Scope

The purpose of this document will be to discuss the steps on how to backup information pertaining to the Microsoft Identity Management Synchronization Manager products.

  • Microsoft Identity Integration Server 2003
  • Microsoft Identity Integration Feature Pack
  • Microsoft Identity Lifecycle Manager 2007 Feature Pack 1
  • Microsoft Forefront Identity Manager 2010

In this document we will refer to and focus on all of these products as Synchronisation Service.

This document will not explain backing up the other Microsoft Identity Management components. Following components ewill not be covered here:

  1. Microsoft Certificate Lifecycle Manager 2007 Feature Pack 1
  2. Microsoft Forefront Identity Manager 2010 Service and Portal
  3. Microsoft Forefront Identity Manager 2010 Certificate Management

Please review the bottom of this document for links containing information on backing up these products.


Scenarios

Developing and maintaining solutions built with any of the Microsoft Identity Manager Products will generate the need to back up your information.

Depending on what modifications are being applied, will depend on what items you should back up. You may not need to back up everything and thus the reason for the different scenarios. We will discuss what those areas are, and why you want to backup these pieces of the solution.

Before/after changing a property inside of a management agent

  1. Backup - Management agent
  2. Backup - Metaverse
  3. Backup – Server Configuration
  4. Backup – Backend SQL Server Database (Optional – pending the current SQL Server backup/maintenance plan)

Before/after upgrading or installing a hotfix

  1. Backup - Management agent
  2. Backup - Metaverse
  3. Backup – Server Configuration
  4. Backup – Encryption Key
  5. Backup – Source Code
  6. Backup – Extensions and Data
  7. Backup – Backend SQL Server Database
  8. Backup - 3rd party client configuration

Code modifications to Metaverse or Management Agent extensions

  1. Backup – Server Configuration
  2. Backup – Source Code
  3. Backup – Extensions
  4. Backup – Backend SQL Server Database (Optional – pending the current SQL Server backup/maintenance plan)

Adding a management agent to the current Identity Management solution

  1. Backup - Management agent
  2. Backup - Metaverse
  3. Backup – Server Configuration
  4. Backup – Backend SQL Server Database (Optional – pending the current SQL Server backup/maintenance plan)
  5. Backup of 3rd party client configuration

Backup strategies

Daily and/or Weekly Backup Strategy

A good practice would be to develop some sort of daily and/or weekly backup strategy. It will assist in developing a good disaster recovery plan when executing updates or modifications to the current environment. A possible scenario may be to where the Identity Management Solution runs without issue for months. Then a server crash happens. If the information is backed up, it will allow for less down time.

  1. Backup – Backend SQL Server Database

Monthly backup strategy

  1. Backup – Server Configuration
  2. Backup – Encryption Key
  3. Backup – Source Code
  4. Backup – Extensions and Data
  5.  Backup - 3rd party client configuration

Before & after configuration changes

  1. Backup - Management agent
  2. Backup - Metaverse
  3. Backup – Server Configuration
  4. Backup – Encryption Key
  5. Backup – Source Code
  6. Backup – Extensions and Data

Backing up + Moving Backend Database

Backup – Backend SQL Server Database

Microsoft Identity Management products are a client/server application. The backend database is a Microsoft SQL Server database. Depending on the version of the Microsoft Identity Management product, the backend SQL Server could be Microsoft SQL Server 2000, Microsoft SQL Server 2005 or a Microsoft SQL Server 2008 database. Microsoft SQL Server database files have the MDF extension. It is associated with the Logging database which is the LDF file. We will use the Microsoft SQL Server Backup utility to back up the Microsoft SQL Server database.

A good practice for the back-end data is to do a nightly backup of the MicrosoftIdentityIntegrationServer (FIM2010: FIMSynchronizationService) database. This will allow for you to recover in case of a data disaster. You can find more information on database maintenance here. Our focus here is to navigate through the steps of backing up the SQL Server database.

