How to Backup ILM and FIM

How to Backup ILM and FIM

 

PURPOSE

In recent months, I have been providing another document that contained this information and then specifically mentioning to review the backup section.  I have decided to pull this information out, and create a separate document on backing up information.   The purpose will be to discuss the steps on how to backup information pertaining to the Microsoft Identity Management Synchronization Manager products. 

·         Microsoft Identity Integration Server 2003

·         Microsoft Identity Integration Feature Pack

·         Microsoft Identity Lifecycle Manager 2007 Feature Pack 1

·         Microsoft Forefront Identity Manager 2010

 This document will not focus on backing up the other Microsoft Identity Management products.  The products we will not be covering are:
  1. Microsoft Certificate Lifecycle Manager 2007 Feature Pack 1
  2. Microsoft Forefront Identity Manager 2010 Service and Portal
  3. Microsoft Forefront Identity Manager 2010 Certificate Management
Please review the bottom of this document for links containing information on backing up these products.

BACKUP TOPICS

Developing and maintaining solutions built with any of the Microsoft Identity Manager Products will generate the need to back up your information.  Depending on what modifications are being applied, will depend on what items you should back up.  You may not need to back up everything and thus the reason for the different “Backup Topics”.  We will discuss what those areas are, and why you want to backup these pieces of the solution. 

Changing a property inside of a management agent

a.       Backup – Server Configuration

b.      Backup – Backend SQL Server Database (Optional – pending the current SQL Server backup/maintenance plan)

Upgrading or installing a hot fix

a.       Backup – Server Configuration

b.      Backup – Encryption Key

c.       Backup – Source Code

d.      Backup – Extensions and Data

e.      Backup – Backend SQL Server Database

Code modifications to metaverse or management agent extensions

a.       Backup – Server Configuration

b.      Backup – Source Code

c.       Backup – Extensions

d.      Backup – Backend SQL Server Database (Optional – pending the current SQL Server backup/maintenance plan)

Adding a management agent to the current Identity Management solution

a.       Backup – Server Configuration

b.      Backup – Backend SQL Server Database (Optional – pending the current SQL Server backup/maintenance plan)

Daily and/or Weekly Backup Strategy

A good practice would be to develop some sort of daily and/or weekly backup strategy.  It will assist in developing a good disaster recovery plan when executing updates or modifications to the current environment.   A possible scenario may be to where the Identity Management Solution runs without issue for months.   Then a server crash happens.  If the information is backed up, it will allow for less down time.

a.       Backup – Server Configuration

b.      Backup – Encryption Key

c.       Backup – Source Code

d.      Backup – Extensions and Data

e.      Backup – Backend SQL Server Database

SQL SERVER DATABASE – Backing up or Moving Backend Database

Backup – Backend SQL Server Database

Microsoft Identity Management products are a client/server application.  The backend database is a Microsoft SQL Server database.  Depending on the version of the Microsoft Identity Management product, the backend SQL Server could be Microsoft SQL Server 2000, Microsoft SQL Server 2005 or a Microsoft SQL Server 2008 database.  Microsoft SQL Server database files have the MDF extension.  It is associated with the Logging database which is the LDF file.  We will use the Microsoft SQL Server Backup utility to back up the Microsoft SQL Server database.
A good practice for the back-end data is to do a nightly backup of the MicrosoftIdentityIntegrationServer (FIM2010: FIMSynchronizationService) database.  This will allow for you to recover in case of a data disaster.  You can find more information on database maintenance here.  Our focus here is to navigate through the steps of backing up the SQL Server database.

1.       Close the Identity Manager Console before beginning this process

a.       *NOTE* This is very important, as if you have the Identity Manager Console up and running, or if you have scheduled jobs running when doing this step, you could run into errors, and possibly corrupt data.

2.        Open Microsoft SQL Server Management Studio:  (NOTE: We will use snapshots from SQL Server 2008 for the purpose of this document.)

a.       Microsoft SQL Server 2000: Enterprise Manager

b.      Microsoft SQL Server 2005: SQL Server Management Studio

c.       Microsoft SQL Server 2008: SQL Server Management Studio

3.       Connect to the Microsoft SQL Server housing the MicrosoftIdentityIntegrationServer (FIM2010: FIMSynchronizationService) database.

