Wednesday, November 16, 2011

OM12 RC: Dude, how do I backup the Encryption Key? Answer: You don’t!

In SCOM and SCOM R2 installations it was crucial to backup the Encryption Key of your RMS server and store it safe (which isn’t on the RMS…). Basically what this key does is decrypting secure data present in the Operational Database. Without it, no RMS. Period.

When disaster strucks and renders your RMS useless, there is a way to promote (temporarily) a MS server to RMS in order to have your SCOM environment back in working condition. For this the Encryption Key is crucial. Without it, no promotion of a MS to RMS. (Yes, I know, there are some workarounds since R2 but you don’t want to go there.)

So far so good.

Q: But how about it in OM12? Do you still need to backup the Encryption Key?

A: Well, the RMS is gone with OM12 (thank you Microsoft) since the RMS functionality is now shared among ALL OM12 Management Servers. Along with it the requirement to backup the Encryption Key as well. The tool to run a backup of the Encryption Key isn’t present anymore. So no more backups of the Encryption Key in OM12.

Q: But what if I only run a single OM12 MS server and it dies?

A: Never ever install ONE OM12 MS server. Install at least TWO of them. And in the same period of time. So when you install your OM12 environment, install at least TWO OM12 MS servers on the same day before you proceed any further. Of course, for lab environments one OM12 MS server could do, but even there, TWO are the way to go since pools of OM12 MS servers are used by OM12. So with a single OM12 MS server, your lab environment would be way off compared to normal production situations (perhaps it’s the time to ask for a better lab environment??).

No comments: