22.4 Using NetIQ iManager for Backup and Restore

The Backup, Backup Configuration, and Restore tasks in NetIQ iManager give you access to most of the features of the eDirectory Backup Tool, and iManager lets you perform tasks on your servers in a browser even if you are outside the firewall. For more information about NetIQ iManager, see the NetIQ iManager 2.7 Administration Guide.

The tasks that are not available in iManager are cold backup (a full backup with the database closed), unattended backup, and advanced restore options. These tasks must be done using DSBK, as described in Section 17.5, Using DSBK.

Before performing backup and restore tasks, review Section 17.1, Checklist for Backing Up eDirectory for an overview of the issues involved in planning an effective eDirectory backup strategy.

In this section:

22.4.1 Backing Up Manually with iManager

Use Backup in iManager in a browser to back up data from an eDirectory database to one or more files on the server where the backup is being performed. You can do a full or incremental backup.

The backup files contain information necessary to restore eDirectory to the state it was in at the time of the backup. The results of the backup process are written to the log file you specify.

Backups performed using iManager are hot continuous backups, meaning that the eDirectory database is open and accessible during the process, and you still get a complete backup that is a snapshot of the moment when the backup began.

Keep in mind that to do a cold backup (a backup with the database closed) or an unattended backup you must use DSBK. See Backing Up Manually with DSBK.

Before performing backup and restore tasks, review Section 17.1, Checklist for Backing Up eDirectory for an overview of the issues involved in planning an effective eDirectory backup strategy.

Prerequisites

  • Decide which additional files you want to back up along with eDirectory and create an include file if necessary.

    You can back up NICI files and stream files by checking the check boxes for those options in iManager. We recommend that you always back up NICI files.

    If you want to include other files, such as the autoexec.ncf file, you must put the paths and filenames in an include file. Separate the paths and filenames with a semicolon and don't include hard returns or spaces. For example, sys:\system\autoexec.ncf;sys:\etc\hosts;.

  • Plan to do a file system backup shortly after doing the eDirectory backup, if you need to place the eDirectory backup files safely on tape. The Backup Tool only places them on the server.

    HINT:To make it easier to move the backup files to another storage device, you can specify the maximum size of eDirectory backup files. You can also use a third-party file compression tool on the files after they are created. They compress approximately 80%.

  • If you are planning to use roll-forward logs for this server, make sure they are turned on before a backup is made.

    You must turn on roll-forward logging for servers that participate in a replica ring. If you don't, when you try to restore from your backup files you will get errors and the database will not open.

    For more information on roll-forward logs, see Section 17.3, Using Roll-Forward Logs. For how to turn them on, see Configuring Roll-Forward Logs with iManager.

  • For multiple-server trees, you should upgrade all the servers that share replicas with this server to eDirectory 8.5 or later.

Procedure

To back up the eDirectory database on a server, using iManager:

HINT:A description of the options available in iManager is provided in the online help.

  1. Click the Roles and Tasks button Roles and Tasks button.

  2. Click eDirectory Maintenance > Backup.

  3. Specify the server that will perform the backup, then click Next.

  4. Specify a user name, password, and context for the server where you want to perform the backup, then click Next.

  5. Specify backup file options, then click Next.

    To back up only the changes made to the database since the last backup was performed, click Do an Incremental Backup.

    The following is an example of the screen.

    First iManager Backup screen
  6. Specify additional files to back up.

    If no additional files are specified, only the eDirectory database is backed up.

    We recommend that you always back up NICI security files.

    The following is an example of the screen.

    Second iManager Backup screen
  7. Follow the online instructions to complete the backup.

  8. Make sure you do a file system backup shortly after the eDirectory backup is created, to put the eDirectory backup files safely on tape. The Backup Tool only places them on the server.

22.4.2 Configuring Roll-Forward Logs with iManager

Use Backup Configuration in a browser to change the settings for roll-forward logs. You can do the following tasks:

  • Turn roll-forward logging on or off

    You must turn on roll-forward logging for servers that participate in a replica ring. If you don't, when you try to restore from your backup files you will get errors and the database will not open.

  • Change the roll-forward logs directory.

  • Set the minimum and maximum roll-forward log size.

  • Determine the current and last unused roll-forward log.

  • Turn stream file logging on or off for the roll-forward logs.

For more information about roll-forward logs, see Section 17.3, Using Roll-Forward Logs.

HINT:A description of the options available in iManager is provided in the online help.

