Restoring a Full System Save Using Encrypted Tape

Data Management and Security (Hardware) Hardware Restoring a Full System Save Using Encrypted Tape

This document provides a step-by-step guide for technical users to restore a full system save using encrypted tape within the Flex system environment.

Prerequisites

Before beginning the restoration process, ensure the following conditions are met:

  • The License Internal Code (LIC) and base operating system have been successfully restored.
  • You have physical access to the console.
  • The encrypted tape containing the full system save is available and properly labeled.
  • You have the necessary decryption password for the tape.

Restoration Procedure

Follow these steps to restore your Flex system from an encrypted tape backup:

  1. Console Access and Initial Sign-On:
    • Once the LIC and base OS are restored, sign off from the console.
    • Sign back on to the console as QSECOFR.
  2. Initiate Restore Process:
    • Navigate to the “Restore” menu.
    • Select Option 22.
  3. Configure Restore Options:
    • Set the following parameters:
      • Device: TC
      • Prompt: N
      • Message: *NOTIFY
      • Different System: N
      • Spool: *NEW
  4. Load Tape and Display Contents:
    • Push the encrypted tape back into the tape drive.
    • Type the following command to display the tape contents and print them:
      DSPTAP DEV(TC) OUTPUT(*PRINT) ENDOPT(*REWIND)

    • Note: Keep the spool file generated by this command handy, as it contains crucial information (label, sequence number) for subsequent steps.
  5. End All Subsystems:
    • Before proceeding with the restore, ensure all subsystems are ended immediately:
      ENDSBS *ALL *IMMED

  6. Restore Libraries:
    • Restore all saved libraries from the tape:
      RSTLIB SAVLIB(*ANY) DEV(TC)

  7. Restore Objects from Device:
    • Restore objects from the specified device, excluding /QDLS and /QSYS.LIB:
      RST DEV(‘/QSYS.LIB/TC.DEVD’) OBJ((‘/*’ *INCLUDE *SAME) (‘/QDLS’ *OMIT *SAME) (‘/QSYS.LIB’ *OMIT *SAME)) CRTPRNDIR(*YES) LABEL(SAVxxxxxxxx) SEQNBR(xxx)

    • Important: Replace SAVxxxxxxxx and xxx with the actual label and sequence number found in the spool file from the DSPTAP command.
  8. Initial Program Load (IPL) Server:
    • Perform an IPL of the server.
    • Once the IPL is complete, sign on to the console as QSECOFR. At this point, the password should revert to the original system password.
  9. Prepare for Decryption:
    • End the Ethernet Interface.
    • Add the CRYPTO library to your library list:
      ADDLIBLE CRYPTO

  10. Decrypt and Restore Libraries (DECRSTLIB):
    • Decrypt and restore all libraries from the tape using the provided password:
      DECRSTLIB SAVLIB(*ALL) DEV(TAP01) SEQNBR(xxx) MBROPT(*ALL) ALWOBJDIF(*ALL) USEKEYPAS(*PASS) PASSWORD(XXXxxx)

    • Important: Replace xxx with the sequence number found in the spool file from the DSPTAP command. Replace XXXxxx with the actual decryption password.
  11. Decrypt and Restore Stream Files (DECSTMF):
    • Decrypt and restore stream files from the tape, excluding /QDLS and /QSYS.LIB:
      DECSTMF FROMTYPE(*DEV) FROMDEV(TAP01) OBJ((‘/*’ *INCLUDE *SAME) (‘/QDLS’ *OMIT *SAME) (‘/QSYS.LIB’ *OMIT *SAME)) SEQNBR(xxx) USEKEYPAS(*PASS) PASSWORD(XXXxxx)

    • Important: Replace xxx with the sequence number found in the spool file from the DSPTAP command. Replace XXXxxx with the actual decryption password.
  12. Restore Document Library Objects (DLO):
    • Restore all Document Library Objects from the save file:
      RSTDLO DLO(*ALL) DEV(*SAVF) SAVF(DLOSXXXXXX/DLOSAVF)

    • Note: DLOSXXXXXX refers to the date of the save file. The exact name of the save file can be found by reviewing the DSPTAP output or by using the WRKLIB command.
  13. Final IPL Server:
    • Perform a final IPL of the server to complete the restoration process.