2.6. Managing and Implementing Disaster RecoveryEvery organization should have a comprehensive disaster recovery plan with regular system backups as an essential part of that plan. The goal of disaster recovery planning should be to help you recover systems and data in a timely manner in a way that meets the organizational needs and expectations. Without proper disaster planning, you will not be able to recovery data and systems if disaster strikes. Every organization's disaster recovery plan will be slightly different. At a minimum, the plan should focus on:
Before you try to recovery a system from backup or using ASR, you should try other recovery techniques. Start by repairing or replacing failed hardware. If you are using software RAID, use the techniques discussed earlier in this chapter in "Implementing RAID Solutions" to restore RAID-1 or RAID-5 configurations. In the case of a improper configuration or invalid driver, you may be able to recover the system from hardware failure by following the techniques discussed previously in "Troubleshooting Hardware Devices." If you find that Last Known Good Configuration and Safe Mode startup do not work, you can attempt to recover the system using the Recovery Console. When these other recovery techniques fail, you can attempt to use an ASR disk or perform a complete recovery of the system from backup. 2.6.1. Managing Backup ProceduresThe Backup utility supports five backup types:
You can protect against data loss in several ways. One is to regularly create full normal backup sets for essential systems and data. Ideally, you'll create full normal backups at least once a week, and supplement weekly full backups with incremental backups or differential backups. The difference between incremental and differential backups is important:
Ideally, backups should be rotated so your organization has quarterly and monthly backup sets as well as daily and weekly backups. This allows you to recover data over a longer period of time, as might be necessary if someone accidentally deletes critically important documents but the deletion isn't discovered until several weeks have passed. As part of normal backup procedures, you should:
2.6.1.1. Creating Automated System Recovery (ASR) dataHaving an Automated System Recovery (ASR) data for a computer can save the day when disaster strikes. ASR data stores essential boot files that can help you recover systems in case these files are missing or corrupted, as may occur if the master boot record is infected with a virus. ASR data also stores the complete System State, which includes details on the disk configuration, startup environment, and registry. The System State data can help you recover systems from many disk configuration issues, driver problems, registry corruption, and more. You can create ASR data using the Backup utility provided with the operating system. When you do this, the primary data is stored on the backup media you choose, such as a tape backup device or hard disk drive. Secondary data needed to boot the system and access the primary data is stored on a floppy disk. You should create an ASR disk for each essential system in your organization. To make create an ASR disk, follow these steps:
If you've tried other techniques to recover the system and haven't succeeded, you can attempt to use ASR to recovery the system. ASR requires:
Use ASR for recovery in this way:
ASR then guides you through the recovery process. 2.6.1.2. Backing up files and System State data to mediaYou can back up workstations and servers using the Backup utility included with Windows or third-party backup programs. With the Backup utility, you can choose the data to back up. For a full backup, you should always back up the active, system, and boot volumes at a minimum. You should also include in the full backup other volumes containing essential data and the System State. On non-DC computers, the System State includes the system registry, boot files, protected system files, and the COM+ registration database. On domain controllers, Active Directory data and system volume (SysVol) files are included in the System State data. When other services are installed, other essential data is included:
You can back up files and the System State data using the Backup Wizard of the GUI. To use the Backup Wizard for a full backup including System State data, follow these steps:
Although you can perform interactive backups in this manner, typically, you'll want to automate the backup process by creating backup jobs and scheduling those jobs to run periodically. For example, you might have a weekly backup job that performs a full backup including System State data, and supplement this with daily incremental or differential backups. To create a scheduled backup job, follow these steps:
You can verify the successful completion of backup in several ways:
Tip: Backup reports are stored as logfiles in the user profile files of the run as account. 2.6.1.3. Managing backup storage mediaThe Removable Storage snap-in enables you to view and manage removable media devices, including CD and DVD drives, CD and DVD writers, tape drives, and tape library systems. Removable Storage is included by default in the Computer Management Console. All media in Removable storage is organized by media type, media pool, and library. Media type indicates the type of media, such as tape, CD or DVD. Media pools are used to organize media. Removable Storage has media pools for:
Libraries identify removable storage devices that can be used on a system and to which media pools can be assigned. For example, you can configure application media pools to automatically draw media from free media pools. You can work with Removable Storage in Computer Management by expanding Storage and then expanding Removable Storage. As shown in Figure 2-48, Removable Storage is organized into five nodes: Figure 2-48. Use Removable Storage to manage removable media.
2.6.1.4. Configuring security for backup operationsBy default, users can back up or restore their own folders and files but cannot back up or restore folders and files of other users. Other than this, only those granted the user rights Backup Files And Directories and Restore Files And Directories can back up and restore files. These are two separate rights, so you can assign one right or both. For example, you could create a Backup Admins group and assign this group the Backup Files And Directories user right. You could create a Restore Admins group and assign this group the Restore Files And Directories user right. You can manage these and other user rights through local machine policy or group policy. The policy settings that control user rights are defined in Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment. On Domain Controllers, members of the Backup Operators, Server Operators, and Administrators group are granted both rights. On standalone and member servers, members of the Backup Operators and Administrators group are granted both rights. Although you can edit the related user rights policy settings to specify additional groups or users that should be able to back up and restore files, you can also simply make a group or user a member of the Backup Operators group. If you later decide the group or user shouldn't be able to back up or restore files, you can remove the group or user from the Backup Operators group. 2.6.2. Restoring Data from Shadow Copy VolumesTo supplement (and not replace) routine backups, you should use shadow copies to help protect against data loss. Shadow copies are point-in-time backups that can be used to recover previous versions of files. Once an administrator configures shadow copying, shadow copies are created automatically according to a set schedule. Using a shadow copy clienteither the Previous Version client or the Shadow Copy Clientusers can recover previous versions of files without needing help from an administrator. The Previous Version client can be used with Windows 98, Windows 2000 SP3 or later, Windows XP, and Windows Server 2003. On these systems, the installer for the Previous Version client is stored in the %SystemRoot%\system32\clients\twclient\X86 folder and named twcli32.msi. The Shadow Copy client installer, ShadowCopyClient.msi, is available for download from the Microsoft web site. Computers running Windows 2000 SP3 or later, Windows XP, and Windows Server 2003 can use this client. Shadow copying works only on NTFS volumes and only for the shared folders on these volumes. By default, the Shadow Copy service will save up to 64 versions of each file in a shared folder. However, the maximum space usage allowed to Shadow Copy on a volume is limited to 10 percent of the volume size, by default. If the maximum allowed space is reached, the oldest previous versions of files will get overwritten or deleted to make room for new versions. On a server, you can enable shadow copying of the shared folders on an NTFS volume by completing the following steps:
Once enabled, shadow copies are created according to the defined schedule. The default schedule creates two shadow copies per day. Copies are created only for files that have been changed or deleted since the last shadow copy. You can retrieve a shadow copy following these steps:
Tip: With Windows Server 2003 R2, administrators can use Disk Management to revert an entire volume to a previous shadow copy state. Right-click Disk Management and click All Tasks Configure Shadow Copies. Click the volume, click the shadow copy to recover, and then click the Revert button.
System State data for a domain controller includes Active Directory data and SysVol files. The System State of a domain controller can only be restored using Directory Services Restore Mode startup option. When you start a domain controller, you can enter this mode by pressing F8 during bootup and then selecting Directory Services Restore Mode as the startup option. Active Directory must be restored in one of the following ways:
Authoritative and non-authoritative restore of Active Directory are covered in Exam 70-294 and in Exam 70-296. |