Previous Topic: CA IT PAM ConsiderationsNext Topic: CA User Activity Reporting Module and Virtualization

Implementation GuideDisaster Recovery

Disaster Recovery

This section contains the following topics:

Disaster Recovery Planning

About Backing Up the CA EEM Server

Back Up a CA EEM Application Instance

Restore a CA EEM Server for Use with CA User Activity Reporting Module

Back Up a CA User Activity Reporting Module Server

Restore a CA User Activity Reporting Module Server from Backup Files

Replace a CA User Activity Reporting Module Server

Disaster Recovery Planning

Planning for disaster recovery is a necessary part of every good network administration plan. CA User Activity Reporting Module disaster recovery planning is relatively simple and straightforward. The key to successful disaster recovery for CA User Activity Reporting Module is in keeping regular backups.

You need to make backups of the following information:

If maintaining high-throughput levels is critical to your implementation, you may choose to maintain a reserve server that has the same hardware characteristics as the one on which you install your other CA User Activity Reporting Module servers. If one CA User Activity Reporting Module server is disabled, you can install another one using the exact same name. When the new server starts, it receives the necessary configuration files from the management server. If this level of performance is not crucial to your implementation, you can install a CA User Activity Reporting Module server on any blank server that is capable of hosting the base operating system and meets the minimum memory and hard disk requirements.

About Backing Up the CA EEM Server

The configuration for each CA User Activity Reporting Module server, agent, and connector as well as queries, reports, alerts, and so forth is maintained separately in the management CA User Activity Reporting Module server's CA EEM repository. The key to successful server recovery is in maintaining regular backups of information stored in the CA User Activity Reporting Module application instance.

An application instance is a common space in the CA EEM repository that stores the following information:

You can perform the CA EEM backup procedure from within the CA EEM web browser interface. Typically, all CA User Activity Reporting Module servers in an enterprise use the same application instance. The default CA User Activity Reporting Module application instance value is CAELM. You can install CA User Activity Reporting Module servers with different application instances, but you can only federate those servers that share the same application instance. Servers configured to use the same CA EEM server but with different application instances share only the user store, password policies, and global groups.

Back Up a CA EEM Application Instance

You can perform a backup of a CA User Activity Reporting Module application instance from the internal CA EEM server on the management server.

Follow these steps:

  1. Access the CA EEM server with the following URL: 
    https://<servername>:5250/spin/eiam
  2. Expand the Application list on the login page and select the application instance name you used when you installed your CA User Activity Reporting Module servers.

    The default application instance name for CA User Activity Reporting Module is CAELM.

  3. Log in as the EiamAdmin user or a user with the CA EEM Administrator role.
  4. Access the Configure tab and then select the EEM Server subtab.
  5. Select the Export Application item in the left side navigation pane.
  6. Select all options.

    Note: If you are using an external directory, do not select the options, Global Users, Global Groups, and Global Folders.

  7. Set the value of Override the Max Search Size to 9999999999
  8. Click Export to create an XML export file for the application instance.

    The File Download dialog displays the file name, <AppInstanceName>.xml.gz, for example CAELM.xml.gz and a Save button.

  9. Click Save and select your backup location on a mapped, remote server. Or save the file locally and then copy or move this file to your backup location on another server.

Restore a CA EEM Server for Use with CA User Activity Reporting Module

You can restore a CA User Activity Reporting Module application instance to a management server. Restoring the management server's CA EEM functionality involves running the safex utility which imports the backed up application instance.

Follow these steps:

  1. Install the CA User Activity Reporting Module soft appliance on a new hardware server.
  2. Access a command prompt and navigate to the directory, /opt/CA/LogManager/EEM.
  3. Copy the backup file, <AppinstanceName>.xml.gz, to this directory from your external backup server.
  4. Run the following command to retrieve the XML export file: 
    gunzip <AppinstanceName>.xml.gz
  5. Execute the following command to restore the export file to the new management server 
    ./safex -h eemserverhostname -u EiamAdmin -p password -f AppinstanceName.xml
  6. If you are running in FIPS mode, be sure to include the -fips option.

