We have RSA Authentication Manager ver. 8.1. We have 2 servers (primary and secondary). I am backing up the complete VM for both of these servers. I am told to come up with a Disaster Recovery Plan. I have some questions. If the primary server were to crash and I were to restore it from backup, would replication still work? The secondary would then have data more recent than the primary. Would that break replication?
Thanks for the info. Our RSA servers are in different cities. They are backed up and the backups are sent off-site.
If the primary server dies I have 2 options:
If users have changed their pin on the secondary would we lose that change if I do the restore incorrectly?
A restore to the original primary attempts to fix replication:
However....depending on what was happening, you may need to SYNC the replica after the backup/restore:
To state the obvious a good DR plan is one that makes sense and that you can pull off successfully if necessary, so your lay out your needs;
1. authentication, users logging into VPN, servers, other agents
2. administration, Help desk adding new users, tokens, agents, etc..
and your DR / backup options;
1. VMware snapshots or backups
2. Database backups from the Primary operations console
3. Promotion of Replica(s) to become new primary
and lay out any complications
1. Web Tiers
2. AM Prime, AMIS, AMBA, customer Admin API consoles or servers
Then consider how your environment changes; how much and how often, e.g. 50 new users every day versus 1 new user every 6 months. This allows you to plan your DR options and backup schedule. So to your if Priamry goes away and your restore it from a previous state, either from backup or VMWare snap shot revert, as long as the primary and replica are still at the same version they should start replicating again. Risks are that logging data will be lost, how much depends on how recent your backup or snapshot is from. So depending on your needs, you might consider promoting your replica if it has the latest data that you absolutely need and cannot or do not want to rebuild.
If both your primary and replica are hosted as VMs on the same ESX of other VMware server, that's a single point of failure
If you backup your primary to the local disk through the operations console, iand that primary crashes and you cannot recover backup files, you are out of luck. A cron job that copies backup file to a remote file share would go a long way towards peace of mind and job security, then database backups are in two places, whereas if you only backup to a remote file share the backup is redundant, but dependent on a remote site only.
Testing is in order here. If possible build a Test/Dev primary in your sandbox and make sure the restore part of your backup and restore is solid.