FreeIPA is a new technology which gives you many features in the areas of Identity management, host based security control as well as user based security control over your Linux infrastructure.
FreeIPA is designed to give centralised management capabilities over Linux, in a way similar to Microsoft Active Directory has over a Windows estate.
If you would like to find out more about FreeIPA, head across to the project wiki which you can find here.
For those of you who are already running FreeIPA, and looking for information about backing up and restoring your environment. Please read on.
Backup and Restore procedures are always an interesting topic in the industry. What do I use to perform backups? How often do I backup? What do I backup? are all very commonly asked questions.
I have witnessed countless opinions on how an organisation should do there backups, and realistically, there is no right and wrong way, provided your restoration procedures work.
If your restoration procedures fail when you need them most, I hate to say it, but you’re doing it wrong.
What do I use to perform backups?
This question is often asked and there is no easy answer. When it comes to managing a reliable backup schedule, I highly recommend you use a product where you have some form of enterprise support from the vendor. I have seen may people say “Why should we pay for something when we can do it ourselves?”, yet in the hour of need, they are the ones who end up suffering because they aren’t able to restore. Don’t let this be you. If you can afford it, please don’t hold back.
I personally recommend the use of Acronis, CommVault, NetBackup or even ArcServe if you really want. The important thing is that you have the ability to back up the files within your servers.
A note on virtualization:
A common assumption is that “if I run my infrastructure inside of virtual servers within a virtualization technology, I can backup the virtual server and I don’t have to worry about anything else”.
This definitely has its merits, however one very important question for you is “Can you restore specific files within that virtual server backup? or do you have to restore the entire server just to restore one file?”
It is important to consider the above as this will directly affect the time it takes to restore your data and how complicated the process will be.
Something to remember is that single file or folder restores are substantially more common statistically, compared to restoring from a full server failure.
If you are using Red Hat Enterprise Virtualization (RHEV), Acronis will give you the ability to back up your virtual server’s completely as well as restoring individual files.
How often do I backup?
This question is really open to interpretation. As this article will refer to FreeIPA, I will compare this to Microsoft Active Directory.
Active Directory allows you to take what is referred to as a System State backup. This is performed on your Domain Controller, which is the equivalent to your FreeIPA Directory Server.
In recent years, it has been very common practice to conduct a System State backup of Active Directory every 1-3 days, depending on the size of your organization.
If you have a small deployment, where your Active Directory environment does not change very frequently, the need for a daily backup is not as 100% as critical as a large organisation which has a constantly evolving environment.
Please be aware, that I am not condoning taking a very lose approach to backing up Active Directory. If you have the ability and resources available, I highly recommend backing up your Active Directory Domain Controllers, or FreeIPA Directory Servers on a daily basis.
The more backups you have, the less chance of not being able to restore you will have.