B.1 Disaster Preparation

When establishing your disaster preparedness process, you should consider which incremental changes in Secure Configuration Manager you want to maintain. For example, if you add, delete, or move a large volume of endpoints each month, you probably also should back up the database just as frequently. If you run reports daily, you should consider how many days’ worth of data you can afford to lose.

This section provides steps to help you maintain current data and settings for a faster recovery if your organization experiences a catastrophic event.

B.1.1 Disaster Preparation Checklist

The following checklist provides an overview of activities you should regularly perform to maintain current copies of your Secure Configuration Manager data and settings.

	Checklist Items
	Back up the Secure Configuration Manager database. See Section B.1.2, Backing Up the Secure Configuration Manager Database and Section 9.0, Maintaining the Secure Configuration Manager Database.
	Maintain a copy of the service pack and hotfix levels for Secure Configuration Manager components. See Storing Version Level Information.
	Maintain a copy of the Core Services folder. See Storing Core Services Configuration Settings.
	Maintain a copy of the domain keys. See Storing a Copy of the Domain Keys.
	Maintain a copy of the Secure Configuration Manager license keys. See Storing a Copy of the Product License Keys.
	Maintain a snapshot of your asset map. See Exporting the Asset Map.
	Maintain a snapshot of your managed groups. See Exporting Managed Groups Data.

B.1.2 Backing Up the Secure Configuration Manager Database

Once you have an idea of the frequency with which you should back up your data, you should consider other factors. The volume of data you require may dictate the time frame in which you can run a backup. Data volume also affects the method for backups. For more information about grooming and backing up your database, see Section 9.0, Maintaining the Secure Configuration Manager Database.

SQL Server provides several types of backups that can be combined to serve a variety of requirements.

Full Backup

A full backup is the simplest type of SQL Server backup. When you run a full backup, SQL Server creates a copy of all data in the database, tables, indexes, and logs for transactions occurring during the backup. Full backups can be performed while the database is in use. Full backups can require a lot of disk space and time to complete, depending on the volume of data you want to save.

Differential Backup

The differential backup copies pages that have changed since the previous backup, plus the parts of the log necessary to retain data integrity for transactions during the backup. You can use the differential backup between full backups when you may not have time or disk space to perform a full backup.

Transaction Log Backup

The SQL Server transaction log contains almost every change that occurs within the database and aids in recovering the database. The log backup copies the database transaction log file and can be run during a full or differential backup. To protect your data and prevent the transaction log from filling, you should regularly run a log backup.

B.1.3 Storing Product Configuration Information

Secure Configuration Manager stores a variety of settings you customize upon installation. These settings may change over time. To ensure rapid recovery, NetIQ recommends regularly saving copies of your product configuration settings and version levels for the Secure Configuration Manager components.

Storing Version Level Information

To ensure that you can restore the Secure Configuration Manager components to the current hotfix and service pack version levels, you should regularly export a copy of the patch summary information.

To store version level information:

On the Help menu, select About NetIQ Secure Configuration Manager.
Click Export.
Enter a file name, and then click Save.

Storing Core Services Configuration Settings

Core Services contains a variety of special settings to ensure communication among Secure Configuration Manager components, agents, and your IT environment. Core Services also stores custom information such as email addresses for reports and compliance alerts and settings. For faster product recovery, you should maintain a copy of Core Services settings.

To store current Core Services settings, regularly back up the Core Services folder to your disaster recovery location. By default, this folder is located in the Program Files\NetIQ\Secure Configuration Manager folder.

Storing a Copy of the Domain Keys

Core Services uses a set of authentication keys, called domain keys, for shared secret authentication with the registered Windows, UNIX, and iSeries agents. When you move the Secure Configuration Manager infrastructure to a new system after a disaster, you must transfer the domain keys to enable the new Core Services to access agents registered to the previous Core Services. Secure Configuration Manager requires a password for importing the domain keys from a different Core Services computer.

NOTE:ensure that you retain a copy of the password used to access the ExportDomainKeys.bat file. The file does not allow any alternative methods of access.

To back up the domain keys:

On the Core Services computer that registered the Secure Configuration Manager agents, open the ExportDomainKeys.bat file. By default, this file is located in the Program Files\NetIQ\Secure Configuration Manager\Core Services\bin folder.
At the Filename prompt, type the name of the file in which to store the domain keys.

By default, Secure Configuration Manager saves the file in the same folder. To save the file to another location, enter a full path and file name.
Press Enter.
At the Password prompt, type a password, and then press Enter.
Store the specified password and saved file in your disaster recovery location.

Storing a Copy of the Product License Keys

Product license keys enable Secure Configuration Manager to function in your environment. NetIQ recommends you maintain a copy of the product license keys in your disaster recovery location. The License Keys tab in the Core Services Configuration Utility contains all current product license keys. You can copy and paste the displayed information in a separate file. You can also print a copy of your license status. In the Secure Configuration Manager console, expand Tools > License Status, and then click Print.

B.1.4 Saving Asset Map Data

If you reinstall Secure Configuration Manager after a catastrophic event, you must re-register managed systems, agents, and endpoints with the new Core Services. To ensure a more efficient return to operation, you should maintain copies of your current asset map and managed groups.

Exporting the Asset Map

Regularly exporting the asset map ensures that you have a current snapshot of all systems, agents, and endpoints to use as a visual reference when rebuilding the map in the recovery stage. You can save the exported file in .xlsx, .html, .txt, or .xml format.

To export the asset map:

On the Tools menu, click Admin Reports Wizard.
In the Available Reports list, click All Systems, Agents, and Endpoints.
Click Run Report.
In the Results window, click Export.
In the Save As window, navigate to the location where you want to save the exported file.
Enter a file name.
Select the file type, and then click Save.

Exporting Managed Groups Data

During the recovery stage, you might want to return endpoints to their original managed groups. Secure Configuration Manager enables you to export a snapshot of each managed group for future reference. You can save the exported file in .xlsx, .html, .txt, or .pdf format.

To export managed group data:

In the IT Assets tree pane, expand Managed Groups > My Groups.
Under My Groups, select the group whose data you want to export.
Right-click the group in the IT Assets tree, and then click Export List.
In the window, navigate to the location where you want to save the exported file.
Enter a file name.
Select the file type, and then click Save.