Rogers Shared Operations

eTrust/SSO Database
Synch Verification

SECOPS104

Final 1.0

NOTICE: Proprietary and Confidential

This material is proprietary to Rogers Shared Operations. It contains trade secret and confidential information, which is
solely the property of Rogers Shared Operations. This material is solely for the Rogers Shared Operations’ internal use.
This material shall not be used, reproduced, copied, disclosed, transmitted, in whole or in part, without the express
consent of Rogers Shared Operations© 2004,

Rogers Shared Operations© All rights reserved

eTrust/SSO Database Synch Verification RSO-IT Confidential

DOCUMENT DETAILS
Issuing department RSO IT IS
Ownership Security Operations
Update authority Security Operations, Security Manager, Director
Issue date 10.09.2007
Effective date 07.10.2008
Expiry date 07.10.2009
Review cycle Annually

VERSION CONTROL
Date Change owner Changed by Version Description
(MM/DD/YYYY)
10.09.2007 Chris Siwik Chris Siwik Draft 1.0 Initial Doc
07.10.2008 Chris Siwik Chris Siwik Final 1.0 Added effective and expiry
date. Updated new SSO
servers.

Effective date: 07.10.2008 - Expiry date: 07.10.2009 Page 2

SECOPS104 - Version: Rogers Shared Operations© All rights reserved
eTrust/SSO Database Synch Verification RSO-IT Confidential

1. Table Of Contents
Rogers Shared Operations 1
eTrust/SSO Database Synch Verification 1
SECOPS104 1
1. Table Of Contents 4
2. Introduction 5
2.1. Scope 5
2.2. Roles and Responsibilities 5
2.3. Definitions 6
2.4. Exemptions of Standards 7
3. eTrust DX Database Verification 8
3.0 LDIF Backup on the Source Server 8
4. Process to Verify Synchronization of SSO servers 8

Effective date: 07.10.2008 - Expiry date: 07.10.2009 Page 3

SECOPS104 - Version: Rogers Shared Operations© All rights reserved
eTrust/SSO Database Synch Verification RSO-IT Confidential

2. Introduction

2.1. Scope
The scope of this document is to delineate the process by which the DX Server and AC databases
synchronization is verified on eTrust Admin and SSO.

2.2. Roles and Responsibilities

RSO-IT Infrastructure Security Verification of request validity, and processing of valid

requests.
RSO-IT Infrastructure Access NA
Provisioning
RSO-IT Technical Services (UNIX) NA
RSO-IT Technical Services (Intel) NA
RSO-IT Technical Services NA
(Database)
RSO-IT Technical Services (Backup NA
and Recovery)
RSO-IT Network Services NA

Effective date: 07.10.2008 - Expiry date: 07.10.2009 Page 4

SECOPS104 - Version: Rogers Shared Operations© All rights reserved
eTrust/SSO Database Synch Verification RSO-IT Confidential

2.3. Definitions

Effective date: 07.10.2008 - Expiry date: 07.10.2009 Page 5

SECOPS104 - Version: Rogers Shared Operations© All rights reserved
eTrust/SSO Database Synch Verification RSO-IT Confidential

2.4. Exemptions of Standards

Any exceptions to the standards defined in this document must undergo assessment and
approval by way of a request sent to RSO-IT Security, who will be responsible for
maintaining the IT Security Exemption email account.
The process for requesting exemptions to any security standards will be as follows:

1) System owner identifies the items that require exemptions and fill out the Security
Standards Exemption Form located within the common forms section of the IT
Support Website. The current location is
https://itsupport.rci.rogers.com/main/forms/common/secExempt.asp?FormID=68

2) The form will generate a reference number and email the request to the
ITSecurity.Exemptions@rci.rogers.com mailbox. Both the requestor and the
requestor’s manager will be CC’d on the email. The requestor’s manager will be given
instruction to “reply to all” with their approval for the exemption request.

3) Upon receipt of the manager’s approval, RSO-IT Security Planning will assess the
security risk related to exception item(s), the duration of the exemption and
information related to the intended remediation.

