If the Rollback wizard is unsuccessful, the server typically is left in an unbootable state and you must either perform a full restore of the vious operating system or a clean installati
Trang 1Confi guring Print Settings for a Clustered Print Server
You can confi gure a printer for a clustered print server by completing the following steps:
1 In Failover Cluster Management, expand the node for the cluster you want to
work with by double-clicking it If the cluster you want to work with is not listed, connect to it
2 Expand the cluster’s Services And Applications node
3 Right-click the clustered print server and then select Manage Printers This opens
Print Management with a Failover Cluster Management interface
4 Under Print Management ensure that the clustered print server or the cluster
node is listed If it is not, right-click Print Servers and then select Add/Remove Servers Type the host name or IP address of the clustered print server and then click Add To List
5 Right-click the clustered print server and then click Add Printer This starts the
Add Printer wizard
6 Follow the prompts to create the shared printer This is the same wizard that you
use with nonclustered servers After you’ve added the printer, you can manage it
as you would any other printer
Managing Failover Clusters and Their Resources 1367
Trang 3Ask three different people what their idea of a disaster is and you’ll probably get
three different answers For most administrators, the term disaster probably means
any scenario in which one or more essential systems, services, or applications cannot operate and the prospects for quick recovery are less than hopeful—that is, a disaster is something a service reset or system reboot won’t fi x
To ensure that operations can be restored as quickly as possible in a given situation, every network needs a clear disaster recovery plan In this chapter, I’m not going to mince words and try to explain why you need to plan for disasters Instead, I’m going to focus on what you need to do to get ready for the inevitable, because worst-case scenar-ios can and do happen I’m also going to discuss predisaster preparation procedures
Preparing for a Disaster
Chapter 38, “Planning for High Availability,” went into detail about planning for highly available, scalable, and manageable systems Many of the same concepts go into disas-ter planning Why? Because, at the end of the day, disaster planning involves imple-menting plans that ensure the availability of systems and services Remember that part
of disaster planning is applying some level of contingency planning to every essential network service and system You need to implement problem escalation and response procedures You also need a standing problem-resolution document that describes in great detail what to do when disaster strikes
Developing Contingency Procedures
You should identify the services and systems that are essential to network operations Typically, this list will include the following components:
Network infrastructure servers running Active Directory, Domain Name System (DNS), Dynamic Host Confi guration Protocol (DHCP), Terminal Services, and Routing and Remote Access Service (RRAS)
File, database, and application servers, such as servers with essential fi le shares
or those that provide database or e-mail services Networking hardware, including switches, routers, and fi rewalls
CHAPTER 40
Disaster Planning
1369
Trang 4Use Chapter 38 to help you develop plans for contingency procedures in the following areas:
Physical security Place network hardware and servers in a locked, secure access facility This could be an offi ce that is kept locked or a server room that requires a passkey to enter When physical access to network hardware and servers requires special access privileges, you prevent many problems and ensure that only autho-rized personnel can get access to systems from the console
Data backup Implement a regular backup plan that ensures that multiple sets are available for all essential systems, and that these backups are stored in more than one location For example, if you keep the most current backup sets on-site in the server room, you should rotate another backup set to off-site stor-age In this way, if disaster strikes, you will be more likely to be able to recover operations
Fault tolerance Build redundancy into the network and system architecture At the server level, you can protect data using a redundant array of independent disks (RAID) and guard against component failure by having spare parts at hand These precautions protect servers at a very basic level For essential services such
as Active Directory, DNS, and DHCP, you can build in fault tolerance by ing redundant systems using techniques discussed throughout this book These same concepts can be applied to network hardware components such as routers and switches
Recovery Every essential server and network device should have a written recovery plan that details step by step what to do to rebuild and recover it Be as detailed and explicit as possible and don’t assume that the readers know any-thing about the system or device they are recovering Do this even if you are sure that you’ll be the one performing the recovery—you’ll be thankful for it, trust me Things can and do go wrong at the worst times, and sometimes, under pressure, you might forget some important detail in the recovery process—not to mention that you might be unavailable to recover the system for some reason
Power protection Power-protect servers and network hardware using an ruptible power supply (UPS) system Power protection will help safeguard serv-ers and network hardware from power surges and dirty power Power protection will also help prevent data loss and allow you to power down servers in an appro-priate fashion through manual or automatic shutdown
uninter-Implementing Problem Escalation and Response Procedures
As part of planning, you need to develop well-defi ned problem escalation procedures that document how to handle problems and emergency changes that might be needed You need to designate an incident response team and an emergency response team Although the two teams could consist of the same team members, the teams differ in fundamental ways
Trang 5Incident response team The incident response team’s role is to respond to rity incidents, such as the suspected cracking of a database server This team is concerned with responding to intrusion, taking immediate action to safeguard the organization’s information, documenting the security issue thoroughly in an after-action report, and then fi xing the security problem so that the same type
secu-of incident cannot recur Your organization’s security administrator or network security expert should have a key role in this team
Emergency response team The emergency response team’s role is to respond to service and system outages, such as the failure of a database server This team is concerned with recovering the service or system as quickly as possible and allow-ing normal operations to resume Like the incident response team, the emergency response team needs to document the outage thoroughly in an after-action report, and then, if applicable, propose changes to improve the recovery process Your organization’s system administrators should have key roles in this team
Putting in a UPS requires a bit of planning, because you need to look not only at ers but also at everything in the server room that requires power If the power goes out, you want to have ample time for systems to shut down in an orderly fashion You may also have some systems that you do not want to be shut down, such as routers or servers required for security key cards In most cases, rather than using individual UPS devices, you should install enterprise UPS solutions that can be connected to several servers or components
serv-After you install a UPS, you can confi gure servers to take advantage of the UPS using the management software included with the UPS You can then confi gure the way a server reacts when it switches to battery power Typically, you’ll want servers to start an orderly shutdown within a few minutes of switching to battery power
In your planning, remember that 90 percent of power outages last less than 5 minutes and 99 percent of power outages last less than 60 minutes With this in mind, you may want to plan your UPS implementation so that you can maintain 7 to 10 minutes of power for all server and network components and 60 to 70 minutes for critical systems
You would then confi gure all non-critical systems to shut down automatically after 5 minutes, and critical systems to shut down after 60 minutes
Creating a Problem Resolution Policy Document
Over the years, I’ve worked with and consulted for many organizations, and I’ve often been asked to help implement information technology (IT) policy and procedure In the area of disaster and recovery planning, there’s one policy document that I always use, regardless of the size of the company I am working with I call it the problem resolution policy document
SIDE OUT Using and confi guring a UPS
Putting in a UPS requires a bit of planning, because you need to look not only at ers but also at everything in the server room that requires power If the power goes out, you want to have ample time for systems to shut down in an orderly fashion You may also have some systems that you do not want to be shut down, such as routers or servers required for security key cards In most cases, rather than using individual UPS devices, you should install enterprise UPS solutions that can be connected to several servers or components.
