* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download 3. Migration
Survey
Document related concepts
Extensible Storage Engine wikipedia , lookup
Microsoft Access wikipedia , lookup
Tandem Computers wikipedia , lookup
Oracle Database wikipedia , lookup
Functional Database Model wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Ingres (database) wikipedia , lookup
Concurrency control wikipedia , lookup
Relational model wikipedia , lookup
Healthcare Cost and Utilization Project wikipedia , lookup
Open Database Connectivity wikipedia , lookup
Microsoft SQL Server wikipedia , lookup
Database model wikipedia , lookup
Transcript
Symantec Quality Assurance Department CCS 10.0 Disaster Recovery and Migration Revision Date: 05/12/17 4:58 PM Author: James Baker File Name: Oban_Disater_Recovery_&_Migration.doc CONFIDENTIAL – DO NOT DISTRIBUTE Symantec CCS 10.0 - Oban Company: Symantec Corp. – Department: QA 1. Introduction................................................................... 2 2. Recovery ....................................................................... 2 2.1 - Use Cases ............................................................................................................................................................................ 2 2.2 - Recovery Types ................................................................................................................................................................... 3 3. Migration ...................................................................... 3 3.1 - Use Cases ............................................................................................................................................................................ 3 3.2 - Migration Types .................................................................................................................................................................... 3 4. Components ................................................................... 3 4.1 - Sub-Components ................................................................................................................................................................. 4 5. DR&M Requirments ........................................................... 4 5.1 - What to Record during installation ....................................................................................................................................... 4 5.2 - What to Backup .................................................................................................................................................................... 4 6. Restoration Proceedures ................................................... 5 6.1 - All in one installation - restoration on the same system ....................................................................................................... 5 6.2 - Distributed DSS installation - restoration on the same system ............................................................................................ 5 6.3 - Distributed AS installation – restoration on the same system .............................................................................................. 5 6.4 - Distributed DPS installation – restoration on the same system ............................................................................................ 5 6.5 - All in one installation – restorative Migration on a different system ...................................................................................... 6 6.6 - Distributed DSS installation – restorative Migration on a different system ........................................................................... 6 6.7 - Distributed DSS installation – restorative Migration on a different system – Method 2 ........................................................ 6 6.8 - Distributed AS installation – restorative Migration on a different system ............................................................................. 7 6.9 - Distributed DPS installation – restorative Migration on a different system ........................................................................... 7 6.10 - Restorative Migration of SQL databases – single or multiple SQL servers ........................................................................ 7 7. Migration Proceedures ...................................................... 7 7.1 - Migration of all in one installation - creation of a replica database ....................................................................................... 7 7.2 - Migration of all in one installation - creation of a replica database – Method 2 .................................................................... 8 7.3 - Migration of a DSS installation – creation of a replica database .......................................................................................... 