  1. Click the Roles and Tasks button Roles and Tasks button.

  2. Click eDirectory Maintenance > Backup Configuration.

  3. Specify the server that will change configuration, then click Next.

  4. Specify a user name, password, and context for the server where you want to change configuration, then click Next.

  5. Make the changes you want to the server's backup configuration.

    WARNING:If you turn on roll-forward logging, don't use the default location. For fault tolerance, put the directory on a different disk partition/volume and storage device than eDirectory. The roll-forward logs directory must be on the server where the backup configuration is being changed.

    IMPORTANT:If you turn on roll-forward logging, you must monitor disk space on the volume where you place the roll-forward logs. If left unchecked, the log file directory will grow until it fills up the disk partition/volume. If roll-forward logs cannot be created because no more disk space is available, eDirectory stops responding on that server. We recommend you periodically back up and remove unused roll-forward logs from your server. See Backing Up and Removing Roll-Forward Logs.

    The following is an example of the screen.

    iManager Backup Configuration screen
  6. Follow the online instructions to complete the operation.

22.4.3 Restoring from Backup Files with iManager

Use Restore in a browser to restore an eDirectory database from data stored in backup files. The results of the restore process are written to the log file you specify.

For a description of the restore process, see Overview of How the Backup Tool Does a Restore.

Keep in mind that for advanced restore options you must use DSBK, as described in Section 17.5, Using DSBK.

Prerequisites

  • Gather all the backup files you need for a restore and place them in a directory on the server you are restoring to.

    See Section 17.4, Preparing for a Restore and Locating the Right Backup Files for a Restore.

  • Make sure eDirectory is already installed on the server you are restoring to and is up and running.

    For example, if the restore is necessary because of a failed storage device, you need to do a new installation of eDirectory on the new storage device. If you are restoring a failed server onto a brand new machine, or simply moving a server from one machine to another, you need to install both the operating system and eDirectory on the new machine.

  • Review the description of the restore process in Overview of How the Backup Tool Does a Restore.

Procedure

HINT:A description of the options available in iManager is provided in the online help.

To restore the eDirectory database on a server, using iManager:

  1. Make sure you have gathered the backup files you need, as described in Section 17.4, Preparing for a Restore.

  2. Click the Roles and Tasks button Roles and Tasks button.

  3. Click eDirectory Maintenance > Restore.

  4. Specify the server that will perform the restore, then click Next.

  5. Specify a user name, password, and context for the server where you want to perform the restore, then click Next.

  6. Specify the name of the backup and log files you want to use, then click Next.

    The following is an example of the screen.

    First iManager Restore screen
  7. Specify additional restore options, then click Next.

    In most cases you should at least check the check boxes for:

    • Restore database

    • Activate the restored database after verification

    • Open the database after completion of restore

    • Restore security files (meaning NICI files)

    We recommend that you always back up NICI files so you can read encrypted information after the restore.

    If you are restoring roll-forward logs, make sure you include the full path to the logs, including the directory that is automatically created by eDirectory, usually named \nds.rfl. For more information about this directory, see Location of the Roll-Forward Logs.

    The following is an example of the screen.

    Second iManager Restore screen
  8. Follow the online instructions to complete the restore.

    If the restore verification fails, see Section 17.7, Recovering the Database If Restore Verification Fails.

    NOTE:If the server you are restoring shares a replica with a server running an earlier version than eDirectory 8.5, the restore log will show a -666 error (incompatible DS version) for that replica.

  9. If you restored NICI security files, after completing the restore, restart the server to reinitialize NICI.

  10. Make sure the server is responding as usual.

  11. (Conditional) If you are using roll-forward logging on this server, you must re-create your configuration for roll-forward logging to make sure it is turned on and the logs are being saved in a fault-tolerant location. After turning on the roll-forward logs, you must also do a new full backup.

    This step is necessary because during a restore, the configuration for roll-forward logging is set back to the default, which means that roll-forward logging is turned off and the location is set back to the default. The new full backup is necessary so that you are prepared for any failures that might occur before the next unattended full backup is scheduled to take place.

    For more information about roll-forward logs and their location, see Section 17.3, Using Roll-Forward Logs.

Your restore should now be complete, and NICI reinitialized with the restored NICI files so you can access encrypted information. If you use roll-forward logging, you have prepared for any failures in the future by turning on roll-forward logging again after the restore and creating a new full backup as a baseline.