Symantec IGA

  • Private Community
 View Only

  • 1.  Backup location

    Posted Jul 13, 2020 06:43 AM
    Dear Team,

    We are planning to backup the identity suite Vapp.

    The instructions in the documentation (link below) are quite vague.  They note that the vApp node can be backed up using

    backupVapp

    and restored using 

    restoreVapp

    Administering Virtual Appliance

    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-suite/14-2/virtual-appliance/administering-virtual-appliance.html#concept.dita_e794365581df3d11e5f66816b7288d2880d476aa_BackupandRestoreVirtualAppliance


    Please could you share the location where that backup is located after type backupVapp?
    Because we have backup team who will also take backup for future reference.

     



    ------------------------------
    Network and security Engineer technical associative
    Cas Trading House
    Putalisadak, KTM
    ------------------------------


  • 2.  RE: Backup location

    Broadcom Employee
    Posted Jul 13, 2020 08:34 AM
    Hi Sudip,

    When you complete the back up it tells you the path it archived to.  Most likely its going to archive to /home/config.

    See below for backup example:

    Do you want to take a backup of existing User Store and Provisioning Directory Data? (Choosing "N" will backup only configurations) (Y/N)? Y

    The vApp backup tool dumps User Store and Provisioning Directory data using the "dxdumpdb" command
    This command requires that the correspondings DSAs are in stopped state

    The following DSAs are started:
    UserStore_userstore-01
    ca-prov-srv-01-impd-co
    ca-prov-srv-01-impd-main
    ca-prov-srv-01-impd-inc
    ca-prov-srv-01-impd-notify

    Do you want the tool to stop all started DSAs in order to take a backup (Y/N)? Y

    [INFO] Stopping all DSAs
    Backing up DSA UserStore_userstore-01 [OK]
    Backing up DSA ca-prov-srv-01-impd-co [OK]
    Backing up DSA ca-prov-srv-01-impd-main [OK]
    Backing up DSA ca-prov-srv-01-impd-inc [OK]
    Backing up DSA ca-prov-srv-01-impd-notify [OK]

    Do you want to take a backup of the local Oracle XE embedded database? This will stop the database and all Wildfly-based products: IM, IP and IG (Y/N)? N
    [INFO] Creating archive: vApp_backup_14.3.0_ng891566-imag-Vapp03.lvn.broadcom.net_20200713_022527.tgz

    On the next screen, you will be asked to enter a password to encrypt the backup archive
    Press <RETURN> to proceed
    [INFO] Encrypting archive
    [INFO] vApp backup archive was successfully created
    Path: /home/config/vApp_backup_14.3.0_ng891566-imag-Vapp03.lvn.broadcom.net_20200713_022527.tgz.gpg
    Size: 560M

    Also it is recommended when you are doing any type of implementation/upgrade to your Vapp that your VM team performs a system level backup as well.

    Thank you,
    Nicole
    Original Message


  • 3.  RE: Backup location

    Posted Jul 15, 2020 01:11 AM
    Dear Nicole,

    Please could you tell me form backupvapp command which file will be backup?
    Is this backup sufficient for disaster scenarios?

    Is required to take a backup of given below
    1. Identity Manager directories backup
    2. Identity Manager environment backup
    3. Identity Portal Backup
    4. Folder Backup Process of IDM: -
    opt/ca
    5. Database Backup

    Thank you,

    ------------------------------
    Network and security Engineer technical associative
    Cas Trading House
    Putalisadak, KTM
    ------------------------------

    Original Message


  • 4.  RE: Backup location

    Broadcom Employee
    Posted Jul 15, 2020 01:31 AM
    Hi Sudip,

    backupVapp/restoreVapp utility backups and restores OS files, such as /etc/hosts and files under /etc/sysconfig/network-scripts directory. Those OS files contain hostname and IP address info. So you cannot restore this backup into vApp box with different hostname or IP.

    When you have multiple vApp nodes with multiple US or PS, backupVapp/restoreVapp may involve backing up or restoring CA Directory data. In that case, documentation states the following

    -- from here --

    The backupVapp and restoreVapp aliases do not restore CA Directory DSA data in a multiwrite-DISP recovery environment. One such example of a multiwrite-DISP environment is the deployment of User Store and Provisioning Store on multiple Virtual Appliance nodes.

    To backup data in a multiwrite-DISP environment, do the following:

    • Shutdown the deployed services (Identity Manager, Provisioning Store, Identity Governance, Identity Portal) on all nodes.
    • Use the backupVapp alias to take a backup of all the Virtual Appliance nodes.
    • Backup the external database.

      To restore data in a multiwrite-DISP environment, use the restoreVapp alias to restore backup files on all the Virtual Appliance nodes including the external database to maintain data integrity.

      -- until here --

      Please refer https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-suite/14-2/virtual-appliance/administering-virtual-appliance/using-the-login-shell.html (backupVapp/restoreVapp section) for more details.

      Please use different approach for disaster recovery. Our recommendation for DR environment is based on the following documentation (please see the "Disaster Recovery (DR) Environment" section)

      https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-suite/14-2/ca-identity-suite-reference-architecture/foundation-physical-architecture/foundation-logical-architecture-and-network-context.html

      Please refer to below documentation for deploying vApp DR System

      https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-suite/14-2/virtual-appliance/installing-virtual-appliance/deploying-redundant-system-without-starting-any-services.html

      Above DR system is the best recommendation and designed for less down time when production nodes are down and required recovery.

      Another option which may require you to liaise with VM admin is recovery using VM snapshot backup. In this case, a good set of VM snapshot backup will also include the external database backup besides all VM vApp nodes snapshot backup. However, in this case you may need to shutdown applications (Identity Manager, Provisioning Store, Identity Governance, Identity Portal) on all vApp nodes before doing the VM snapshot backup to maintain data integrity.




      ------------------------------
      Regards,
      Widjaja
      ====================
      Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.

      Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio
      ------------------------------

      Original Message


    1. 5.  RE: Backup location

      Posted Jul 15, 2020 08:05 AM
      Dear Widjaja

      Yes, we are planning for DR but unfortunately, we are face issues in DR. As you shared document I configure like that but in DR node the I'm server is not able to start so please any place where DR is configured please help to share the experience.
      and if possible to provide a document?

      ------------------------------
      Network and security Engineer technical associative
      Cas Trading House
      Putalisadak, KTM
      ------------------------------

      Original Message