|
|
The Policy Database is a proprietary knowledge store. It is an active object-oriented database derived from frame technologies developed by the artificial intelligence community. The Policy Database acts as a central repository for configuration data, as well as for information that Policy Monitor Points record as part of the daily activity of a Policy Enforcement Point, including audit records and system integrity data. Performing backup and recovery operations on the Policy Database is an important part of maintaining your Cisco Secure Policy Manager system.
In this chapter you will find the following topics, with accompanying procedures:
The Backup command on the File menu writes a backup copy of your Primary Policy Database to a safe location on the Primary Policy Database server. In the event that your Primary Policy Database experiences data corruption problems or you want to revert to a previously known state, you can use this backup copy in conjunction with the fmrestore command at a command prompt to restore the Policy Database to its "last known good" state.
 |
Caution You can only back up the Primary Policy Database from the computer on which it resides. You cannot back up the Policy Database from a secondary server or a remote GUI client. Attempting to back up from a remote client can corrupt the Primary Policy Database. |
The backup copy contains a copy of your entire network configuration, defined policies, and administrative accounts that you have added. More importantly, the backup copy includes the history of your system and audit events at the time the backup occurred. This history includes details regarding traffic that has occurred across your network and any reports that have been generated regarding the status and use of your network.
Whenever you make a major change to the Cisco Secure Policy Manager configuration, you should back up the Policy Database to ensure that you have a safe copy of an operational system. In addition, you should back up Cisco Secure Policy Manager after you initially install and configure Cisco Secure Policy Manager.
|
Caution You can only back up the Primary Policy Database from the computer on which it resides. You cannot back up the Policy Database from a secondary server or a remote GUI client. |
To back up the Policy Database, perform the following task:
Result: The Select Backup Directory dialog box appears.
Step 2 To specify the drive on which you want to store the backup copy, select that drive letter in the Folder list box.
You can specify to store the backup copy in a pre-existing folder or you can create a new folder. To select a pre-existing folder, continue with Step 3; to create a new folder, skip to Step 4.
Step 3 To specify a pre-existing folder, select that folder in the Select Backup Directory dialog box, and then skip to Step 6.
Step 4 To create a new folder, click the Create New Folder icon.
Result: A new folder appears with the name New Folder selected.
Step 5 To specify the name of your new folder, type the name in the selected Name box, and then press Enter.
Step 6 To accept your selection, click Open.
Step 7 To perform the Backup operation, click OK.
Result: When the backup operation is complete, a message box displays "Backup Successful."
 |
Note This operation can take several minutes or more to complete. |
Step 8 To close the message box, click OK.
The fmrestore command converts your current Primary Policy Database to a backed up version of the same database on the Primary Policy Database server. In the event that your Primary Policy Database experiences data corruption problems or you want to revert to a previously known state, you can use the fmrestore command at a command prompt in conjunction with the Backup command on the File menu to restore the Policy Database to its "last known good" state.
|
Caution You must close all instances of the GUI client and stop all Cisco Secure Policy Manager services running on the Primary Policy Database before you can restore the Policy Database. Therefore, all communications between the primary server and any secondary servers will fail until you restart the Cisco Secure Policy Manager services on the primary server. |
The fmrestore command uses a backup copy of the Policy Database to restore the current Policy Database to a previous state. To create a backup of the Policy Database, you must use the Backup command. Just as you can back up only the Primary Policy Database, you can restore only the Primary Policy Database.
After you restore a Primary Policy Database, any secondary servers will synchronize their configuration data with that of the Primary Policy Database. While the audit events for the secondary servers are stored on those servers, the configuration information, such as the network topology definition and security policies, is taken from the Primary Policy Database. Therefore, the configuration information retained by the secondary servers will be replaced by the restored version on the primary server.
|
Caution You must close all instances of the GUI client and stop all Cisco Secure Policy Manager services running on the Primary Policy Database before you can restore the Policy Database. Therefore, all communications between the primary server and any secondary servers will fail until you restart the Cisco Secure Policy Manager services on the primary server, which you cannot do until the fmrestore operation has completed. |
|
Caution You must close all instances of the GUI client and stop all Cisco Secure Policy Manager services running on the Primary Policy Database before you can restore the Policy Database. Therefore, all communications between the primary server and any secondary servers will fail until you restart the Cisco Secure Policy Manager services on the primary server, which you cannot do until the fmrestore operation has completed. |
To restore the Policy Database from a backup folder, perform the following task:
Result: The Services dialog box appears.
Step 2 To safely shutdown the Policy Database and all Cisco Secure Policy Manager services on the primary server, select Cisco Controlled Host Component in the Service list and click Stop.
Result: A dialog box prompts you to confirm your choice to stop all Cisco Secure Policy Manager services.
Step 3 Click Yes.
Result: All Cisco Secure Policy Manager services are stopped.
Step 4 To access the fmrestore command, change to the bin folder under the Cisco Secure Policy Manager folder in a command prompt window.
The Cisco Secure Policy Manager folder is the folder where you chose to install the product on this computer.
Step 5 To revert the current Policy Database to the backup copy, type fmrestore <source folder> at the command prompt and press Enter.
The source folder should include the folder name and the relative path to that folder from bin. This folder is the one that you specified when you used the GUI client to create the backup. Remember that a folder named "CiscoBackup" is automatically created under the backup folder specified during the backup process; however, you do not need to specify that folder in the path as it is automatically appended to the source folder that you specify. No other parameters are required.
Result: When the fmrestore operation is complete, a message displays "Successfully restored Cisco Policy Database files."
|
Note This operation can take several minutes to complete. |
Step 6 When the command prompt returns, reboot the primary server for all changes to take effect and to restart the Cisco Secure Policy Manager services.
Posted: Tue May 30 08:26:12 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.