Provide Backup and Recovery#
Backup Admin Accounts#As a best practice the following is recommended:
Create a backup admin account#Create a backup admin account so recovery can be done if the primary admin account is lost due to:
- bad password
- corrupted entry
- Whatever else.
Create Separate accounts for each application#
- Grant rights only as needed
- DO not use ADMIN Accounts.
Use Group to Manage Rights#Create groups for various application accounts and add the ACL to the Groups. Generally never assign rights to a single user entry.
All groups or backup admins with higher privileges than a normal user should be created only in the admins container.
NDS Backup and Recovery#For NDS Backup and Recovery on all IDV and AUTH (LDAP) servers Our Recommendation is that the following commands (or something similar) be scheduled as appropriate for YOUR ORGANIZATION'S environment.
FULL Backup once a week, could be done on Weekend. (Windows shown here)#
...\Novell\NDS\dhostcon.exe 10.###.###.### load dsbk backup -b -e secretNICIpassword -f X:\backup\2010-11-01-03-full.bac -l E:\novell\logs\backup\2010-11-01-03-dsbackup-full.log -t -w
Incremental backup done at least once a day: (Windows shown here)#
...\Novell\NDS\dhostcon.exe 10.###.###.### load dsbk backup -i -f X:\backup\2010-11-01-01-incremental.bac -l E:\novell\logs\backup\2010-11-01-01-dsbackup-incremental.log -t -wThe output of the log files should be reviewed and recovery of a system should be performed to ensure confidence in the restore proceedure.
These commands can be placed in a suitable "script" file and run through the "Windows Task Scheduler"
NAM Backup and Recovery#
For the NAM environments there is a Novell Provided script,
C:\Program Files\Novell\bin\ambkup.batthat can also be, with minor modification be run through the "Windows Task Scheduler".
This should execute on the NAM primary Administration Console servers. The batch file will prompt for passwords and authentication so typically this file would be copied and modified to prevent the prompting.
Be careful as Novell upgrades will overwrite the existing script and may make changes to the operation of the script.
The backup script backs up the objects in the ou=accessManagerContainer.o=novell container. It does not back up the following:
- Admin user account and password
- Delegated administrator accounts, their passwords, or rights
- Role Based Services (RBS) configuration - Delegated Admins
- Modified configuration files on the devices such as the web.xml file
- Local files installed on devices such as touch files or log files
- Custom login pages, custom error pages, or custom messages as identified:
- NAM Custom Files
- IDP Backup
- LAG Backup
- You need to perform you own backup of custom or modified configuration files.
As these files are NOT backed up by Novell scripts and will probably be overwritten by NAM Upgrade, backing up the NAM Custom Files should be done as described below:
- IDP Backup
- LAG Backup