Backup and restore - SSO
- ubisebastian
Contents
This documentation describes the backup and restore procedures as well as the disaster recovery strategies for Ubisecure SSO.
A Ubisecure SSO installation consists of many applications including Ubisecure SSO Authentication Server (UAS) and Ubisecure SSO Management.
All files related to the configuration and other files are stored in the installation directory of Ubisecure SSO. This makes the backup procedure simple as only one directory needs to be backed up.
Backup and restore procedures are of essential importance, as they remarkably improve data safety in case of various failures. These failures may be caused by hardware failure, power outages, human errors or other unforeseen problems. Therefore, performing regular backups should be considered one of a responsible system administrator's top priorities.
The safest method of making backups is to record them on separate media, such as a network drive, tape, removable drive, and so on. It is also recommended to store your backup sets in a location separate from the system.
For best results, test the backup and restore procedures at system testing prior to production use. Thorough testing using the same data volume and system configuration as will be used in production is important.
Description of the environment
A typical installation consists of the following products:
- Ubisecure CustomerID - Ubisecure CustomerID is used to manage user and role related data stored in Ubisecure Directory or Active Directory and in the internal SQL database.
- Ubisecure SSO - A Ubisecure SSO installation consists of many applications including Ubisecure SSO Authentication Server (UAS in short for historical reasons) and Ubisecure SSO Management.
- Ubisecure Directory - Ubisecure Directory is the main data repository for both Ubisecure SSO and Ubisecure CustomerID. It holds most of the configuration and user related data within the environment if Active Directory is not used as the main user repository.
Backup considerations
When you consider your backup and restore scheme, pay attention to the following aspects:
- Backing up and restoring high data volumes can take a long time and they also consume CPU resources and possibly network bandwidth. Perform the backups and possible restore operations when the system load is at its lowest, if possible.
- Consider carefully the impact of backing up and of restoring data to the system. For example:
- If a password is changed after the backup is made, the new password will not work if the backup is restored. This happens because the restored data also restores the original password.
- If an account is locked is after the backup is made, the account will become unlocked if the backup is restored. This happens because the restored data also restores the original unlocked status of the account.
- You may want to exclude certain attributes from the Ubisecure Directory export. Excluded attributes can contain information on the user's last login, last login failure and so on. Examples of these attributes are, for example:
- ubiloginBadLogonTime
- ubiloginBadLogonCount
- ubiloginLastLogonTime
Consider carefully the impact of restoring or not restoring these values. For example, ubiloginLastLogonTime may not reflect the last login time and may not be trusted after a restore is performed.
- The backup commands in this manual can be scheduled using native operating system commands such as cron or task scheduler.
Backup Schedule
The following table describes the backup intervals for the typical system components.
Component | Recommended Backup Interval |
|---|---|
Ubisecure SSO | Back up the Ubisecure SSO installation directory whenever the configuration is changed or after the product has been updated or upgraded. |
Ubisecure Directory | Back up Ubisecure Directory daily. |
Typical Installation Paths
The tables below describe the typical installation paths for the typical system components in the Windows and Linux operating systems.
Windows
Product | Path |
|---|---|
Ubisecure SSO | C:\Program Files\Ubisecure\ubilogin-sso |
Ubisecure Directory: ADAM / AD LDS | C:\Program Files\Microsoft ADAM\UbiloginDirectory |
Linux
Product | Path |
|---|---|
Ubisecure SSO | /usr/local/ubisecure/ubilogin-sso |
Ubisecure Directory: OpenLDAP | /usr/local/ubisecure/ubilogin-sso/ldap/ UbiloginDirectory |
Simple Ubisecure SSO backup and restore procedures
The easiest way to backup Ubisecure SSO is to stop the Ubisecure SSO (and Ubisecure Directory if OpenLDAP is used) and copy the installation directory to the backup destination.This will copy both Ubisecure SSO (and possibly OpenLDAP) including all necessary configurations and files needed in the restore operation.
The procedure for Windows is as follows:
Stop Ubisecure SSO
C:\>net stop UbiloginServer
Back up the installation directory
xcopy /e/q/y "C:\Program Files\Ubisecure\ubilogin-sso" <BACKUP_DIRECTORY>
The procedure for Linux is as follows
- Stop Ubisecure SSO
- Stop Ubisecure Directory
Back up the installation directory
cp -r /usr/local/ubisecure/ubilogin-sso <BACKUP_DIRECTORY>
Where
<BACKUP_DIRECTORY>is the path to the location where the backup will be stored, for example,mnt/backups/25_10_2010.
If a restore is needed, the Ubisecure SSO directory can be copied from the backup destination back to the server and can be used as is.
Restoring Ubisecure SSO services
If Ubisecure SSO or Ubisecure Directory services must be restored, it can be accomplished with the following commands:
Script | Description |
|---|---|
| Installs the Ubisecure SSO service. |