9 Oracle Access Manager Backup and Recovery Strategies

Oracle recommends that you periodically backup Oracle Access Manager files and data from time to time so that you can recover from any unforeseen event and restore your Oracle Access Manager system. Topics in this chapter include:

• About Backup and Recovery Strategies

• Backup Recommendations

• Back Up Strategies for Deployment Events

• Recovery Strategies

About Backup and Recovery Strategies

This section introduced concepts and strategies for back up and recovery.

The term recovery describes a process where you can perform certain steps to undo an event, or change, and return to earlier data or an earlier status. Recovery might be as simple as modifying an entry in the System Console. However when the System Console is not involved, recovery strategies can be successful only when you have performed appropriate backup tasks.

In any deployment, it is important to make a back up copy from time to time. However, it is your own company policies that determine the backup schedule for information within an Oracle Access Manager deployment. Depending on your deployment scenario (development, staging, or production, for example) and the business requirements for sustainability, you may be required to make monthly, weekly, or even daily backups of component filesystem directories or configuration and policy data.

Backing up Oracle Access Manager-related data helps you prepare for any unintended situation that may arise. For example, you can:

• Restore an LDAP directory snapshot if Oracle Access Manager data becomes inconsistent or is corrupted as a result of changes that are external to Oracle Access Manager.

  For information about using Oracle Access Manager Configuration Manager to create snapshots of the oblix tree of the LDAP environment, see the Oracle Access Manager Configuration Manager Installation and Administration Guide. Using LDAP tools to export data from and import it to an LDAP directory or database are outside the scope of this manual.

• Roll back to undo everything that you have done and return to the starting point (or to the last back up copy). For example, when you are upgrading to a later release, you can roll back all changes and return to your earlier Oracle Access Manager release.

  Oracle recommends that you create a back up copy of product directories, files, and configuration data before and after upgrading to a later Oracle Access Manager release. For more information, see the Oracle Access Manager Upgrade Guide.

• Revert (roll back) the changes made during data migration using Oracle Access Manager Configuration Manager. For more information about migrating data between Oracle Access Manager deployments, and data migration transactions, see the Oracle Access Manager Configuration Manager Installation and Administration Guide.

For specific backup recommendations, see the next topic. For additional information, see "Back Up Strategies for Deployment Events".

Backup Recommendations

When you consider that Oracle Access Manager is a distributed solution, there are multiple backup requirements. For instance:

• Every Oracle Access Manager component installation directory on each computer host should be backed up at a file level (Identity Server, WebPass Policy Manager, Access Server, WebGate)

• Any custom plug-ins should be backed up at a file level

• Critical configuration details stored in an LDAP directory or database should be backed up using vendor tools. Alternatively, you can use Oracle Access Manager Configuration Manager to create a snapshot of the oblix tree of the LDAP directory as described in the Oracle Access Manager Configuration Manager Installation and Administration Guide.

Figure 9-1 illustrates a simple Oracle Access Manager deployment and the data that Oracle recommends you back up. If you have only the Identity System installed, you can ignore details for the Policy Manager, Access Server, and WebGate.

Figure 9-1 Oracle Access Manager Deployment Back Up Strategy

Description of "Figure 9-1 Oracle Access Manager Deployment Back Up Strategy"

As illustrated in Figure 9-1, each Oracle Access Manager component installation directory in the filesystem includes the following types of information:

• Program and library files

• Message and parameter catalogs

• Component-specific configuration files, which may include:

  • Failover configuration files

  • Stylesheets

  • Software developer kit (SDK) configurations

In addition to backing up every Oracle Access Manager component installation directory in the filesystem, Oracle recommends that you backup:

• Customizations: Independent filesystem directories that contain customized Oracle Access Manager plug-ins and stylesheets

• Updated Web Server Configurations: Web server configuration files that were updated to operate with Oracle Access Manager Web components

• Windows Systems: The Windows Registry on each Windows system that is hosting an Oracle Access Manager component

Figure 9-2 further illustrates the Oracle Access Manager deployment data that should be backed up, which includes the directory server instance.

Figure 9-2 Oracle Access Manager Data to Back Up

Description of "Figure 9-2 Oracle Access Manager Data to Back Up"

The directory server (or database) instance for an Oracle Access Manager deployment should be backed up. The information that is stored in the oblix tree of the directory server (or database) includes the Oracle Access Manager:

• Schema (directory objects and attributes specific to Oracle Access Manager)

• Configuration data

• User and group data

• Workflow data

  You can archive processed workflow instances and filter out transient data such as workflow tickets.

• Access policy data

Again, you can either use directory or database vendor tools to extract policy and configuration data in the oblix tree or use Oracle Access Manager Configuration Manager to create a snapshot of the oblix tree.

Back Up Strategies for Deployment Events

As part of the deployment planning process, Oracle recommends that your and your team review the following information to plan an appropriate backup strategy for specific deployment tasks.

