This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Novell IDM Fail-Over
Novell IDM Fail-Over

Version management

Difference between version and

At line 1 added 78 lines
!!! Provide Backup and Recovery%%warning
This is a critical problem that needs immediate attention.
%%
!!! Backup Admin Accounts
As a best practice the following is recommended:
!! Create a backup admin account
Create a backup admin account so recovery can be done if the primary admin account is lost due to:
** bad password
** deleted
** corrupted entry
** Whatever else.
!! Create Separate accounts for each application
** Grant rights only as needed
** DO not use ADMIN Accounts.
! Use Group to Manage Rights
Create groups for various application accounts and add the ACL to the Groups. Generally never assign rights to a single user entry.
All groups or backup admins with higher privileges than a normal user should be created only in the admins container.
!!! NDS Backup and Recovery
For NDS Backup and Recovery on all IDV and AUTH (LDAP) servers Our Recommendation is that the following commands (or something similar) be scheduled as appropriate for YOUR ORGANIZATION'S environment.
! [Review Novell's Documentation.|http://www.novell.com/documentation/edir88/edir88/?page=/documentation/edir88/edir88/data/a2n4mb6.html]
(http://www.novell.com/documentation/edir88/edir88/?page=/documentation/edir88/edir88/data/a2n4mb6.html)
!FULL Backup once a week, could be done on Weekend. (Windows shown here)
{{{
...\Novell\NDS\dhostcon.exe 10.###.###.### load dsbk backup -b -e secretNICIpassword -f X:\backup\2010-11-01-03-full.bac -l E:\novell\logs\backup\2010-11-01-03-dsbackup-full.log -t -w
}}}
!Incremental backup done at least once a day: (Windows shown here)
{{{
...\Novell\NDS\dhostcon.exe 10.###.###.### load dsbk backup -i -f X:\backup\2010-11-01-01-incremental.bac -l E:\novell\logs\backup\2010-11-01-01-dsbackup-incremental.log -t -w
}}}
The output of the log files should be reviewed and recovery of a system should be performed to ensure confidence in the restore proceedure.
These commands can be placed in a suitable "script" file and run through the "Windows Task Scheduler"
!!! NAM Backup and Recovery
! [Review Novell's documentation|http://www.novell.com/documentation/novellaccessmanager31/overviewhelp/?page=/documentation/novellaccessmanager31/overviewhelp/data/b5ve1by.html]
(http://www.novell.com/documentation/novellaccessmanager31/overviewhelp/?page=/documentation/novellaccessmanager31/overviewhelp/data/b5ve1by.html)
For the NAM environments there is a Novell Provided script,
{{{
C:\Program Files\Novell\bin\ambkup.bat
}}}
that can also be, with minor modification be run through the "Windows Task Scheduler".
This should execute on the NAM primary Administration Console servers. The batch file will prompt for passwords and authentication so typically this file would be copied and modified to prevent the prompting.
Be careful as Novell upgrades will overwrite the existing script and may make changes to the operation of the script.
The backup script backs up the objects in the ou=accessManagerContainer.o=novell container. It does not back up the following:
* Admin user account and password
* Delegated administrator accounts, their passwords, or rights
* Role Based Services (RBS) configuration - Delegated Admins
* Modified configuration files on the devices such as the web.xml file
* Local files installed on devices such as touch files or log files
* Custom login pages, custom error pages, or custom messages as identified:
** [NAM Custom Files]
** IDP Backup
** LAG Backup
* You need to perform you own backup of custom or modified configuration files.
!! [NAM Custom Files]
Finally, most organizations have several customized JSP, Java Program files, or custom messages, used in at least NAM and the User Application that should be documented in a well known place and the source code managed for changes to know what file would need to be installed where when building another environment and for general troubleshooting reasons.
As these files are __NOT__ backed up by Novell scripts and will probably be overwritten by NAM Upgrade, backing up the [NAM Custom Files] should be done as described below:
* IDP Backup
* LAG Backup
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop