Backup and restore - SSO

Contents

This documentation describes the backup and restore procedures as well as the disaster recovery strategies for Ubisecure SSO.

A Ubisecure SSO installation consists of many applications including Ubisecure SSO Authentication Server (UAS) and Ubisecure SSO Management.

All files related to the configuration and other files are stored in the installation directory of Ubisecure SSO. This makes the backup procedure simple as only one directory needs to be backed up.

Backup and restore procedures are of essential importance, as they remarkably improve data safety in case of various failures. These failures may be caused by hardware failure, power outages, human errors or other unforeseen problems. Therefore, performing regular backups should be considered one of a responsible system administrator's top priorities.

The safest method of making backups is to record them on separate media, such as a network drive, tape, removable drive, and so on. It is also recommended to store your backup sets in a location separate from the system.

For best results, test the backup and restore procedures at system testing prior to production use. Thorough testing using the same data volume and system configuration as will be used in production is important.

Description of the environment

A typical installation consists of the following products:

  • Ubisecure CustomerID - Ubisecure CustomerID is used to manage user and role related data stored in Ubisecure Directory or Active Directory and in the internal SQL database.
  • Ubisecure SSO - A Ubisecure SSO installation consists of many applications including Ubisecure SSO Authentication Server (UAS in short for historical reasons) and Ubisecure SSO Management.
  • Ubisecure Directory - Ubisecure Directory is the main data repository for both Ubisecure SSO and Ubisecure CustomerID. It holds most of the configuration and user related data within the environment if Active Directory is not used as the main user repository.

Backup considerations

When you consider your backup and restore scheme, pay attention to the following aspects:

  • Backing up and restoring high data volumes can take a long time and they also consume CPU resources and possibly network bandwidth. Perform the backups and possible restore operations when the system load is at its lowest, if possible.
  • Consider carefully the impact of backing up and of restoring data to the system. For example:
    • If a password is changed after the backup is made, the new password will not work if the backup is restored. This happens because the restored data also restores the original password.
    • If an account is locked is after the backup is made, the account will become unlocked if the backup is restored. This happens because the restored data also restores the original unlocked status of the account.
  • You may want to exclude certain attributes from the Ubisecure Directory export. Excluded attributes can contain information on the user's last login, last login failure and so on. Examples of these attributes are, for example:
    • ubiloginBadLogonTime
    • ubiloginBadLogonCount
    • ubiloginLastLogonTime

Consider carefully the impact of restoring or not restoring these values. For example, ubiloginLastLogonTime may not reflect the last login time and may not be trusted after a restore is performed.

  • The backup commands in this manual can be scheduled using native operating system commands such as cron or task scheduler.

Backup Schedule

The following table describes the backup intervals for the typical system components.

Component

Recommended Backup Interval

Ubisecure SSO

Back up the Ubisecure SSO installation directory whenever the configuration is changed or after the product has been updated or upgraded.

Ubisecure Directory

Back up Ubisecure Directory daily.

Typical Installation Paths

The tables below describe the typical installation paths for the typical system components in the Windows and Linux operating systems.

Windows

Product

Path

Ubisecure SSO

C:\Program Files\Ubisecure\ubilogin-sso

Ubisecure Directory: ADAM / AD LDS

C:\Program Files\Microsoft ADAM\UbiloginDirectory

Linux

Product

Path

Ubisecure SSO

/usr/local/ubisecure/ubilogin-sso

Ubisecure Directory: OpenLDAP

/usr/local/ubisecure/ubilogin-sso/ldap/ UbiloginDirectory


Simple Ubisecure SSO backup and restore procedures

The easiest way to backup Ubisecure SSO is to stop the Ubisecure SSO (and Ubisecure Directory if OpenLDAP is used) and copy the installation directory to the backup destination.This will copy both Ubisecure SSO (and possibly OpenLDAP) including all necessary configurations and files needed in the restore operation.

The procedure for Windows is as follows:

  1. Stop Ubisecure SSO

    C:\>net stop UbiloginServer
  2. Back up the installation directory

    xcopy /e/q/y "C:\Program Files\Ubisecure\ubilogin-sso" <BACKUP_DIRECTORY>

The procedure for Linux is as follows

  1. Stop Ubisecure SSO
  2. Stop Ubisecure Directory
  3. Back up the installation directory

    cp -r /usr/local/ubisecure/ubilogin-sso <BACKUP_DIRECTORY>

    Where <BACKUP_DIRECTORY> is the path to the location where the backup will be stored, for example, mnt/backups/25_10_2010.

If a restore is needed, the Ubisecure SSO directory can be copied from the backup destination back to the server and can be used as is.

Restoring Ubisecure SSO services

If Ubisecure SSO or Ubisecure Directory services must be restored, it can be accomplished with the following commands:

Script

Description

C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\install.cmd

Installs the Ubisecure SSO service.