Oracle recommends that you make a full and complete backup of specific directories and data in the following situations:

• Immediately before installing Oracle Access Manager in a production environment. For more information, see "Backing Up Before Oracle Access Manager Installation".

• Immediately after installing and setting up Oracle Access Manager in a production environment. For more information, see "Backing Up After Oracle Access Manager Installation".

• Immediately before, and after, applying policy changes to Oracle Access Manager deployments. For information about using Oracle Access Manager Configuration Manager to create snapshots of the oblix tree of the LDAP environment, see the Oracle Access Manager Configuration Manager Installation and Administration Guide.

• Immediately after customizing Oracle Access Manager, as described in "Backing Up After Customizing Oracle Access Manager".

• Immediately before upgrading from an earlier Oracle Access Manager release component to a later release. For more information, see "Backing Up Before Upgrading".

• Immediately after upgrading from an earlier Oracle Access Manager release component to a later release. For more information, see "Backing Up After Upgrading".

Backing Up Before Oracle Access Manager Installation

To assist with recovery strategies, Oracle recommends that you back up critical information immediately before installing and setting up Oracle Access Manager.

To back up critical information before installing Oracle Access Manager

1. Existing Web Server Configuration: Back up the existing Web server configuration file before installing Oracle Access Manager Web components. Use instructions from your Web server vendor.

2. Back up any LDAP directory server instances before you start installing Oracle Access Manager. Use instructions from your directory server vendor to accomplish this task.

3. Windows: Back up existing Windows Registry data.

Backing Up After Oracle Access Manager Installation

To assist with recovery strategies after installing Oracle Access Manager, Oracle recommends that you back up critical information immediately after installing and setting up Oracle Access Manager and verifying that it is operating properly.

To back up critical information after installing a new component

1. Back up the newly installed Oracle Access Manager component directory in the filesystem and store the back up copy in a new location.

2. Updated Web Server Configuration: Back up the updated Web server configuration file for Oracle Access Manager Web components using instructions from your Web server vendor.

3. Windows: Back up the Windows Registry for each component.

4. Copy configuration and policy data in the oblix tree (or use Oracle Access Manager Configuration Manager to create a snapshot of the oblix tree).

Backing Up After Customizing Oracle Access Manager

Oracle recommends that you back up customization information (plug-ins, stylesheets, and the like) immediately after verifying that it is operating properly.

To back up customizations

1. Create a backup your customization filesystem directory and store it in a different location.

2. Copy all customization files and sub directories, as follows:

   From: customizations_dir

   To: backup_customizations_dir

Backing Up Before Upgrading

Oracle recommends that you perform certain back up activities before upgrading from an earlier Oracle Access Manager release component to a later release. This enables you to restore an earlier environment in the unlikely event that you want to do this following an upgrade. Table 9-1 provides more information; full details are provided in the Oracle Access Manager Upgrade Guide.

Table 9-1 Backup Strategies Before Upgrading

Back Up the Following	As Described in The Following Sections of the Oracle Access Manager Upgrade Guide
Oracle Access Manager Schema	Backing up the Earlier Oracle Access Manager Schema
Oracle Access Manager Configuration and Policy Data	Backing up Oracle Access Manager Configuration and Policy Data
Oracle Access Manager User and Group Data	Backing Up User and Group Data
Oracle Access Manager Workflow Data	Backing Up Workflow Data
Processed Workflows	Archiving Processed Workflow Instances
Existing Directory Instances	Backing Up Existing Directory Instances
Earlier Installed Component Directory (and any Customization Directories)	Backing Up the Existing Installed Directory
Web Server Configuration Files	Backing Up the Existing Web Server Configuration File
Windows Registry	Backing Up Windows Registry Data

Backing Up After Upgrading

After you have completed and verified each component upgrade, Oracle recommends that you back up the upgraded information as outlined in Table 9-2. This enables you to restore an upgraded environment to the newly upgraded status should this be needed. For specific details, see the Oracle Access Manager Upgrade Guide.

Table 9-2 Backup Strategies After Upgrading

Back Up the Following	As Described in the Oracle Access Manager Upgrade Guide
Existing Directory Instances	Backing Up Existing Directory Instances
Earlier Installed Component Filesystem Directory (and any Customization Directories)	Backing Up the Existing Installed Directory
Web Server Configuration Files	Backing Up the Existing Web Server Configuration File
Windows Registry	Backing Up Windows Registry Data

Recovery Strategies

The following topics provide information about recovery strategies to use in various situations:

• Recovery Strategies After Installation

• Recovery Strategies During Upgrades

Recovery Strategies After Installation

If you encounter a problem during installation and want to roll back to your original installation before trying again, you can perform the following tasks.

To recovery critical information after installing Oracle Access Manager

1. Uninstall Oracle Access Manager as described in the Oracle Access Manager Installation Guide.

2. Web Server Configuration: Restore your original Web server configuration file using instructions from your Web server vendor.

