24.2 Backing Up the Access Manager Configuration

  1. On the primary Administration Console, change to the utility directory.

    Linux: /opt/novell/devman/bin

    Windows Server 2012: \Program Files (x86)\Novell\bin

  2. Run the following command:

    Linux: ./ambkup.sh

    Windows: ambkup.bat

  3. Specify and confirm the Access Manager administration password.

  4. Specify a path to save the backup files.

  5. (Windows) Specify the name for the ZIP file.

  6. Specify a password for encrypting and decrypting private keys, then re-specify it for verification.

    You must use the same password for both backup and restore.

  7. Press Enter.

NOTE:After running the backup script, check the logs to verify that no errors occurred while running the backup script. The log file location is displayed at the end of the script execution.

The backup script creates a ZIP file containing several files including the certificate information. This file contains the following:

  • The configurations store’s CA key.

  • The certificates contained in the configuration store.

  • The trusted roots in the trustedRoots container of the accessManagerContainer object.

  • An encrypted LDIF file, containing everything found in the OU=accessManagerContainer,O=novell container.

  • A server.xml file containing the Tomcat configuration information for the Administration Console.

  • A “delegatedusers_list” file containing the details of delegated users.

  • A “policyviewusers_list” file containing the details of delegated users.

  • A “backup_info” file that contains the basic details of the system on which the backup is being taken.

The trusted roots are backed up in both LDIF and ZIP files. They are added to the ZIP file so that the ZIP file has the complete certificate-related configuration.

IMPORTANT:The backup utility prompts you for a location to store the backup file. Select a location from where the backup file will not be deleted when you uninstall the product. The default location for Linux is /root/nambkup and for Windows it is C:/nambkup.

Name of the backup zip file stores some information. Do not change the name.

NOTE:Whenever the configuration store contains a Key Material Object (KMO) with a certificate signing request in pending state, the KMO will not be exported by using the amdiagcfg script and not be backed up by using the ambkup script.

NOTE:For security purposes, delegated users, policy view users, and users in the trusted and configuration stores are not backed up. You need to recreate them while restoring the configuration. You can find the common name and full name of these users during the restore process or in the files in the zip file.