Section 2.6. Managing and Implementing Disaster Recovery


2.6. Managing and Implementing Disaster Recovery

Every organization should have a comprehensive disaster recovery plan with regular system backups as an essential part of that plan. The goal of disaster recovery planning should be to help you recover systems and data in a timely manner in a way that meets the organizational needs and expectations. Without proper disaster planning, you will not be able to recovery data and systems if disaster strikes.

Every organization's disaster recovery plan will be slightly different. At a minimum, the plan should focus on:

  • Using backups to protect against data loss

  • Using shadow copies to protect against data loss

  • Recovering from server hardware failure

  • Recovering from operating system failure

Before you try to recovery a system from backup or using ASR, you should try other recovery techniques. Start by repairing or replacing failed hardware. If you are using software RAID, use the techniques discussed earlier in this chapter in "Implementing RAID Solutions" to restore RAID-1 or RAID-5 configurations. In the case of a improper configuration or invalid driver, you may be able to recover the system from hardware failure by following the techniques discussed previously in "Troubleshooting Hardware Devices." If you find that Last Known Good Configuration and Safe Mode startup do not work, you can attempt to recover the system using the Recovery Console. When these other recovery techniques fail, you can attempt to use an ASR disk or perform a complete recovery of the system from backup.

2.6.1. Managing Backup Procedures

The Backup utility supports five backup types:


Normal

These back up each selected file and mark the files as backed up.


Copy

These back up selected files but do not mark the files as backed up.


Differential

These back up selected files only if they were created or modified since the previous backup, but does not mark them as backed up.


Incremental

These back up selected files only if they were created or modified since the previous backup, and marks them as backed up.


Daily

These contain all the files that were created or modified on a specific day.

You can protect against data loss in several ways. One is to regularly create full normal backup sets for essential systems and data. Ideally, you'll create full normal backups at least once a week, and supplement weekly full backups with incremental backups or differential backups. The difference between incremental and differential backups is important:


Incremental backups

Contain changes since the last full or incremental backup. If a system fails on a Wednesday before daily backup and the last full backup was the previous Sunday, recover the system by applying the last full backup, the Monday incremental backup, and the Tuesday incremental backup.


Differential backups

Contain changes since the last full backup. If a system fails on a Wednesday before daily backup and the last full backup was the previous Sunday, recover the system by applying the last full backup and the last differential backup (Tuesday's differential backup).

Ideally, backups should be rotated so your organization has quarterly and monthly backup sets as well as daily and weekly backups. This allows you to recover data over a longer period of time, as might be necessary if someone accidentally deletes critically important documents but the deletion isn't discovered until several weeks have passed.

As part of normal backup procedures, you should:

  • Create automated system recovery (ASR) data for computers

  • Back up files and system state data to media

  • Configure security for backup operations

2.6.1.1. Creating Automated System Recovery (ASR) data

Having an Automated System Recovery (ASR) data for a computer can save the day when disaster strikes. ASR data stores essential boot files that can help you recover systems in case these files are missing or corrupted, as may occur if the master boot record is infected with a virus. ASR data also stores the complete System State, which includes details on the disk configuration, startup environment, and registry. The System State data can help you recover systems from many disk configuration issues, driver problems, registry corruption, and more.

You can create ASR data using the Backup utility provided with the operating system. When you do this, the primary data is stored on the backup media you choose, such as a tape backup device or hard disk drive. Secondary data needed to boot the system and access the primary data is stored on a floppy disk.

You should create an ASR disk for each essential system in your organization. To make create an ASR disk, follow these steps:

  1. Click Start Programs Accessories System Tools Backup, or type ntbackup at a command prompt. If Backup starts in Wizard mode, click the Advanced Mode Link to switch to advanced mode.

  2. Click Next. Specify the backup media type and backup media location for the primary data. On a Windows Server 2003 system, the primary data can use 1 GB or more of storage space.

  3. Insert a floppy disk into the floppy disk drive. This floppy stores the secondary data.

  4. Click Next and then click Finish. The ASR data is created for the computer.

If you've tried other techniques to recover the system and haven't succeeded, you can attempt to use ASR to recovery the system. ASR requires:

  • The backup media with the primary ASR data

  • The ASR floppy disk containing the secondary data

  • The Windows Server 2003 CD-ROM

Use ASR for recovery in this way:

  1. Restart the system and boot the system off the installation CD-ROM.

  2. During the text portion of the setup, press F2 to perform an Automated System Recovery.

ASR then guides you through the recovery process.

2.6.1.2. Backing up files and System State data to media

You can back up workstations and servers using the Backup utility included with Windows or third-party backup programs. With the Backup utility, you can choose the data to back up. For a full backup, you should always back up the active, system, and boot volumes at a minimum. You should also include in the full backup other volumes containing essential data and the System State.

On non-DC computers, the System State includes the system registry, boot files, protected system files, and the COM+ registration database. On domain controllers, Active Directory data and system volume (SysVol) files are included in the System State data. When other services are installed, other essential data is included:

  • On servers with IIS, the IIS metabase is included.

