Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
tutorial:adm:backups [2020/03/20 09:19] fiserp [Repository backups] |
tutorial:adm:backups [2020/03/20 10:13] (current) fiserp [Restoring IdM application] |
||
---|---|---|---|
Line 138: | Line 138: | ||
In some cases, CzechIdM is not deployed with frontend and backend bundled together in the '' | In some cases, CzechIdM is not deployed with frontend and backend bundled together in the '' | ||
+ | |||
+ | ===== Restoring IdM application ===== | ||
+ | < | ||
+ | This is a basic DR howto for restoring the identity manager in case you lose it. It does not deal with other disaster scenarios. | ||
+ | |||
+ | If you backup your environment in some other way, virtual machine snapshots for example, use your DR procedures. | ||
+ | </ | ||
+ | |||
+ | When the application is lost - due to HW or virtualization failure, human error or due to security compromise, you can restore it using backups and documentation. In this case, we show how to restore everything on the clean operating system installation. | ||
+ | - Install the operating system. | ||
+ | - Configure the OS according to your internal standards. | ||
+ | - Configure the OS according to [[https:// | ||
+ | - Deploy and configure the CzechIdM according to [[https:// | ||
+ | - When creating a database user and CzechIdM database in the PostgreSQL, use credentials you already used before the failure. Restore the database from backup, for example '' | ||
+ | - **Do not** create brand new configuration in ''/ | ||
+ | - **Do not** download new '' | ||
+ | - Disable all new outgoing connections from the IdM machine **except for communication between your station and IdM server**. | ||
+ | - This way, the IdM will not start to communicate with end systems until you check its data is consistent. | ||
+ | - But you will still be able to access the web UI. | ||
+ | - Start the Tomcat container and wait for the identity manager to deploy. | ||
+ | - Log into the application as an administrator (use locally-authenticated account - any account that was granted '' | ||
+ | - Disable LRTs, kill all those that are running. | ||
+ | - Check data in the application: | ||
+ | - Allow outgoing connections from the IdM machine. | ||
+ | - Test connections to all end systems, reprovision some users to end systems. Check event and provisioning queues for any errors and resolve them if needed. | ||
+ | - Test your general use-cases / UAT tests to make sure the application works as intended. | ||
+ | - Schedule LRTs. |