serv-After you install a UPS, you can confi gure servers to take advantage of the UPS using the management software included with the UPS You can then confi gure the way a server reacts when it switches to battery power Typically, you’ll want servers to start an orderly shutdown within a few minutes of switching to battery power.
In your planning, remember that 90 percent of power outages last less than 5 minutes and 99 percent of power outages last less than 60 minutes With this in mind, you may want to plan your UPS implementation so that you can maintain 7 to 10 minutes of power for all server and network components and 60 to 70 minutes for critical systems
You would then confi gure all non-critical systems to shut down automatically after 5 minutes, and critical systems to shut down after 60 minutes.
Preparing for a Disaster 1371
Trang 6The problem resolution policy document has the following six sections:
Responsibilities The overall responsibilities of IT and engineering staff during and after normal business hours should be detailed in this section For an orga-nization with 24/7 operations, such as a company with a public Web site main-tained by internal staff, the after-hours responsibilities section should be very detailed and let individuals know exactly what their responsibilities are Most organizations with 24/7 operations will designate individuals as being “on call”
7 days a week, 365 days a year, and in that case, this section should detail what being “on call” means, and what the general responsibilities are for an individual
on call
Phone roster Every system and service that you’ve identifi ed in your planning
as essential should have a point of contact For some systems, you’ll have several points of contact Consider, for example, a database server You might have a sys-tem administrator who is responsible for the server itself, a database administra-tor who is responsible for the database running on the server, and an integration specialist responsible for any integration components running on the server
Notifi cation procedures The way problems get resolved is through notifi cation This section should outline the notifi cation procedures and the primary point of contact in case of outage If many systems and services are involved, notifi cation and primary contacts can be divided into categories For example, you may have
an external systems notifi cation process for your public Internet servers and an internal systems notifi cation process for your intranet services
Escalation When problems aren’t resolved within a specifi c timeframe, there should be clear escalation procedures that detail whom to contact and when For example, you might have level 1, level 2, and level 3 points of contact, with level
1 contacts being called immediately, level 2 contacts being called when issues
Trang 7aren’t resolved in 30 minutes, and level 3 contacts being called when issues aren’t resolved in 60 minutes
Note
You should also have a priority system in place that dictates what types of incidents or outages take precedence over others For example, you could specify that service-level outages, such as those that involve the complete system, have priority over an isolated outage involving a single server or application, but that suspected security incidents have priority over all other issues
Post-action reporting Every individual involved in a major outage or incident should be expected to write a post-action report This section details what should
be in that report For example, you would want to track the notifi cation time, actions after notifi cation, escalation attempts, and other items that are important
to improving the process or preventing the problem from recurring
Every IT group should have a general policy with regard to problem resolution dures, and this policy should be detailed in a problem resolution policy document or one like it The document should be distributed to all relevant personnel throughout the organization, so that every person who has some level of responsibility for ensur-ing system and service availability knows what to do in case of an emergency After you implement the policy, you should test it to help refi ne it so that the policy will work as expected in an actual disaster
proce-Disaster Preparedness Procedures
Just as you need to perform planning before disaster strikes, you also need to form certain disaster preparedness procedures These procedures ensure that you are able to recover systems as quickly as possible when a disaster strikes and include the following:
per-Backups Startup repair Recovery disks Startup and recovery options Recovery Console
Disaster Preparedness Procedures 1373
Trang 8software, you can use one or more dedicated backup servers to create backups of other servers on the network, and then write the backups to media on centralized backup devices If you use per-server backups, you run backup software on each server that you want to back up and store the backup media on a local backup device By combining the techniques, you get the best of both worlds
With dedicated backup servers, you purchase professional backup software, a backup server, and a scalable backup device The initial costs for purchasing the required equipment and the time required to set up the backup environment can be substantial However, after the backup environment is confi gured, it is rather easy to maintain Centralized backups also offer substantial time savings for administrators, because the backup process itself can be fully automated
With per-server backups, you use a backup utility to perform manual backups of vidual systems The primary tool for performing per-server backups is the Windows Server Backup utility, which is discussed in Chapter 41, “Backup and Recovery.” Because this tool is included with Windows Server 2008, there is no initial cost for implementation However, because the backup options are fairly limited, the process may require more time than using centralized backup servers
indi-Using Startup Repair
Like Windows Vista, Windows Server 2008 has several automatic repair features If the boot manager or corrupted system fi le is preventing startup, the Startup Repair wizard
is started automatically and will initiate repair of the server The Startup Repair wizard can be helpful if one or more of the following problems are preventing startup:
A virus infection in the master boot record
