Issue/Introduction:
Description:
This document is describing the steps necessary to perform an offline backup of the full SSO Server and its options and how to perform regular online copies of its embedded repositories.
Moreover it is demonstrating how to perform a disaster recovery procedure by restoring the full SSO Server and latest repository snapshots utilising the previously created backup data.
Solution:
The following Disaster Recovery procedure has been tested with SSO r12.1 CR5 on W2k3 R2 SP2+
BACKUP
Full Offline Backup
- Run these commands in a cmd to shutdown all repositories
net stop ssod
dxserver stop all
secons -s
- In the OS Service Control Manager shutdown all remaining CA Services
- Run %SystemRoot%\system32\ntbackup.exe
(or an equivalent backup tool capable of backing up and restoring NTFS meta data like file system permissions and Registry)
select "C:\Program Files\CA", "C:\Windows" and "System State" to backup
Differential Online Backup of CA DIR and CA AC
CA DIR based PS DSA is containing the target applications login information and other relevant data.
- To schedule a periodic snapshot of the DSA edit its config file:
%dxhome%\config\settings\PS_localhostname.dxc
- Add the following line to the end of the file to schedule an hourly copy of the database
dump dxgrid-db period 0 3600;
- Restart the DSA or submit in a cmd
dxserver init all
- This will create a backup file
%dxhome%\data\PS_localhostname.zdb
which you need to copy to the target backup media e.g. by using ntbackup
Note:
In most cases there is no need to perform a periodic snapshot of the Token Datastore PSTD since its contents are volatile anyway and will be regenerated e.g. upon next login of the SSO Clients
CA AC based seosdb is containing SSO Server configuration data, application definitions and other relevant data
- To perform an one time snapshot of the seosdb run in a cmd
dbmgr -backup C:\seosdb.backup
To schedule an hourly snapshot of the seosdb using the Windows task scheduler run in a cmd
schtasks /create /sc hourly /tn "seosdb backup" /tr "dbmgr -backup C:\seosdb.backup"
- Copy the folder C:\seosdb.backup to the target backup media e.g. by using ntbackup
RESTORE
Full Restore
- Install the OS with same hostname and IP-address
- Run %SystemRoot%\system32\ntbackup.exe
(or an equivalent backup tool capable of backing up and restoring NTFS meta data like file system permissions and Registry)
- Locate the last offline backup media of the SSO Server
select "C:\Program Files\CA", "C:\Windows" and "System State" for restore
- Restore Options:
Always replace the file on my computer
- Advanced Restore Options:
Restore security
- Reboot the system and verify that all is working fine, e.g SSO Clients can logon to the SSO Server and launch applications
Restore the differential backup of CA DIR and CA AC
After the Full Restore you need to restore the latest differential backup data
- Run these commands in a cmd to shutdown all repositories
net stop ssod
dxserver stop all
secons -s
- In the OS Service Control Manager shutdown all remaining CA Services
- Run %SystemRoot%\system32\ntbackup.exe or whatever was used to backup the CA DIR and CA AC snapshot data
CA DIR
- Locate on the backup media the last copy of PS_localhostname.zdb
- Restore the file to
%dxhome%\data
- In e.g. Explorer
delete the existing file %dxhome%\data\PS_localhostname.db
rename PS_localhostname.zdb to PS_localhostname.db
CA AC
- Locate on the backup media the last copy of seosdb.backup
- Restore the files to
C:\Program Files\CA\Access Control\Data\seosdb
replacing existing files
Reboot the system and verify that all is working fine, e.g SSO Clients can logon to the SSO Server and launch applications
Please see also SSO r12.1 Implementation Guide "CA SSO Server Data Backup" for further details.
The document can be viewed / retrieved from
https://support.ca.com/cadocs/7/CA%20Single%20Sign-On%2012%201-ENU/Bookshelf.html
Environment:
Release:
Component: SMPLC