  • On servers with Cluster Service, cluster configuration data is included.

  • On servers with Certificate Services, the certificate services database is included.

You can back up files and the System State data using the Backup Wizard of the GUI. To use the Backup Wizard for a full backup including System State data, follow these steps:

  1. Open the Backup Utility. If Backup starts in Wizard mode, click the Advanced Mode Link to switch to advanced mode.

  2. On the General tab, click the Backup Wizard button. Click Next.

  3. The Backup Everything On This Computer radio button is selected by default (see Figure 2-46). Click Next.

    Figure 2-46. A full backup includes System State data.

  4. Select the backup media type.

  5. Click Browse to choose a destination for the backup file.

  6. Type a name for the backup file.

  7. Click Next, and then click Finish.

Although you can perform interactive backups in this manner, typically, you'll want to automate the backup process by creating backup jobs and scheduling those jobs to run periodically. For example, you might have a weekly backup job that performs a full backup including System State data, and supplement this with daily incremental or differential backups.

To create a scheduled backup job, follow these steps:

  1. Open the Backup Utility. If Backup starts in Wizard mode, click the Advanced Mode Link to switch to advanced mode.

  2. On the Schedule Jobs tab, click Add Job. Click Next.

  3. The Backup Everything On This Computer radio button is selected by default. Click Next.

  4. Select the backup media type.

  5. Click Browse to choose a destination for the backup file.

  6. Type a name for the backup file. Click Next.

  7. Set the backup type as Normal for a full backup, Incremental for an incremental backup, or Differential for a differential backup. Click Next.

  8. Select the Verify Data After Backup checkbox to ensure the backup data is verified. Click Next.

  9. Set the backup option to append data to existing media or replace existing data on media. Click Next.

  10. Type a job name in the Job Name text box, and then click Set Schedule.

  11. Use the Schedule Task list to set the run schedule to Weekly, Daily, etc., as appropriate (see Figure 2-47).

    Figure 2-47. Set the run schedule for the backup job.

  12. Set the start time and date. Click OK.

  13. When prompted, set the run as account for the backup job by entering the account name in domain\user form. Enter and then confirm the run as account password. Click OK.

  14. Click Next and then click Finish.

You can verify the successful completion of backup in several ways:

  • The Backup Progress displays the status of interactive backups. If an error occurs and the backup cannot be completed, a related error is displayed.

  • The Backup Progress has a Report button. Clicking this button after an interactive backup displays a detailed report on the status and progress of backups.

  • For schedule backups (and any other backup), you can display the detailed run report by opening the Backup utility, clicking Tools Report, and then double-clicking the report you want to review.


Tip: Backup reports are stored as logfiles in the user profile files of the run as account.
2.6.1.3. Managing backup storage media

The Removable Storage snap-in enables you to view and manage removable media devices, including CD and DVD drives, CD and DVD writers, tape drives, and tape library systems. Removable Storage is included by default in the Computer Management Console.

All media in Removable storage is organized by media type, media pool, and library. Media type indicates the type of media, such as tape, CD or DVD. Media pools are used to organize media. Removable Storage has media pools for:

  • Unrecognized media for media that Removable Storage doesn't recognize as well as blank media.

  • Free media for media that is recognized but isn't currently in use.

  • Import media for media that can be imported into Removable Storage and reused.

  • Application media for media that is assigned to a specific application, such as Backup.

Libraries identify removable storage devices that can be used on a system and to which media pools can be assigned. For example, you can configure application media pools to automatically draw media from free media pools.

You can work with Removable Storage in Computer Management by expanding Storage and then expanding Removable Storage. As shown in Figure 2-48, Removable Storage is organized into five nodes:

Figure 2-48. Use Removable Storage to manage removable media.



Media

Lists media by name, type, library, media pool, and state.


Media Pools

Lists the available media pools. Allows you to manage existing pools and create additional application pools.


Libraries

Lists the libraries available. Each library entry is associated with a specific removable media device available and configured on the system.


Work Queue

Lists the status of operations. Every listed operation has a specific state, such as waiting, in progress, or completed.


Operator Requests

Lists actions that an administrator needs to perform. The state of a request is listed as submitted, refused, or completed.

2.6.1.4. Configuring security for backup operations

By default, users can back up or restore their own folders and files but cannot back up or restore folders and files of other users. Other than this, only those granted the user rights Backup Files And Directories and Restore Files And Directories can back up and restore files. These are two separate rights, so you can assign one right or both. For example, you could create a Backup Admins group and assign this group the Backup Files And Directories user right. You could create a Restore Admins group and assign this group the Restore Files And Directories user right.

You can manage these and other user rights through local machine policy or group policy. The policy settings that control user rights are defined in Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.

On Domain Controllers, members of the Backup Operators, Server Operators, and Administrators group are granted both rights. On standalone and member servers, members of the Backup Operators and Administrators group are granted both rights. Although you can edit the related user rights policy settings to specify additional groups or users that should be able to back up and restore files, you can also simply make a group or user a member of the Backup Operators group. If you later decide the group or user shouldn't be able to back up or restore files, you can remove the group or user from the Backup Operators group.