A missing or corrupt boot manager
A boot confi guration data store with bad entries
A corrupted system fi le Although Startup Repair typically runs automatically, you can manually initiate this feature using the Windows installation disc For this reason, part of your recovery plan-ning should include ensuring that a Windows installation disc is available for each hardware architecture used in your server deployments
With a Windows installation disc, you can manually run Startup Repair by completing the following steps:
1 Insert the Windows installation disc for the hardware architecture and then boot
from the installation disc by pressing a key when prompted If the server does not allow you to boot from the installation disc, you may need to change fi rmware options to allow booting from a CD/DVD-ROM drive
Trang 92 If Windows Setup doesn’t start automatically, select Windows Setup (EMS
Enabled) on the Windows Boot Manager menu to start Windows Setup
3 On the Install Windows page, select the language, time, and keyboard layout
options that you want to use Click Next
4 When prompted, do not click Install Now Instead, click the Repair Your
Computer link in the lower-left corner of the Install Windows page This starts the System Recovery Options wizard Keep the following in mind:
If the boot manager is damaged, the wizard will repair it at this point to obtain a list of available operating systems
If a server has only one operating system, click Next to continue
If your server has multiple operating systems, you’ll need to select the ating system to use and then click Next
If a server has multiple operating system and the operating system you want
to use is unavailable, click Load Drivers to load the drivers for your server’s hard disks
5 On the System Recovery Options page, click Command Prompt to access the
MINWINPC environment As discussed in Chapter 3, “Installing Windows Server 2008,” the mini Windows PC environment gives you access to the command-line tools listed in Table 3-5 on page 90
6 At the command prompt, enter cd recovery to access the X:\Sources\Recovery
directory
7 At the command prompt, enter startrep to run the Startup Repair wizard Follow
the prompts to attempt to repair the server and enable startup
Getting Outside Help
As part of your disaster planning you should plan for scenarios where you or another administrator are unable to recover a server and need help A key part of this planning includes the escalation procedures discussed previously, where you contact more senior administrators when necessary When escalation fails and you need to get a server back online, you may need to turn to outside help Windows Server 2008 includes a facility for obtaining diagnostic information during setup and recovery, and then delivering this information to Microsoft Product Support This diagnostic information comes from the Windows diagnostics and troubleshooting logs and can help diagnose problems that are preventing installation or recovery
To share troubleshooting information about the server with Microsoft Product Support, follow these steps:
1 Insert the Windows installation disc for the hardware architecture and then boot
from the installation disc by pressing a key when prompted If the server does not allow you to boot from the installation disc, you may need to change fi rmware options to allow booting from a CD/DVD-ROM drive
Disaster Preparedness Procedures 1375
Trang 102 If Windows Setup doesn’t start automatically, select Windows Setup (EMS
Enabled) on the Windows Boot Manager menu to start Windows Setup
3 On the Install Windows page, select the language, time, and keyboard layout
options that you want to use Click Next
4 When prompted, do not click Install Now Instead, click the Repair Your
Computer link in the lower-left corner of the Install Windows page This starts the System Recovery Options wizard Keep the following in mind:
If the boot manager is damaged, the wizard will repair it at this point to obtain a list of available operating systems
If a server has only one operating system, click Next to continue
If your server has multiple operating systems, you’ll need to select the ating system to use and then click Next
oper-If a server has multiple operating system and the operating system you want
to use is unavailable, click Load Drivers to load the drivers for your server’s hard disks
5 On the System Recovery Options page, click Command Prompt to access the
MINWINPC environment As discussed in Chapter 3, “Installing Windows Server 2008,” the mini Windows PC environment gives you access to the command-line tools listed in Table 3-5 on page 90
6 Insert a fl oppy disk into the server’s fl oppy disk drive or a USB fl ash drive into a
USB port This ensures that the disk or fl ash drive is available when you start the wizard
7 Change directories to X:\Sources\Recovery by typing cd recovery
8 Start the Microsoft Product Support Service wizard by typing psswiz at the
command prompt When the wizard starts, write down the contact information provided, including the support phone number This information is different depending on your locale
9 Select the drive letter of the fl oppy disk or fl ash device and then click Next to save
the data Remove the fl oppy disk or fl ash device
10 On another computer that is started and connected to the Internet, insert the
fl oppy disk or fl ash device and then contact Microsoft Product Support Follow the instructions given to you by Microsoft Product Support
Note
You don’t necessarily need to deliver this information to Microsoft Product Support You can just as easily deliver this information to a senior administrator or a skilled technical expert on staff who is not in the offi ce currently or is located at another offi ce On the
fl oppy disk or fl ash device, the diagnostics fi les are created as standard text fi les You can open these fi les in any text editor or easily add them to an e-mail message
Note
You don’t necessarily need to deliver this information to Microsoft Product Support You can just as easily deliver this information to a senior administrator or a skilled technical expert on staff who is not in the offi ce currently or is located at another offi ce On the
fl oppy disk or fl ash device, the diagnostics fi les are created as standard text fi les You can open these fi les in any text editor or easily add them to an e-mail message.
