Disaster Recovery procedure for Symantec Data Center Security Server: Server Advanced (SDCSSA)
Article ID: 162273
Updated On:
Products
Data Center Security Server
Data Center Security Server Advanced
Issue/Introduction
You would like to know data to backup in order to be able to rebuild Symantec Data Center Security Server: Server Advanced (SDCSSA) in the case of a failure.
Resolution
How to make a full SDCS:SA Server backup?
1) Stop "Symantec Data Center Security Server Manager" service
2) Make a database backup (http://msdn.microsoft.com/en-us/library/ms186289.aspx). As an example (your company DBA is the only person responsible for this), here is a way to do it on SQL Server 2008:
- Login to SQL Server Management Studio
- Browse Databases, and right-click on SCSPDB database
- Click on Tasks > Backup, then configure the backup settings and run it
From DCS:SA version 6.6 and later additional database backup steps is required
Browse Databases, and right-click on DCSC_UMC database
- Click on Tasks > Backup, then configure the backup settings and run it
3) Make a copy of certificates and server settings (below are default paths on 32bit system):
The certificates can be found at the following locations:
{Drive}\Program Files (x86)\Symantec\Data Center Security Server\Server\server-cert.ssl
The certificates can be found at the following locations:
{Drive}\Program Files (x86)\Symantec\Data Center Security Server\Server\server-cert.ssl
{Drive}\Program Files (x86)\Symantec\Data Center Security Server\Server\agent-cert.ssl
{Drive}\Program Files (x86)\Symantec\Data Center Security Server\Server\sss.ssl
{Drive}\Program Files (x86)\Symantec\Data Center Security Server\Server\umcserver.ssl
{Drive}\Program Files (x86)\Symantec\Data Center Security Server\Server\jre\lib\security\cacerts
{Drive}\Program Files (x86)\Symantec\Data Center Security Server\Server\umc\umcCA\certs\rootkey.cer
{Drive}\Program Files (x86)\Symantec\Data Center Security Server\Server\tomcat\conf\server.xml
The agent-cert.ssl is used for the day to day install of agents so it a must have cert that needs to be preserved so you can add more agents in the future, but when dealing with a disaster recovery drill or the real things all you need to have to install and connect a manager to your database is the server.xml and the server-cert.ssl.
4) Note all settings used during initial SDCSSA install: ports, database instance (SCSP by default), database name (SCSPDB by default), database account (scspdba by default) and password, install path.
Additionally, you may export SCSP database accounts/passwords from SQL Server database (http://support.microsoft.com/kb/246133/).
5) Start "Symantec Data Center Security Server Manager" service
How to recover SDCSSA Server?
IMPORTANT: it is necessary to reinstall SDCS Server on a machine with the same hostname/IP address to recover server-agent communication (see TECH116309 for more details).
Situation A - Database backup not available, but you want to recover at least Server-Agent communication
Follow article HOWTO119461 (https://support.symantec.com/en_US/article.HOWTO119461.html)
Situation B - Only database content has been corrupted, database structure is still valid
1) Stop "Symantec Data Center Security Server Manager" service
2) Restore database backup
3) If any database account needs to be re-created, you can find below their default configuration:
- scsp_ops in Security > Logins
- scsp_ops in SCSPDB > Security > Users
- scsp_plugin in Security > Logins
- scsp_plugin in SCSPDB > Security > Users
- scspdba in Security > Logins
"sp_change_users_login" can be used as well to fix orphan account issue (http://msdn.microsoft.com/en-us/library/ms174378.aspx).
4) If needed, reinstall SCSP Server as described in "Begin re-installation of the SCSP Manager, making sure to select TOMCAT only" section from HOWTO119461 article (steps 9 to 14 should not be required).
Otherwise, start "Symantec Data Center Security Server Manager" service.
Situation C - SDCSSA server database needs to be completely rebuilt
1) Reinstall SDCSSA Management Server choosing to recreate the database schema, using previous SDCSSA Server install settings
2) Stop "Symantec Data Center Security Server Manager" service
3) Restore SCSP Server database backup over the new database created in previous step
4) Replace all certificate files and server.xml by the ones you backup previously (below are default paths on 32bit system):
C:\Program Files (x86)\Symantec\Data Center Security Server\Server\server-cert.ssl
C:\Program Files (x86)\Symantec\Data Center Security Server\Server\tomcat\conf\server.xml
The agent-cert.ssl is used for the day to day install of agents so it a must have cert that needs to be preserved so you can add more agents in the future, but when dealing with a disaster recovery drill or the real things all you need to have to install and connect a manager to your database is the server.xml and the server-cert.ssl.
C:\Program Files (x86)\Symantec\Data Center Security Server\Server\tomcat\conf\server.xml
The agent-cert.ssl is used for the day to day install of agents so it a must have cert that needs to be preserved so you can add more agents in the future, but when dealing with a disaster recovery drill or the real things all you need to have to install and connect a manager to your database is the server.xml and the server-cert.ssl.
5) If any database account needs to be re-created, you can find their configuration above, and use as well "sp_change_users_login" (see above for more details).
scsp_ops password can be then set appropriately in SQL Server Management Studio by following steps 9 to 13 from HOWTO119461 article.
6) Start "Symantec Data Center Security Server Manager" service
Applies To
SCSP Server with SQL Server database.
Feedback
Yes
No
Powered by
