Because the Secure Configuration Manager database contains sensitive data, consider a database maintenance strategy that provides optimal performance and supports your data management goals. A database maintenance strategy determines the health of your database, ensures data integrity, and helps you better meet the data security needs of your organization.
A database maintenance strategy consists of the following key items:
Database backup and archival
Database grooming
Database recovery
For each Secure Configuration Manager database you manage, develop a database maintenance strategy that addresses these key items.
How frequently you should back up and archive the Secure Configuration Manager database depends on your answers to the following questions:
How often do you capture important data?
How quickly does your database grow?
How stable is your environment?
For example, if you run multiple daily policy templates and task suites, you may want to back up and archive the Secure Configuration Manager database each night. Daily backups ensure that you keep the most current copy of the database available. If your environment requires routine upgrades and security patches, you may want to implement a regular backup and archive schedule to mitigate potential data loss. Your backup frequency also influences your recovery model. For more information, see Section 9.4.4, Identifying the Appropriate Recovery Model.
You can back up the Secure Configuration Manager database to address the following goals:
Ensure the security of your data
Archive a data set
Prevent data loss during upgrades
Move the database from one Microsoft SQL Server computer to another
Backing up the Secure Configuration Manager database on a routine, scheduled basis helps achieve these goals. You can perform different types of backups, such as a full backup or an incremental backup. When selecting the backup type, consider the database size, the importance of your data, and how long you intend to keep the archived data. For example, Microsoft SQL Server supports full database backups as well as partial transaction log backups, allowing for more flexible and thorough recovery. This strategy is ideal if your transaction rate is high but can strain resources if your database is large. Nightly full backups can meet the security and data recovery needs of most organizations.
The following table provides additional information sources.
|
For more information about ... |
See ... |
|---|---|
|
Understanding how the Secure Configuration Manager database works |
Section 9.3, How the Secure Configuration Manager Database Works |
|
Backing up the Secure Configuration Manager database |
SQL Server Books Online |
|
Moving the Secure Configuration Manager database to a different Microsoft SQL Server computer |
NetIQ Technical Support |
|
Managing distributed Secure Configuration Manager databases |
NetIQ Professional Services |
Secure Configuration Manager includes an automated, system-wide task to purge completed job record data from the database at the conclusion of the defined retention period. By default, the record retention setting is 90 days. You can specify that Secure Configuration Manager should never purge data by configuring System Purge Time of Day and System Purge Period in the Core Services Configuration Utility. Once you have configured the purge period, Secure Configuration Manager does not begin the purge immediately, but purges the database based on those settings. For more information, see the Core Services Configuration Utility Help. You can also configure purges for completed jobs, alerts, and job history log data. For more information about purging the Jobs Queues, see Section 10.2.1, Setting the Retention Period.
You can manually groom the database to remove old and unused data. The Secure Configuration Manager database supports script-based grooming. Script-based grooming uses a script to search the database for old data and then deletes the appropriate columns, rows, or tables. You can also write scripts to export selected data, and then remove this archived data from the database.
Grooming scripts typically use Structured Query Language (SQL) to read and write data to the database, and VBScript or Java to connect to the SQL Server computer. You can also write SQL transactions, queries, and deletes using SQL commands from the Microsoft SQL Query Analyzer. For more information about developing a grooming script that best meets the needs of your organization, contact NetIQ Professional Services.
Secure Configuration Manager provides the Core Services Configuration Utility, which allows you to perform limited grooming. This utility lets you specify how often you want Secure Configuration Manager to delete report and asset map data. To decide how often you should purge the Secure Configuration Manager database, run the Task History Report. As the database grows, you may want to perform database consistency checks through Microsoft SQL Enterprise Manager.
Always back up the Secure Configuration Manager database before running a grooming script or SQL commands. For more information about database maintenance, see SQL Server Books Online. For more information about the Secure Configuration Manager database, see Section 9.3, How the Secure Configuration Manager Database Works.
Although you may routinely back up the Secure Configuration Manager database, your database data is only as current as the last backup. A successful database maintenance strategy balances the need for current data with the ability to quickly and accurately restore a database when required. Identifying the appropriate recovery model ensures efficient and effective disaster recovery.
Although the simple recovery model can address the needs of most organizations, your recovery model depends on the backup process you implement. For more information about determining the best backup and archive frequency for your organization, see Section 9.4.1, Identifying a Backup and Archive Plan. For more information about recovery models, contact your database administrator or see SQL Server Books Online.