Oracle® Access Manager Deployment Guide 10g (10.1.4.3) Part Number E12490-01 |
|
|
View PDF |
Oracle recommends that you periodically backup Oracle Access Manager files and data from time to time so that you can recover from any unforeseen event and restore your Oracle Access Manager system. Topics in this chapter include:
This section introduced concepts and strategies for back up and recovery.
The term recovery describes a process where you can perform certain steps to undo an event, or change, and return to earlier data or an earlier status. Recovery might be as simple as modifying an entry in the System Console. However when the System Console is not involved, recovery strategies can be successful only when you have performed appropriate backup tasks.
In any deployment, it is important to make a back up copy from time to time. However, it is your own company policies that determine the backup schedule for information within an Oracle Access Manager deployment. Depending on your deployment scenario (development, staging, or production, for example) and the business requirements for sustainability, you may be required to make monthly, weekly, or even daily backups of component filesystem directories or configuration and policy data.
Backing up Oracle Access Manager-related data helps you prepare for any unintended situation that may arise. For example, you can:
Restore an LDAP directory snapshot if Oracle Access Manager data becomes inconsistent or is corrupted as a result of changes that are external to Oracle Access Manager.
For information about using Oracle Access Manager Configuration Manager to create snapshots of the oblix
tree of the LDAP environment, see the Oracle Access Manager Configuration Manager Installation and Administration Guide. Using LDAP tools to export data from and import it to an LDAP directory or database are outside the scope of this manual.
Roll back to undo everything that you have done and return to the starting point (or to the last back up copy). For example, when you are upgrading to a later release, you can roll back all changes and return to your earlier Oracle Access Manager release.
Oracle recommends that you create a back up copy of product directories, files, and configuration data before and after upgrading to a later Oracle Access Manager release. For more information, see the Oracle Access Manager Upgrade Guide.
Revert (roll back) the changes made during data migration using Oracle Access Manager Configuration Manager. For more information about migrating data between Oracle Access Manager deployments, and data migration transactions, see the Oracle Access Manager Configuration Manager Installation and Administration Guide.
For specific backup recommendations, see the next topic. For additional information, see "Back Up Strategies for Deployment Events".
When you consider that Oracle Access Manager is a distributed solution, there are multiple backup requirements. For instance:
Every Oracle Access Manager component installation directory on each computer host should be backed up at a file level (Identity Server, WebPass Policy Manager, Access Server, WebGate)
Any custom plug-ins should be backed up at a file level
Critical configuration details stored in an LDAP directory or database should be backed up using vendor tools. Alternatively, you can use Oracle Access Manager Configuration Manager to create a snapshot of the oblix
tree of the LDAP directory as described in the Oracle Access Manager Configuration Manager Installation and Administration Guide.
Figure 9-1 illustrates a simple Oracle Access Manager deployment and the data that Oracle recommends you back up. If you have only the Identity System installed, you can ignore details for the Policy Manager, Access Server, and WebGate.
Figure 9-1 Oracle Access Manager Deployment Back Up Strategy
As illustrated in Figure 9-1, each Oracle Access Manager component installation directory in the filesystem includes the following types of information:
In addition to backing up every Oracle Access Manager component installation directory in the filesystem, Oracle recommends that you backup:
Customizations: Independent filesystem directories that contain customized Oracle Access Manager plug-ins and stylesheets
Updated Web Server Configurations: Web server configuration files that were updated to operate with Oracle Access Manager Web components
Windows Systems: The Windows Registry on each Windows system that is hosting an Oracle Access Manager component
Figure 9-2 further illustrates the Oracle Access Manager deployment data that should be backed up, which includes the directory server instance.
Figure 9-2 Oracle Access Manager Data to Back Up
The directory server (or database) instance for an Oracle Access Manager deployment should be backed up. The information that is stored in the oblix
tree of the directory server (or database) includes the Oracle Access Manager:
Schema (directory objects and attributes specific to Oracle Access Manager)
You can archive processed workflow instances and filter out transient data such as workflow tickets.
Again, you can either use directory or database vendor tools to extract policy and configuration data in the oblix
tree or use Oracle Access Manager Configuration Manager to create a snapshot of the oblix
tree.
As part of the deployment planning process, Oracle recommends that your and your team review the following information to plan an appropriate backup strategy for specific deployment tasks.
Oracle recommends that you make a full and complete backup of specific directories and data in the following situations:
Immediately before installing Oracle Access Manager in a production environment. For more information, see "Backing Up Before Oracle Access Manager Installation".
