Backup SSO Server

Document ID : KB000049466
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

This document is describing the steps necessary to perform an offline backup of the full SSO Server and its options and how to perform regular online copies of its embedded repositories.

Moreover it is demonstrating how to perform a disaster recovery procedure by restoring the full SSO Server and latest repository snapshots utilising the previously created backup data.

Solution:

The following Disaster Recovery procedure has been tested with SSO r12.1 CR5 on W2k3 R2 SP2+

BACKUP

Full Offline Backup

  • Run these commands in a cmd to shutdown all repositories
    net stop ssod
    dxserver stop all
    secons -s

  • In the OS Service Control Manager shutdown all remaining CA Services

  • Run %SystemRoot%\system32\ntbackup.exe

(or an equivalent backup tool capable of backing up and restoring NTFS meta data like file system permissions and Registry)

select "C:\Program Files\CA", "C:\Windows" and "System State" to backup

Differential Online Backup of CA DIR and CA AC

CA DIR based PS DSA is containing the target applications login information and other relevant data.

  • To schedule a periodic snapshot of the DSA edit its config file:

    %dxhome%\config\settings\PS_localhostname.dxc

  • Add the following line to the end of the file to schedule an hourly copy of the database

    dump dxgrid-db period 0 3600;

  • Restart the DSA or submit in a cmd
    dxserver init all

  • This will create a backup file

    %dxhome%\data\PS_localhostname.zdb

which you need to copy to the target backup media e.g. by using ntbackup

Note:

In most cases there is no need to perform a periodic snapshot of the Token Datastore PSTD since its contents are volatile anyway and will be regenerated e.g. upon next login of the SSO Clients

CA AC based seosdb is containing SSO Server configuration data, application definitions and other relevant data

  • To perform an one time snapshot of the seosdb run in a cmd

    dbmgr -backup C:\seosdb.backup

    To schedule an hourly snapshot of the seosdb using the Windows task scheduler run in a cmd

    schtasks /create /sc hourly /tn "seosdb backup" /tr "dbmgr -backup C:\seosdb.backup"

  • Copy the folder C:\seosdb.backup to the target backup media e.g. by using ntbackup

RESTORE

Full Restore

  • Install the OS with same hostname and IP-address

  • Run %SystemRoot%\system32\ntbackup.exe

    (or an equivalent backup tool capable of backing up and restoring NTFS meta data like file system permissions and Registry)

  • Locate the last offline backup media of the SSO Server

    select "C:\Program Files\CA", "C:\Windows" and "System State" for restore

  • Restore Options:
    Always replace the file on my computer

  • Advanced Restore Options:
    Restore security

  • Reboot the system and verify that all is working fine, e.g SSO Clients can logon to the SSO Server and launch applications

Restore the differential backup of CA DIR and CA AC

After the Full Restore you need to restore the latest differential backup data

  • Run these commands in a cmd to shutdown all repositories
    net stop ssod
    dxserver stop all
    secons -s

  • In the OS Service Control Manager shutdown all remaining CA Services

  • Run %SystemRoot%\system32\ntbackup.exe or whatever was used to backup the CA DIR and CA AC snapshot data

CA DIR

  • Locate on the backup media the last copy of PS_localhostname.zdb

  • Restore the file to

    %dxhome%\data

  • In e.g. Explorer

    delete the existing file %dxhome%\data\PS_localhostname.db

    rename PS_localhostname.zdb to PS_localhostname.db

CA AC

  • Locate on the backup media the last copy of seosdb.backup

  • Restore the files to

    C:\Program Files\CA\Access Control\Data\seosdb

    replacing existing files

    Reboot the system and verify that all is working fine, e.g SSO Clients can logon to the SSO Server and launch applications

    Please see also SSO r12.1 Implementation Guide "CA SSO Server Data Backup" for further details.

    The document can be viewed / retrieved from

    https://support.ca.com/cadocs/7/CA%20Single%20Sign-On%2012%201-ENU/Bookshelf.html
File Attachments:
TEC574922.zip