  1. Close the Identity Manager Console before beginning this process
  2. Shut down the FIM Synchronization service
 Important
This is very important, as if you have the Identity Manager Console up and running, or if you have scheduled jobs running when doing this step, you could run into errors, and possibly corrupt data
  1. Open Microsoft SQL Server Management Studio: (NOTE: We will use snapshots from SQL Server 2008 for the purpose of this document.)
    1. Microsoft SQL Server 2000: Enterprise Manager
    2. Microsoft SQL Server 2005: SQL Server Management Studio
    3. Microsoft SQL Server 2008: SQL Server Management Studio
  2. Connect to the Microsoft SQL Server housing the MicrosoftIdentityIntegrationServer (FIM2010: FIMSynchronizationService) database.
  3. Expand Databases
  4. Right click on the MicrosoftIdentityIntegrationServer (FIM2010: FIMSynchronizationService) database
  5.  Select Tasks > Back Up (*SQL 2000: Select All Tasks and then Back Up Database *)
  6. Back Up Type: Full
  7. b. Name: (Recommendation leave the default) MicrosoftIdentityIntegrationServer-Full Database Backup
 Note

The name of this database should be something that you can remember and identify what it is for future reference. 

  1. Destination: Notice where it is currently backed up at, and change it if you have a specific location to back up the database.
  2. Click OK

If you experience problems with the backup process of the SQL Server database, contact Microsoft SQL Server team for support.

Additional resources

Moving - backend database to a new or different SQL Server

A need may arise that will cause you to have to relocate the backend MicrosoftIdentityIntegrationServer (FIM2010: FIMSynchronizationService) database to a new Microsoft SQL Server. Scenarios would include:

  1. Moving the database from a remote SQL Server to be a local SQL Server
  2. Moving the database from a local SQL Server to remote SQL Server
  3. Moving the database from a remote SQL Server to another remote SQL Server

Here we will cover the steps to accomplish this task and ensure that you have a backup of the database for disaster recovery purposes.

  1. Close the Identity Manager Console before beginning this process
  2. Shut down the Forefront Identity Manager synchronisation service
 Important
This is very important, as if you have the Identity Manager Console up and running, or if you have scheduled jobs running when doing this step, you could run into errors, and possibly corrupt data
  1. Open Microsoft SQL Server Management Studio: (NOTE: We will use snapshots from SQL Server 2008 for the purpose of this document.)
    1. Microsoft SQL Server 2000: Enterprise Manager
    2. Microsoft SQL Server 2005: SQL Server Management Studio
    3. Microsoft SQL Server 2008: SQL Server Management Studio
  2. Connect to the Microsoft SQL Server housing the MicrosoftIdentityIntegrationServer (FIM2010: FIMSynchronizationService) database.
  3. Expand Databases
  4. Right click on the MicrosoftIdentityIntegrationServer (FIM2010: FIMSynchronizationService) database
  5. Select Tasks and then Detach
    1. Check Drop Connections
    2. Check Update Statistics
    3. Check Keep Text Full Catalogs
    4. d. Click Ok
  6. Move the MDF and LDF files from the location documented below to the new location
    1. [Default Location for MIIS/IIFP/ILM] %programfiles%\Microsoft Identity Integration Server\Data folder
    2. [Default Location for FIM] %programfiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\DATA
  7. Open Microsoft SQL Server Management Studio: (NOTE: We will use snapshots from SQL Server 2008 for the purpose of this document.)
    1. Microsoft SQL Server 2000: Enterprise Manager
    2. Microsoft SQL Server 2005: SQL Server Management Studio
    3. Microsoft SQL Server 2008: SQL Server Management Studio
  8. Connect to the Microsoft SQL Server that will host the MicrosoftIdentityIntegrationServer (FIM2010: FIMSynchronizationService) database.
  9. Right click on databases and select Attach
  10. Click the Add button
  11. Point to the location where the MDF and LDF files are located
  12. Click the Ok button
  13. Click the Ok button and the database should be re-attached
  14. If you changed to a new SQL Server version (upgrade), you will need to execute an uninstall and reinstall of the Microsoft Identity Management product that you are utilizing here.
 Caution
Make sure to reinstate the Service Broker Enabled setting on the FIM Synchronisation server data base, because moving a DB to another, resets the settting to false
  1. Open SQL management studio.
  2. Open the FIM Sync DB properties
  3. Check the database 'options'
  4. Service Broker > Broker Enabled