4.       Expand Databases

5.       Right click on the MicrosoftIdentityIntegrationServer (FIM2010: FIMSynchronizationService) database

6.       Select Tasks > Back Up (*SQL 2000: Select All Tasks and then Back Up Database *)

a.       Back Up Type: Full

b.      Name: (Recommendation leave the default) MicrosoftIdentityIntegrationServer-Full Database Backup

                                                               i.      NOTE: The name of this database should be something that you can remember and identify what it is for future reference.

c.       Destination: Notice where it is currently backed up at, and change it if you have a specific location to back up the database. 

d.      Click Ok

7.       If you experience problems with the backup process of the SQL Server database, you may need to contact our Microsoft SQL Server team for support.

 

ADDITIONAL RESOURCES

Complete Database Backup

Restoring Complete database Backups:

SQL 2000 - SQL Server 2000 Backup and Restore

SQL 2005 - Backing Up and Restoring Databases in SQL Server

SQL 2008 - Backing Up and Restoring Databases in SQL Server

Database Maintenance: http://social.technet.microsoft.com/Forums/en-US/identitylifecyclemanager/thread/a109ea2d-a61a-483c-97c8-8a680ce77e2e/

Moving - backend database to a new or different SQL Server

A need may arise that will cause you to have to relocate the backend MicrosoftIdentityIntegrationServer (FIM2010: FIMSynchronizationService) database to a new Microsoft SQL Server.  Scenarios would include:

1.       Moving the database from a remote SQL Server to be a local SQL Server

2.       Moving the database from a local SQL Server to remote SQL Server

3.       Moving the database from a remote SQL Server to another remote SQL Server

Here we will cover the steps to accomplish this task and ensure that you have a backup of the database for disaster recovery purposes.

1.       Close the Identity Manager Console before beginning this process

a.       *NOTE* This is very important, as if you have the Identity Manager Console up and running, or if you have scheduled jobs running when doing this step, you could run into errors, and possibly corrupt data.

2.        Open Microsoft SQL Server Management Studio:  (NOTE: We will use snapshots from SQL Server 2008 for the purpose of this document.)

a.       Microsoft SQL Server 2000: Enterprise Manager

b.      Microsoft SQL Server 2005: SQL Server Management Studio

c.       Microsoft SQL Server 2008: SQL Server Management Studio

3.       Connect to the Microsoft SQL Server housing the MicrosoftIdentityIntegrationServer (FIM2010: FIMSynchronizationService) database.

4.       Expand Databases

5.       Right click on the MicrosoftIdentityIntegrationServer (FIM2010: FIMSynchronizationService) database

6.       Select Tasks and then Detach

a.       Check Drop Connections

b.      Check Update Statistics

c.       Check Keep Text Full Catalogs

d.      Click Ok

7.       Move the MDF and LDF files from the location documented below to the new location

a.       [Default Location for MIIS/IIFP/ILM]  %programfiles%\Microsoft Identity Integration Server\Data folder

b.      [Default Location for FIM]  %programfiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\DATA

8.        Open Microsoft SQL Server Management Studio:  (NOTE: We will use snapshots from SQL Server 2008 for the purpose of this document.)

a.       Microsoft SQL Server 2000: Enterprise Manager

b.      Microsoft SQL Server 2005: SQL Server Management Studio

c.       Microsoft SQL Server 2008: SQL Server Management Studio

9.       Connect to the Microsoft SQL Server that will host the MicrosoftIdentityIntegrationServer (FIM2010: FIMSynchronizationService) database.

10.   Right click on databases and select Attach

11.   Click the Add button

12.   Point to the location where the MDF and LDF files are located

13.   Click the Ok button

14.   Click the Ok button and the database should be re-attached

15.   If you changed to a new SQL Server, you will need to execute an uninstall and reinstall of the Microsoft Identity Management product that you are utilizing here.

