Download 3. Migration

Symantec
Quality Assurance Department
CCS 10.0
Disaster Recovery and Migration
Revision Date: 05/12/17 4:58 PM
Author: James Baker
File Name: Oban_Disater_Recovery_&_Migration.doc
CONFIDENTIAL – DO NOT DISTRIBUTE
Symantec CCS 10.0 - Oban
Company: Symantec Corp. – Department: QA
1. Introduction................................................................... 2
2. Recovery ....................................................................... 2
2.1 - Use Cases ............................................................................................................................................................................ 2
2.2 - Recovery Types ................................................................................................................................................................... 3
3. Migration ...................................................................... 3
3.1 - Use Cases ............................................................................................................................................................................ 3
3.2 - Migration Types .................................................................................................................................................................... 3
4. Components ................................................................... 3
4.1 - Sub-Components ................................................................................................................................................................. 4
5. DR&M Requirments ........................................................... 4
5.1 - What to Record during installation ....................................................................................................................................... 4
5.2 - What to Backup .................................................................................................................................................................... 4
6. Restoration Proceedures ................................................... 5
6.1 - All in one installation - restoration on the same system ....................................................................................................... 5
6.2 - Distributed DSS installation - restoration on the same system ............................................................................................ 5
6.3 - Distributed AS installation – restoration on the same system .............................................................................................. 5
6.4 - Distributed DPS installation – restoration on the same system ............................................................................................ 5
6.5 - All in one installation – restorative Migration on a different system ...................................................................................... 6
6.6 - Distributed DSS installation – restorative Migration on a different system ........................................................................... 6
6.7 - Distributed DSS installation – restorative Migration on a different system – Method 2 ........................................................ 6
6.8 - Distributed AS installation – restorative Migration on a different system ............................................................................. 7
6.9 - Distributed DPS installation – restorative Migration on a different system ........................................................................... 7
6.10 - Restorative Migration of SQL databases – single or multiple SQL servers ........................................................................ 7
7. Migration Proceedures ...................................................... 7
7.1 - Migration of all in one installation - creation of a replica database ....................................................................................... 7
7.2 - Migration of all in one installation - creation of a replica database – Method 2 .................................................................... 8
7.3 - Migration of a DSS installation – creation of a replica database .......................................................................................... 8
7.4 - Migration of a DSS installation – creation of a replica database – Method 2 ....................................................................... 8
7.5 - Migration of an all in one to distributed – creation of a replica database ............................................................................. 9
7.6 - Migration of an all in one to distributed – creation of a replica database – Method 2 .......................................................... 9
7.7 - Migration of SQL databases – single or multiple SQL servers ........................................................................................... 10
1. Introduction
This document discuses Symantec CCS 10.0 ‘Data Recovery and Migration’ (DR&M) strategies, supportable procedures and
general practices and will outline the support matrix. Newly introduced for version 10.0 is an alternate method of performing
product migrations. Steps for both the original and new migration procedures are outlined in sections 6 and 7.
2. Recovery
Supported disaster or data recovery scenarios include both restorative and migratory path solutions. A restoration of any
component on the same system eliminates the need to create and install new certificates and perform additional reconfiguration
tasks in deployment and the CCS Console. Restoration is the best way to fully recover from component or data loss without
additional setup time and administrative costs. Restoring components or data to a different computer system can require
considerable reconfiguration of the product, depending on the size of the implementation, to return the product to its previous
functional level.



