Applications that use HTTP Federation (HFED) store user profiles on the identity router. User profiles contain keychains that contain users' encrypted sign-in credentials for an HFED application. For example, Concur_Username, Concur_Password are credentials that are stored in the same keychain for a user. A user has a keychain for each HFED application being accessed. Keychains are not used for SAML applications.
If your company deploys HFED applications, RSA recommends that you back up user profiles on a regular basis. You can use the Cloud Administration Console to configure a scheduled, automatic backup affecting all clusters in the deployment, or you can perform manual backups affecting only a single cluster. Users can continue to access applications during the backup process.
Backups ensure that if user profiles become lost or corrupted on the identity router, you can fully restore that data. During a restore operation, the entire contents of the backup file overwrite all user profile data on each identity router.
You can back up to a local disk on the identity router, or you can use SSH File Transfer Protocol (SFTP) to securely transfer the files to a different location. RSA recommends using a different location.
Restoring Backups from Different Clusters
- After you add a new cluster of identity routers, you need to perform a restore using a backup from the original cluster so that the new cluster gets the initial set of keychains. All subsequent changes occur through cross-cluster synchronization, if configured.
- If cross-cluster synchronization stops working for a cluster, you can restore user profiles to that cluster using a backup from a different cluster. In this case, both clusters must be configured to send backups to the same backup location, and that location cannot be the site where the failure occurred.
High-Level Steps for Configuring Backups
- Calculate the amount of disk space you need to store backup files. See Calculating Storage Space for HFED User Profile Backup Files.
- Configure the backup target location and number of backups to keep for each cluster. For instructions, see Configure Backup Settings for a Single Cluster.
- Configure an Automated Backup Schedule for All Clusters in the Deployment.