...
The UITS DBA team developed and maintains a series of scripts to refresh the non-prod Kuali databases from the most recent (nightly) production schema level export file. This process allows the Kuali non-prod environments to contain a highly relevant set of data for development, testing, training, and production trouble-shooting. The scripts are automated by environment in Control-M jobs. Refreshes are initiated by submitting a
These are the steps to perform a data refresh :
- Log into Control-M
...
- .
- Click the "Order Service" button at the top of the page.
- Select the desired environments to refresh.
- Open the refresh job and confirm the first step by right-clicking on the step and choosing "confirm"
The automated jobs contain all of the actions necessary to take the application servers offline, perform the refresh, and then restore the application servers to an available state. The refresh process also includes scripts executes the cleansePIIData.sql script to restore the test version of the encryption key and java object, and to falsify and re-encrypt the contents of all sensitive data fields. This script does not re-encrypt CLOB data. A separate process is required for that.
** Due to the size of the production attachments table, we do not populate the attachments in the refreshed environments. The empty table structure is created but not populated.
Sample request form
Feb 3 2015 Refresh KFS Environments Request.docx
Refreshes are performed at the start of each month (following a successful month end process). The above form is an example of a recent request to refresh all of the non-prod environments.
Unique environment:
DR Environment
...
- the java object in the DR schemas must be replaced with the test version of java object. (Dave Raines)
- *** Tip: to determine if the java object in the database schema is the test version or prod version, follow these steps:
- using SQL Developer or Toad, connect to the schema in question
- under the java node, confirm that the status field of the java object is "valid"
- View the source of the encryption class
- The value of the instance variable 'secretkey' identifies if it is prod or non-prod
- *** Tip: to determine if the java object in the database schema is the test version or prod version, follow these steps:
- the encryption key in the security file on the application servers is replaced with the test key. (Ben Daniels)
Refresh Schedule
Ad Hoc refreshes can be performed at any time by contacting the KFS Dev team.
Scheduled refreshes are performed during the week after a release. Specific schedules can be found in the Planned Releases checklists.
Requirements
| Environment | PII Script Execution | Encryption following PII scripts |
|---|---|---|
| DEV | Yes | Yes |
| YE | Yes | Yes |
| UAT | Yes | Yes |
| SUP | No* | No (data already encrypted from import) |
| TRN | Yes | Yes |
| DR (not for DR) | Yes | Yes |
*Backdoor access in all environments is now controlled by permissions in KFS. Only those granted this permission via management authorization have the ability to utilize backdoor access. All sensitive data is encrypted in all instances so only those with the proper credentials or permission for backdoor access will have visibility to encrypted data.
| Note |
|---|
Before a UAT refresh is performed, please ensure that no failed batch jobs have created orphaned processes on the UAT.BATCH server. These processes will be owned by KFSCTMUSER or "505" and can interfere with the refresh procedure. Please notify the CM or SA to check this if you are unsure whether there are orphaned batch processes present. |
DBA Procedure Document
Kuali Refresh Copy Procedure.doc