Chapter 9. System management guidelines 183
9.3.6 HTTP single sign-on (SSO)
When you enable HTTP single sign-on, user authentication credentials are
preserved across multiple applications in the same domain, for example:
Cooperating but disparate Web servers
Cooperating applications like the IBM On Demand Server and Windows
NT suites.
With SSO, your application will then avoid repeated requests of user security
credentials. However, if your application wants to use the SSO feature, then it
must use an LTPA registry (LDAP for example).
9.4 Backup and recovery guidelines
Backup may seem a mundane and repetitive task you perform routinely, but it
is absolutely necessary. Its importance to you is never emphasized enough
and typically you will only realize it during a disaster. Imagine losing valuable
transactional data due to a hard disk failure and you do not have a backup.
We suggest you consider the following factors when considering a backup
1. Data to backup
You should consider the solutions support for the various data you need
to backup. The data includes operating systems, application data,
transaction logs, configuration files, application databases, and
WebSphere Application Server repository databases.
2. Available backup window time
In most situations, there is a limited window of time to complete the
backup. Thus, you will have to consider the performance of the backup
solution. Consider the performance of the solution as a whole, not the
individual pieces.
3. Required system recovery time
Not only should the backup be fast, but the recovery process should be
equally fast. Consider how the backup solution is able to provide fast
4. Support for enterprise backup
The solution should be scalable to perform backup of new systems that
you may install, as a result of growth and upgrades. You may also want to
use the backup solution for other existing applications.
184 e-Marketplace Pattern using WebSphere Commerce Suite, Marketplace Edition
5. Integration with system management tools
It is very useful if the backup solution can be integrated with existing
system management tools and thus provides a central administration
6. Support for emerging technology
The software should be able to support emerging storage area network
(SAN) based storage solutions. As your information needs grow, these
storage solutions will provide large-capacity and high-performance data
9.4.1 Using Tivoli Storage Manager (TSM)
Based on the above factors in selecting a comprehensive backup solution, we
recommend the IBM Tivoli Storage Manager (TSM). It is an integrated
storage management solution that will meet the needs of any company, from
small Internet startups to large enterprises. TSM provides the following
Full support of client platforms
High performance backup and recovery process
Wide support for IBM and non-IBM tape/optical technology
Scalable solution to meet growing storage demands
Support for SAN-based solution
Integrated with the Tivoli suite of systems management products
Lets begin by looking at how you can configure a Tivoli Storage Manager
solution. We recommend that each and every system in your configuration be
backed up. The frequency of backup will vary, depending on the type of
information and the frequency of changes.
Figure 37 shows the recommended Tivoli components for deployment in the
internal network nodes.
Chapter 9. System management guidelines 185
Figure 37. TSM server and client setup in the internal network
Referring to Figure 37, lets assume you install one TSM server in the
scenario. This server should be located in the internal network with no
external Internet access to it.
Once the TSM server setup is completed successfully, install TSM clients at
every system that you would like to back up. For example, we have installed
TSM clients at the directory server, Commerce Server and the shared file
system server. Test the connectivity between the TSM clients and the TSM
server by doing a user-initiated backup.
For the servers in the DMZ (see Figure 38 on page 186), you can also install
a TSM client. To facilitate communication between the TSM client in the DMZ
and the TSM server in the intranet, you will have to open up one port in the
firewall. This port can be preconfigured in both the TSM client and server.
186 e-Marketplace Pattern using WebSphere Commerce Suite, Marketplace Edition
Figure 38. TSM server and client setup in the DMZ and internal network
If this additional firewall port is a security issue in your environment, then
there are two viable options to consider:
1. Install Tivoli Data Protection for Workgroups (TDPfW) for Windows NT
TDPfW provides a stand-alone disaster recovery for Windows NT
machines. It can back up entire Windows NT machines or volumes, and if
a disaster occurs, TDPfW can restore the complete machine, including the
boot volume, disk partitions, security, operating systems, and user files
from a locally attached SCSI tape drive.
This is very useful for small LAN environments (for example, the DMZ
shown in Figure 39) where you have to manage only a few servers.
However, this product currently is supported on Windows NT only.

Get e-Marketplace Pattern using WebSphere Commerce Suite, MarketPlace Edition Patterns for e-business Series now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.