2.6.2. Restoring Data from Shadow Copy Volumes

To supplement (and not replace) routine backups, you should use shadow copies to help protect against data loss. Shadow copies are point-in-time backups that can be used to recover previous versions of files. Once an administrator configures shadow copying, shadow copies are created automatically according to a set schedule. Using a shadow copy clienteither the Previous Version client or the Shadow Copy Clientusers can recover previous versions of files without needing help from an administrator.

The Previous Version client can be used with Windows 98, Windows 2000 SP3 or later, Windows XP, and Windows Server 2003. On these systems, the installer for the Previous Version client is stored in the %SystemRoot%\system32\clients\twclient\X86 folder and named twcli32.msi.

The Shadow Copy client installer, ShadowCopyClient.msi, is available for download from the Microsoft web site. Computers running Windows 2000 SP3 or later, Windows XP, and Windows Server 2003 can use this client.

Shadow copying works only on NTFS volumes and only for the shared folders on these volumes. By default, the Shadow Copy service will save up to 64 versions of each file in a shared folder. However, the maximum space usage allowed to Shadow Copy on a volume is limited to 10 percent of the volume size, by default. If the maximum allowed space is reached, the oldest previous versions of files will get overwritten or deleted to make room for new versions.

On a server, you can enable shadow copying of the shared folders on an NTFS volume by completing the following steps:

  1. Open Computer Management and connect to the computer you want to work with.

  2. Right-click Disk Management and click All Tasks Configure Shadow Copies.

  3. When prompted to confirm, click Yes. This enables shadow copies on the selected volume using the default settings.

Once enabled, shadow copies are created according to the defined schedule. The default schedule creates two shadow copies per day. Copies are created only for files that have been changed or deleted since the last shadow copy. You can retrieve a shadow copy following these steps:

  1. In Windows Explorer, right-click the network drive that contains the shadow copies, select Properties, and then click the Previous Versions tab. In My Network Places, navigate to a server node, right-click a share, select Properties, and then click the Previous Versions tab.

  2. Folders are listed by name and the time/date that the shadow copy was made. Click a folder entry, then click a button corresponding to the action to perform, from the following options:


    View

    Click View to open the shadow copy in Windows Explorer. Although you can copy files to other locations, you cannot delete files.


    Copy

    Click Copy to display the Copy Items dialog box, then use Copy Items to create a snapshot of the selected folder. You can then recover files from the snapshot folder.


    Restore

    Click Restore to restore the selected folder to a previous statethe state as of the shadow copy you selected. Because this could result in losing current data, you must confirm the restore by clicking Yes when prompted.


Tip: With Windows Server 2003 R2, administrators can use Disk Management to revert an entire volume to a previous shadow copy state. Right-click Disk Management and click All Tasks Configure Shadow Copies. Click the volume, click the shadow copy to recover, and then click the Revert button.
  1. Open the Backup Utility. If Backup starts in Wizard mode, click the Advanced Mode Link to switch to Advanced mode.

  2. On the Welcome tab, click the Restore Wizard button.

  3. Click Next.

  4. Under Items To Restore, expand the media item that you want to restore, and then expand the backup set that you want to restore.

  5. Select the checkbox for each volume, folder, file, or data set to recover. Selecting a volume or folder selects all the related folders and files. Selecting System State allows you to recover the System State.

  6. Click Next. By default, files are recovered to their original location. To change the recovery to an alternative location or folder, click the Advanced button, select the restore location, and then configure other advanced options as necessary.

  7. Click Finish to begin the restore.

System State data for a domain controller includes Active Directory data and SysVol files. The System State of a domain controller can only be restored using Directory Services Restore Mode startup option. When you start a domain controller, you can enter this mode by pressing F8 during bootup and then selecting Directory Services Restore Mode as the startup option.

Active Directory must be restored in one of the following ways:


Authoritatively

You use an authoritative restore only when you need to recover Active Directory and no other domain controller has the correct data. For example, if someone accidentally deletes a large number of user accounts, you could use an authoritative restore to recover the deleted accounts.

For an authoritative restore, restore the System State, and then use NTDSUTIL to recover to determine how the authoritative restore should be implemented. Do not reboot the computer after restoring the System State.


Nonauthoritatively

You use a nonauthoritative restore to restore a domain controller and allow it to get any necessary updates for Active Directory from other domain controllers.

For a nonauthoritative restore, restore the System State and then reboot the domain controller. In this state, the domain controller will get updates of its replica of Active Directory and SysVol from other domain controllers using normal replication.

Authoritative and non-authoritative restore of Active Directory are covered in Exam 70-294 and in Exam 70-296.




MCSE Core Required Exams in a Nutshell
MCSE Core Required Exams in a Nutshell: The required 70: 290, 291, 293 and 294 Exams (In a Nutshell (OReilly))
ISBN: 0596102283
EAN: 2147483647
Year: 2006
Pages: 95

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net