2.1 - USE CASES
Users install product all on one system then had an application failure which requires restoring the CCS system, a
single component or a database
Users install product all on one system then a system crash requires rebuilding the computer and restoring the entire
product and all previous data
Users install product on multiple systems in a fully distributed manner then a single component or component system
host fails requiring restoration of the component and/or associated data
Author: James Baker
Page: 2 of 10
Symantec CCS 10.0 - Oban
Company: Symantec Corp. – Department: QA







Users install product all on one system then a system crash requires restoring the entire product and all previous data
however a new system will have to be used
Users install product on multiple systems in a fully distributed manner then a single component or component system
host fails requiring restoration of the component and/or associated data however a new system will have to be used
2.2 - RECOVERY TYPES
All In One Installation
o Restore entire product on same computer system
o Restore and migrate entire product to another system
DSS Only
o Restore DSS on the same computer system
o Restore and migrate DSS to another system
Application Server Only
o Restore AS on the same computer system
o Restore and migrate AS to another system
DPS Only
o Restore DPS on the same computer system
o Restore and migrate DPS to another system
SQL Databases
o Restore SQL Databases on the same computer system
o Restore and migrate SQL Databases to another system(s)
3. Migration
Migration paths include the recovery options above plus migration before disaster options including the ability to initially replicate
and finally move the ADAM database to another system. Migration of a system where all components are installed on a single
computer will require reconfiguration of all application settings. Migration of distributed systems will also require the creation and
installation of new certificates for any and all remote components.






3.1 - USE CASES
Users install all components on one system, then decide to move the installation and all data to another single system
Users install all components on one system, then decide to move some or all components or data to separate systems
Users install product in a distributed environment, then decide to move the DSS and data to another system
Users install product in a distributed environment, then decide to move the AS to a new system
Users install product in a distributed environment, then decide to one or more DPS to new systems
Users install product in a distributed environment, then decide to move the SQL databases to a new system(s)
3.2 - MIGRATION TYPES











All in one installation
Migrate entire product to another system
DSS Only
Migrate DSS/ADAM database to another system
Migrate DSS/ADAM database to another system hosting a replica database
Application Server Only
Migrate AS to another system
DPS Only
Migrate DPS to another system
SQL Only
Migrate SQL Databases to another system(s)
4. Components
The Symantec CCS components outlined below require a DR&M plan to protect against possible data loss and are further
broken down into sub-components in the table in section 4.1. Depending upon the exact implementation these components may
be located on a single system or installed as distributed components on several systems.
Author: James Baker
Page: 3 of 10
Symantec CCS 10.0 - Oban
Company: Symantec Corp. – Department: QA




Directory Server
Application Server
Distributed Processing Service
SQL Databases
4.1 - SUB-COMPONENTS
The following table breaks down the type of DR&M actions required for each sub-component in order to ensure the ability to
successfully restore or migrate each component. The types of action include backing up critical databases and files, reinstalling
components and documenting specific settings used during the original installation of the product.
Component / Sub-Component
Backup
Directory Server
Directory Support Service
Encryption Management Service
Encryption Management Service Passphrase
Encryption Management Service Configuration File
Certificate Files
Certificate Passwords
ADAM Database
Application Server
AppServer Service
AppServer Passphrase
DPS
DPS Service
SQL Databases – (.MDF and .LDF files)
CSM_DB
CSM_EvidenceDB
CSM_Reports
Reinstall
Document
X
X
X
X
X
X
X
X
X
X
X
X
X
X
5. DR&M Requirments
This section itemizes what needs to be recorded at installation or backed up at a regular interval to ensure the successful
restoration of the product in the event of a system, component or database loss. Only the databases are needed for a migration
of the DSS or SQL systems to other hardware. Backing up copies of the ADAM and SQL databases should always be
performed at the same time for the purpose of complete synchronization of data between the two. Failure to use synchronous
backups of the databases may result in data loss or even inoperability of the product.








