/
Backup and Disaster Recovery

Backup and Disaster Recovery

This guide provides architectural information for planning EmpowerID backup and disaster recovery. For SQL Server backup and recovery procedures, refer to Microsoft SQL Server documentation and your organization's database backup policies.

Data Storage Architecture

EmpowerID houses all data in the Microsoft SQL Identity Warehouse database. This centralized data storage approach simplifies backup planning by consolidating all critical information in a single location.

The Identity Warehouse database contains:

  • Configuration Data

  • Application Integration Data

  • SSO and Federation Configuration Data

  • Directory Sync Configuration Rules

  • Security Role Data

Backup Requirements

Database Backup

The SQL Server Identity Warehouse database is the primary backup requirement. All EmpowerID operational data, configuration, and state information resides in this database.

Follow Microsoft SQL Server best practices for your backup strategy:

  • Regular full database backups

  • Transaction log backups for point-in-time recovery capability

  • Backup retention policies aligned with your recovery objectives

Server Configuration

No server configuration data outside of the standard installation data is unique between servers. EmpowerID servers are essentially stateless, with all persistent data stored in the database.

File System Data

The only file system-specific configuration involves web console branding or theming changes, such as custom logos, CSS files, and images applied to the website. If you have customized branding, these files should be backed up separately.

Disaster Recovery Architecture

High Availability Configuration

Disaster recovery can be achieved by:

  1. Installing additional servers in a DR site

  2. Configuring SQL Server into a high availability group within the Microsoft SQL configuration

  3. Establishing asynchronous database replication between primary and DR sites

image-20260204-144953.png
Figure 1: Disaster Recovery Architecture

A

Architecture Overview:

  • Entry Point: Traffic enters through the load balancer and reverse proxy

  • Application Tiers: Dual web and app servers provide redundancy and load distribution

  • Data Layer: VDS replicates to SQL Always On HA database for disaster recovery using asynchronous replication

  • Failover: Upon primary failure, DR database promotes to primary, and the servers reconnect automatically

Architecture Components:

  1. SQL Always On High Availability - A secondary SQL server setup with a copy of the EmpowerID Database configured for SQL Always On High Availability asynchronous replication

  2. Active DR Servers - EmpowerID Web, App, VDS, and Reverse Proxy servers are configured into the EmpowerID environment as active systems. The SQL connection string is configured with the HA Group name of the EmpowerID database. Once configured, the services can be turned off to put the servers in an inactive state

  3. Load Balancer Redundancy - Redundant load balancer configured into the load balancer infrastructure

Failover Behavior:

In the event of a failure of the primary environment, the SQL engine will fail over to the secondary replica and promote the secondary database to be primary.

In the event of a failure of the primary environment, the services are started on the EmpowerID servers, which automatically connect to the new primary database and update themselves with any updated workflows from the EmpowerID database.

Point-in-Time Recovery

Using SQL Server's point-in-time restore process, the system can be easily restored to any specific minute in time, provided appropriate transaction log backups are maintained.

Data Security Considerations

Understanding how EmpowerID stores sensitive data is important for compliance and audit purposes.

Password Storage

All user authentication and authorization data is stored in the database:

  • User passwords are stored in a one-way, hashed encrypted format and are uniquely salted

  • Service account passwords (stored for purposes of subsequent retrieval and use by agents) are encrypted via server certificate, and then the hash is encrypted

Database Encryption

EmpowerID supports Microsoft's full database encryption (Transparent Data Encryption) if desired. This provides encryption at rest for the entire database.