8 7.4 - Migration of a DSS installation – creation of a replica database – Method 2 ....................................................................... 8 7.5 - Migration of an all in one to distributed – creation of a replica database ............................................................................. 9 7.6 - Migration of an all in one to distributed – creation of a replica database – Method 2 .......................................................... 9 7.7 - Migration of SQL databases – single or multiple SQL servers ........................................................................................... 10 1. Introduction This document discuses Symantec CCS 10.0 ‘Data Recovery and Migration’ (DR&M) strategies, supportable procedures and general practices and will outline the support matrix. Newly introduced for version 10.0 is an alternate method of performing product migrations. Steps for both the original and new migration procedures are outlined in sections 6 and 7. 2. Recovery Supported disaster or data recovery scenarios include both restorative and migratory path solutions. A restoration of any component on the same system eliminates the need to create and install new certificates and perform additional reconfiguration tasks in deployment and the CCS Console. Restoration is the best way to fully recover from component or data loss without additional setup time and administrative costs. Restoring components or data to a different computer system can require considerable reconfiguration of the product, depending on the size of the implementation, to return the product to its previous functional level. 2.1 - USE CASES Users install product all on one system then had an application failure which requires restoring the CCS system, a single component or a database Users install product all on one system then a system crash requires rebuilding the computer and restoring the entire product and all previous data Users install product on multiple systems in a fully distributed manner then a single component or component system host fails requiring restoration of the component and/or associated data Author: James Baker Page: 2 of 10 Symantec CCS 10.0 - Oban Company: Symantec Corp. – Department: QA Users install product all on one system then a system crash requires restoring the entire product and all previous data however a new system will have to be used Users install product on multiple systems in a fully distributed manner then a single component or component system host fails requiring restoration of the component and/or associated data however a new system will have to be used 2.2 - RECOVERY TYPES All In One Installation o Restore entire product on same computer system o Restore and migrate entire product to another system DSS Only o Restore DSS on the same computer system o Restore and migrate DSS to another system Application Server Only o Restore AS on the same computer system o Restore and migrate AS to another system DPS Only o Restore DPS on the same computer system o Restore and migrate DPS to another system SQL Databases o Restore SQL Databases on the same computer system o Restore and migrate SQL Databases to another system(s) 3. Migration Migration paths include the recovery options above plus migration before disaster options including the ability to initially replicate and finally move the ADAM database to another system. Migration of a system where all components are installed on a single computer will require reconfiguration of all application settings. Migration of distributed systems will also require the creation and installation of new certificates for any and all remote components. 3.1 - USE CASES Users install all components on one system, then decide to move the installation and all data to another single system Users install all components on one system, then decide to move some or all components or data to separate systems Users install product in a distributed environment, then decide to move the DSS and data to another system Users install product in a distributed environment, then decide to move the AS to a new system Users install product in a distributed environment, then decide to one or more DPS to new systems Users install product in a distributed environment, then decide to move the SQL databases to a new system(s) 3.2 - MIGRATION TYPES All in one installation Migrate entire product to another system DSS Only Migrate DSS/ADAM database to another system Migrate DSS/ADAM database to another system hosting a replica database Application Server Only Migrate AS to another system DPS Only Migrate DPS to another system SQL Only Migrate SQL Databases to another system(s) 4. Components The Symantec CCS components outlined below require a DR&M plan to protect against possible data loss and are further broken down into sub-components in the table in section 4.1. Depending upon the exact implementation these components may be