Trang 11Other Windows Recovery Environment Features
As long as the CPU architectures are the same, you can use any Windows tion disc to recover any server running Windows Server 2008 Once you access the Windows Recovery Environment by selecting the Repair Your Computer option, you can access the following tools:
installa-Windows Complete PC Restore Allows you to recover a server’s operating tem or perform a full system recovery With an operating system or full system recovery, make sure your backup data is available and that you can log on with
sys-an account that has the appropriate permissions With a full system recovery, keep in mind that existing data that was not included in the original backup will
be deleted when you recover the system This includes any volumes that are rently used by the server but were not included in the backup
cur-Windows Memory Diagnostics Tools Allows you to diagnose a problem with the server’s physical memory Three different levels of memory testing can be per-formed: basic, standard, or extended The basic memory tests are: MATS+, INVC, and SCHCKR (cache enabled) The standard memory tests include all the basic tests, plus LRAND, CHCKR3, WMATS+, WINVC, and STRIDE6 (cache enabled)
The extended memory tests include all the basic and standard tests, plus ERAND, CHCKR4, STRIDE38, WSCHCKR, WSTRIDE6, WCHCKR3, CHCKR8, MATS+
(cache disabled), and STRIDE6 (cache disabled)
Note
When memory diagnostics starts, you can press F1 to access the Options menu You can then select the test mix as Basic, Standard, or Extended Using the Tab key on the Options menu, you can set the Cache and Pass Count options Cache controls how cach- ing is used with the memory tests: Default uses the default settings as listed previously,
On turns the cache on for all tests, Off turns off the cache off for all tests Pass Count sets the total number of times the entire test mix will repeat The default setting is 2, meaning each test in the selected test mix will be performed twice To return to testing from the Options menu, press F10 to apply your changes or Esc to cancel your changes
You can also access a command prompt within the mini Windows PC environment (WinPE) This command prompt gives you access to the command-line tools listed in Table 3-5 on page 90 as well as to these additional programs:
On-Screen Keyboard (X:\Sources\Setuposk.exe) Allows you to enter keystrokes using the On-Screen Keyboard This means you can use a mouse or another pointer device to type commands or enter key combinations Function keys are provided as well as letters, numerals, and the following special characters: ` - = , / [ ] \
Note
When memory diagnostics starts, you can press F1 to access the Options menu You can then select the test mix as Basic, Standard, or Extended Using the Tab key on the Options menu, you can set the Cache and Pass Count options Cache controls how cach- ing is used with the memory tests: Default uses the default settings as listed previously,
On turns the cache on for all tests, Off turns off the cache off for all tests Pass Count sets the total number of times the entire test mix will repeat The default setting is 2, meaning each test in the selected test mix will be performed twice To return to testing from the Options menu, press F10 to apply your changes or Esc to cancel your changes.
Disaster Preparedness Procedures 1377
Trang 12Rollback wizard (X:\Sources\Rollback.exe) Normally the Rollback wizard is started automatically if Windows Setup encounters a problem during installation You can use this wizard to subsequently attempt to restore the previous version of Windows If the Rollback wizard is successful, the previous version of Windows
is completely restored If the Rollback wizard is unsuccessful, the server typically
is left in an unbootable state and you must either perform a full restore of the vious operating system or a clean installation of Windows Server 2008
Startup Repair wizard (X:\Sources\Recovery\StartRep.exe) Normally this tool is started automatically on boot failure if Windows detects an issue with the boot sector, the boot manager, or the boot confi guration data (BCD) store You can use this wizard to initiate a startup repair If the repair is successful, you should be able to start the server and log on If the repair is unsuccessful, you’ll need to use another recovery technique to restore the server
Startup Recovery Options (X:\Sources\Recovery\Recenv.exe) Allows you to start the Startup Recovery Options wizard If you previously entered the wrong recov-ery settings, use this wizard to restart the System Recovery Options wizard so that you can provide different options Note that you cannot change the language
or time options You can, however, change the keyboard layout and selected ating system
You can recover a server’s operating system or perform a full system recovery by using a Windows installation disc and a backup that you created earlier with Windows Server Backup With an operating system recovery, you recover all critical volumes but do not recover non-system volumes If you recover your full system, Windows Server Backup reformats and repartitions all disks that are attached to the server Because of this, you should use this method only when you want to recover the server data onto separate hardware or when all other attempts to recover the server on the existing hardware have failed
Setting Startup and Recovery Options
As part of planning for the worst-case scenarios, you need to consider how you want systems to start up and recover in case a stop error is encountered The options you choose can add to the boot time or they can mean that if a system encounters a stop error it does not reboot
You can confi gure startup and recovery options by completing the following steps:
1 Click Start and then click Control Panel In Control Panel, click System And
Maintenance\System to start the System utility
2 In the Tasks pane, click Advanced System Settings This opens the System
Properties dialog box
3 On the Advanced tab, click Settings in the Startup And Recovery panel This
displays the dialog box shown in Figure 40-1
Trang 13Figure 40-1 Configuring startup and recovery options
4 In the Startup And Recovery dialog box, you confi gure the settings as follows:
If a server has multiple operating systems, you can set the default operating system by selecting one of the operating systems in the Default Operating System list These options are obtained from the boot manager
When multiple operating systems are installed, the Time To Display List
Of Operating Systems option controls how long the system waits before booting to the default operating system In most cases, you won’t need more than a few seconds to make a choice, so reduce this wait time to perhaps 5