4) RSO-IT Security Planning will decide whether to approve the request based on the
assessment or to submit the assessment of the business risk to the applicable VP or
CIO and await their acceptance of the risk.
5) RSO-IT Security Planning will then notify the System Administrator of approval and
CIO risk acceptance and document and document and track the details pertaining to
the requested exemption.

Effective date: 07.10.2008 - Expiry date: 07.10.2009 Page 6

SECOPS104 - Version: Rogers Shared Operations© All rights reserved
eTrust/SSO Database Synch Verification RSO-IT Confidential

3. eTrust DX Database Verification

The DX database must be in synch on all three eTrust Admin servers (RCIESNESFETA01,
RCIESNESFETA02), RCITDCESFETA01). This is in order to have information uniformity through
out. Below is the process to verify this synchronization.

3.0 LDIF Backup on the Source Server

1. In order to run the LDIF backup on source server (the server that has a
current, valid database – RCIESNESFETA01, RCIESNESFETA02 &
RCITDCESFETA01), ensure you are logged in as serv_eta

The command to back up the database is:

dxdumpdb -p "dc=etadb" –f “d:\backup\%mm%%dd%%yyyy%_rogersdb.ldif" -S
rciesnesfeta01 or rciesnesfeta02 or rcitdcesfeta01_etadb_rogers rogersdb

2. Sort the LDIF file using the following command:

ldifsort "d:\backup\%month%%day%%year%_rogersdb.ldif" "d:\backup\%month%
%day%%year%_rogersdb_sorted.ldif" >> ldif_screen

3. Take a note of the resulting record.

4. Repeat steps 1 to 2 on all three eTrust admin servers. All three records
should be exact. If any of the records are out of synch, send an email to: ITIS
cc: ITISO specifying the record count per server with the below text in the
subject line….

eTrust Admin DX Server database verification (Date)

4. Process to Verify Synchronization of SSO servers

4.1 LDIF backup on source server (rciesnesfsso01)

a. The source server is the server that has a current, valid database.
b. dxdumpdb -p "o=ps" PS > mmddyy_ps.ldif

Effective date: 07.10.2008 - Expiry date: 07.10.2009 Page 7

SECOPS104 - Version: Rogers Shared Operations© All rights reserved
eTrust/SSO Database Synch Verification RSO-IT Confidential

Effective date: 07.10.2008 - Expiry date: 07.10.2009 Page 8

SECOPS104 - Version: Rogers Shared Operations© All rights reserved
eTrust/SSO Database Synch Verification RSO-IT Confidential

4.2 Sort the LDIF file using the following command:

ldifsort mmddyy_ps.ldif mmddyy_ps_sorted.ldif >> ldiff_screen

4.3 Take a note of the resulting record.

4.4 Repeat steps 1 to 2 on all eight SSO servers. All eight records
should be exact. If any of the records are out of synch, send an email to:

Effective date: 07.10.2008 - Expiry date: 07.10.2009 Page 9

SECOPS104 - Version: Rogers Shared Operations© All rights reserved
eTrust/SSO Database Synch Verification RSO-IT Confidential

ITIS, cc: ITISO specifying the record count per server, with the below text in
the subject field.

SSO DX Server Database Verification

5.0 SSO Access Control Verification

In order to verify the AC database, go to S:\RSS\BU 03\RESP 7030\DEPT 525\Security

Operations\Software and copy the folder named “diff” to your local machine at D:\