located on a single system or installed as distributed components on several systems. Author: James Baker Page: 3 of 10 Symantec CCS 10.0 - Oban Company: Symantec Corp. – Department: QA Directory Server Application Server Distributed Processing Service SQL Databases 4.1 - SUB-COMPONENTS The following table breaks down the type of DR&M actions required for each sub-component in order to ensure the ability to successfully restore or migrate each component. The types of action include backing up critical databases and files, reinstalling components and documenting specific settings used during the original installation of the product. Component / Sub-Component Backup Directory Server Directory Support Service Encryption Management Service Encryption Management Service Passphrase Encryption Management Service Configuration File Certificate Files Certificate Passwords ADAM Database Application Server AppServer Service AppServer Passphrase DPS DPS Service SQL Databases – (.MDF and .LDF files) CSM_DB CSM_EvidenceDB CSM_Reports Reinstall Document X X X X X X X X X X X X X X 5. DR&M Requirments This section itemizes what needs to be recorded at installation or backed up at a regular interval to ensure the successful restoration of the product in the event of a system, component or database loss. Only the databases are needed for a migration of the DSS or SQL systems to other hardware. Backing up copies of the ADAM and SQL databases should always be performed at the same time for the purpose of complete synchronization of data between the two. Failure to use synchronous backups of the databases may result in data loss or even inoperability of the product. 5.1 - WHAT TO RECORD DURING INSTALLATION Root Certificate password Encryption Management Passphrase Application Server Passphrase List of accounts o Installing User Account o Directory Services Service Account o Application Server Services Service Account 5.2 - WHAT TO BACKUP ADAM Database – Default Path = C:\Program Files\Microsoft ADAM\SymantecCCS directory SQL Databases – CSM_DB.mdf, CSM_DB.ldf, CSM_EvidenceDB.mdf, CSM_EvidenceDB.ldf, CSM_Reports.mdf and CSM_Reports.ldf database files from your MSSQL data directory Encryption Management Service Configuration file Certificate Files – Copy the following directories o ManagementServices\CA o ManagementServices\DefaultCerts Author: James Baker Page: 4 of 10 Symantec CCS 10.0 - Oban Company: Symantec Corp. – Department: QA o Remote Component Certificates – Copy the .p12 file for each remote component if located in a location other than the DefaultCerts folder. (These files may be located elsewhere if you selected to have them placed in another location when creating certificates with the Certificate Management Console) 6. Restoration Proceedures Procedures to restore CCS systems or components as originally deployed or to different hardware systems or configurations when necessary 6.1 - ALL IN ONE INSTALLATION - RESTORATION ON THE SAME SYSTEM 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Repair or replace computer system hardware, maintaining the same computer name and domain membership Install CCS using the same service accounts, passphrases and other settings used in the original installation Use CCSUtil.exe to export the ADAM configuration Stop all CCS services on the new system Restore the original ADAM database files by overwriting the new database files Delete the newly created CCS SQL databases using SQL Management Studio Attach the original SQL Database files using SQL Management Studio Start SymantecCCS service Use CCSUtil.exe to import the ADAM configuration from step 3 Start the remaining CCS Services in this order 1. Symantec Directory Service 2. Symantec Encryption Management Service 3. Symantec DPS Service 4. Symantec Application Server Service 6.2 - DISTRIBUTED DSS INSTALLATION - RESTORATION ON THE SAME SYSTEM 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. A recent synchronized backup of the ADAM and SQL Databases is required Repair or replace DSS computer system hardware, maintaining the same computer name and domain membership Install CCS DSS specifying the same service account, passphrase and settings as used in the original installation Stop services on new DSS system Restore the original ADAM database files by overwriting the new database files On the SQL Database system use SQL Management Studio to restore from backup or reattach the CCS SQL databases backed up at the same time the last ADAM Database backup occurred Use Windows Certificate Snap-in to remove the root and Encryption Management Service certificates created by the installer in step 2 Restore certificate files from the original installation Use Windows Certificate Snap-in to install the restored Root and Encryption Management Services certificates Restore the Encryption Management Configuration File Start the Symantec CCS Service Start Directory Support Service Start Encryption Management Service 6.3 - DISTRIBUTED AS INSTALLATION – RESTORATION ON THE SAME SYSTEM 1. 