Is it possible to move Derby DB to External DB? If thats not possible, how to preserve Derby DB data effectively.
Are you referring to Policy Store?
No, Derby DB in Admin UI.
which is under the path installation_path/adminui/standalone/data/derby/siteminder/.
Which I presume is Administrator Store. And move this to external DB without reinstalling Admin UI.
Actually this is the stores the tasks information. which says who did what.
These details are stored in Derby DB and these gets deleted everytime when a upgrade or reinstallation is done. We want to avoid this.
so how is it possible to move the Derby Db date to external DB or preserve it every time.
Any ideas or comments on how to accomplish this?
There isn't really a documented steps from CA/Broadcom to migrate Admin UI's Derby DB to an external DB. Even before doing that I would ask this question myself, is it worth spending on this - effort/infrastructure/maintenance...etc?
However if this is your requirement and looking for some guidance, here it is:
- Admin UI uses Apache Derby DB as the embedded database which you could use any RDBMS SQL client to export the data to preserve it.
- Having said that migrating to an external DB and connecting your functional Admin UI may not be supported which you may need to open a support case with Broadcom to get their feedback.
I would suggest to open an Idea in communities, If you think this is one of the feature which you are looking forward to see as part of the product.
Hope this helps !!!
I agree to your point in opening up an idea and support case. But this might be required by most of the organizations, especially if its banking and insurance sector.
If the Admin UI is upgraded or re-installed, the tasks which is captured and stored in the derby DB is lost and hence there is no record of who did what and a fresh Derby DB store is created.
Losing track of tasks performed, unable to identify the risk involved.
Workaround and obstacles:
Yes, as a work around we could connect this to some SIEM tool to capture the tasks from the store, but that would again be customized, as we need to share credentials and other details with a different team. However, if we could do this on our own, either by exporting to external DB or LDAP or copy and move it to different directory manually.
As you suggested, if i have to export to an external DB( RDBMS SQL client in this case) what are the things, I should be considering to create an external DB, what would be the structure of the schema that should be created.