Chapter 4. Preparing for data loss with VM snapshots

Virtual machine (VM) snapshots are an integral component of a data recovery strategy, since they preserve the full state of an IdM server:

  • Operating system software and settings
  • IdM software and settings
  • IdM customer data

Preparing a VM snapshot of an IdM Certificate Authority (CA) replica allows you to rebuild an entire IdM deployment after a disaster.

Warning

If your environment uses the integrated CA, a snapshot of a replica without a CA will not be sufficient for rebuilding a deployment, because certificate data will not be preserved.

Similarly, if your environment uses the IdM Key Recovery Authority (KRA), make sure you create snapshots of a KRA replica, or you may lose the storage key.

Red Hat recommends creating snapshots of a VM that has all of the IdM server roles installed which are in use in your deployment: CA, KRA, DNS.

Prerequisites

  • A hypervisor capable of hosting RHEL VMs.

Procedure

  1. Configure at least one CA replica in the deployment to run inside a VM.

    1. If IdM DNS or KRA are used in your environment, consider installing DNS and KRA services on this replica as well.
    2. Optionally, configure this VM replica as a hidden replica.
  2. Periodically shutdown this VM, take a full snapshot of it, and bring it back online so it continues to receive replication updates. If the VM is a hidden replica, IdM Clients will not be disrupted during this procedure.

Additional resources