Before you can choose a backup solution, you must first choose a backup medium. The three most prevalent backup media types are tape , magnetic media (such as a hard drive), and optical media (such as CD and DVD). Each medium has its advantages and disadvantages. For example, magnetic media is definitely inexpensive; just take a look at how much money high-capacity hard drives are running these days. However, keeping in mind that it's a good idea to store completed backup media off-site (preferably in a fire/weather resistant safe), you might find yourself a bit inconvenienced in carrying eight or nine hard drives across the parking lot to the safe each week. Tape drives are definitely high capacity devices and much easier to carry to the off-site location, but the drive mechanism that runs them may be prone to breakdowns. A good tape drive is also an expensive acquisition, as a multi-tape auto-loading mechanism can run thousands of dollars, and that's minus any tapes! Optical media has the advantage of being inexpensive and resistant to magnetic/static forces that can wreck havoc on the other two media types, but it can be slow to run backups and restores , and capacities are not yet as high as the other two media.
For more information on the various types of backup media, check these links:
Windows' native backup utility, simply called ntbackup (or just Backup ), backs up a server's data to a backup set . A backup set can be stored on any supported medium, such as tape or another hard drive. Data is copied from the server being backed up to the backup set where it can be retrieved in the event of an emergency.
There are five types of backup methods that ntbackup uses:
Each of these backup methods differs in the way that the files being backed up are treated. The magic word to remember here is the archive attribute . Right-click any file on any of your Windows servers, choose Properties , and click the Advanced button in the bottom right corner. Notice the checkbox labeled File is ready for archiving . This checkbox is what ntbackup keys off of when it performs the various types of backups listed above. If the box is checked, the file gets backed up. If the box is unchecked, it doesn't get backed up. This checkbox is checked by default on all files, which makes sense as they haven't been backed up yet.
Each of the five backup types reacts to the archive attribute differently.
A normal backup is pretty much what it sounds like, and is the simplest to perform. It backs up everything it touches. This is the type of backup that you might want to start with when you are performing your first backup. Once a normal backup runs, the archive attribute checkbox on all files being backed up is cleared. This simply means that the file has been backed up. The archive attribute stays unchecked until the file in question is modified in any way. Once the file is modified, the box is re-checked. This tells ntbackup that the file has changed, and that it should be backed up again on the next backup session. A normal backup can take a very long time to perform because it is backing up everything it touches. Each time a normal backup is run, the archive attribute on each file is re-checked and then unchecked once the backup completes.
An incremental backup differs from a normal backup in that it only backs up files that have changed since the last normal or incremental backup (that is, those files that have the archive attribute checked). After it backs up these changed files, it clears the archive attribute, marking these files as backed up. Because this backup method only backs up those files which have changed, and then marks them as backed up so that they do not get backed up again (unless they change again, of course), the incremental backup is the most efficient backup method in terms of space usage on your backup device. It also performs the fastest backups because it does not have to back up as much data in a given session. However, incremental backups may take a very long time to restore data if you have run multiple incremental backup sessions. For example, let's say that you have run a normal backup on a domain controller on Monday, and then run incremental backups on Tuesday through Friday. Because each incremental session only contains data that has changed since the last incremental session, the restore process must "climb down the ladder", starting with the initial normal backup and followed by each incremental backup. So to completely restore the example domain controller here, we must restore Monday's normal backup and each incremental backup from Tuesday, Wednesday, Thursday, and Friday in order to completely restore our domain controller. The advantage of incremental backups is reduced media capacity requirements and speed of backup. The disadvantage is a slower and more complicated restore process.