2. 3. 4. 5. 6. 7. A recent synchronized backup of the ADAM and SQL Databases is required Repair or replace AS computer system hardware, maintaining the same computer name and domain membership Install CCS AS service using the same service account, passphrase, certificate and settings as used in the original installation Stop Symantec Application Server service Delete the newly created CCS SQL databases using SQL Management Studio Attach the original SQL Database files using SQL Management Studio Restart Symantec Application Server Service 6.4 - DISTRIBUTED DPS INSTALLATION – RESTORATION ON THE SAME SYSTEM Author: James Baker Page: 5 of 10 Symantec CCS 10.0 - Oban Company: Symantec Corp. – Department: QA 1. 2. Repair or replace DPS computer system hardware, maintaining the same computer name and domain membership Install CCS DPS service using the same certificate and settings as used in the original installation 6.5 - ALL IN ONE INSTALLATION – RESTORATIVE MIGRATION ON A DIFFERENT SYSTEM 1. 2. 3. A recent synchronized backup of the ADAM and SQL Databases is required Select an appropriate system for use in an all in one installation Install CCS using the same installing account, service accounts, passphrases and settings as used in the original installation 4. Export CSM configuration using CCSUtil.exe 5. Stop all CCS services 6. Restore the original ADAM database files by overwriting the new database files 7. Delete the newly created CCS SQL databases using SQL Management Studio 8. Attach the original SQL Database files using SQL Management Studio 9. Restart Symantec CCS instance 10. Import CSM configuration exported in step 4 using CCSUtil.exe 11. Set the proper SPNs for the new system 12. Start the remaining CCS Services in this order a. Symantec Directory Service b. Symantec Encryption Management Service c. Symantec Application Server Service d. Symantec DPS service 6.6 - DISTRIBUTED DSS INSTALLATION – RESTORATIVE MIGRATION ON A DIFFERENT SYSTEM 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. A recent synchronized backup of the ADAM and SQL Databases is required Select an appropriate system for use as a DSS host Install CCS DSS component Restore the original ADAM database files by overwriting the new database files On the SQL Database system use SQL Management Studio to restore from backup or reattach the CCS SQL databases backed up at the same time the last ADAM backup occurred Restart SymantecCCS Service Use the new migration feature in CCSUTIL to change the name of the DSS host in the old configuration Set the SPN for the new DSS system Start the Symantec DSS service Use the create new root certificate functionality Using Certificate Console create new certificates for the Encryption Management Service Using SymCert.exe on the EMS, AS and DPS systems to install the new certificates Start Symantec DSS and EMS services Modify the AS, Web Portal and SymConsole.XML.Deploy configuration files to point to the new DSS system Restart each remote component service Uninstall and reinstall all Symantec CCS Console(s) 6.7 - DISTRIBUTED DSS INSTALLATION – RESTORATIVE MIGRATION ON A DIFFERENT SYSTEM – METHOD 2 1. A recent synchronized backup of the ADAM and SQL Databases is required 2. Select an appropriate system for use as a DSS host 3. Install CCS DSS service 4. Create AS and DPS certificates for the original systems 5. Uninstall the AS component 6. Reinstall the AS component pointing to the new DSS 7. Export CSM configuration using CCSUtil.exe 8. Stop all CCS services 9. Restore the original ADAM database files by overwriting the new database files 10. On the SQL Database system use SQL Management Studio to restore from backup or reattach the CCS SQL databases backed up at the same time the last ADAM backup occurred Author: James Baker Page: 6 of 10 Symantec CCS 10.0 - Oban Company: Symantec Corp. – Department: QA 11. Start Symantec CCS instance 12. Import CSM configuration exported in step 7 using CCSUtil.exe 13. Set the SPN for the new DSS system 14. Start Symantec Directory Support Service 15. Start Symantec Encryption Management Service 16. Modify the AS, Web Portal and SymConsole.XML.Deploy configuration files to point to the new DSS system 17. Using SymCert.exe on the DPS systems install the new certificates 18. Uninstall and reinstall all Symantec CCS Console(s) 6.8 - DISTRIBUTED AS INSTALLATION – RESTORATIVE MIGRATION ON A DIFFERENT SYSTEM 1. A recent synchronized backup of the ADAM and SQL Databases is required 2. Select an appropriate system for use as an AS host 3. Uninstall Symantec DSS 4. Install Symantec DSS 5. Using Certificate Console create certificates for the new AS host 6. Using Certificate Console create new certificates for each DPS 7. Install Symantec AS 8. Export CSM configuration using CCSUtil.exe 9. Stop all CCS Services on the DSS System 10. Restore the original ADAM database files by overwriting the new database files 11. On the SQL Database system use SQL Management Studio to restore from backup or reattach the CCS SQL databases backed up at the same time the last ADAM backup occurred 12. Start Symantec CCS instance 13. Set the SPN for the new AS system 14. Import CSM configuration exported in step 8 using CCSUtil.exe 15. Start the Symantec Directory Support Service 16. Start the Symantec Encryption Management Service 17. Using SymCert.exe on the DPS systems install the new certificates 18. Uninstall and reinstall all Symantec CCS Console(s) 6.9 - DISTRIBUTED DPS INSTALLATION – RESTORATIVE MIGRATION ON A DIFFERENT SYSTEM 1. 