ram_info
os_version
mac_address
machine_name
disk_serial_number
diskcontroller_id
cpu_id

If any three of the parameters change then the encryption key is no longer valid and FIM will fail to start.  This may occur if an operating system patch is applied or memory added, or if the FIM server is moved to a different machine.  On Windows systems the password used to start the FIM servers as a windows services is also encrypted using these keys.

Backup of FIM configuration files

In order to ensure that your FIM server can be restored in the case that the encryption keys are lost you should ensure that a backup of encryption keys and SAML configuration is made periodically.  A backup should be performed:

1. after the initial installation of FIM
2. before any changes to the machine or operating system that would affect the parameters described above,.
3. after any major changes to the configuration of FIM or the addition of any new parties.
4. periodically as part of routing backup procedure

To perform a backup of FIM follow the following procedure.

configtool EXPORTSECRETS password filename
configtool EXPORTSAMLCONFIG filename

Restoration of FIM configuration files

configtool IMPORTSECRETS password filename
configtool SETSAMLCONFIG filename