S 6.81 Creation of data backups for Novell eDirectory
Initiation responsibility: IT Security Officer, Head of IT
Implementation responsibility: Administrator
An eDirectory directory service should be backed up at the same time that a general server backup is performed so that later on the full status quo of the servers can be restored. Thus the backup process also depends on the underlying operating system.
To obtain consistent data backups of the eDirectory data held on a server, a special backup tool should be used. The following tools are provided by eDirectory for data backup:
- under Netware: SBCON.NLM
- under Windows NT/2000: SMSENGN.EXE
- under Linux, Sun Solaris: ndsbackup utility
As well as a full backup of the directory, the Novell tools also allow only subsets of the eDirectory to be backed up. To archive or restore individual eDirectory objects, the complete distinguished name of the object must be specified. To back up the entire tree, the relevant Tree object must be specified. The schema can also be backed up separately if the Schema object is selected. Finally, parts of an eDirectory tree can also be backed up. This requires that the appropriate container of the tree is selected. All the objects below this container are then backed up.
Figure: Novell SMS backup and restore engine
Partition information cannot be backed up with these backup tools. In the case of restoration, the appropriate parts must then be partitioned afterwards. For this purpose it is essential that hard copies of the tree structure and partitions are prepared and updated at regular intervals.
The backup process of the eDirectory utilities can be tailored to the requirements of the users. In particular, special eDirectory objects can be taken out of the backup or incorporated into it using the option Exclude/Include.
Backup copies should generally be created once a week, if not more frequently. Frequency will depend on how often important directory information changes. The backup process should always be logged in a manner that is easy to understand, and the log should be used to check that all the data has in fact been backed up without errors.
Backup under Netware
SBCON.NLM, a Storage Management Engine (SME), is part of the Netware operating system. This constitutes the back-end which is used to implement backup and restore requests. Before using SBCON.NLM, however, it is first necessary to load QMAN.NLM so that the backup/restore jobs created by SBCON.NLM can be processed.
As an alternative, it is also possible to work with SMS-compatible backup/restore utilities. The Storage Management Data Requester (SMDR) communicates between the SME and the Target Service Agent (TSA) software. The first time that SMDR.NLM is loaded, the user is prompted to choose between various configuration options, including whether an SMDR object should be created in the eDirectory directory tree.
Figure: Resource name
The SME and the TSA can be held on the same or different computers. In the distributed case, SMDR must be installed on both sides. The Target Service Agents for NDS (TSANDS) pass the requests between SMDR and the eDirectory database.
Backup under Windows NT/2000
Novell provides the application SMSENGN.EXE for backing up data under Windows NT/2000. SMSENGN.EXE creates one file for data (.DAT) and another one for index (.IDX).
As an alternative, it is also possible to use an SMS-compatible backup/restore tool. The components described above, SMDR, TSA and TSANDS, are then used in analogous fashion. SMDR and TSANDS are provided as NT services as standard. If these are not activated, they can be explicitly started by running W32MDR.EXE in the NDS\SMS directory.
Figure: Verify backup settings
Backup under Linux and Sun Solaris
Under Linux and Sun Solaris, the ndsbackup backup tool is available. This is initiated from the command line and allows eDirectory objects to be saved in a single file, ndsbackupfile. To back up eDirectory objects, their full distinguished name (FDN) must be specified. To back up the entire tree, the relevant Tree object must be selected.
On the command line, the tool accepts a number of shortcut letters, e.g. c for create, r for restore, etc., plus a set of parameters. Details of these will be found in the Administration Manual.
Review questions:
- Is backup of an eDirectory directory service made at the same time that the server backup is performed?
- Is the backup process logged in a manner that is easy to understand?
- Is the backup log used to check that all the data has in fact been backed up without errors?
- Are hard copies of the tree structure and partitions prepared and updated at regular intervals?