Backup and restore

Contents

This documentation describes the backup and restore procedures as well as the disaster recovery strategies for Ubisecure SSO and Ubisecure CustomerID products.

Backup and restore procedures are of essential importance, as they remarkably improve data safety in case of various failures. These failures may be caused by hardware failure, power outages, human errors or other unforeseen problems. Therefore, performing regular backups should be considered one of a responsible system administrator's top priorities.

The safest method of making backups is to record them on separate media, such as a network drive, tape, removable drive, and so on. It is also recommended to store your backup sets in a location separate from the system.

For best results, test the backup and restore procedures at system testing prior to production use. Thorough testing using the same data volume and system configuration as will be used in production is important.

Description of the Environment

A typical installation consists of the following products:

  • Ubisecure CustomerID - Ubisecure CustomerID is used to manage user and role related data stored in Ubisecure Directory or Active Directory and in the internal SQL database.
  • Ubisecure SSO - A Ubisecure SSO installation consists of many applications including Ubisecure SSO Authentication Server (UAS in short for historical reasons) and Ubisecure SSO Management.
  • Ubisecure Directory - Ubisecure Directory is the main data repository for both Ubisecure SSO and Ubisecure CustomerID. It holds most of the configuration and user related data within the environment if Active Directory is not used as the main user repository.

Backup Considerations

When you consider your backup and restore scheme, pay attention to the following aspects:

  • Backing up and restoring high data volumes can take a long time and they also consume CPU resources and possibly network bandwidth. Perform the backups and possible restore operations when the system load is at its lowest, if possible.
  • Consider carefully the impact of backing up and of restoring data to the system. For example:
    • If a password is changed after the backup is made, the new password will not work if the backup is restored. This happens because the restored data also restores the original password.
    • If an account is locked is after the backup is made, the account will become unlocked if the backup is restored. This happens because the restored data also restores the original unlocked status of the account.
  • You may want to exclude certain attributes from the Ubisecure Directory export. Excluded attributes can contain information on the user's last login, last login failure and so on. Examples of these attributes are, for example:
    • ubiloginBadLogonTime
    • ubiloginBadLogonCount
    • ubiloginLastLogonTime

Consider carefully the impact of restoring or not restoring these values. For example, ubiloginLastLogonTime may not reflect the last login time and may not be trusted after a restore is performed.

  • The backup commands in this manual can be scheduled using native operating system commands such as cron or task scheduler.

Backup Schedule

The following table describes the backup intervals for the typical system components.

Component

Recommended Backup Interval

Ubisecure CustomerID

Back up the Ubisecure CustomerID installation directory whenever the configuration is changed or after the product has been updated or upgraded.
Back up the Apache Derby daily

Ubisecure SSO

Back up the Ubisecure SSO installation directory whenever the configuration is changed or after the product has been updated or upgraded.

Ubisecure Directory

Back up Ubisecure Directory daily.

Typical Installation Paths

The tables below describe the typical installation paths for the typical system components in the Windows and Linux operating systems.

Windows

Product

Path

Ubisecure CustomerID

C:\Program Files\Ubisecure\customerid

Ubisecure SSO

C:\Program Files\Ubisecure\ubilogin-sso

Ubisecure Directory: ADAM / AD LDS

C:\Program Files\Microsoft ADAM\UbiloginDirectory

Ubisecure CustomerID internal database

<Ubisecure CustomerID>\db-derby

Linux

Product

Path

Ubisecure CustomerID

/usr/local/ubisecure/customerid

Ubisecure SSO

/usr/local/ubisecure/ubilogin-sso

Ubisecure Directory: OpenLDAP

/usr/local/ubisecure/ubilogin-sso/ldap/ UbiloginDirectory

Ubisecure CustomerID internal database

<Ubisecure CustomerID>\db-derby