Backup and recovery: Security

These items should be considered for backup of security information:

• Users
• Security properties files
• Administrative configuration
• HTTP configuration
• Key files
• Validation lists

Users

When using local OS security, back up your i5/OS user profiles, using normal i5/OS save procedures for user profiles. For more information, see the following topics in the iSeries Information Center:

• Backup and Recovery
• Availability
• Backup and Recovery

For information on the Directory Server Product (LDAP server), see the IBM Directory Server for iSeries (LDAP) topic in the iSeries Information Center.

For information on Domino, see the Domino Reference Library (http://doc.notes.net/domino_notes/5.0/as400/as400hlp.nsf) .

Security properties files

Security settings are saved in several properties files. By default, these are located in /QIBM/Userdata/WebASE51/ASE/instance/properties where instance is the name of your instance. If you have defined additional WebSphere instances, you will have additional properties files located in the directories for those instances.

SAV DEV('/QSYS.lib/wsalib.lib/wsasavf.file')
 OBJ(('instance/properties/sas*'))

Note: This command has been wrapped for display purposes. Enter it as one command.

Security property files can be saved while WebSphere is running.

HTTP configuration

Note: The following information applies to IBM HTTP Server for i5/OS. If you are using Lotus Domino HTTP Server, see the Notes.net Documentation Library (http://www.notes.net/notesua.nsf?OpenDatabase) .

Changes to the HTTP configuration are often made to enable WebSphere Application Server - Express to serve servlets and JSP requests, and to enable WebSphere Application Server - Express security. You should consider saving your HTTP configuration as a part of your WebSphere Application Server - Express backup and recovery. The IBM HTTP Server configurations are stored as members of the QATMHTTPC file in library QUSRSYS. HTTP server instances are members of the QATMHINSTC file in the library QUSRSYS. These are example save commands for these files:

SAVOBJ OBJ(QUSRSYS/QATMHTTPC)
SAVOBJ OBJ(QUSRSYS/QATMHINSTC)

Key files

Key files should also be saved. They contain certificates used by the WebSphere Application Server - Express security infrastructure and also for HTTPS transport between servers. Save all files in the WAS_INSTANCE_ROOT/etc directory. Key files are contained in the WAS_INSTANCE_ROOT/etc directory, but may be created and stored in other directories by administrators.

Validation lists

Passwords are stored as encrypted data in validation list objects when the i5/OS password encoding algorithm is used. The default validation list is /QSYS.LIB/QUSRSYS.LIB/EJSADMIN.VLDL, but you can change it in the WebSphere administrative console by specifying it as a system property for the application server.

Save and restore validation list objects using the Save Object (SAVOBJ) and Restore Object (RSTOBJ) commands, for example:

SAVOBJ OBJ(EJSADMIN) LIB(QUSRSYS) DEV(*SAVF) SAVF(WSALIB/WSASAVF)
 RSTOBJ OBJ(EJSADMIN) SAVLIB(QUSRSYS) DEV(*SAVF) OBJTYPE(*VLDL) SAVF(WSALIB/WSASAVF)