More information:

Install CA User Activity Reporting Module

Back Up a CA User Activity Reporting Module Server

You can back up an entire CA User Activity Reporting Module server from the /opt/CA/LogManager/data folder. This data folder is a symbolic link to the data folder under root directory (/data).

Follow these steps:

  1. Log into the CA User Activity Reporting Module server as the caelmadmin user.
  2. Access the root account using the su utility.
  3. Navigate to the directory, /opt/CA/LogManager.
  4. Execute the following TAR command to create a backup copy of the CA User Activity Reporting Module server files: 
    tar -hzcvf backupData.tgz /data

    This command creates the compressed output file, backupData.tgz, using the files from the /data directory.

  5. Navigate to the directory, /opt/CA/SharedComponents/iTechnology.
  6. Execute the following TAR command to create a backup copy of the digital certificates and keys: 
    tar -zcvf backupCerts.tgz *.cer *.p12

    tar -zcvf backupKeys.tgz *.key *.munge

    This command creates the compressed output file, backupCerts.tgz and backupKeys.tgz.

Restore a CA User Activity Reporting Module Server from Backup Files

You can restore a CA User Activity Reporting Module server from backup files after you install the CA User Activity Reporting Module soft appliance on the new server.

Follow these steps:

  1. Stop the iGateway process on the new server.

    To do this, navigate to the /opt/CA/SharedComponents/iTechnology folder and execute the following command:

    ./S99igateway stop
  2. Copy the backupData.tgz and backupCerts.tgz files to the directory, /opt/CA/LogManager on the new server.
  3. Expand the contents of the backupData.tgz file with the following command: 
    tar -xzvf  backupData.tgz

    This command overwrites the contents of the data folder with the contents of the backup file.

  4. Navigate to the directory, /opt/CA/SharedComponents/iTechnology.
  5. Expand the contents of the backupCerts.tgz and backupKeys.tgz files with the following command: 
    tar -xzvf  backupCerts.tgz 

    tar -xzvf  backupKeys.tgz

    This command overwrites the certificate files in the current folder with the certificate files from the backup file.

  6. Start the igateway process.

    To do this, execute the following command:

    ./S99igateway start
  7. If you configured secondary servers, perform the following steps on each secondary server:
    1. Navigate to /opt/CA/SharedComponents/iTechnology folder.
    2. Execute the following command: 
      ./authtool -a "<primary_hostname>" -nologin -debug -sdkconf iTechSDK.xml
  8. Navigate to the directory, /opt/CA/ELMAgent/bin.
  9. Replace the default AgentCert.cer and AgentCert.key files with the backed-up file, CAELM_AgentCert.cer and CAELM_AgentCert.key to ensure proper agent startup.
  10. If you are using custom PEM or P12 certificates, re-configure the custom certificates. To configure custom certificates, see the CA User Activity Reporting Module Administration Guide.

Replace a CA User Activity Reporting Module Server

Use this procedure to replace a collection CA User Activity Reporting Module server after a major disaster or failure. This procedure allows you to recover from a disaster situation by creating a new CA User Activity Reporting Module server to resume event collection in place of the failed server.

Note: This procedure does not recover event data that resides in the failed server's event log store. Use regular data recovery techniques to retrieve event data from the downed server's event log store.

To recover from a disabled CA User Activity Reporting Module server

  1. Install the CA User Activity Reporting Module software appliance on a different server using the same host name that you assigned to the downed server.

    When the install asks for the CA EEM application instance name, be sure that you use the same application instance that the old server used. This successful registration enables the CA EEM server to synchronize the configuration.

  2. Start the new CA User Activity Reporting Module server and log in as the default administrative user, EiamAdmin.

    When the new CA User Activity Reporting Module server starts, it automatically connects to the CA EEM server, which then downloads the configuration files. After receiving the configuration files, the new CA User Activity Reporting Module server resumes log collection.