|Oracle® Communications Services Gatekeeper System Backup and Restore Guide
Part Number E16624-02
The following sections provide information and procedures for backing up the primary configuration artifacts of a Oracle Communications Services Gatekeeper domain.
Recovery from the failure of a server instance requires access to the domain's configuration and security data. Services Gatekeeper can be configured to perform certain domain backups automatically. The administrator must also perform a manual backup of the domain configuration artifacts and store those backups outside of the actual domain directory.
By default, the Administration Server stores a domain's primary configuration data in a file called Domain_Home/config/config.xml, where Domain_Home is the root directory of the domain. The primary configuration file may reference additional configuration files for specific Oracle Fusion Middleware WebLogic Server services, such as JDBC and JMS. The configuration for specific services is stored in additional XML files in subdirectories of the Domain_Home/config directory, such as Domain_Home/config/jms and Domain_Home/config/jdbc.
The Administration Server can automatically archive multiple versions of the domain configuration (the entire Domain_Home/config directory). The configuration archives can be used for system restoration in cases where accidental configuration changes need to be reversed. For example, if an administrator accidentally removes a configured resource, the prior configuration can be restored by using the last automated backup.
The Administration Server stores a finite number of automated backups locally in Domain_Home/config. For this reason, automated domain backups are limited in their ability to guard against data corruption, such as a failed hard disk. Automated backups also do not preserve certain configuration data that is required for full domain restoration, such as LDAP repository data and server start-up scripts. Oracle recommends that you also maintain multiple backup copies of the configuration and security offline, in a source control system, as described in "Backing Up Domain Security Data".
Follow these steps to enable automatic domain configuration backups on the Administration Server for your domain:
Access the Administration Console for your domain.
In the left pane of the Administration Console, select the name of the domain.
In the right pane, click the Configuration tab and then the General tab.
In the Advanced Options bar, click Show.
In the Archive Configuration Count box, enter the maximum number of configuration file revisions to save.
When you enable configuration archiving, the Administration Server automatically creates a configuration JAR file archive each time the Administrator uses the Activate Changes button in the Administration Console to change the active configuration. The JAR file contains a complete copy of the previous configuration (the complete contents of the Domain_Home/config directory). JAR file archive files are stored in the Domain_Home/configArchive directory. The files use the naming convention config-number.jar, where number is the sequential number of the archive.
When you save a change to a domain's configuration, the Administration Server saves the previous configuration in Domain_Home/configArchive/config.xml#n. Each time the Administration Server saves a file in the configArchive directory, it increments the value of the
#n suffix, up to a configurable number of copies - 5 by default. Thereafter, each time you change the domain configuration:
The archived files are rotated so that the newest file has a suffix with the highest number.
The previous archived files are renamed with a lower number.
The oldest file is deleted.
Keep in mind that configuration archives are stored locally within the domain directory, and they may be overwritten according to the maximum number of revisions you selected. For these reasons, you must also create your own off-line archives of the domain configuration, as described in "Storing the Domain Configuration Offline".
Although automatic backups protect against accidental configuration changes, they do not protect against data loss caused by a failure of the hard disk that stores the domain configuration or against accidental deletion of the domain directory. To protect against these failures, also store a complete copy of the domain configuration offline.
Oracle recommends storing a copy of the domain configuration at regular intervals. For example, back up a new revision of the configuration when:
You first deploy the production system.
You add or remove deployed applications.
The configuration is tuned for performance.
Any other permanent change is made.
The domain configuration backup should contain the complete contents of the Domain_Home/config directory. For example:
cd Domain_Home/user_projects/domains/mydomain tar cvf domain-backup-06-17-2007.jar config
Store the new archive in a source control system, preserving earlier versions should you need to restore the domain configuration to an earlier point in time.
The Oracle Fusion Middleware security service stores its configuration data config.xml file and also in an LDAP repository and other files. As with the Domain_Home/config directory, a copy of the LDAP repository and security files should be stored offline each time you make a change to the security configuration.
The default Authentication, Authorization, Role Mapper, and Credential Mapper providers that are installed with Services Gatekeeper store their data in an LDAP server. Each Services Gatekeeper server instance contains an embedded LDAP server. The Administration Server contains the master LDAP server, which is replicated on all Managed Servers. If any of your security realms use these installed providers, you should maintain an up-to-date backup of the following directory tree:
where Domain_Home is the domain's root directory and adminServer is the directory in which the Administration Server stores runtime and security data.
Each Services Gatekeeper server has an LDAP directory, but you only need to back up the LDAP data on the Administration Server. The master LDAP server replicates the LDAP data from each Managed Server when updates to security data are made. Oracle Fusion Middleware security providers cannot modify security data while the domain's Administration Server is unavailable. The LDAP repositories on Managed Servers are replicas and cannot be modified.
The ldap/ldapfiles subdirectory contains the data files for the LDAP server. The files in this directory contain user, group, group membership, policies, and role information. Other subdirectories under the ldap directory contain LDAP server message logs and data about replicated LDAP servers.
Do not update the configuration of a security provider while a backup of LDAP data is in progress. If a change is made - for instance, if an administrator adds a user - while you are backing up the ldap directory tree, the backups in the ldapfiles subdirectory could become inconsistent. If this does occur, consistent but potentially out-of-date LDAP backups are available.
Once a day, a server suspends write operations and creates its own backup of the LDAP data. It archives this backup in a ZIP file below the ldap/backup directory and then resumes write operations. This backup is guaranteed to be consistent, but it might not contain the latest security data.
For information about configuring the LDAP backup, see “Configure backups for embedded LDAP servers” in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help at:
All servers create a file named SerializedSystemIni.dat and place it in the Domain_Home/security directory. This file contains encrypted security data that must be present to boot the server. You must back up this file.
If you configured a server to use SSL, also back up the security certificates and keys. The location of these files is user-configurable.
Certain additional files maintained at the operating system level can be helpful when recovering from a system failure. Consider backing up the following information as necessary for your system:
Load Balancer configuration scripts. For example, any automated scripts used to configure load balancer pools and virtual IP addresses for the engine tier cluster, as well as NAT configuration settings.
NTP client configuration scripts used to synchronize the system clocks of engine and data tier servers.
Host configuration files for each Services Gatekeeper machine: host names, virtual and real IP addresses for multihomed machines, IP routing table information.
Managed Server start scripts. In a Services Gatekeeper deployment, the start scripts used to boot Access and Network tier servers are generally customized to include configuration information such as JVM Garbage Collection parameters and other tuning parameters.
As with offline backups of the domain configuration, Oracle recommends storing multiple copies of the above files in a source control repository.