Log into RCIESNESFSSO01

Go to start – run – cmd. Change directories to D:\temp.
Type the following…
D:\Temp>dbmgr -e -r -c APPL GAPPL > ssoac01.out
Log onto RCIESNESFSSO02
D:\Temp>dbmgr -e -r -c APPL GAPPL > \\RCIESNESFSSO01\d$\temp\ssoac02.out
Log onto RCIESNESFSSO03
D:\Temp>dbmgr -e -r -c APPL GAPPL > \\RCIESNESFSSO01\d$\temp\ssoac03.out
Log onto RCIESNESFSSO04
D:\Temp>dbmgr -e -r -c APPL GAPPL > \\RCIESNESFSSO01\d$\temp\ssoac04.out
Log onto RCITDCESFSSO01
D:\Temp>dbmgr -e -r -c APPL GAPPL > \\RCIESNESFSSO01\d$\temp\ssoactdc1.out
Log onto RCITDCESFSSO02
D:\Temp>dbmgr -e -r -c APPL GAPPL > \\RCIESNESFSSO01\d$\temp\ssoactdc2.out
Log onto RCITDCESFSSO03
D:\Temp>dbmgr -e -r -c APPL GAPPL > \\RCIESNESFSSO01\d$\temp\ssoactdc3.out
Log onto RCIBURESFSSO01
D:\Temp>dbmgr -e -r -c APPL GAPPL > \\RCIESNESFSSO01\d$\temp\ssoacbur.out

Log out of RCIESNESFSSO02, RCIESNESFSSO03, RCIESNESFSSO04,

RCITDCESFSSO01, RCITDCESFSSO02, RCITDCESFSSO03 & RCIBURESFSSO01.

Effective date: 07.10.2008 - Expiry date: 07.10.2009 Page 10

SECOPS104 - Version: Rogers Shared Operations© All rights reserved
eTrust/SSO Database Synch Verification RSO-IT Confidential

On RCIESNESFSSO01, at the D:\Temp directory, type the following…

D:\Temp>sort ssoac01.out > sortedssoac01.out

D:\Temp>sort ssoac02.out > sortedssoac02.out

D:\Temp>sort ssoac03.out > sortedssoac03.out

D:\Temp>sort ssoac04.out > sortedssoac04.out

D:\Temp>sort ssoactdc01.out > sortedssoactdc01.out

D:\Temp>sort ssoactdc02.out > sortedssoactdc02.out

D:\Temp>sort ssoactdc03.out > sortedssoactdc03.out

D:\Temp>sort ssoacbur01.out > sortedssoacbur02.out

Log out of RCIESNESFSSO01

On you PC, go to start – run – cmd and hit enter.

Change directories to the following…

D:\diff

Within that directory type the following….

D:\diff>diff -u sortedssoac01.out sortedssoac02.out >diff0102_(the date).txt

D:\diff>diff -u sortedssoac01.out sortedssoac03.out >diff0103_(the date).txt

D:\diff>diff -u sortedssoac01.out sortedssoac04.out >diff0104_(the date).txt

D:\diff>diff -u sortedssoac01.out sortedssoactdc01.out >diff01tdc01_(the date).txt

D:\diff>diff -u sortedssoac01.out sortedssoactdc02.out >diff01tdc02_(the date).txt

D:\diff>diff -u sortedssoac01.out sortedssoactdc03.out >diff01tdc03_(the date).txt

D:\diff>diff -u sortedssoac01.out sortedssoacbur01.out >diff01bur_(the date).txt

This will create seven separate .txt files within D:\diff. If there is any info present within the
created .txt file below the entry of the two compared files, then the databases are out of
synch. Please see below for an example of a .txt file that shows a database being out of
synch to one that is not out of synch.

Out of synch…

Effective date: 07.10.2008 - Expiry date: 07.10.2009 Page 11

SECOPS104 - Version: Rogers Shared Operations© All rights reserved
eTrust/SSO Database Synch Verification RSO-IT Confidential

In synch…

Effective date: 07.10.2008 - Expiry date: 07.10.2009 Page 12

SECOPS104 - Version: Rogers Shared Operations© All rights reserved
eTrust/SSO Database Synch Verification RSO-IT Confidential

If any of the records are out of synch, send an email to: ITIS, cc: ITISO,
attaching the out of synch .txt files with the below in the subject line.

SSO Access Control Verification

Effective date: 07.10.2008 - Expiry date: 07.10.2009 Page 13

SECOPS104 - Version: Rogers Shared Operations© All rights reserved