B.2 Disaster Recovery

Disaster recovery can range from re-registering agents and endpoints lost during a server crash to a complete restoration of your IT infrastructure. This section provides procedures for recovering the Secure Configuration Manager components, especially the database, connecting to your IT assets, and restoring configuration settings.

NOTE:This section assumes you will install the same version of Secure Configuration Manager as you had before the infrastructure failure.

B.2.1 Disaster Recovery Checklist

The following checklist provides an overview of the disaster recovery steps.

 

Checklist Items

  1. If you must move to a new infrastructure, install the Secure Configuration Manager components. See Section B.2.2, Reinstalling Secure Configuration Manager.

  1. If you reinstalled a Secure Configuration Manager component, reapply service packs and hotfixes. See Section B.2.3, Applying Service Packs and Hotfixes.

  1. If you reinstalled the database, restore the backup Secure Configuration Manager database. See Section B.2.4, Restoring the Secure Configuration Manager Database.

  1. If you reinstalled Core Services, restore the backup Core Services folder. See Section B.2.5, Restoring Your Core Services Settings.

  1. If you reinstalled Core Services or the database, enable the database and Core Services to communicate with users.See Section B.2.6, Linking Users to the Secure Configuration Manager Database.

  1. If you reinstalled Core Services, restore the domain keys. See Section B.2.7, Restoring Domain keys.

  1. If you reinstalled Core Services, add additional license keys. See Section B.2.8, Restoring License Keys.

  1. If you reinstalled Core Services, re-register your agents and endpoints. For more information, see Section B.2.9, Re-Registering Agents and Endpoints.

B.2.2 Reinstalling Secure Configuration Manager

In some recovery situations, you will need to reinstall the Secure Configuration Manager consoles, database, and Core Services. Follow the installation instructions provided in the Installation Guide for NetIQ Secure Configuration Manager.

B.2.3 Applying Service Packs and Hotfixes

To ensure that the Secure Configuration Manager components synchronize properly after you reinstall, you must restore the consoles, database, and Core Services to the same hotfix and service pack version levels as were in use before the disaster. For more information about exporting a patch level summary, see Storing Version Level Information.

NOTE:

  • All Secure Configuration Manager components must be restored to the same release level, such as version 5.8.1.

  • The security agents do not need to be at the same release level as Core Services.

B.2.4 Restoring the Secure Configuration Manager Database

If an infrastructure failure causes your organization to move to a new location or servers, you will need to restore the Secure Configuration Manager database. This process assumes you have a current, usable backup of the database. For more information about backing up the database, see Section 9.0, Maintaining the Secure Configuration Manager Database. You must have administrative permissions to restore the database. You must install the generic Secure Configuration Manager database before restoring your backup data.

To restore the database:

  1. Log on with an Administrator account to the computer where you want to restore or you installed the Secure Configuration Manager database.

  2. (Conditional) If you have not installed the Secure Configuration Manager database in the new location, complete the instructions in the Secure Configuration Manager installation wizard for database installation.

  3. (Conditional) If the NetIQ Core Services service is running, stop the service.

  4. Restore the backup Secure Configuration Manager database.

  5. Restart the NetIQ Core Services service.

B.2.5 Restoring Your Core Services Settings

If you have saved a current copy of the Core Services folder, you can copy the mk.options and mk.properties files from the saved folder to the same location where you reinstalled Secure Configuration Manager. By default, the Core Services folder is located in the Program Files\NetIQ\Secure Configuration Manager folder.

NOTE:Your backup Core Services folder and contents must be at the same hotfix and service pack level as the restored Core Services component for which you want to replace the mk.options and mk.properties files.

To restore the Core Services folder:

  1. Log on with an Administrator account to the Core Services computer.

  2. (Conditional) If the NetIQ Core Services service is running, stop the service.

  3. Copy the mk.options and mk.properties files from your saved Core Services folder to the Program Files\NetIQ\Secure Configuration Manager\Core Services folder.

  4. Click Yes on the confirmation message.

  5. Restart the NetIQ Core Services service.

B.2.6 Linking Users to the Secure Configuration Manager Database

After database restoration you must link the existing Secure Configuration Manager console and VigilEnt Service users to the database and the database to Core Services.

To link users to the database and Core Services:

  1. Log on with an Administrator account to the computer where you installed Core Services.

  2. (Conditional) If the NetIQ Core Services service is running, stop the service.

  3. Open the PasswordUtility.exe file. By default, this file is located in the C:\Program Files\NetIQ\Secure Configuration Manager\Core Services\bin folder.

    WARNING:Do not modify the PasswordUtility.exe file except as directed in these steps. Revising this file can adversely affect Core Services performance.

  4. On the Welcome screen, click Next.

  5. Type the SQL Server name, and then click Next.

  6. Select the type of authentication used to connect to SQL Server, and then click Next.

  7. In the Login Name field, type the same login account as used for installing the database, and then click Next.

    NOTE:Secure Configuration Manager also uses the Login Name for the administrative account for accessing Core Services.

  8. In the Password and confirmation fields, enter a temporary password, and then click Next.

  9. Click Next, and then click Finish.

  10. Restart the NetIQ Core Services service.

B.2.7 Restoring Domain keys

Secure Configuration Manager generates a set of authentication keys called domain keys. Core Services uses the domain keys to authenticate communication with registered agents. When you move the Secure Configuration Manager infrastructure to a new system after a disaster, you must transfer the domain keys to enable the new Core Services to access agents registered to the previous Core Services.

This procedure assumes you have a backup copy of the domain keys. You must perform this procedure on each Core Services computer that requires access to the agents registered to the original Core Services.

To restore domain keys:

  1. Run the ImportDomainKeys.bat file. By default, this file is located in the Program Files\NetIQ\Secure Configuration Manager\Core Services\bin folder.

  2. At the Filename prompt, type the name of the file where the domain keys are stored and press Enter.

  3. At the Password prompt, type the password to access the domain keys, and then press Enter.

  4. Restart the NetIQ Core Services service.

B.2.8 Restoring License Keys

When you install Secure Configuration Manager, the installation program prompts you to enter the license key. Some organizations use more than one license key, which must be entered after installation.

To add license keys:

  1. Open the Core Services Configuration Utility.

  2. Click the License Keys tab.

  3. In the Additional Secure Configuration Manager License Keys field, type the extra license keys separated by commas.

  4. Restart the NetIQ Core Services service.

B.2.9 Re-Registering Agents and Endpoints

Once you have the database and Core Services running, you can re-register your existing agents and endpoints. For more information about discovering and managing systems, see Section 2.2, Building and Managing Your Asset Map.

To ensure that you restore all systems, agents, and endpoints in their previous managed groups in the Secure Configuration Manager console, refer to the asset status files you most recently exported. For more information about exporting asset and managed group data, see Section B.1.4, Saving Asset Map Data.