2. 3. 4. 5. Select an appropriate system for use as a DPS host Using Certificate Console create a certificate for the DPS host Remove the certificate for the old DPS system Install the Symantec CCS DPS Register the DPS for use 6.10 - RESTORATIVE MIGRATION OF SQL DATABASES – SINGLE OR MULTIPLE SQL SERVERS 1. From backup copies attach each database to an appropriate SQL Server 2. Temporarily stop the MSSQL service on the original SQL Server if the server is still operational 3. Using the CCS Console ‘Settings’ UI change the SQL location for each database to the appropriate server 7. Migration Proceedures Procedures to migrate CCS systems or components as needed to different hardware systems or configurations 7.1 - MIGRATION OF ALL IN ONE INSTALLATION - CREATION OF A REPLICA DATABASE 1. Select an appropriate system (System B) for the new CCS Installation 2. Install entire product on system (B) using the same service accounts, passphrases and other settings used in the original installation 3. On system B create a replica of the ADAM instance on System A using port 3891 Author: James Baker Page: 7 of 10 Symantec CCS 10.0 - Oban Company: Symantec Corp. – Department: QA 4. On system B seize the naming master and schema roles for the ADAM database 5. On system B use the migration feature in CCSUtil.exe to change the name of the CCS Host in the configuration of the ADAM instance on port 3891 6. On system B change the AS, EMS, DSS, Certificate Console and Console configuration files to point to port 3891 7. On system B use the create new root certificate functionality in the CCS Certificate Console 8. On system B use Certificate Console to create new certificates for the Encryption Management Service, Application server, Application server SSL and DPS 9. On system B use SymCert.exe to install the new certificates 10. On system B overwrite the SQL databases with the databases from System A 11. Set the proper SPNs for the new CCS system 12. Restart all services on system B 13. Uninstall product from system A 7.2 - MIGRATION OF ALL IN ONE INSTALLATION - CREATION OF A REPLICA DATABASE – METHOD 2 1. Select an appropriate system (System B) for the new CCS installation 2. Install entire product on system (B) using the same service accounts, passphrases and other settings used in the original installation 3. Register and configure DPS the same as in the original installation 4. On system B export configuration data using CCSUtil.exe 5. On system B create a replica of the ADAM instance on System A using port 3891 6. On system B seize the naming master and schema roles for the ADAM database 7. On system B import the configuration data exported in step 4 into the 3891 instance using CCSUtil.exe 8. On system B overwrite the SQL databases with the databases from System A 9. On system B change the AS, EMS, DSS and Console Launcher configuration files to point to port 3891 10. Set the proper SPNs for the new CCS system 11. Restart all services on system B 12. Uninstall product from system A 7.3 - MIGRATION OF A DSS INSTALLATION – CREATION OF A REPLICA DATABASE 1. Select an appropriate system (System B) for the new DSS Installation 2. Install the DSS on system (B) using the same installing user, service accounts, passphrases and other settings used in the original installation 3. On system B create a replica of the ADAM instance on System A using port 3891 4. On system B seize the naming master and schema roles for the ADAM database 5. On system B use the migration feature in CCSUtil.exe to change the name of the DSS Host only in the configuration of the ADAM instance on port 3891 6. On system B change the AS, EMS, DSS, Certificate Console and Console configuration files to point to port 3891 7. On system B use the create new root certificate functionality in the CCS Certificate Console 8. On system B use Certificate Console to create new certificates for the Encryption Management Service, Application server, Application server SSL and DPS 9. Use SymCert.exe to install the new certificates on each remote component 10. On system B overwrite the SQL databases with the databases from System A 11. Modify the AS, Web Portal and SymConsole.XML.Deploy