A differential backup backs up all files that have changed since the last normal or incremental backup. Now that sounds familiar, doesn't it? However, unlike normal or incremental backups, differential backups do not clear the archive attribute. Because of this, running multiple differential backups may result in the same file being backed up more than once, even if it has not changed since the last differential backup. This is because the archive attribute does not get cleared, so as far as ntbackup is concerned , the file has never been backed up. To illustrate the advantage of the differential backup, let's say that you backup your domain controller using a normal backup on Monday, and use differential backups on Tuesday through Friday. Obviously, you're going to be backing up more information versus an incremental strategy, thereby requiring more backup media space and time, as files can and will get backed up more than once, even if they have not changed. However, where a differential backup really shines is in its restoration process. Since a differential backup keeps a "running total" of all files backed up since the first normal backup, we only need the first normal backup and the last differential backup to restore a system to full working order. So while backup times may take longer to perform and may require more backup media space, restores are much faster.
A copy backup completely ignores the archive attribute (it neither clears nor selects the archive attribute). It backs up everything that you select. A copy backup is useful if you want to create a "backup in-between backups" without affecting the archive attribute.
Similar to the copy backup, the daily backup completely ignores the archive attribute (it neither clears nor selects it). However, it backs up only those files that you select and that have changed during the day in which the backup is run.
The following illustration depicts the two most used types of backup.
In this tutorial, we back up the denver domain controller (DC02). In order to do this, ensure that you have a separate hard drive (or hard drive partition) connected to DC02. We use this second hard drive to act as our backup media, and we only back up the system drive (C drive).
On DC02, click Start ˆ’ > Run . Type ntbackup .
The Windows Backup utility appears. Click Next . Select Back up files and settings and click Next .
Select Let me choose what to back up and click Next .
Expand the plus sign (+) next to My Computer and place checks in the items labeled Local Disk (C:) and System State . The system state is a very important component of the backup set, as it contains the Active Directory information, as well as the server's registry. Click Next .
Leaving the backup type set to File (the default setting when backing up to another hard drive), choose a location for the backup on your second hard drive. For the purposes of this tutorial, we have chosen a directory located on the E drive named ntbackup . Name this backup set Backup - Normal . Click Next .
The next screen represents a summary of our backup options. Click the Advanced button in the bottom right of the window. In the field labeled Select the type of backup , select Normal . Click Next .
Place a check in the option labeled Verify data after backup . With verification turned on, the entire backup process may take longer. However, it's a small price to pay to ensure that your backups are being performed accurately. Click Next .
Since we are starting with a brand new backup, select the option labeled Replace the existing backups . Click Next .
Since we wish to perform this backup immediately, click the option labeled Now and click Next . Click Finish . The backup proceeds normally, and may take some time to complete (On a 2Ghz Pentium 4 Windows Server 2003 system, our backup times lasted as long as 30 minutes). Once the backup completes, click Close and reboot DC02 .
|Get Info|| |
Before the backup actually runs, you may have noticed a message stating " preparing to back up using Shadow Copy " Not meant to cloud men's minds, the shadow copy is a process that allows ntbackup to back up files that are open and in use. It does this by creating a kind of temporary "cloned" copy of all data to be backed up, and performs the backup procedure using this clone. In this way, users may continue working from the server while a backup runs (Note: even though ntbackup is able to back up files that are open and in use by others, it's still good backup policy to back up the server when it is at its most idle state, such as late at night or after workers have gone home for the day)
Re-open ntbackup . Using the same steps outlined previously in this tutorial, create a new backup set backing up the C drive and the system state. Name this second backup set Backup - Differential A , and make this a Differential backup (see step 6 for details on changing the backup type). Be sure to select Replace the existing backups , and run the backup immediately. Again, the backup may take a bit of time to complete, as it is backing up all data that has changed since the last normal backup. Once the backup completes, reboot DC02 .
Last but not least, create a third backup set, make it a differential backup, and name it Backup - Differential B . Once the backup completes, reboot DC02 .
We have run three backups: one normal and two differential. If our system becomes compromised and we need to restore it to a working condition, we need to perform two steps: restore the normal backup, restart the server, and restore the most recent differential backup (Note: if we had performed incremental backups instead of differential backups, we would have to restore the normal backup, restart the server, restore the first incremental backup, restart the server, and then restore the second incremental backup. Herein is the disadvantage of the incremental backup: potentially long restore times) .