Backup and recovery considerations for EIM

You need to develop a backup and recovery plan for your Enterprise Identity Mapping (EIM) data to ensure that your EIM data is protected and can be recovered should there ever be a problem with the directory server that hosts the EIM domain controller. There is also important EIM configuration information that you need to understand how to recover.

Backup and recovery of EIM domain data

How you save your EIM data depends on how you decide to manage this aspect of the directory server that acts as the domain controller for your EIM data.

One way to back up the data, especially for disaster recovery purposes is to save the database library. By default, this is QUSRDIRDB. If changelog is enabled, then you should also save the library QUSRDIRCL. The directory server on the system where you want to restore the library must have the same LDAP schema and configuration as the original directory server. The files that store this information are in /QIBM/UserData/OS400/DirSrv. Additional configuration data is stored in QUSRDIRCF/QGLDCFG (*USRSPC object) and QUSRDIRCF/QGLDVLDL (*VLDL object). In order to have a complete backup of everything for your directory server, you must save both libraries, the integrated file system files, and the QUSRDIRCF objects.

For example, you could use an LDIF file to save all or part of the directory server contents. To back up the domain information for an IBM TivoliĀ® Directory Server for IBM i domain controller complete these steps:

  1. Use the Copy To LDIF (CPYTOLDIF) command to copy all or part of the directory server contents to a file.
  2. Transfer the file to the IBM i platform that you want to use as your backup directory server.
  3. On the backup server, use the Copy From LDIF (CPYFRMLDIF) command to load the contents of the transferred file to the new directory server.

Another method you may consider for saving your EIM domain data, is to configure and use a replica directory server. All changes to EIM domain data are automatically forwarded to the replica directory server so that if the directory server that hosts the domain controller fails or loses EIM data, you can retrieve the data from the replica server.

How you configure and use a replica directory server varies depending on the type of replication model that you choose to use.

Backup and recovery of EIM configuration information

Should your system go down, you may need to restore EIM configuration information for that system. This information cannot be saved and restored easily across systems.

These options are available to you to save and restore EIM configuration:
  • Use the Save Security Data (SAVSECDTA) command on each system to save EIM and other important configuration information. Then restore the QSYS user profile object on each system.
    Note: You must use the SAVSECDTA command and restore the QSYS user profile object on each system with an EIM configuration individually. You may experience problems if you try to recover the QSYS user profile object on one system when it was saved on a different system.
  • Either rerun the EIM Configuration wizard or you manually update the EIM Configuration folder properties. To make this process easier, you should save your EIM implementation planning work sheets or make a record of the EIM configuration information for each system.

Additionally, you need to consider and plan how to back up and recover you network authentication service data if you configured network authentication service as part of implementing a single sign-on environment.