SOURCE CODE, EXTENSION DLLs, DATA – Backing up

BACK UP - SOURCE CODE

If you have created any type of Metaverse or Management Agent extensions, you will have source code.  It is very important to back up source code and compiled extension DLLs before making any code changes to the current source code.  This will allow you to have a backup copy of the previous code should a problem occur when the new code is put in place.  Be sure to document your back up location, or utilize a location that your company specifies for source code backups.  This information, will allow you to obtain the source code very quickly should you need to revert to an old copy of the source code.  A prime example will be if you were to have a consultant come in and develop a Metaverse or Management Agent Extension, you will want to back up this source code and ensure that you know where it is when you need it.
To backup source code, is nothing more than doing a file copy of the source code folder and its contents to your backup location.  You could automate something like this with a batch file or Windows Scripting Host file.
Another possible solution for source code revisions and backups is using a tool such as Microsoft Visual Studio Team Foundation Server 2010. 

BACK UP – EXTENSION DLLs

If you have created any type of Metaverse or Management Agent extensions, you will have DLLs located in the %programfiles%\Microsoft Identity Integration Server\Extensions folder (FIM2010: %ProgramFiles%\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions).  Ensuring that these DLLs are backed up prior to any code modifications, upgrades, or hot fix installations will help provide a way to revert to the previous builds should you encounter a problem with the new DLLs. 
Like backing up the source code, this is nothing more than a file copy of the Extensions folder to your provided backup location.  Here is a list of folders that would be recommended to back up as well.

o   SourceCode:   by default, GALSYNC and LOGGING source code is installed into this folder.  You may have custom source code in this folder as well.  If you have custom GALSYNC and/or EXTENSION source code in another location, navigate to that location and backup this information.

o   Extensions: folder contains all DLL files for default and custom GALSYNC and/or EXTENSION code written.

o   MaData: folder contains specific information for each of the Management Agents that you have created.  It does not house Management Agent configurations by default.

o   Data: by default, this is the location of the SQL Server MDF and LDF files.  If you have followed the steps in “Backup the backend SQL Server Database” then you do not need to worry about these files.  There may be other files in this folder as well, and you will want to back up this information as well. 

BACKUP – SERVER CONFIGURATIONS

This section is designed to assist you in backing up your server configurations.  The server configurations consist of backing up all management agent configurations and metaverse configurations.  Doing this step, exports all management agent configurations as XML files to a specific location.  The process does not allow you to overwrite files, so you will need to have a new location for each back up.

1.       Open the Microsoft Identity Synchronization Manager Console (MIIS/IIFP/ILM/FIM)

2.       From the File menu select Export Server Configuration.

  

3.       Select the folder to save the data

a.       NOTE: It cannot be a folder that you have exported out to before, unless you go in and delete the data there first.  Make a new folder if needed.

4.       Click OK.

BACKUP – ENCRYPTION KEY

This section is designed to assist you in backing up the encryption key. 

1.       Click the Start button then All Programs then Microsoft Identity Integration Server.

2.       Select Key Management Utility.

  

3.       Select Export Key set and Click the Next button.

4.       Enter the MIIS Service Account information.

NOTE: This is the service account used to install the Microsoft Identity Integration Server product.

5.       Click the Next button.

6.       Select the export location and file name.

7.       Click the Next button.

8.       Click the Finish button.

9.       Click the Close button.

PRODUCTS NOT COVERED

 Backup and Restore the FIMService:
 FIM CM Backup and Restore Guide:
 ILM 2007 FP1 CLM Backup and Restore:


See Also

Leave a Comment
  • Please add 3 and 3 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Carsten Siemens edited Revision 18. Comment: Added tag: en-US, has TOC, has See Also

  • Ed Price - MSFT edited Revision 9. Comment: TOC and white space issues

  • Ed Price MSFT edited Revision 7. Comment: Updated title to standards.

Page 1 of 1 (3 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Ed Price MSFT edited Revision 7. Comment: Updated title to standards.

  • Ed Price - MSFT edited Revision 9. Comment: TOC and white space issues

  • Carsten Siemens edited Revision 18. Comment: Added tag: en-US, has TOC, has See Also

Page 1 of 1 (3 items)