Applications that use NICI to perform cryptography might have dependencies on data that NICI manages. If so, it might be necessary to back up the NICI configurations files in order to recover the encrypted data, or just to preserve the state of the files as part of an incremental backup. This section assumes that you have other means to perform disaster recovery or rebuild a system and just need to know which files must be backed up and restored in order to preserve critical NICI data that is not recoverable by simply reinstalling NICI. You should consult the individual application documentation to determine if NICI data is critical to the application. If it is, the NICI files should be backed up at the time the application data is backed up.
In NICI 3.0, the /var/opt/novell/nici directory contains all the system and user directories and files.
Most NICI configuration files are located in the var/opt/novell/nici directory. A few NICI configuration files are located in the /etc/opt/novell directory. The configuration files are associated with each user account on the operating system. In order to back up a user’s configuration files, you must preserve the contents of the novell configuration directory located in the following tables and the user-specific subdirectory within it (alternatively, back up everything within the directory). You might find some executables in the directory. They do not need to be backed up.
Some of the critical NICI configuration files listed in Table 3-4 are unique to a specific user. Most configuration files are contained within the /var/opt/novell/nici directory, which contains common files. Files unique to specific users are contained within subdirectories of this directory. For simplicity, you can back up the entire directory structure or back up the common files and specific user files, whichever is most convenient. Be sure that you can restore the access rights on the directories and files later. When you restore the files you can make decisions about exactly which files must be recovered. Be sure to note which version of NICI is installed at the time, because the configuration files may not be compatible with earlier versions.
You must back up the directories and files listed in Table 6-1. Remember to preserve the rights on all the directories and files.
Table 6-1 Directories and Files for Backup
|
Directory/File Name |
File Type and Special Instructions |
|---|---|
|
/etc/opt/novell/nici.cfg (32-bit) /etc/opt/novell/nici64.cfg (64-bit) |
Configuration file. |
|
/opt/novell/lib/libccs2.so.* or /opt/novell/lib64/libccs2.so* |
NICI library. The version of the library completes the name. |
|
/var/opt/novell/nici |
Contains all the system keys, user directories, and files, and the programs used to initialize NICI. |
On servers where you installed eDirectory, you can backup the NICI keys using the DSBK utility as instructed in Backing Up NICI in the NetIQ eDirectory Administration Guide.
NOTE:Depending on your operating system and the version of NICI installed, there might be additional files, particularly executable files, within the directories. Those additional files, which are created during NICI installation, do not need to be backed up. See Table 3-4 for a list of the configuration files.
Configuration information is kept in the Windows registry. The registry key is different for 32-bit and 64-bit:
64-bit registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Novell\nici_x64
32-bit registry key:
On 32-bit OS: HKEY_LOCAL_MACHINE\SOFTWARE\Novell\NICI
On 64-bit OS: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Novell\NICI
Backup all registry information under the appropriate register key(s) for your installation. If you have both 32-bit and 64-bit NICI installed you will need to backup both registry keys.
Backup the directory, including subdirectories, identified by
[Your registry key]\ConfigDirectory
Both 32-bit and 64-bit NICI share the same config directory, so if both are installed, this value will be the same for both and you will only need to backup one directory.
On servers where you installed eDirectory, you can backup the NICI keys using the DSBK utility as instructed in Backing Up NICI in the NetIQ eDirectory Administration Guide.
If commercial software is used to do the backup, make sure the backup program itself runs as a system process. This ensures that the program can access all the directories and subdirectories.
NOTE:
Novell recommends to backup NICI using dsbk with the -e option to ensure that NICI is not in use while performing the backup.
If dsbk is not used, at least eDirectory should be shutdown before performing the backup.