or 10 seconds Alternatively, you can have the system automatically choose the default operating system by clearing this check box
When you want to display recovery options, the operating system uses the Time To Display Recovery Options When Needed setting to determine how long to wait for you to choose a recovery option The default wait time is 30 seconds If you don’t choose a recovery option in that time, the system boots normally without recovery As with operating systems, you won’t need more than a few seconds to make a choice, so reduce this wait time to perhaps 5
or 10 seconds
Under System Failure, you have several important options for determining what happens when a system experiences a stop error By default, the Write
An Event To The System Log check box is selected so that the system logs
an error in the system log The check box is dimmed, so it cannot normally
be changed The Automatically Restart check box is selected to ensure that the system attempts to reboot when a stop error occurs
Disaster Preparedness Procedures 1379
Trang 14If you choose a kernel memory dump, you dump all physical memory being used at the time of the failure You can create the dump fi le only if the system is properly confi gured The system drive must have a paging fi le at least as large as RAM and adequate disk space to write the dump fi le
By default, dump fi les are written to the %SystemRoot% folder If you want
to write the dump fi le to a different location, type the fi le path in the Dump File box Select the Overwrite Any Existing File check box to ensure that only one dump fi le is maintained
5 Click OK twice to close all open dialog boxes
Trang 15Way back in Chapter 1, I provided a detailed discussion on the support architecture
in Windows Server 2008 As I discussed, Restart Manager, Problem Reports And Solutions, Startup Repair Tool, Performance Diagnostics console, and Windows Mem-ory Diagnostics are all a part of this support architecture, and when things go wrong, they can really save the day That said, it’s fi tting to end this book with a look at what you must do to ensure that you can recover your servers, your applications, and your data in case the worst happens because the worst can and usually does happen
Every Windows Server 2008 system on your network represents a major investment
in time, resources, and money It requires a great deal of planning and effort to deploy
a new server successfully It requires just as much planning and effort—if not more—to ensure that you can restore a server when disaster strikes Why? Because you not only need to plan and implement a backup for each and every server on your network, but you also need to perform backups regularly You also need to test the backup process and procedures to ensure that when disaster strikes you are prepared
Developing Backup Strategies
Backups are insurance plans, plain and simple—and every administrator should see them that way When disaster strikes, your backup implementation will either leave you out of harm’s way or drowning without a life preserver Trust me: you don’t want to
be drowning when it should be your moment to shine After all, if you’ve implemented
a well-thought-out backup plan and practiced the necessary recovery procedures until they are second nature, a server that has stopped working is nothing more than a bump
in the road that you can smooth out even if you have to rebuild a server from scratch to
do it
Creating Your Backup Strategy
So where to start? Start by outlining a backup and recovery plan that describes the serv-ers and the data that need to be backed up Ask yourself the following questions: How important is the role that the server is performing?
How important is the data stored on the server?
Developing Backup Strategies 1381
Backing Up and Recovering Your Data 1387
Backing Up and Restoring Active Directory 1409
Troubleshooting Startup and Shutdown 1416
CHAPTER 41
Backup and Recovery
1381
Trang 16How often does the data change?
How much data in total is there to back up?
How long does each backup take?
How quickly do you need to recover the data?
How much historical data do you need to store?
Do you have the equipment needed to perform backups?
Do you need to store backups off site?
Who will be responsible for performing backups?
The answers to these questions will help you develop your backup and recovery plan Often you’ll fi nd that your current resources aren’t enough and that you’ll need to obtain additional backup equipment It might be one of the ultimate ironies in admin-istration, but you’ll often need more justifi cation for backup equipment than for any other type of equipment Fight to get the backup resources you need and do so without reservation If you have to make incremental purchases over a period of several months
to get the backup equipment and supplies, do so without hesitation
Backup Strategy Considerations
In most cases, your backup strategy should involve performing some type of backup
of every server daily and full backups of these servers at least once a week You should also regularly inspect the backup log fi les and periodically perform test restores of the data to ensure that data is being properly written to the backup media
It’s All About the Data
Much of your backup strategy depends on the importance of the data, the frequency
of change, and the total amount of data to back up Data that is of higher importance
or frequently changed needs to be backed up more often than other types of data As the amount of data you are backing up increases, you will need to be able to scale your backup implementation If you are starting out with a large amount of data, you will need to consider how much time a complete backup of the data set will take To ensure that backups can be performed in a timely manner, you might have to purchase faster equipment or purchase backup devices with multiple tape drives
Plan separate backup strategies for system fi les and data fi les
System fi les are used by the operating system and applications These fi les change
when you install new components, service packs, or patches They include tem state data
sys-It’s All About the Data
Much of your backup strategy depends on the importance of the data, the frequency
of change, and the total amount of data to back up Data that is of higher importance
or frequently changed needs to be backed up more often than other types of data As the amount of data you are backing up increases, you will need to be able to scale your backup implementation If you are starting out with a large amount of data, you will need to consider how much time a complete backup of the data set will take To ensure that backups can be performed in a timely manner, you might have to purchase faster equipment or purchase backup devices with multiple tape drives.
