search cancel

Disaster Recovery procedure for Symantec Data Center Security Server: Server Advanced (SDCSSA)

book

Article ID: 162273

calendar_today

Updated On:

Products

Data Center Security Server Data Center Security Server Advanced

Issue/Introduction

You would like to know data to backup in order to be able to rebuild Symantec Data Center Security Server: Server Advanced (SDCSSA) in the case of a failure.

 

Resolution

How to make a full SDCS:SA Server backup?

 
1) Stop "Symantec Data Center Security Server Manager" service
 
 
2) Make a database backup (http://msdn.microsoft.com/en-us/library/ms186289.aspx). As an example (your company DBA is the only person responsible for this), here is a way to do it on SQL Server 2008:
 
 - Login to SQL Server Management Studio
 
 - Browse Databases, and right-click on SCSPDB database
 
 - Click on Tasks > Backup, then configure the backup settings and run it
 
    
 
From DCS:SA version 6.6 and later additional database backup steps is required
 

Browse Databases, and right-click on DCSC_UMC database

 - Click on Tasks > Backup, then configure the backup settings and run it

 
 

 

3) Make a copy of certificates and server settings (below are default paths on 32bit system):

The certificates can be found at the following locations:

{Drive}\Program Files (x86)\Symantec\Data Center Security Server\Server\server-cert.ssl
{Drive}\Program Files (x86)\Symantec\Data Center Security Server\Server\agent-cert.ssl
{Drive}\Program Files (x86)\Symantec\Data Center Security Server\Server\sss.ssl
{Drive}\Program Files (x86)\Symantec\Data Center Security Server\Server\umcserver.ssl
{Drive}\Program Files (x86)\Symantec\Data Center Security Server\Server\jre\lib\security\cacerts
{Drive}\Program Files (x86)\Symantec\Data Center Security Server\Server\umc\umcCA\certs\rootkey.cer
{Drive}\Program Files (x86)\Symantec\Data Center Security Server\Server\tomcat\conf​\server.xml

 The agent-cert.ssl is used for the day to day install of agents so it a must have cert that needs to be preserved so you can add more agents in the future, but when dealing with a disaster recovery drill or the real things all you need to have to install and connect a manager to your database is the server.xml and the server-cert.ssl.
 
4) Note all settings used during initial SDCSSA install: ports, database instance (SCSP by default), database name (SCSPDB by default), database account (scspdba by default) and password, install path.
Additionally, you may export SCSP database accounts/passwords from SQL Server database (http://support.microsoft.com/kb/246133/).
 
 
5) Start "Symantec Data Center Security Server Manager" service
 
 
 
 
 
How to recover SDCSSA Server?
 
 
IMPORTANT: it is necessary to reinstall SDCS Server on a machine with the same hostname/IP address to recover server-agent communication (see TECH116309 for more details).
 
 
 
Situation A - Database backup not available, but you want to recover at least Server-Agent communication
 
 
 
 
Situation B - Only database content has been corrupted, database structure is still valid
 
1) Stop "Symantec Data Center Security Server Manager" service
 
 
2) Restore database backup
 
 
3) If any database account needs to be re-created, you can find below their default configuration:
 
   - scsp_ops in Security > Logins
 
    
 
    
 
    
 
   - scsp_ops in SCSPDB > Security > Users
 
    
 
   - scsp_plugin in Security > Logins
 
    
 
    
 
    
 
   - scsp_plugin in SCSPDB > Security > Users
 
    
 
  - scspdba in Security > Logins
 
    
 
    
 
    
 
"sp_change_users_login" can be used as well to fix orphan account issue (http://msdn.microsoft.com/en-us/library/ms174378.aspx).
 
 
4) If needed, reinstall SCSP Server as described in "Begin re-installation of the SCSP Manager, making sure to select TOMCAT only" section from HOWTO119461 article (steps 9 to 14 should not be required).
Otherwise, start "Symantec Data Center Security Server Manager" service.
 
 
 
Situation C - SDCSSA server database needs to be completely rebuilt
 
1) Reinstall SDCSSA Management Server choosing to recreate the database schema, using previous SDCSSA Server install settings
 
    
 
 
2) Stop "Symantec Data Center Security Server Manager" service
 
 
3) Restore SCSP Server database backup over the new database created in previous step
 
 
4) Replace all certificate files and server.xml by the ones you backup previously (below are default paths on 32bit system):
 
C:\Program Files (x86)\Symantec\Data Center Security Server\Server\server-cert.ssl
C:\Program Files (x86)\Symantec\Data Center Security Server\Server\tomcat\conf​\server.xml
The agent-cert.ssl is used for the day to day install of agents so it a must have cert that needs to be preserved so you can add more agents in the future, but when dealing with a disaster recovery drill or the real things all you need to have to install and connect a manager to your database is the server.xml and the server-cert.ssl.​
 
 
5) If any database account needs to be re-created, you can find their configuration above, and use as well "sp_change_users_login" (see above for more details).
scsp_ops password can be then set appropriately in SQL Server Management Studio by following steps 9 to 13 from HOWTO119461 article.
 
 
6) Start "Symantec Data Center Security Server Manager" service
 

 

Applies To

SCSP Server with SQL Server database.

 

Attachments