3. Restore the original LDAP directory server instances that were backed up before you started installing Oracle Access Manager. Use instructions from your directory vendor to accomplish this task.

4. Windows: Restore the original Windows Registry.

Recovery Strategies During Upgrades

Should something unlikely occur and you find that an upgrade process did not complete successfully, you may use the strategies in Table 9-3 to recover. For specific details, see the Oracle Access Manager Upgrade Guide

Table 9-3 Upgrade Recovery Strategies

Task	What to do If the Task Fails
Backing Up Existing Oracle Access Manager Data	Retry this task using instructions in Chapter 5, "Preparing for Schema and Data Upgrades" in the Oracle Access Manager Upgrade Guide.
Backing Up Existing Directory Instances	See your directory vendor documentation.
Adding An Earlier Identity System to Use as a Master (against Read/Write master directory instances, not against read-only replicas) Note: You use this additional earlier setup as a master when upgrading the schema and data to ensure that your existing installation is not affected should any issues arise.	Retry this task using instructions in Chapter 5, "Preparing for Schema and Data Upgrades" in the Oracle Access Manager Upgrade Guide.
Adding an Earlier Access Manager to Use as a Master (against Read/Write master directory instances, not against read-only replicas) Note: You use this additional earlier setup as a master when upgrading the schema and data to ensure that your existing installation is not affected should any issues arise.	Retry this task using instructions in Chapter 5, "Preparing for Schema and Data Upgrades" in the Oracle Access Manager Upgrade Guide.
Upgrading Identity System Schema and Data	Restore the directory instance you backed up before starting this upgrade (see "Backing Up Existing Directory Instances" in the Oracle Access Manager Upgrade Guide.). Locate your backup copy of the earlier master Identity Server installation directory (made before the upgrade) and make another backup copy. You retain one to use as a backup and use the other when you retry the upgrade. See "Backing Up Directories, Web Server Configurations, and Registry Details" in the Oracle Access Manager Upgrade Guide. Retry the upgrade of the master Identity Server using instructions in Chapter 6, "Upgrading Identity System Schema and Data" in theOracle Access Manager Upgrade Guide.
Enabling Multi-Language Capability when upgrading the master Identity Server from a starting release of 6.1.1. Note: This process does not occur when your starting release is 6.5 or 7.x because those releases automatically supported multi-language capability.	Restore the directory instance you backed up before starting this upgrade (see "Backing Up Existing Directory Instances" in the Oracle Access Manager Upgrade Guide.). Locate your backup copy of the earlier master Identity Server installation directory (made before the upgrade) and make another backup copy. You retain one to use as a backup and use the other when you retry the upgrade. See "Backing Up Directories, Web Server Configurations, and Registry Details" in the Oracle Access Manager Upgrade Guide. Retry the upgrade of the master Identity Server using instructions in Chapter 6, "Upgrading Identity System Schema and Data" in theOracle Access Manager Upgrade Guide.
Upgrading Access System Schema and Data	Restore the directory instance you backed up before starting this upgrade (see "Backing Up Existing Directory Instances"). Locate your backup copy of the earlier master Access Manager installation directory (made before the upgrade) and make another backup copy. You retain one to use as a backup and use the other when you retry the upgrade. See "Backing Up Directories, Web Server Configurations, and Registry Details" in the Oracle Access Manager Upgrade Guide. Retry the upgrade of the master Access Manager using instructions in Chapter 7, "Upgrading Access System Schema and Data" in theOracle Access Manager Upgrade Guide.
Uploading Directory Server Index Files	Retry this task using instructions in a "Uploading Directory Server Index Files" in the Oracle Access Manager Upgrade Guide.
Upgrading Components: Upgrading an earlier version of any Oracle Access Manager component (Identity Server, WebPass, Policy Manager (formerly known as the Access Manager component)), Access Server, or WebGate). Note: Schema and data upgrades occur only when upgrading master components added for this purpose.	Locate your backup copy of the earlier component installation directory (made before the upgrade) and make another backup copy. You retain one to use as a backup and use the other when you retry the upgrade. See "Backing Up Directories, Web Server Configurations, and Registry Details" in the Oracle Access Manager Upgrade Guide. Retry this step and specify the earlier component installation directory when asked for the installation directory. See Part III, "Upgrading Components" in the Oracle Access Manager Upgrade Guide.
Upgrading Your Identity System Customizations	Retry this task using instructions in Chapter 12, "Upgrading Your Identity System Customizations" in the Oracle Access Manager Upgrade Guide.
Upgrading Your Access System Customizations	Retry this task using instructions in Chapter 13, "Upgrading Your Access System Customizations" in the Oracle Access Manager Upgrade Guide.

Additional information on recovering from an upgrade failure can be found throughout the Oracle Access Manager Upgrade Guide.