Secret Server Business Continuity and Disaster Recovery Planning
Any solid Business Continuity Plan will contain IT server and database Disaster Recovery plans. To that end, this guide is intended to assist with integrating Secret Server with regards to redundancy and backup planning. While many customers run Secret Server in virtual environments, those that do not have several methods aimed directly at preventing loss of service and data. Multiple Knowledge Base articles on topics such as web server clustering, SQL server mirroring, automated backups, and simple installation are available for download at the Secret Server product support website found here:
http://www.thycotic.com/products_secretserver_support.html
Please note that some of the advanced features mentioned in this and other guides require specific product licensing.
Methods of Maintaining Secret Server in a Recovery Scenario
Before discussing the framework of a solid Secret Server Disaster Recovery Plan, this guide will outline the methods of maintaining operations. Thycotic Software recommends geographic redundancy when and where economically feasible. Geographic redundancy, while not required by any means, ensures network, power and hardware replication between Secret Server instances.
Simple Installation – By design, Secret Server’s installation is a quick and easy process. Keeping this process as quick and easy to install was a goal from the outset of Secret Server. This serves as a viable fallback option should redundancy plans fail. In a worst-case scenario where the host server fails, a cluster/mirror fails, and the other backup plans fail, Secret Server can be installed from scratch quickly and data imported from various methods. Users familiar with SQL and IIS can typically install Secret Server in about 30-45 minutes on a prepared server. Review the installation guides here:
Secret Server Installation on Windows Server 2008, Server 2008 R2, 7 & Vista:
http://updates.thycotic.net/secretserver/documents/SecretServerInstallationWindows6.pdf?guid=10052011
Secret Server Installation on Windows Server 2003 & XP:
http://updates.thycotic.net/secretserver/documents/SecretServerInstallationWindows5.pdf?guid=10032011
SQL Server Mirroring & High Availability – Secret Server supports Synchronous/Asynchronous SQL Mirroring. Mirroring database instances is an important part of any high-availability Business Continuity Plan. Adding geographic redundancy to this plan is recommended for customers with multiple sites, for that added layer of protection. Please refer to the following documentation for setup information:
http://updates.thycotic.net/secretserver/documents/SQLServerMirroring.pdf
http://www.thycotic.com/documentation/secretserver/DBFailoverForSecretServer.pdf
Microsoft Technet articles about Database Mirroring in SQL Server 2005:
http://technet.microsoft.com/en-us/library/cc917681.aspx
http://technet.microsoft.com/en-us/library/cc917680.aspx
Web Server Clustering & High Availability – With Enterprise Plus licensing, Secret Server supports high availability (active-active-plus) web server (front-end) clustering. There is no physical limit to the number of active web servers that can run simultaneously. Customers can configure Secret Server to be highly-available and geographically-redundant quickly. Users can rapidly deploy Secret Server active instances by first cloning pre-configured web servers, then copying the website “application” folder, and lastly running the database connection procedure. See the following documentation for detailed steps and potential issues with active-active web servers:
http://support.thycotic.com/KB/a159/setting-up-clustering.aspx?KBSearchID=0
Automated & Manual Backups – Secret Server natively supports local and network backups. By configuring locations for the application folder and SQL database, Secret Server backs up this data based on a highly-configurable user-defined schedule with detailed logging. Please refer to the following documentation for Automated Backup configuration:
http://support.thycotic.com/KB/a210/backing-up-secret-server-to-a-network-share.aspx?KBSearchID=0
http://support.thycotic.com/KB/a66/backup-configuration-file-path-settings.aspx?KBSearchID=0
Please refer to the following documentation for Manual Backup procedures:
http://support.thycotic.com/KB/a19/how-to-manually-backup-secret-server.aspx?KBSearchID=0
Restore from Backup – Secret Server’s web application folder is as simple as copying the contents of the last available zipped backup file into place. SQL database restores are simple as well but require several steps depending on the backup scenario. Please refer to the following documentation for steps to Restore from Backup:
http://support.thycotic.com/KB/a22/restoring-secret-server-from-a-backup.aspx?KBSearchID=0
Summary and Additional Support Resources
The integration of Secret Server into our customers’ Business Continuity Planning should not present any unique challenges beyond normal server and database recovery. If your organization already has DR plans for servers and databases, Secret Server and its SQL database should fit within your personal framework. Secret Server has the additional features of Automated Backup and High Availability for the web application (front end) and the SQL database (back end). Using server virtualization can assist with recovery in terms of snap shots, replication and other 3rd party features, but they are beyond the scope of this document. Many of the items mentioned in this document are referenced in the Secret Server User Guide, the Secret Server Forums and other documents published in the Thycotic Software Knowledge Base.
Secret Server User Guide:
http://updates.thycotic.net/secretserver/documents/SecretServerUserGuide.pdf?guid=09062011
Secret Server Forums:
http://www.thycotic.com/products_secretserver_forums.html
Thycotic Software Knowledge Base:
http://support.thycotic.com/KB/search.aspx
Article ID: 223, Created On: 12/22/2011, Modified: 1/26/2012