Chapter 3. Recovering multiple servers with replication

If multiple servers are lost at the same time, determine if the environment can be rebuilt by seeing which one of the following five scenarios applies to your situation.

3.1. Recovering from losing multiple servers in a CA-less deployment

Servers in a CA-less deployment are all considered equal, so you can rebuild the environment by removing and replacing lost replicas in any order.

Prerequisites

  • Your deployment uses an external Certificate Authority (CA).

3.2. Recovering from losing multiple servers when the CA renewal server is unharmed

If the CA renewal server is intact, you can replace other servers in any order.

Prerequisites

  • Your deployment uses the IdM internal Certificate Authority (CA).

3.3. Recovering from losing the CA renewal server and other servers

If you lose the CA renewal server and other servers, promote another CA server to the CA renewal server role before replacing other replicas.

Prerequisites

  • Your deployment uses the IdM internal Certificate Authority (CA).
  • At least one CA replica is unharmed.

Procedure

  1. Promote another CA replica to fulfill the CA renewal server role. See Recovering from losing the CA renewal server.
  2. Replace all other lost replicas. See Recovering from losing a regular replica.

3.4. Recovering from losing all CA replicas

Without any Certificate Authority (CA) replicas, the IdM environment has lost the ability to deploy additional replicas and rebuild itself.

Prerequisites

  • Your deployment uses the IdM internal Certificate Authority (CA).

Procedure

  • This situation is a total loss.

Additional resources

3.5. Recovering from a total infrastructure loss

If all servers are lost at once, and there are no Virtual Machine (VM) snapshots or data backups to restore from, this situation is unrecoverable.

Procedure

  • This situation is a total loss.