Trang 17For systems that aren’t domain controllers, the system state data includes essential boot
fi les, key system fi les, and the COM+ class registration database as well as the Registry data For domain controllers, the Active Directory database and System Volume (Sysvol)
fi les are included as well and this data typically changes on a daily basis
Data fi les are created by applications and users Application fi les contain confi
gu-ration settings and data User fi les contain the daily work of users and can include documents, spreadsheets, media fi les, and so on These fi les change every day
Administrators often back up an entire machine and dump all the data into a single backup There are several problems with this strategy First, on non-domain controllers, system fi les don’t change that often but data fi les change frequently Second, you’ll typi-cally need to recover data fi les more frequently than system fi les You recover data fi les when documents are corrupted, lost, or accidentally deleted You recover system fi les when you have serious problems with a system and typically are trying to restore the whole machine
Look at the timing of backups as well With earlier releases of Windows, you are often concerned about the time that backups are performed You want backups to be per-formed when the system’s usage is low, so that more resources are available and few
fi les are locked and in use With the advances in backup technology made possible
by the Shadow Copy API built into Windows Server 2008, the backup time is less of a concern than it was previously Any backup programs that implement the Shadow Copy API allow you to back up fi les that are open or locked This means that you can perform backups when applications are using fi les and no longer have to worry about backups failing because fi les are being used
Selecting the Optimal Backup Techniques
When it comes to backup, there is no such thing as a one-size-fi ts-all solution Often you’ll implement one backup strategy for one system and a different backup strategy for
a different system It will all come down to the importance of the data, the frequency of change, and how much data there is to back up on each server But don’t overlook the importance of recovery speed Different backup strategies take longer to recover than others and there may be differing urgencies involved in getting a system or service back online Because of this, I recommend a multipronged backup strategy that is optimized
on a per-server basis
Key services running on a system have backup functions that are unique Implement and use those backup mechanisms as your fi rst line of defense against failure Remem-ber that a backup of the system state includes a full backup of a server’s Registry, and that system confi guration includes the confi guration of all services running on a system However, if a specifi c service fails, it is much easier and faster to recover that specifi c service than to try to recover the whole server You’ll have fewer problems, and
it is less likely that something will go wrong
Note
For systems that aren’t domain controllers, the system state data includes essential boot
fi les, key system fi les, and the COM+ class registration database as well as the Registry data For domain controllers, the Active Directory database and System Volume (Sysvol)
fi les are included as well and this data typically changes on a daily basis.
Developing Backup Strategies 1383
Trang 18Specifi c backup and recovery techniques for key services are as follows:
With Dynamic Host Confi guration Protocol (DHCP), you should periodically back up the DHCP confi guration and the DHCP database as discussed in “Saving and Restoring the DHCP Confi guration,” on page 734, and “Managing and Main-taining the DHCP Database,” on page 735
With the Windows Internet Naming Service (WINS), you should periodically back up the WINS database as discussed in “Maintaining the WINS Database,”
on page 836
With Domain Name System (DNS), your backup strategy will depend on whether you are using Active Directory–integrated zones, standard zones, or both When you are using Active Directory–integrated zones, DNS confi guration data is stored
in Active Directory By default, when you are using standard zones, DNS confi ration data is stored in the %SystemRoot%\System32\DNS folder and backups of zone data are stored in the %SystemRoot%\System32\DNS\Backup folder With Group Policy, you should periodically back up the Group Policy object (GPO) confi guration as discussed in “Maintaining and Troubleshooting Group Policy” on page 1268
With print servers, you should periodically back up the printer confi guration as discussed in “Preparing for Print Server Failure” on page 912
With fi le servers, you should implement Volume Shadow Copy Service (VSS),
as discussed in Chapter 10, “Using Volume Shadow Copy,” for all network fi le shares This makes it easier to restore previous versions of fi les In addition, you should back up all user data fi les on the fi le server regularly
The disaster preparation techniques discussed in Chapter 40, “Disaster Planning,” are your next line of defense Take the time to develop plans and procedures that can help you through everything from a power outage to the worst case scenario Don't forget that BitLocker locks a computer until you provide the necessary recovery password When a computer is locked, you must use the recovery password from a USB fl ash drive, or use the function keys to enter the recovery password F1 through F9 represent the digits 1 through 9, and F10 represents 0
Finally, you will also need to perform regular backups of both system and user data Most backup programs, including Windows Backup, which is included in Windows Server 2008, support several types of backup jobs The type of backup job determines how much data is backed up and what the backup program does when it performs a backup
Trang 19Most backup operations make use of the archive attribute that can be set on fi les The archive attribute, a bit included in the directory entry of each fi le, can be turned on or off In most cases, a backup program will turn off (clear) the archive attribute when it backs up a fi le The archive bit is turned on (set) again when a user or the operating sys- tem later modifi es a fi le When the backup program runs again, it knows that only the
fi les with the archive attribute set must be backed up—because these are the only fi les that have changed since the last backup
Understanding Backup Types
The basic types of backups include the following:
Normal A normal backup is a full backup of all the fi les and folders you select, regardless of the archive attribute’s setting When a fi le is backed up, the archive attribute is turned off
Copy A copy backup is a full backup of all fi les and folders you select, regardless
of the archive attribute’s setting Unlike a normal backup, the archive attribute on
fi les isn’t turned off by the backup This means that you can use a copy backup to create an additional or supplemental backup of a system without interfering with the existing backup strategy
Incremental An incremental backup is used to create a backup of all fi les that have changed since the last normal or incremental backup As such, an incremen-tal backup is a partial backup The backup program uses the archive attribute
to determine which fi les should be backed up and turns off the archive attribute after backing up a fi le This means that each incremental backup contains only the most recent changes
Differential A differential backup is used to create a backup of all fi les that have changed since the last normal backup Like an incremental backup, in a differen-tial backup, the backup program uses the archive attribute to determine which
fi les should be backed up However, the backup program does not change the archive attribute This means that each differential backup contains all changes
Daily A daily backup uses the modifi cation date on a fi le rather than the archive attribute If a fi le has been changed on the day the backup is performed, the fi le will be backed up This technique doesn’t change the archive attributes of fi les and is useful when you want to perform an extra backup without interfering with the existing backup strategy
As part of your backup strategy, you’ll probably want to perform normal backups on a weekly basis and supplement this with daily, differential, or incremental backups The advantage of normal backups is that they are a complete record of the fi les you select
SIDE OUT How backup programs use the archive bit
Most backup operations make use of the archive attribute that can be set on fi les The archive attribute, a bit included in the directory entry of each fi le, can be turned on or off In most cases, a backup program will turn off (clear) the archive attribute when it backs up a fi le The archive bit is turned on (set) again when a user or the operating sys- tem later modifi es a fi le When the backup program runs again, it knows that only the
fi les with the archive attribute set must be backed up—because these are the only fi les that have changed since the last backup.