Immediately after installing and setting up Oracle Access Manager in a production environment. For more information, see "Backing Up After Oracle Access Manager Installation".
Immediately before, and after, applying policy changes to Oracle Access Manager deployments. For information about using Oracle Access Manager Configuration Manager to create snapshots of the oblix
tree of the LDAP environment, see the Oracle Access Manager Configuration Manager Installation and Administration Guide.
Immediately after customizing Oracle Access Manager, as described in "Backing Up After Customizing Oracle Access Manager".
Immediately before upgrading from an earlier Oracle Access Manager release component to a later release. For more information, see "Backing Up Before Upgrading".
Immediately after upgrading from an earlier Oracle Access Manager release component to a later release. For more information, see "Backing Up After Upgrading".
To assist with recovery strategies, Oracle recommends that you back up critical information immediately before installing and setting up Oracle Access Manager.
To back up critical information before installing Oracle Access Manager
Existing Web Server Configuration: Back up the existing Web server configuration file before installing Oracle Access Manager Web components. Use instructions from your Web server vendor.
Back up any LDAP directory server instances before you start installing Oracle Access Manager. Use instructions from your directory server vendor to accomplish this task.
Windows: Back up existing Windows Registry data.
To assist with recovery strategies after installing Oracle Access Manager, Oracle recommends that you back up critical information immediately after installing and setting up Oracle Access Manager and verifying that it is operating properly.
To back up critical information after installing a new component
Back up the newly installed Oracle Access Manager component directory in the filesystem and store the back up copy in a new location.
Updated Web Server Configuration: Back up the updated Web server configuration file for Oracle Access Manager Web components using instructions from your Web server vendor.
Windows: Back up the Windows Registry for each component.
Copy configuration and policy data in the oblix
tree (or use Oracle Access Manager Configuration Manager to create a snapshot of the oblix
tree).
Oracle recommends that you back up customization information (plug-ins, stylesheets, and the like) immediately after verifying that it is operating properly.
Oracle recommends that you perform certain back up activities before upgrading from an earlier Oracle Access Manager release component to a later release. This enables you to restore an earlier environment in the unlikely event that you want to do this following an upgrade. Table 9-1 provides more information; full details are provided in the Oracle Access Manager Upgrade Guide.
Table 9-1 Backup Strategies Before Upgrading
Back Up the Following | As Described in The Following Sections of the Oracle Access Manager Upgrade Guide |
---|---|
Oracle Access Manager Schema |
Backing up the Earlier Oracle Access Manager Schema |
Oracle Access Manager Configuration and Policy Data |
Backing up Oracle Access Manager Configuration and Policy Data |
Oracle Access Manager User and Group Data |
Backing Up User and Group Data |
Oracle Access Manager Workflow Data |
Backing Up Workflow Data |
Processed Workflows |
Archiving Processed Workflow Instances |
Existing Directory Instances |
Backing Up Existing Directory Instances |
Earlier Installed Component Directory (and any Customization Directories) |
Backing Up the Existing Installed Directory |
Web Server Configuration Files |
Backing Up the Existing Web Server Configuration File |
Windows Registry |
Backing Up Windows Registry Data |
After you have completed and verified each component upgrade, Oracle recommends that you back up the upgraded information as outlined in Table 9-2. This enables you to restore an upgraded environment to the newly upgraded status should this be needed. For specific details, see the Oracle Access Manager Upgrade Guide.
Table 9-2 Backup Strategies After Upgrading
Back Up the Following | As Described in the Oracle Access Manager Upgrade Guide |
---|---|
Existing Directory Instances |
Backing Up Existing Directory Instances |
Earlier Installed Component Filesystem Directory (and any Customization Directories) |
Backing Up the Existing Installed Directory |
Web Server Configuration Files |
Backing Up the Existing Web Server Configuration File |
Windows Registry |
Backing Up Windows Registry Data |
The following topics provide information about recovery strategies to use in various situations:
If you encounter a problem during installation and want to roll back to your original installation before trying again, you can perform the following tasks.
To recovery critical information after installing Oracle Access Manager
Uninstall Oracle Access Manager as described in the Oracle Access Manager Installation Guide.
Web Server Configuration: Restore your original Web server configuration file using instructions from your Web server vendor.
Restore the original LDAP directory server instances that were backed up before you started installing Oracle Access Manager. Use instructions from your directory vendor to accomplish this task.
Windows: Restore the original Windows Registry.
