Linux: All of the scripts call the getparams.sh script to request the parameters from the user. The defbkparm.sh script is created by the Access Manager installation. It contains the default parameters for several of options required by the underlying backup and restore utilities. If the entries in this file are commented out, the user is prompted for the additional parameters.
Windows: The default parameters are specified in the defbkparm.properties file. It contains the default parameters for several of options required by the underlying backup and restore utilities. If the entries in this file are commented out, the user is prompted for the additional parameters.
The backup script must be run on the primary Administration Console. It creates a ZIP file that contains all the certificates that the various devices are using and an encrypted LDIF file that contains the configuration parameters for all imported devices. This means that you do not need to back up the configuration of individual devices. By backing up the primary Administration Console, you back up the configuration of all Access Manager devices.
The backup script backs up the objects in the ou=accessManagerContainer.o=novell container. It does not back up the following:
Admin user account and password
Delegated administrator accounts, their passwords, or rights
Role Based Services (RBS) configuration
Modified configuration files on the devices such as the web.xml file
Local files installed on devices such as touch files or log files
Custom login pages, custom error pages, or custom messages
You need to perform you own backup of custom or modified configuration files.
For information on how to perform a configuration backup, see Section 2.2, Backing Up the Access Manager Configuration.
The only time you need to restore a backup is when the Administration Console fails. If another device fails, you simply replace the hardware, reinstall the device, using the same IP address as the failed device, and the device imports into the Administration Console and acquires the configuration of the failed device. For the details of this process, see Section 2.4, Restoring an Identity Server and Section 2.5, Restoring an Access Gateway.
If the Administration Console fails, you need to restore the files you backed up. In this case, you replace the hardware and reinstall the Administration Console using the same DNS name and IP address as the failed console. You then use the restore utility to restore the certificates and the device configuration. The Administration Console notifies all the devices that it is online, and they resume communicating with it rather than a secondary console. For details of this process, see Section 2.3.1, Restoring the Configuration on a Standalone Administration Console or with a Traditional SSL VPN Server.
If the Identity Server was installed with the Administration Console, you need to be aware that the backup file contains only the Tomcat configuration information for the Administration Console. After you have installed the Administration Console and restored the configuration, you then need to install the Identity Server software. It will acquire its configuration parameters from the Administration Console. For details of this process, see Section 2.3.2, Restoring the Configuration with an Identity Server on the Same Machine.