by IDAMGroup
NetIQ Access Manager and IDM Backup Best Practices
Backing up NetIQ IDM and Access Manager involves different components and will be discussed below
- eDirectory
- IDM Driver
- UserAppliation
- User Application Workflow’s
- Access Manager
eDirectory Backup
Different ways to take eDirectory backup
- eMBox
- DSBK
- Full directory Backup
- If Virtual Instance: VM snaphot
eMBox
The Novell® eDirectory™ Management Toolbox (eMBox) lets you access all of the eDirectory backend utilities remotely as well as on the server
For all eDirectory Management Tools (eMTools)—such as Backup, DSRepair, DSMerge, Schema Operations, and eDirectory Service Manager—to run, eMBox must be loaded and running on the
eDirectory server
# . /opt/novell/eDirectory/bin/ndspath Running eMBox from eDirectory
wdhidm01:/etc/opt/novell # edirutil ******************* Novell eMBox Command Line Client (1.1) ******************* Interactive mode: interactively run eMBox commands one at a time -i
eMbox through Command line
The eMBox Client is a command line Java client that gives you access to eMBox tools such as the eDirectory Backup eMTool. You can back up, restore, and configure roll-forward logging for multiple servers from a single machine
You can do all sort of thing using eMbox client likfe, Full backup, incremental, roll-forwarded, cold backup etc.
You can take backup from any remote machine which has the eMboxClient.jar file
To take backup from eDirectory server
- Login to server
login -s 10.1.1.100 -p 8009 -u admin.mytechref -w mypassword
- Execute the backup
backup -b -f backup_filename_and_path -l backup_log_filename_and_path -u include_file_filename_and_path -t -w
To take backup from Remote machine for unattended backups
- Install the eMboxClient.jar and run the below command
java -cp path/eMBoxClient.jar embox -s <server_name> -p port_number -u username.context -w password -t backup.backup -b -f backup_filename_and_path -l backup_log_filename_and_path -u include_file_filename_and_path -t -w
/opt/novell/eDirectory/lib/nds-modules/jre/bin./java -cp /opt/novell/eDirectory/lib/nds-modules/embox/eMBoxClient.jar embox -s 10.32.114.177-p 4444 -u admin.mytechref -w xxxx -t Mytechref -b -f /opt/bkup/eDirectory.bkup -l /opt/bkup/eDirectory.log –t -w
Backup using iManager
Select the Server object and provide the ip address of the server and click Next to continue
Provide user credentials
Provide the backup and log file locations
If you like to back up the files
Successful backup completion messages displays
DSBK
DSBK is a thin command line parser that performs eDirectory Backup, and lets you to initiate a backup from the server console without having to log in first or set up Role-Based Services
Options
- -t: Takes the backup of stream files.
- -w: Overwrites any existing backup file with same name.
- -b: Performs a full backup.
- -e <password>: Performs a NICI backup using the password provided.
dsbk backup -b -f<bkup_filename>.bkp -l<backup_log_filename>.log -t -w
You can turn on the RFL using the following command:
setconfig -r <roll forward log directory> -L
Full eDirectory backup
eDirectory installation locations are /etc/opt/novell /opt/novell /var/opt/novell Take backup of these 3 directories then
- /opt/bkup# tar -cvf etc-opt-novell.tar /etc/opt/novell
- /opt/bkup# tar -cvf opt-novell.tar /opt/novell
- /opt/bkup# tar -cvf var-opt-novell.tar /var/opt/novell
eDirectory backup using VM Snapshot
Take VM snaphost of your eDirectory VM server instance
User Application backup
It is always good practice to take entire directory backup before making any changes to IDM.war files
tar -cvf /opt/bkup/opt-novell-idm-jboss.tar /opt/novell/idm/jboss
Make sure to take backup of the database if it is residing on different server
Or
Take User application VM instance backup
User Application Workflow backup
The User Application workflow’s can be back up separately. The above step will backup the entire User Application, where as if you want to restore only the specific workflow this would be the better way
Designer would be the easiest and simple way to backup the workflow.
IDM Driver backup
IDM driver backup can be taken in two methods
- Designer
- iManager
Using Designer
Open the project and make sure imported the latest update from eDirectory
Right Click on the driver –> Export to configuration file and save as XML file.
Using iManager
iManager -> Identity Manager Overview
Select the Driver you want to take backup. Example ADDriver
Click on the Export button
Click Next
Leave the default option and click next
Click Save AS button to export the configuration file
Novell Access Manager Backup
Novell Access Manager configration are store in the embedded edirectory in the Admin Console. So by taking the backup of the Admin console configuration store should be sufficient to restore.
ADM1:/opt/novell/devman/bin # ./ambkup.sh
============================================================== N o v e l l A c c e s s M a n a g e r C o n f i g u r a t i o n B a c k u p U t i l i t y ============================================================== Enter the Access Manager Administration password []: Re-enter the password for verification []: Enter the path where backup files should be stored [/root/nambkup]: The directoy /root/nambkup is invalid or does not exist. Should an attempt be made to create the directory(y/n)? y ------------------------------------------------------------------- --- Enter a password for encrypting/decrypting the data --- NOTE: You must use the same password for both backup and restore. --- Private key encryption password []: --- Re-enter the password for verification []: Backing up configuration... Backing up certificates... adding: securnam_20140528_1437.ldif (deflated 24%) adding: delegatedusers_list (stored 0%) adding: policyviewusers_list (stored 0%) adding: devman.cacerts (deflated 22%) adding: devman.keystore (deflated 24%) adding: .keystore (deflated 24%) adding: nam.keystore (deflated 40%) adding: backup_info (deflated 5%) adding: server.xml (deflated 64%) -------------------------------------------------------------- Backup Complete Backup file: Configuration and Certificate information: /root/nambkup/securnam_20140528_1437.zip -rw-r--r-- 1 root root 1819652 May 28 14:37 /root/nambkup/securnam_20140528_1437.zip -------------------------------------------------------------- Log file for this backup is /var/log/nidp_backup_20140528_1437.log Note: For security reasons, users in the trusted/config store are not backed up. Admin will have to recreate them while restoring. For details, go through the documentation.
ADM1:/opt/novell/devman/bin # Backup-ed file will be store in this location /root/nambkup/
If any thing happened with Access Gateway or Identity Server you can use ./amrestore.sh to restore the last backup-ed configuration.
---------------------------------------------------------------------------------------------------------------------------------------------
Disclaimer: Content posted here worked for me and may not guarantee success, should be used as reference only and please use it cautiously.