Should something unlikely occur and you find that an upgrade process did not complete successfully, you may use the strategies in Table 9-3 to recover. For specific details, see the Oracle Access Manager Upgrade Guide
Table 9-3 Upgrade Recovery Strategies
Task | What to do If the Task Fails |
---|---|
Backing Up Existing Oracle Access Manager Data |
Retry this task using instructions in Chapter 5, "Preparing for Schema and Data Upgrades" in the Oracle Access Manager Upgrade Guide. |
Backing Up Existing Directory Instances |
See your directory vendor documentation. |
Adding An Earlier Identity System to Use as a Master (against Read/Write master directory instances, not against read-only replicas) Note: You use this additional earlier setup as a master when upgrading the schema and data to ensure that your existing installation is not affected should any issues arise. |
Retry this task using instructions in Chapter 5, "Preparing for Schema and Data Upgrades" in the Oracle Access Manager Upgrade Guide. |
Adding an Earlier Access Manager to Use as a Master (against Read/Write master directory instances, not against read-only replicas) Note: You use this additional earlier setup as a master when upgrading the schema and data to ensure that your existing installation is not affected should any issues arise. |
Retry this task using instructions in Chapter 5, "Preparing for Schema and Data Upgrades" in the Oracle Access Manager Upgrade Guide. |
Upgrading Identity System Schema and Data |
Restore the directory instance you backed up before starting this upgrade (see "Backing Up Existing Directory Instances" in the Oracle Access Manager Upgrade Guide.). Locate your backup copy of the earlier master Identity Server installation directory (made before the upgrade) and make another backup copy. You retain one to use as a backup and use the other when you retry the upgrade. See "Backing Up Directories, Web Server Configurations, and Registry Details" in the Oracle Access Manager Upgrade Guide. Retry the upgrade of the master Identity Server using instructions in Chapter 6, "Upgrading Identity System Schema and Data" in theOracle Access Manager Upgrade Guide. |
Enabling Multi-Language Capability when upgrading the master Identity Server from a starting release of 6.1.1. Note: This process does not occur when your starting release is 6.5 or 7.x because those releases automatically supported multi-language capability. |
Restore the directory instance you backed up before starting this upgrade (see "Backing Up Existing Directory Instances" in the Oracle Access Manager Upgrade Guide.). Locate your backup copy of the earlier master Identity Server installation directory (made before the upgrade) and make another backup copy. You retain one to use as a backup and use the other when you retry the upgrade. See "Backing Up Directories, Web Server Configurations, and Registry Details" in the Oracle Access Manager Upgrade Guide. Retry the upgrade of the master Identity Server using instructions in Chapter 6, "Upgrading Identity System Schema and Data" in theOracle Access Manager Upgrade Guide. |
Upgrading Access System Schema and Data |
Restore the directory instance you backed up before starting this upgrade (see "Backing Up Existing Directory Instances"). Locate your backup copy of the earlier master Access Manager installation directory (made before the upgrade) and make another backup copy. You retain one to use as a backup and use the other when you retry the upgrade. See "Backing Up Directories, Web Server Configurations, and Registry Details" in the Oracle Access Manager Upgrade Guide. Retry the upgrade of the master Access Manager using instructions in Chapter 7, "Upgrading Access System Schema and Data" in theOracle Access Manager Upgrade Guide. |
Uploading Directory Server Index Files |
Retry this task using instructions in a "Uploading Directory Server Index Files" in the Oracle Access Manager Upgrade Guide. |
Upgrading Components: Upgrading an earlier version of any Oracle Access Manager component (Identity Server, WebPass, Policy Manager (formerly known as the Access Manager component)), Access Server, or WebGate). Note: Schema and data upgrades occur only when upgrading master components added for this purpose. |
Locate your backup copy of the earlier component installation directory (made before the upgrade) and make another backup copy. You retain one to use as a backup and use the other when you retry the upgrade. See "Backing Up Directories, Web Server Configurations, and Registry Details" in the Oracle Access Manager Upgrade Guide. Retry this step and specify the earlier component installation directory when asked for the installation directory. See Part III, "Upgrading Components" in the Oracle Access Manager Upgrade Guide. |
Upgrading Your Identity System Customizations |
Retry this task using instructions in Chapter 12, "Upgrading Your Identity System Customizations" in the Oracle Access Manager Upgrade Guide. |
Upgrading Your Access System Customizations |
Retry this task using instructions in Chapter 13, "Upgrading Your Access System Customizations" in the Oracle Access Manager Upgrade Guide. |
Additional information on recovering from an upgrade failure can be found throughout the Oracle Access Manager Upgrade Guide.