none
FIM Backup / Restore / DR Stragegy RRS feed

  • Question

  • I need some help with figuring out how and backup and more importantly, restore a FIM environment (the backup is 100% useless if the restore doesn't work).

    I have two real world occurrences that really make be nervous about relying on this to replace what we currently use for IDM (Novell).  I simply can't afford for this to be down for very long.

    1)  When I did the FIM and BHOLD installs, I mistaken installed the BHOLD under my account (it's in the admin group) instead of administrator.  Yeah, I'm a dumbass for doing that, but...  That screwed up the BHOLD installation royally.  BHOLD doesn't un-install cleanly.  I actually think there's a comment buried in some install documents that states it can't be uninstalled using programs and features.  That leaves me no option but to rebuild the server.  That's a 8+ hour water-boarding exercise.  Having no other option, I tried to uninstall BHOLD via programs and features anyway.  After that process and a reboot, the FIM Service wouldn't start.  And, googling FIM Service won't start yields results that are less the useless.

    2)  I HAD a fully functional FIM/BHOLD system, with an HR system feeding users, BHOLD managing groups and everything in AD working properly.  I had a request to setup a way to manage service accounts and vendor/contractor accounts (personnel not in HR) via the FIM portal.  I created a new object type called ServiceAccount, based on the user account and configured one RCDC for that object type.   After getting that RCDC working (another water-boarding session), I copied it two times, renamed them for editing and viewing, and imported them into FIM.  All that worked fine.  But, the next time I went to update the view RCDC (setting all the attribtue to read-only), the RCDC that is used to import/export/view RCDCs was throwing an invalid RCDC error, contact your system adminstrator message and displaying the default RCDC (which is of no use).  WTF!  I never even touched that RCDC, never planned on touching that RCDC and had no backup of that RCDC.  I thought I could restore the FIMService database from a backup and recover.  So, I stopped the FIMService (I have to break all connections to the DB to restore it).  After the restore, the FIMService won't start.  And, googling FIM Service won't start yields results that are less the useless.

    So, I'm looking for a 100% positive (ok, I'll settle for 95% way) to recover a FIM installation.  I'm using a remote DB server.  I simply can't move forward with something so fragile and poorly documented.  I'm aware of the powershell scripts used to export/compare and import configurations.  I'm aware the import and export capabilities in the sync service app.  I'm aware of the VM snapshotting capabilities.  And, I'm aware of the DB backup and restore capabilities.  I'm using TFS to manage versions of RCDCs and my use that to manage the exports from these powershell scripts. 

    Thanks,

    Greg

    Tuesday, May 26, 2015 2:07 PM

Answers

  • Backup\Restore for FIM is simple as,

    1. Stop FIM Services

    2. Backup FIMSynchronizationService and FIMService

    3. Restore FIMSynchronizationService and FIMService

    4. Start FIMSynchronizationService

    5. Start FIMService

    Powershell scripts migrate FIM Portal\Service configuration customizations not the data.

    Scripts are used for migration not restore.


    Nosh Mernacaj, Identity Management Specialist


    Tuesday, May 26, 2015 2:17 PM

All replies

  • Backup\Restore for FIM is simple as,

    1. Stop FIM Services

    2. Backup FIMSynchronizationService and FIMService

    3. Restore FIMSynchronizationService and FIMService

    4. Start FIMSynchronizationService

    5. Start FIMService

    Powershell scripts migrate FIM Portal\Service configuration customizations not the data.

    Scripts are used for migration not restore.


    Nosh Mernacaj, Identity Management Specialist


    Tuesday, May 26, 2015 2:17 PM
  • Well Nosh,

    I doesn't get much simpler than that.  So, this will get the metaverse data, schemas (FIM service, FIM Portal and metaverse), RCDCs, MA run profiles, settings, everything contained "in the box"?  I would assume any extension code would be excluded.  Are there any special considerations for BHOLD?  That's just another database on the DB server.

    Thanks,

    Greg

    Tuesday, May 26, 2015 2:44 PM
  • 1. What I described, assumes your server did not blow off, so the extensions folder would still be there

    If your server is totally fried, you need a server restore as well. 

    1. For the SYNC server, You need a backup of the server with the latest code changes.

    2. FIM Portal\Service. Just a copy of a working model. There are no changes that matter much, besides Windows updates

    As per BHold, not sure there is much more from what I outlined. Yes you are right, the BHOLD DB as well.

    Just make sure all DB Backups are from the same timestamp.


    Nosh Mernacaj, Identity Management Specialist

    Tuesday, May 26, 2015 2:50 PM
  • Also, you can implement any kind of code versioning (GIT, TFS, whatever) and store schema and portal configuration there.
    Monday, June 1, 2015 11:47 AM