, it's quite odd. 

The one solution where the auditing for security is well known (secure shell) is the one least used.

The solutions that can be audited (because they are open source) take the bottom three places of least use.

Everything above the open source solutions relies on trusting the vendor completely. But the solution that is the easiest to set up among the trust-the-vendor-completely options (TeamViewer, Chrome Remote Desktop, and their ilk) is the least used.

The point of the exercise is almost always to support connecting to a Windows-based application. If it were a intranet-based application, then it will generally be possible to find some way of securing it to make it accessible to the internet. So the resources that people access remotely are almost always going to be supported by a team of Microsoft-trained admins. So why is it so rare to see RDP gateways, which would be the Microsoft solution?

The answer is of course, that collectively, the world appointed their networking teams to be in charge of remote access. The network admins did as they knew best and provided layer 2/3 access delivered by their favourite networking vendors. What we have works, and it isn't terribly insecure. But isn't it odd that that's how we do things?

Why were the world's CCNEs appointed guardians of internal corporate access in the first place, and not (say) the MSCEs in charge of directory services? Or the sysadmins in charge of the actual applications?


Greg Baker is an independent consultant who writes, programs, thinks and fixes things to do with computers, IT and all things technical for customers who don't want to pay for expensive consulting firms. Contact him (gregb@ifost.org.au) if you have challenging problems you need solved.