5.1 - WHAT TO RECORD DURING INSTALLATION
Root Certificate password
Encryption Management Passphrase
Application Server Passphrase
List of accounts
o Installing User Account
o Directory Services Service Account
o Application Server Services Service Account
5.2 - WHAT TO BACKUP
ADAM Database – Default Path = C:\Program Files\Microsoft ADAM\SymantecCCS directory
SQL Databases – CSM_DB.mdf, CSM_DB.ldf, CSM_EvidenceDB.mdf, CSM_EvidenceDB.ldf, CSM_Reports.mdf and
CSM_Reports.ldf database files from your MSSQL data directory
Encryption Management Service Configuration file
Certificate Files – Copy the following directories
o ManagementServices\CA
o ManagementServices\DefaultCerts
Author: James Baker
Page: 4 of 10
Symantec CCS 10.0 - Oban
Company: Symantec Corp. – Department: QA
o
Remote Component Certificates – Copy the .p12 file for each remote component if located in a location other
than the DefaultCerts folder. (These files may be located elsewhere if you selected to have them placed in
another location when creating certificates with the Certificate Management Console)
6. Restoration Proceedures
Procedures to restore CCS systems or components as originally deployed or to different hardware systems or configurations
when necessary
6.1 - ALL IN ONE INSTALLATION - RESTORATION ON THE SAME SYSTEM
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Repair or replace computer system hardware, maintaining the same computer name and domain membership
Install CCS using the same service accounts, passphrases and other settings used in the original installation
Use CCSUtil.exe to export the ADAM configuration
Stop all CCS services on the new system
Restore the original ADAM database files by overwriting the new database files
Delete the newly created CCS SQL databases using SQL Management Studio
Attach the original SQL Database files using SQL Management Studio
Start SymantecCCS service
Use CCSUtil.exe to import the ADAM configuration from step 3
Start the remaining CCS Services in this order
1. Symantec Directory Service
2. Symantec Encryption Management Service
3. Symantec DPS Service
4. Symantec Application Server Service
6.2 - DISTRIBUTED DSS INSTALLATION - RESTORATION ON THE SAME SYSTEM
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
A recent synchronized backup of the ADAM and SQL Databases is required
Repair or replace DSS computer system hardware, maintaining the same computer name and domain membership
Install CCS DSS specifying the same service account, passphrase and settings as used in the original installation
Stop services on new DSS system
Restore the original ADAM database files by overwriting the new database files
On the SQL Database system use SQL Management Studio to restore from backup or reattach the CCS SQL
databases backed up at the same time the last ADAM Database backup occurred
Use Windows Certificate Snap-in to remove the root and Encryption Management Service certificates created by the
installer in step 2
Restore certificate files from the original installation
Use Windows Certificate Snap-in to install the restored Root and Encryption Management Services certificates
Restore the Encryption Management Configuration File
Start the Symantec CCS Service
Start Directory Support Service
Start Encryption Management Service
6.3 - DISTRIBUTED AS INSTALLATION – RESTORATION ON THE SAME SYSTEM
1.
2.
3.
4.
5.
6.
7.
A recent synchronized backup of the ADAM and SQL Databases is required
Repair or replace AS computer system hardware, maintaining the same computer name and domain membership
Install CCS AS service using the same service account, passphrase, certificate and settings as used in the original
installation
Stop Symantec Application Server service
Delete the newly created CCS SQL databases using SQL Management Studio
Attach the original SQL Database files using SQL Management Studio
Restart Symantec Application Server Service
6.4 - DISTRIBUTED DPS INSTALLATION – RESTORATION ON THE SAME SYSTEM
Author: James Baker
Page: 5 of 10
Symantec CCS 10.0 - Oban
Company: Symantec Corp. – Department: QA
1.
2.
Repair or replace DPS computer system hardware, maintaining the same computer name and domain membership
Install CCS DPS service using the same certificate and settings as used in the original installation
6.5 - ALL IN ONE INSTALLATION – RESTORATIVE MIGRATION ON A DIFFERENT SYSTEM
1.
2.
3.