Source Code, Extension DLLs & data backup

Source code

If you have created any type of Metaverse or Management Agent extensions, you will have source code. It is very important to back up source code and compiled extension DLLs before making any code changes to the current source code. This will allow you to have a backup copy of the previous code should a problem occur when the new code is put in place. Be sure to document your back up location, or utilize a location that your company specifies for source code backups. This information, will allow you to obtain the source code very quickly should you need to revert to an old copy of the source code. A prime example will be if you were to have a consultant come in and develop a Metaverse or Management Agent Extension, you will want to back up this source code and ensure that you know where it is when you need it.

To backup source code, is nothing more than doing a file copy of the source code folder and its contents to your backup location. You could automate something like this with a batch file or Windows Scripting Host file.

Another possible solution for source code revisions and backups is using a tool such as Microsoft Visual Studio Team Foundation Server 2010.

Extension DLLs & Data

If you have created any type of Metaverse or Management Agent extensions, you will have DLLs located in the %programfiles%\Microsoft Identity Integration Server\Extensions folder (FIM2010: %ProgramFiles%\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions). Ensuring that these DLLs are backed up prior to any code modifications, upgrades, or hot fix installations will help provide a way to revert to the previous builds should you encounter a problem with the new DLLs.

Like backing up the source code, this is nothing more than a file copy of the Extensions folder to your provided backup location. Here is a list of folders that would be recommended to back up as well.

  • SourceCode: by default, GALSYNC and LOGGING source code is installed into this folder. You may have custom source code in this folder as well. If you have custom GALSYNC and/or EXTENSION source code in another location, navigate to that location and backup this information.
  • Extensions: folder contains all DLL files for default and custom GALSYNC and/or EXTENSION code written. This folder is loaded into the Synchronization database automatically.
  • MaData: folder contains specific information for each of the Management Agents that you have created. It does not house Management Agent configurations by default.
  • Data: by default, this is the location of the SQL Server MDF and LDF files. If you have followed the steps in “Backup the backend SQL Server Database” then you do not need to worry about these files. There may be other files in this folder as well, and you will want to back up this information as well.

Management Agent Backup

  1. Open the Synchronization Manager console
  2. Open the Management Agents window
  3. Right Click the Management agent of choice
  4. Click Export Management Agent

 

  1. Save the XML file

Metaverse Backup

  1. Open the Synchronization Manager console
  2. Open the Metaverse window
  3. Right Click white space of choice
  4. Click Export Metaverse
  5. Save the XML file

 


Sync Server configuration backup

This section is designed to assist you in backing up your server configurations. The server configurations consist of backing up all management agent configurations and Metaverse configurations. Doing this step, exports all management agent configurations as XML files to a specific location. The process does not allow you to overwrite files, so you will need to have a new location for each back up.

  1. Open the Synchronization Manager Console
  2. From the File menu select Export Server Configuration.

  1. Select the folder to save the data
 Note
You can only export to an empty folder. Make a new folder if needed.

  1. Click OK.

Encryption key backup

This section is designed to assist you in backing up the encryption key.

  1. Click the Start button then All Programs then navigate to the Synchronisation engine menu item.
  2. Select Key Management Utility.

  1. Select Export Key set and Click the Next button.
  2. Enter the MIIS Service Account information.
 Note
This is the service account running the MIIS/ILM/FIM Syn service.
  1. Click the Next button.
  2. Select the export location and file name.
  3. Click the Next button.
  4. Click the Finish button.
  5. Click the Close button.

Backup of other FIM Components


See Also