While the Operations Guide for System Center 2012 - Operations Manager prescribes how to backup the ACS database, this post seeks to enable you to automatically backup important data stored on the ACS collectors. The most important item to backup on the ACS collectors is the %WINDIR%\System32\Security\AdtServer\AcsConfig.xml file which is updated by the collector every 5 minutes. Although it doesn't change as frequently as the AcsConfig.xml file, the second most important item to backup is the ACS filter and any other AdtServer Registry key modifications. If these lightweight items are copied off of the servers to another backup location, then you won't have to back up the servers hosting the ACS collector role.
In order to get value out of this approach, the following capabilities are assumed to be in effect in the target ACS environment:
- Availability and disaster recovery planning has been completed and factored into the ACS design and implementation.
- The ACS infrastructure may have two collectors that write security events to a single ACS database in an active/passive manner (described here).
- The ACS collector role is not co-located on the same server as the ACS database role.
- The ACS database backup is capable of including flat files stored in a directory that is shared on the network to which the ACS collector computer accounts can write.
- The ability to deploy the following in a fast manner: a Windows Server OS, the OM 2012 Management Server role, and the ACS collector role.
Follow these steps to implement:
- Configure the ACS database backup directory as a share and grant permissions to the ACS collector computer accounts so that they can write to the share. (By default, the scheduled task runs under SYSTEM credentials. However, as an alternative, you can change the task to run under a domain user account which will need write permissions to the share/dir instead of the computer accounts.)
- Download the attached zip file and extract the two PS files (Backup-AcsConfig.ps1 and Set-AcsTask.ps1) and copy to the ACS collectors.
- Log on to the ACS collector with admin privileges. Open elevated PS prompt and change directory to the local folder where the files are stored.
- Execute Set-AcsTask.ps1. When prompted with the text “ACS configuration will need to be copied to a network share for backup”, enter the UNC path to the network share that was configured in step 1 above. When prompted with the text “Specify the directory where the Backup-AcsConfig.ps1 script is currently located”, enter the local path from step 2 above.
- Open the Task Scheduler snap-in on the server. Select View > Show Hidden Tasks in the toolbar. In the details pane, double-click Backup-AcsConfig and inspect the task’s default settings. By default, the task runs as SYSTEM and runs once every 4 hours starting at 12:00 AM. Adjust the settings to match your environment’s RTOs and RPOs.
- Manually verify that the task can run by right-clicking it and selecting Run in the shortcut menu. The task should execute quickly. Refresh the view and inspect the Last Run Result column in the details pane. If it failed, then ensure the remote backup share is configured with correct permissions; otherwise, examine the Task History for details on the failure. The task will also potentially log errors in the System event log as the Audit event source.
- The remote backup share should have a XML and a REG file copied to it with the ACS collector’s server name as a prefix. Use these files if/when re-installing the ACS collector to support a restore operation.
- Rinse and repeat above steps on other ACS collectors.