A recent synchronized backup of the ADAM and SQL Databases is required
Select an appropriate system for use in an all in one installation
Install CCS using the same installing account, service accounts, passphrases and settings as used in the original
installation
4. Export CSM configuration using CCSUtil.exe
5. Stop all CCS services
6. Restore the original ADAM database files by overwriting the new database files
7. Delete the newly created CCS SQL databases using SQL Management Studio
8. Attach the original SQL Database files using SQL Management Studio
9. Restart Symantec CCS instance
10. Import CSM configuration exported in step 4 using CCSUtil.exe
11. Set the proper SPNs for the new system
12. Start the remaining CCS Services in this order
a. Symantec Directory Service
b. Symantec Encryption Management Service
c. Symantec Application Server Service
d. Symantec DPS service
6.6 - DISTRIBUTED DSS INSTALLATION – RESTORATIVE MIGRATION ON A DIFFERENT SYSTEM
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
A recent synchronized backup of the ADAM and SQL Databases is required
Select an appropriate system for use as a DSS host
Install CCS DSS component
Restore the original ADAM database files by overwriting the new database files
On the SQL Database system use SQL Management Studio to restore from backup or reattach the CCS SQL
databases backed up at the same time the last ADAM backup occurred
Restart SymantecCCS Service
Use the new migration feature in CCSUTIL to change the name of the DSS host in the old configuration
Set the SPN for the new DSS system
Start the Symantec DSS service
Use the create new root certificate functionality
Using Certificate Console create new certificates for the Encryption Management Service
Using SymCert.exe on the EMS, AS and DPS systems to install the new certificates
Start Symantec DSS and EMS services
Modify the AS, Web Portal and SymConsole.XML.Deploy configuration files to point to the new DSS system
Restart each remote component service
Uninstall and reinstall all Symantec CCS Console(s)
6.7 - DISTRIBUTED DSS INSTALLATION – RESTORATIVE MIGRATION ON A DIFFERENT SYSTEM – METHOD 2
1. A recent synchronized backup of the ADAM and SQL Databases is required
2. Select an appropriate system for use as a DSS host
3. Install CCS DSS service
4. Create AS and DPS certificates for the original systems
5. Uninstall the AS component
6. Reinstall the AS component pointing to the new DSS
7. Export CSM configuration using CCSUtil.exe
8. Stop all CCS services
9. Restore the original ADAM database files by overwriting the new database files
10. On the SQL Database system use SQL Management Studio to restore from backup or reattach the CCS SQL
databases backed up at the same time the last ADAM backup occurred
Author: James Baker
Page: 6 of 10
Symantec CCS 10.0 - Oban
Company: Symantec Corp. – Department: QA
11. Start Symantec CCS instance
12. Import CSM configuration exported in step 7 using CCSUtil.exe
13. Set the SPN for the new DSS system
14. Start Symantec Directory Support Service
15. Start Symantec Encryption Management Service
16. Modify the AS, Web Portal and SymConsole.XML.Deploy configuration files to point to the new DSS system
17. Using SymCert.exe on the DPS systems install the new certificates
18. Uninstall and reinstall all Symantec CCS Console(s)
6.8 - DISTRIBUTED AS INSTALLATION – RESTORATIVE MIGRATION ON A DIFFERENT SYSTEM
1. A recent synchronized backup of the ADAM and SQL Databases is required
2. Select an appropriate system for use as an AS host
3. Uninstall Symantec DSS
4. Install Symantec DSS
5. Using Certificate Console create certificates for the new AS host
6. Using Certificate Console create new certificates for each DPS
7. Install Symantec AS
8. Export CSM configuration using CCSUtil.exe
9. Stop all CCS Services on the DSS System
10. Restore the original ADAM database files by overwriting the new database files
11. On the SQL Database system use SQL Management Studio to restore from backup or reattach the CCS SQL
databases backed up at the same time the last ADAM backup occurred
12. Start Symantec CCS instance
13. Set the SPN for the new AS system
14. Import CSM configuration exported in step 8 using CCSUtil.exe
15. Start the Symantec Directory Support Service
16. Start the Symantec Encryption Management Service
17. Using SymCert.exe on the DPS systems install the new certificates
18. Uninstall and reinstall all Symantec CCS Console(s)
6.9 - DISTRIBUTED DPS INSTALLATION – RESTORATIVE MIGRATION ON A DIFFERENT SYSTEM
1.
2.
3.
4.
5.
