MyTechReference - Technical Notes

MyTechReference


by IDAMGroup

NetIQ Access Manager and IDM Backup Best Practices

Backing up NetIQ IDM and Access Manager involves different components and will be discussed below

  • eDirectory
  • IDM Driver
  • UserAppliation
  • User Application Workflow’s
  • Access Manager

eDirectory Backup

Different ways to take eDirectory backup

  • eMBox
  • DSBK
  • Full directory Backup
  • If Virtual Instance: VM snaphot

 

eMBox

The Novell® eDirectory™ Management Toolbox (eMBox) lets you access all of the eDirectory backend utilities remotely as well as on the server

For all eDirectory Management Tools (eMTools)—such as Backup, DSRepair, DSMerge, Schema Operations, and eDirectory Service Manager—to run, eMBox must be loaded and running on the
eDirectory server

 # . /opt/novell/eDirectory/bin/ndspath
Running eMBox from eDirectory
wdhidm01:/etc/opt/novell # edirutil 
*******************  Novell eMBox Command Line Client (1.1)  ******************* Interactive mode: interactively run eMBox commands one at a time    -i

 

eMbox through Command line

  The eMBox Client is a command line Java client that gives you access to eMBox tools such as the eDirectory Backup eMTool. You can back up, restore, and configure roll-forward logging for multiple servers from a single machine

You can do all sort of thing using eMbox client likfe, Full backup, incremental, roll-forwarded, cold backup etc.

You can take backup from any remote machine which has the eMboxClient.jar file

To take backup from eDirectory server

  • Login to server
login -s 10.1.1.100 -p 8009 -u admin.mytechref -w mypassword
  • Execute the backup
backup -b -f backup_filename_and_path -l backup_log_filename_and_path -u include_file_filename_and_path -t -w

To take backup from Remote machine for unattended backups

  • Install the eMboxClient.jar and run the below command
java -cp path/eMBoxClient.jar embox -s <server_name> -p port_number -u username.context -w password -t backup.backup -b -f backup_filename_and_path -l backup_log_filename_and_path -u include_file_filename_and_path -t -w
/opt/novell/eDirectory/lib/nds-modules/jre/bin./java -cp  /opt/novell/eDirectory/lib/nds-modules/embox/eMBoxClient.jar embox -s 10.32.114.177-p 4444 -u admin.mytechref -w xxxx -t Mytechref -b -f /opt/bkup/eDirectory.bkup -l /opt/bkup/eDirectory.log –t -w

Backup using iManager

 Select the Server object and provide the ip address of the server and click Next to continue

eDir_158

 Provide user credentials

eDir_160

Provide the backup and log file locations

eDir_162

If you like to back up the files

 

eDir_163

 

 

eDir_165

 Successful backup completion messages displays

eDir_167

 

DSBK

DSBK is a thin command line parser that performs eDirectory Backup, and lets you to initiate a backup from the server console without having to log in first or set up Role-Based Services

Options

  • -t: Takes the backup of stream files.
  • -w: Overwrites any existing backup file with same name.
  • -b: Performs a full backup.
  • -e <password>: Performs a NICI backup using the password provided.
dsbk backup -b -f<bkup_filename>.bkp -l<backup_log_filename>.log -t -w

You can turn on the RFL using the following command:

setconfig -r <roll forward log directory> -L

 

Full eDirectory backup

eDirectory installation locations are /etc/opt/novell /opt/novell /var/opt/novell Take backup of these 3 directories then

  • /opt/bkup# tar -cvf etc-opt-novell.tar /etc/opt/novell
  • /opt/bkup# tar -cvf opt-novell.tar /opt/novell
  • /opt/bkup# tar -cvf var-opt-novell.tar /var/opt/novell

eDirectory backup using VM Snapshot

Take VM snaphost of your eDirectory VM server instance

 

User Application backup


It is always good practice to take entire directory backup before making any changes to IDM.war files

tar -cvf  /opt/bkup/opt-novell-idm-jboss.tar /opt/novell/idm/jboss

Make sure to take backup of the database if it is residing on different server

 Or

Take User application VM instance backup

 

User Application Workflow backup

The User Application workflow’s can be back up separately. The above step will backup the entire User Application, where as if you want to restore only the specific workflow this would be the better way

 Designer would be the easiest and simple way to backup the workflow.

 

IDM Driver backup

IDM driver backup can be taken in two methods

  • Designer
  • iManager

 

Using Designer

Open the project and make sure imported the latest update from eDirectory

Right Click on the driver –> Export to configuration file  and save as XML file.

 Using iManager

iManager  -> Identity Manager Overview

 

mytechref_420

Select the Driver you want to take backup. Example ADDriver

mytechref_423 (2)

 

 Click on the Export button

mytechref_427(2)

 

 Click Next

mytechref_428

 Leave the default option and click next

 

mytechref_429

 

Click Save AS button to export the configuration file

mytechref_430

Novell Access Manager Backup

Novell Access Manager configration are store in the embedded edirectory in the Admin Console. So by taking the backup of the Admin console configuration store should be sufficient to restore.

ADM1:/opt/novell/devman/bin # ./ambkup.sh
==============================================================
          N o v e l l   A c c e s s   M a n a g e r
   C o n f i g u r a t i o n   B a c k u p   U t i l i t y
==============================================================

Enter the Access Manager Administration password []:
Re-enter the password for verification []:
Enter the path where backup files should be stored [/root/nambkup]:
The directoy /root/nambkup is invalid or does not exist.
Should an attempt be made to create the directory(y/n)? y
-------------------------------------------------------------------
--- Enter a password for encrypting/decrypting the data
--- NOTE: You must use the same password for both backup and restore.
--- Private key encryption password []:
--- Re-enter the password for verification []:

Backing up configuration...
Backing up certificates...
  adding: securnam_20140528_1437.ldif (deflated 24%)
  adding: delegatedusers_list (stored 0%)
  adding: policyviewusers_list (stored 0%)
  adding: devman.cacerts (deflated 22%)
  adding: devman.keystore (deflated 24%)
  adding: .keystore (deflated 24%)
  adding: nam.keystore (deflated 40%)
  adding: backup_info (deflated 5%)
  adding: server.xml (deflated 64%)

--------------------------------------------------------------
Backup Complete
Backup file:
  Configuration and Certificate information:   /root/nambkup/securnam_20140528_1437.zip

-rw-r--r-- 1 root root 1819652 May 28 14:37 /root/nambkup/securnam_20140528_1437.zip
--------------------------------------------------------------
Log file for this backup is /var/log/nidp_backup_20140528_1437.log

Note: For security reasons, users in the trusted/config store are not backed up. Admin will have to recreate them while restoring. For details, go through the documentation.

ADM1:/opt/novell/devman/bin # Backup-ed file will be store in this location /root/nambkup/

If any thing happened with Access Gateway or Identity Server you can use ./amrestore.sh to restore the last backup-ed configuration.

---------------------------------------------------------------------------------------------------------------------------------------------

Disclaimer: Content posted here worked for me and may not guarantee success, should be used as reference only and please use it cautiously.