configuration files to point to the new DSS system 12. Set the SPN for the new DSS system 13. Restart all services on system B 14. Uninstall the original DSS 15. Uninstall and reinstall all Symantec CCS Console(s) 7.4 - MIGRATION OF A DSS INSTALLATION – CREATION OF A REPLICA DATABASE – METHOD 2 1. On the original system stop all Symantec services except the ADAM instance 2. Select an appropriate system (System B) for the new DSS Installation Author: James Baker Page: 8 of 10 Symantec CCS 10.0 - Oban Company: Symantec Corp. – Department: QA 3. Install the DSS on system (B) using the same installing user, service accounts, passphrases and other settings used in the original installation 4. On the new system export the CSM configuration using CCSUtil.exe 5. On the new system create a replica of the original ADAM instance using port 3891 6. On the new system seize the naming master and schema roles for the ADAM database 7. On the new system import the configuration data exported from the 3890 instance into the 3891 instance using CCSUtil.exe 8. Change the AS, EMS, DSS and Certificate Console and Console configuration files to point to the new DSS system and port 3891 9. Set the SPN for the new DSS system 10. Modify the AS, Web Portal and SymConsole.XML.Deploy configuration files to point to the new DSS system 11. Restart DSS and EMS on the new system 12. Using Certificate Console create new AS and DPS certificates for each component 13. On each remote component system install the new certificates using SymCert.exe 14. Uninstall the original DSS 15. Uninstall and reinstall all Symantec CCS Console(s) 7.5 - MIGRATION OF AN ALL IN ONE TO DISTRIBUTED – CREATION OF A REPLICA DATABASE 1. 2. 3. 4. 5. 6. Perform a synchronized backup of the ADAM and SQL Databases from the All In One Installation (System A) Install CCS DSS on system B Install CCS AS on system C selecting either system C or another system as the SQL location On system B create a replica of the ADAM instance on system A using port 3891 On system B seize the naming master and schema roles for the ADAM database from system A Change the AS, EMS, DSS , Certificate Console and Console configuration files to point to the new DSS system and port 3891 7. On system B use the new migration feature in CCSUTIL to change the name of the CCS host in the configuration to the name of the new AS host on system C 8. On system B use the new migration feature in CCSUTIL to change the name of the ADAM/DSS only to the name of the new DSS host on system B 9. On system B use the create new root certificate functionality 10. On system B use Certificate Console to create new certificates for the Encryption Management Service, Application server and Application server SSL 11. On system B use Certificate Console to remove the original DPS certificate 12. Use SymCert.exe on the EMS and AS systems to install the new certificates 13. On the SQL system overwrite the SQL databases with the databases from system A 14. Set the proper SPNs for the new DSS and AS systems 15. Restart all services on systems B and C 16. Create certificates for and install DPS systems on other systems as required 17. Uninstall product from system A 7.6 - MIGRATION OF AN ALL IN ONE TO DISTRIBUTED – CREATION OF A REPLICA DATABASE – METHOD 2 1. 2. 3. 4. 5. Perform a synchronized backup of the ADAM and SQL Databases from the All In One Installation (System A) Install CCS DSS on system B Install CCS AS on system C selecting either system C or another system as the SQL location Install any additional DPS systems desired on other systems Register and configure the DPS on system C using the same sites and settings as in the original installation (supports existing jobs) 6. Register all other DPS as desired 7. On system B export configuration data using CCSUtil.exe 8. On system B create a replica of the ADAM instance on system A using port 3891 9. On system B seize the naming master and schema roles for the ADAM database from system A 10. On system B import the configuration data exported from the 3890 instance into the 3891 instance using CCSUtil.exe 11. Change the AS, EMS, DSS and Certificate Console and Console configuration files to point to the new DSS system and port 3891 Author: James Baker Page: 9 of 10 Symantec CCS 10.0 - Oban Company: Symantec Corp. – Department: QA 12. On the SQL system overwrite the SQL databases with the databases from system A 13. Set the proper SPNs for the new DSS and AS systems 14. Restart all services on systems B and C 15. Uninstall product from system A 7.7 - MIGRATION OF SQL DATABASES – SINGLE OR MULTIPLE SQL SERVERS 1. 2. 3. 4. Copy the .MDF and .LDF files each CCS SQL database Attach each database to an appropriate SQL Server Temporarily stop the MSSQL service on the original SQL Server Using the CCS Console ‘Settings’ UI change the SQL location for each database to the appropriate server Author: James Baker Page: 10 of 10