This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Edirectory Backup Strategy
Edirectory Backup Strategy

Version management

Difference between version and

At line 1 added 116 lines
!!!Ignore backups, they are worthless [1]
Never worry about backups, only worry about restores. We know that may sound silly, but it is amazing how many times we have found out the brilliant backup strategy would not restore.
%%warning
Consult the Vendor's Documentation.
%%
You should have a plan for [Edirectory Disaster Recovery].
!! TEST AND PRACTICE YOUR RESTORE STRATEGY OFTEN
The time to try your recovery strategy is not when there are 100+ people waiting on you and the boss is standing over your shoulder.
Test it and practice it so you are not paranoid when doing the restore under pressure.
!!! Machine Restore
None(?) of Novell's documentation include the statement that it is implied that the machine that eDirectory is running on is expected to be running as it was at the time of failure.
This includes:
* The directories are the same
* User accounts are the same
* (windows) Registry entries are the same
* The same Versions of the binaries are installed
!!Read Novell's Documentation
Read and understand the [Novell Documentation|http://www.novell.com/documentation/edir88/edir88/?page=/documentation/edir88/edir88/data/a2n4mb6.html|target='_blank']. It is more current that this site.
!!![DSBK] (or [EMBox]) verses NDSBACKUP (or LDIF)
There are two normal scenarios that you want to be able to restore.
[DSBK] (or EMBox) verses [NDSBACKUP] (or LDIF) tools are made for completely different scenarios.
Using them together is the best option for having as many restore options as possible. NDSBACKUP (or LDIF) will never work well when you lose a server, and DSBK (or EMBox) is the wrong option for restoring individual entries.
__We recommend using both__, each for their own benefits.
!!!Total Loss of Server(s)
Doing an DSBK (or EMBox) backup is the easiest supported way to restore an entire database and get the server up to the time the box crashed, but DSBK (or EMBox)
requires some setup of its own ahead of time.
See Novell's Current Documentation for eDirectory. Last known URL: [http://www.novell.com/documentation/edir88/edir88/?page=/documentation/edir88/edir88/data/a2n4mb6.html]
!!! Loss or Corruption of a few Entries
!! LDIF
We like LDIF as it is well known entity and is well known and transportable.
However, LDIF will not, by itself, backup passwords. You could use our [Dump Edirectory Password Information Tool] to put passwords into an LDIF file.
!! [NDSBACKUP]
[NDSBACKUP] also works well and is easier than LDIF to backup but we think a little harder to perform a restore for a few entries.
[NDSBACKUP] does do passwords.
!! NICI Tree Key Provider
%%information
Do NOT forget about your NICI Keys.
%%
Regardless of your backup methods you should use [NICI Backup Procedures]
* [What is the NICI SDI Tree Key Provider and why it matters.|NICITreeKeyProvider]
* [NICI SDI Tree Key Provider Fault Tolerance|NICISDITreeKeyProviderFaultTolerance]
* [NICI File Locations|NICI File Locations]
!! [Script For Backing Up Edirectory]
We prefer to do both a [DSBK] and LDIF backup.
We wrote a script that we use at a lot of clients to [backup EDirectory|Backing Up Edirectory|Script For Backing Up Edirectory].
!! Back Up DIB Directory
We use a one line command for backing up the DIB, done in a automation script which can be done with [cron jobs|NDSCron.tab]
We can completely restore a crashed server or the entire tree from this one file.
The line basically goes like this:
{{{
tar cvfz 2010-02-16-testbackup.tgz /etc/opt/novell/eDirectory/conf/nds.conf /etc/opt/novell/eDirectory/conf/ndsimon.conf /etc/opt/novell/eDirectory/conf/ndssnmp/ndssnmp.cfg /etc/opt/novell/eDirectory/conf/ndssnmp/ndstrap.cfg /var/opt/novell/eDirectory/data/dib/_ndsdb.ini /var/opt/novell/eDirectory/data/dib /var/opt/novell/nici
}}}
You can view what is in the file with:
{{{
tar -tvf 2010-02-16-testbackup.tgz |less
}}}
!! Passwords
Hopefully your careful attention to detail will allow you to be able to recover passwords.
* DSBK will backup and recover passwords
* LDIF probably will not.
To be extra careful, you might want to use our [Dump Edirectory Password Information Tool] so you are covered.
!!!Tree Certificate Authority
Private Key
[Backing Up The Tree Certificate Authority|Backing Up The Organizational CA]
[TreeCABackup]
!!! Backup Admin Account
If the password is lost or if the Admin account should be deleted or corrupted, recovery of the Admin account would require Novell to call in and set a password or create a new entry.
Often this can cause ongoing operations to be severaly impaired.
Please create a second account with all rights to the root of the tree now.
!!! Identity Manager Backup
As code and parameters within IDM do change over time, it is reccomended that the following be performed:
* Export all drivers to a "configuration" file.
* Export all the DriverSets to a "configuration" file.
* Export the GCVs for all the driverSets to an XML file perodically.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Backing Up and Restoring NetIQ eDirectory|https://www.netiq.com/documentation/edirectory-9/edir_admin/data/a2n4mb6.html|target='_blank'] - based on information obtained 2017-02-05
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop