Disaster recovery can range from re-registering agents and endpoints lost during a server crash to a complete restoration of your IT infrastructure. This section provides procedures for recovering the Secure Configuration Manager components, especially the database, connecting to your IT assets, and restoring configuration settings.
NOTE:This section assumes you will install the same version of Secure Configuration Manager as you had before the infrastructure failure.
The following checklist provides an overview of the disaster recovery steps.
|
Checklist Items |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
In some recovery situations, you will need to reinstall the Secure Configuration Manager consoles, database, and Core Services. Follow the installation instructions provided in the Installation Guide for NetIQ Secure Configuration Manager.
To ensure that the Secure Configuration Manager components synchronize properly after you reinstall, you must restore the consoles, database, and Core Services to the same hotfix and service pack version levels as were in use before the disaster. For more information about exporting a patch level summary, see Storing Version Level Information.
NOTE:
All Secure Configuration Manager components must be restored to the same release level, such as version 5.8.1.
The security agents do not need to be at the same release level as Core Services.
If an infrastructure failure causes your organization to move to a new location or servers, you will need to restore the Secure Configuration Manager database. This process assumes you have a current, usable backup of the database. For more information about backing up the database, see Section 9.0, Maintaining the Secure Configuration Manager Database. You must have administrative permissions to restore the database. You must install the generic Secure Configuration Manager database before restoring your backup data.
Log on with an Administrator account to the computer where you want to restore or you installed the Secure Configuration Manager database.
(Conditional) If you have not installed the Secure Configuration Manager database in the new location, complete the instructions in the Secure Configuration Manager installation wizard for database installation.
(Conditional) If the NetIQ Core Services service is running, stop the service.
Restore the backup Secure Configuration Manager database.
Restart the NetIQ Core Services service.
If you have saved a current copy of the Core Services folder, you can copy the mk.options and mk.properties files from the saved folder to the same location where you reinstalled Secure Configuration Manager. By default, the Core Services folder is located in the Program Files\NetIQ\Secure Configuration Manager folder.
NOTE:Your backup Core Services folder and contents must be at the same hotfix and service pack level as the restored Core Services component for which you want to replace the mk.options and mk.properties files.
Log on with an Administrator account to the Core Services computer.
(Conditional) If the NetIQ Core Services service is running, stop the service.
Copy the mk.options and mk.properties files from your saved Core Services folder to the Program Files\NetIQ\Secure Configuration Manager\Core Services folder.
Click Yes on the confirmation message.
Restart the NetIQ Core Services service.
After database restoration you must link the existing Secure Configuration Manager console and VigilEnt Service users to the database and the database to Core Services.
Log on with an Administrator account to the computer where you installed Core Services.
(Conditional) If the NetIQ Core Services service is running, stop the service.
Open the PasswordUtility.exe file. By default, this file is located in the C:\Program Files\NetIQ\Secure Configuration Manager\Core Services\bin folder.
WARNING:Do not modify the PasswordUtility.exe file except as directed in these steps. Revising this file can adversely affect Core Services performance.
On the Welcome screen, click Next.
Type the SQL Server name, and then click Next.
Select the type of authentication used to connect to SQL Server, and then click Next.
In the Login Name field, type the same login account as used for installing the database, and then click Next.
NOTE:Secure Configuration Manager also uses the Login Name for the administrative account for accessing Core Services.
In the Password and confirmation fields, enter a temporary password, and then click Next.
Click Next, and then click Finish.
Restart the NetIQ Core Services service.
Secure Configuration Manager generates a set of authentication keys called domain keys. Core Services uses the domain keys to authenticate communication with registered agents. When you move the Secure Configuration Manager infrastructure to a new system after a disaster, you must transfer the domain keys to enable the new Core Services to access agents registered to the previous Core Services.
This procedure assumes you have a backup copy of the domain keys. You must perform this procedure on each Core Services computer that requires access to the agents registered to the original Core Services.
Run the ImportDomainKeys.bat file. By default, this file is located in the Program Files\NetIQ\Secure Configuration Manager\Core Services\bin folder.
At the Filename prompt, type the name of the file where the domain keys are stored and press Enter.
At the Password prompt, type the password to access the domain keys, and then press Enter.
Restart the NetIQ Core Services service.
When you install Secure Configuration Manager, the installation program prompts you to enter the license key. Some organizations use more than one license key, which must be entered after installation.
Open the Core Services Configuration Utility.
Click the License Keys tab.
In the Additional Secure Configuration Manager License Keys field, type the extra license keys separated by commas.
Restart the NetIQ Core Services service.
Once you have the database and Core Services running, you can re-register your existing agents and endpoints. For more information about discovering and managing systems, see Section 2.2, Building and Managing Your Asset Map.
To ensure that you restore all systems, agents, and endpoints in their previous managed groups in the Secure Configuration Manager console, refer to the asset status files you most recently exported. For more information about exporting asset and managed group data, see Section B.1.4, Saving Asset Map Data.