Developing Backup Strategies 1385
Trang 20The disadvantage of normal backups is that they take longer to make and use more storage space than other types of backups Incremental and differential backups, on the other hand, use less space and are faster because they are partial backups The disad-vantage is that recovery of systems and fi les using incremental and differential backups
is slower than when you only have to perform a recovery from a normal backup To see why, consider the following backup and recovery examples:
Normal backup with daily incremental backups You perform a normal backup every Sunday and incremental backups Monday through Saturday Monday’s incremental backup contains changes since Sunday Tuesday’s incremental backup contains changes since Monday, and so on If a server malfunctions on Thursday and you need to restore the server from backup, you would do this by restoring the normal backup from Sunday, the incremental backup from Monday, the incremental backup from Tuesday, and the incremental backup from Wednes-day—in that order
Normal backup with daily differential backups You perform a normal backup every Sunday and differential backups Monday through Saturday Monday’s dif-ferential backup contains changes since Sunday as does Tuesday’s differential backup, Wednesday’s differential backup, and so on If a server malfunctions on Thursday and you need to restore the server from backup, you would do this by restoring the normal backup from Sunday and then the differential backup from Wednesday
Using Media Rotation and Maintaining Additional Media Sets
As part of your backup strategy, you might also want to use copy backups to create extended backup sets for monthly and quarterly use You might also want to use a media rotation scheme to ensure that you always have a current copy of your data as well as several previous data sets Although tapes traditionally have been used for back-ups, more and more organizations have been using disk backup instead of tape backup
as disk drives have become more affordable With disks, you can use a rotation ule similar to the one you use with tapes
The point of a media rotation scheme is to reuse media in a consistent and organized manner If you use a media rotation scheme, monthly and quarterly media sets can sim-ply be media sets that you are rotating to offsite storage Consider the following media rotation scenarios:
Media rotation with three weekly media sets and one monthly media set In a 24/7 environment, you use a total of 14 tapes or disks as a media set Seven of those tapes or disks contain your normal weekly backups for a set of servers The other seven tapes or disks contain your daily incremental backups for that set of servers—one tape or disk for each day of the week Three weekly media sets are maintained on site Once a month, you rotate the previous week’s media set to offsite storage
Trang 21Media rotation with three weekly media sets, one monthly media set, and one quarterly media set In a 9 to 5 environment, you use a total of 14 tapes or disks
as a media set Nine of those tapes or disks contain your normal weekly backups for a set of servers The other fi ve tapes or disks contain your daily incremental backups for that set of servers—one tape or disk for each workday Three weekly media sets are maintained on site Once a month, you rotate the previous week’s media set to offsite storage Once a quarter, you rotate the previous week’s media set to offsite storage
Backing Up and Recovering Your Data
Many backup and recovery solutions are available for use with Windows Server 2008
When selecting a backup utility, you’ll need to keep in mind the types of backups you want to perform and the types of data you are backing up
Windows Server 2008 includes Windows Server Backup and backup command-line tools Windows Server Backup is a basic and easy-to-use backup and recovery util-ity When the related feature is installed on a server, you’ll fi nd a related option on the Administrative Tools menu The utility is also added to Server Manager A set of backup and recovery commands is accessible through the Wbadmin command-line tool You run and use Wbadmin from an elevated, administrator command prompt
Type wbadmin /? for a full list of supported commands
You can use Windows Server Backup to perform full, copy, and incremental backups
on both local and remote systems You cannot use Windows Server Backup to perform differential backups Windows Server Backup uses the Volume Shadow Copy Service (VSS) to create fast, block-level backups of the operating system, fi les and folders, and disk volumes After you create the fi rst full backup, you can confi gure Windows Server Backup to perform either full or incremental backups on a recurring, scheduled basis automatically
When you use Windows Server Backup, you will need separate, dedicated media for storing archives of scheduled backups Although you cannot back up to tapes, you can back up to external and internal disks, DVDs, and shared folders Support for back-ing up to DVDs is new functionality Although you can recover full volumes from DVD backups, you cannot recover individual fi les, folders, or application data from DVD backups
Windows Server Backup automatically manages backup disks for you You can run backups to multiple disks in rotation simply by adding each disk as a scheduled backup location After you confi gure a disk as a scheduled backup location, Windows Server Backup automatically manages the disk storage, ensuring that you no longer need to worry about a disk running out of space Windows Server Backup automatically reuses the space of older backups when creating newer backups To help ensure that you can plan for additional storage needs, Windows Server Backup displays the backups that are available and the current disk usage information
Backing Up and Recovering Your Data 1387
Trang 22You can use Windows Server Backup for recovery in several ways Rather than having
to manually restore fi les from multiple backups if the fi les were stored in incremental backups, you can recover folders and fi les by choosing the date on which you backed
up the version of the item or items you want to restore You can recover data to the same server hardware or to new server hardware that has no operating system
Using the Backup Utility
To perform backup and recovery operations, you must use an account that is a member
of the Administrators or Backup Operators group Only members of these groups have authority to back up and restore fi les regardless of ownership and permissions File owners and those who have been given control over fi les can also back up fi les, but only the fi les that they own or the fi les that they have permission to access
The Windows Server backup and recovery tools are available for all editions of Windows Server 2008, including both 32-bit and 64-bit editions Although you cannot install the graphical components of these utilities on core installations, you can use the command line or manage backups remotely from another computer