Select an appropriate system for use as a DPS host
Using Certificate Console create a certificate for the DPS host
Remove the certificate for the old DPS system
Install the Symantec CCS DPS
Register the DPS for use
6.10 - RESTORATIVE MIGRATION OF SQL DATABASES – SINGLE OR MULTIPLE SQL SERVERS
1. From backup copies attach each database to an appropriate SQL Server
2. Temporarily stop the MSSQL service on the original SQL Server if the server is still operational
3. Using the CCS Console ‘Settings’ UI change the SQL location for each database to the appropriate server
7. Migration Proceedures
Procedures to migrate CCS systems or components as needed to different hardware systems or configurations
7.1 - MIGRATION OF ALL IN ONE INSTALLATION - CREATION OF A REPLICA DATABASE
1. Select an appropriate system (System B) for the new CCS Installation
2. Install entire product on system (B) using the same service accounts, passphrases and other settings used in the
original installation
3. On system B create a replica of the ADAM instance on System A using port 3891
Author: James Baker
Page: 7 of 10
Symantec CCS 10.0 - Oban
Company: Symantec Corp. – Department: QA
4. On system B seize the naming master and schema roles for the ADAM database
5. On system B use the migration feature in CCSUtil.exe to change the name of the CCS Host in the configuration of the
ADAM instance on port 3891
6. On system B change the AS, EMS, DSS, Certificate Console and Console configuration files to point to port 3891
7. On system B use the create new root certificate functionality in the CCS Certificate Console
8. On system B use Certificate Console to create new certificates for the Encryption Management Service, Application
server, Application server SSL and DPS
9. On system B use SymCert.exe to install the new certificates
10. On system B overwrite the SQL databases with the databases from System A
11. Set the proper SPNs for the new CCS system
12. Restart all services on system B
13. Uninstall product from system A
7.2 - MIGRATION OF ALL IN ONE INSTALLATION - CREATION OF A REPLICA DATABASE – METHOD 2
1. Select an appropriate system (System B) for the new CCS installation
2. Install entire product on system (B) using the same service accounts, passphrases and other settings used in the
original installation
3. Register and configure DPS the same as in the original installation
4. On system B export configuration data using CCSUtil.exe
5. On system B create a replica of the ADAM instance on System A using port 3891
6. On system B seize the naming master and schema roles for the ADAM database
7. On system B import the configuration data exported in step 4 into the 3891 instance using CCSUtil.exe
8. On system B overwrite the SQL databases with the databases from System A
9. On system B change the AS, EMS, DSS and Console Launcher configuration files to point to port 3891
10. Set the proper SPNs for the new CCS system
11. Restart all services on system B
12. Uninstall product from system A
7.3 - MIGRATION OF A DSS INSTALLATION – CREATION OF A REPLICA DATABASE
1. Select an appropriate system (System B) for the new DSS Installation
2. Install the DSS on system (B) using the same installing user, service accounts, passphrases and other settings used in
the original installation
3. On system B create a replica of the ADAM instance on System A using port 3891
4. On system B seize the naming master and schema roles for the ADAM database
5. On system B use the migration feature in CCSUtil.exe to change the name of the DSS Host only in the configuration of
the ADAM instance on port 3891
6. On system B change the AS, EMS, DSS, Certificate Console and Console configuration files to point to port 3891
7. On system B use the create new root certificate functionality in the CCS Certificate Console
8. On system B use Certificate Console to create new certificates for the Encryption Management Service, Application
server, Application server SSL and DPS
9. Use SymCert.exe to install the new certificates on each remote component
10. On system B overwrite the SQL databases with the databases from System A
11. Modify the AS, Web Portal and SymConsole.XML.Deploy configuration files to point to the new DSS system
12. Set the SPN for the new DSS system
13. Restart all services on system B
14. Uninstall the original DSS
15. Uninstall and reinstall all Symantec CCS Console(s)
7.4 - MIGRATION OF A DSS INSTALLATION – CREATION OF A REPLICA DATABASE – METHOD 2
1. On the original system stop all Symantec services except the ADAM instance
2. Select an appropriate system (System B) for the new DSS Installation
Author: James Baker
Page: 8 of 10
Symantec CCS 10.0 - Oban
Company: Symantec Corp. – Department: QA
3. Install the DSS on system (B) using the same installing user, service accounts, passphrases and other settings used in
the original installation
4. On the new system export the CSM configuration using CCSUtil.exe
5. On the new system create a replica of the original ADAM instance using port 3891
6. On the new system seize the naming master and schema roles for the ADAM database
7. On the new system import the configuration data exported from the 3890 instance into the 3891 instance using
CCSUtil.exe
8. Change the AS, EMS, DSS and Certificate Console and Console configuration files to point to the new DSS system
and port 3891
9. Set the SPN for the new DSS system
10. Modify the AS, Web Portal and SymConsole.XML.Deploy configuration files to point to the new DSS system
11. Restart DSS and EMS on the new system
12. Using Certificate Console create new AS and DPS certificates for each component
13. On each remote component system install the new certificates using SymCert.exe
14. Uninstall the original DSS
15. Uninstall and reinstall all Symantec CCS Console(s)
7.5 - MIGRATION OF AN ALL IN ONE TO DISTRIBUTED – CREATION OF A REPLICA DATABASE
1.
