Backing Up Specific Windows Services

 < Day Day Up > 

Most Windows Server 2003 services that contain a database or local files are backed up with the system state but also provide alternate backup and restore options. Because the system state restore is usually an all-or-nothing proposition, except when it comes to cluster nodes and domain controllers, restoring an entire system state might deliver undesired results if only a specific service database restore is required. This section outlines services that either have separate backup/restore utilities or require special attention to ensure a successful backup.

Disk Configuration (Software RAID Sets)

Disk configuration is not a service but should be backed up to ensure that proper partition assignments can be restored. When dynamic disks are used to create complex volumessuch as mirrored, striped, spanned , or RAID 5 volumesthe disk configuration should be saved. This way, if the operating system is corrupt and needs to be rebuilt from scratch, the complex volumes need to have only their configuration restored, which could greatly reduce the recovery time. Only an ASR backup can back up disk and volume configuration.

Certificate Services

Installing Certificate Services creates a Certificate Authority (CA) on the Windows Server 2003 system. The CA is used to manage and allocate certificates to users, servers, and workstations when files, folders, email, or network communication needs to be secured or encrypted. In many cases, the CA is a completely separate secured CA server; however, many organizations use their Exchange server as a CA server. This might be because of a limited number of servers with several services installed on a single server, or because the organization wants to use SSL for secured Outlook Web Access and installs Certificate Services on the Exchange server. Whatever the case, the CA needs to be backed up whether on the Exchange server or on a different server; if the CA server crashes and needs to be restored, it can be restored so users can continue to access the system after recovery.

CAUTION

For security purposes, it is highly recommended that the certificate services be enabled on a server other than the Exchange server. Definitely do not have the CA services on an Outlook Web Access server that is exposed to the Internet. The integrity of certificate-authenticated access depends on ensuring that certificates are issued only by a trusted authority. Any compromise to the CA server invalidates an organization's ability to secure its communications.


When the CA allocates a certificate to a machine or user , that information is recorded in the certificate database on the local drive of the CA. If this database is corrupted or deleted, all certificates allocated from this server become invalid or unuseable. To avoid this problem, the certificates and Certificate Services database should be backed up frequently. Even if certificates are rarely allocated to new users or machines, backups should still be performed regularly.

Certificate Services can be backed up in three ways: backing up the CA server's system state, using the CA Microsoft Management Console (MMC) snap-in, or using the command-line utility Certutil.exe . Backing up Certificate Services by backing up the system state is the preferred method because it can be easily automated and scheduled. But using the graphic console or command-line utility adds the benefit of being able to restore Certificate Services to a previous state without restoring the entire server system state or taking down the entire server for the restore.

To create a backup of the Certificate Authority using the graphic console, follow these steps:

  1. Log on to the Certificate Authority server using an account with Local Administrator rights.

  2. Open Windows Explorer and create a folder named CaBackup on the C: drive.

  3. Select Administrative Tools, Certificate Authority.

  4. Expand the Certificate Authority server and select the correct CA.

  5. Select Actions, All Tasks, Back Up CA.

  6. Click Next on the Certification Authority Backup Wizard Welcome screen.

  7. On the Items to Back Up page, check the Private Key and CA Certificate box and the Certificate Database and Certificate Database Log box, as shown in Figure 31.5.

    Figure 31.5. Selecting items for the Certificate Authority backup.

    graphics/31fig05.jpg

  8. Specify the location to store the CA backup files. Use the folder created in the beginning of this process. Click Next to continue.

  9. When the CA certificate and private key are backed up, this data file must be protected with a password. Enter a password for this file, confirm it, and click Next to continue.

    NOTE

    To restore the CA private key and CA certificate, you must use the password entered in step 9. Store this password in a safe place, possibly with the Master account list.

  10. Click Finish to create the CA backup.

Internet Information Services

Internet Information Services (IIS) is Windows Server 2003's Web and FTP server. It is included on every version of the Windows Server 2003 platform. IIS stores configuration information for Web and FTP site configurations and security in the IIS metabase. The IIS metabase can be backed up by performing a system state backup of the server running IIS, but it can also be backed up using the IIS console. The IIS metabase should be backed up separately before and after an IIS configuration change is made to ensure a successful rollback and to have the latest IIS configuration data backed up after the update.

To back up the IIS metabase using the IIS console, use the following steps:

  1. Log on to the IIS server using an account with Local Administrator access.

  2. Click Start, All Programs, Administrative Tools, Internet Information Services (IIS).

  3. If the local IIS server does not appear in the window, right-click Internet Information Services in the left pane and select Connect.

  4. Type in the fully qualified domain name for the IIS server and click OK.

  5. Right-click the IIS server in the left pane and select All Tasks, Backup/Restore Configuration.

  6. The Configuration Backup/Restore window lists all the automatic IIS backups that have been created. Click the Create Backup button.

  7. Enter the backup name and, if necessary, check the Encrypt Backup Using Password box, enter and confirm the password, and click OK when you're finished, as shown in Figure 31.6.

    Figure 31.6. Creating an IIS configuration backup.

    graphics/31fig06.gif

  8. When the backup is complete, it is listed in the Configuration Backup/Restore window. Click Close to return to the IIS console.

Before a change is made to the IIS configuration, a backup should be manually created. When the change is completed, the administrator should either perform another backup or choose the option to save the configuration to disk. The administrator can save new IIS configuration changes to disk by right-clicking the IIS server, selecting All Tasks, and then choosing Save Configuration to Disk. This option works correctly only after a change has been made that has not yet been recorded in the IIS metabase.

 < Day Day Up > 


Microsoft Exchange Server 2003 Unleashed
Microsoft Exchange Server 2003 Unleashed (2nd Edition)
ISBN: 0672328070
EAN: 2147483647
Year: 2003
Pages: 393
Authors: Rand Morimoto

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net