You install the Windows backup and recovery tools using Server Manager In Server Manager, select the Features node in the left pane and then click Add Features This starts the Add Features Wizard On the Select Features page, select Windows Recov-ery Disc and then select Windows Server Backup Features When you select Windows Server Backup Features, the Windows Server Backup and Command-Line Tools options are selected Click Next and then click Install
When the wizard fi nishes installing the selected features, click Close From now on, Windows Server Backup will be available as an option on the Administrative Tools menu and the Create A Recovery Disc option will be available on the All Programs\Maintenance menu
The fi rst time you use Windows Server Backup, you’ll see a warning that no backup has been confi gured for the computer as shown in Figure 41-1 You clear this warning
by creating a backup using the Back Up Once feature or by scheduling backups to run automatically using the Backup Schedule feature
Trang 23Figure 41-1 Getting started with Windows Server Backup
When you use Windows Server Backup, the fi rst backup of a server is always a full backup This is because the full backup process clears the archive bits on fi les so that Windows Server Backup can track which fi les are updated subsequently Whether Windows Server Backup performs subsequent full or incremental backups depends on the default performance settings that you confi gure You can confi gure the default per-formance settings by clicking Confi gure Performance Settings in the actions pane or on the Action menu, doing one of the following, and then clicking OK:
Select Always Perform Full Backup to perform full backups of all attached drives
Select Always Perform Incremental Backup to perform incremental backups of all attached drives
Select Custom and then, from the option lists provided, select whether to perform full or incremental backups for individual attached drives
After you’ve confi gured the default performance settings, you can start a full or copy backup by selecting Backup Once on the Action menu or in the actions pane You can confi gure a backup schedule by clicking Backup Schedule on the Action menu or in the actions pane
Backing Up and Recovering Your Data 1389
Trang 24Wbadmin is the command-line counterpart to Windows Server Backup After you’ve installed the Backup Command-Line Tools feature as discussed previously, you can use Wbadmin to manage backup and recovery from an elevated, administrator command prompt
Wbadmin is located in the %SystemRoot%\System32\ directory When you are working with Wbadmin, you can get help on available commands To view a list of management
backup /?
storage location you want to work with, and can be expressed as a local volume name, such as D:, or as a network share path, such as \\BackupServer05\Backups\Server24
Backing Up Your Data
As part of your planning for each server you plan to back up, you should consider which volumes you want to back up and whether backups will include system state recovery data, application data, or both If the Windows Firewall is enabled and you are trying to work with a remote computer, you might need to make an exception to allow backup and recovery operations
As part of the backup process, you also will need to specify a storage location for ups Keep the following in mind when you are choosing storage locations:
When you use an internal hard disk for storing backups, you are limited in how you can recover your system You can recover the data from a volume, but you cannot rebuild the entire disk structure
When you use an external hard disk for storing backups, the disk will be cated for storing your backups and will not be visible in Windows Explorer Choosing this option will format the selected disk or disks, removing any exist-ing data
When you use a remote shared folder for storing backups, your backup will be overwritten each time you create a new backup Do not choose this option if you want to store multiple backups for each server
When you use removable media or DVDs for storing backups, you can only recover entire volumes, not applications or individual fi les The media you use must be at least 1 GB in size
SIDE OUT Performing backups at the command line
Wbadmin is the command-line counterpart to Windows Server Backup After you’ve installed the Backup Command-Line Tools feature as discussed previously, you can use Wbadmin to manage backup and recovery from an elevated, administrator command prompt.
Wbadmin is located in the %SystemRoot%\System32\ directory When you are working with Wbadmin, you can get help on available commands To view a list of management
backup /?.
storage location you want to work with, and can be expressed as a local volume name, such as D:, or as a network share path, such as \\BackupServer05\Backups\Server24
Trang 25When you create or schedule backups, you will need to specify the volumes that you want to include and this will affect the ways you can recover your servers and your data Back up just critical volumes if you want to be able to recover only the operating system Back up just individual volumes if you want to be able to recover only fi les, applications, or data from those volumes
Back up all volumes with application data if you want to be able to recover a server fully, along with its system state and application data Because you are backing up all fi les, the system state, and application data, you should be able to fully restore your server using only the Windows backup tools
Back up all volumes without application data if you want to be able to restore a server and its applications separately With this technique, you back up the server using the Windows tools and then back up applications using third-party tools or tools built into the applications You can recover a server fully using the Windows backup utilities and then use a third-party utility to restore backups of application data
Scheduling Backups
To automate the backup process, you can create a scheduled task that runs Windows Server Backup for you For Windows Server 2008, the task creation and scheduling processes are integrated into Windows Server Backup You can schedule automated backups using Windows Server Backup Click Backup Schedule on the Action menu or
in the actions pane to start the Backup Schedule Wizard After scanning the available disks, Windows Server Backup starts the Backup Schedule Wizard Click Next
On the Select Backup Confi guration page, shown in the following screen, note the backup size listed under the Full Server option This is the storage space required to back up the server data, applications, and the system state To back up all volumes on the server, select the Full Server option and then click Next To back up selected vol-umes on the server, click Custom and then click Next
Backing Up and Recovering Your Data 1391