2.
3.
4.
5.
6.
Perform a synchronized backup of the ADAM and SQL Databases from the All In One Installation (System A)
Install CCS DSS on system B
Install CCS AS on system C selecting either system C or another system as the SQL location
On system B create a replica of the ADAM instance on system A using port 3891
On system B seize the naming master and schema roles for the ADAM database from system A
Change the AS, EMS, DSS , Certificate Console and Console configuration files to point to the new DSS system and
port 3891
7. On system B use the new migration feature in CCSUTIL to change the name of the CCS host in the configuration to
the name of the new AS host on system C
8. On system B use the new migration feature in CCSUTIL to change the name of the ADAM/DSS only to the name of the
new DSS host on system B
9. On system B use the create new root certificate functionality
10. On system B use Certificate Console to create new certificates for the Encryption Management Service, Application
server and Application server SSL
11. On system B use Certificate Console to remove the original DPS certificate
12. Use SymCert.exe on the EMS and AS systems to install the new certificates
13. On the SQL system overwrite the SQL databases with the databases from system A
14. Set the proper SPNs for the new DSS and AS systems
15. Restart all services on systems B and C
16. Create certificates for and install DPS systems on other systems as required
17. Uninstall product from system A
7.6 - MIGRATION OF AN ALL IN ONE TO DISTRIBUTED – CREATION OF A REPLICA DATABASE – METHOD 2
1.
2.
3.
4.
5.
Perform a synchronized backup of the ADAM and SQL Databases from the All In One Installation (System A)
Install CCS DSS on system B
Install CCS AS on system C selecting either system C or another system as the SQL location
Install any additional DPS systems desired on other systems
Register and configure the DPS on system C using the same sites and settings as in the original installation (supports
existing jobs)
6. Register all other DPS as desired
7. On system B export configuration data using CCSUtil.exe
8. On system B create a replica of the ADAM instance on system A using port 3891
9. On system B seize the naming master and schema roles for the ADAM database from system A
10. On system B import the configuration data exported from the 3890 instance into the 3891 instance using CCSUtil.exe
11. Change the AS, EMS, DSS and Certificate Console and Console configuration files to point to the new DSS system
and port 3891
Author: James Baker
Page: 9 of 10
Symantec CCS 10.0 - Oban
Company: Symantec Corp. – Department: QA
12. On the SQL system overwrite the SQL databases with the databases from system A
13. Set the proper SPNs for the new DSS and AS systems
14. Restart all services on systems B and C
15. Uninstall product from system A
7.7 - MIGRATION OF SQL DATABASES – SINGLE OR MULTIPLE SQL SERVERS
1.
2.
3.
4.
Copy the .MDF and .LDF files each CCS SQL database
Attach each database to an appropriate SQL Server
Temporarily stop the MSSQL service on the original SQL Server
Using the CCS Console ‘Settings’ UI change the SQL location for each database to the appropriate server
Author: James Baker
Page: 10 of 10