Chapter 17: Backing Up for a Rainy Day | Windows Server 2003 for Dummies

Having a backup recovery scheme for your organization's data is very important because of the critical business applications and functions that typically reside on networks. Without a plan in place to protect data, disruptions to an entire organization's data and workflow process can occur, resulting in loss of revenue.

Unfortunately, many organizations place little emphasis on protecting their data until an actual loss occurs. In this chapter, you find out about different methods for protecting your organization's data to prevent losses.

Why Bother Backing Up?

Backing up is the process of copying data from one location to another - either manually or unattended. Copying data from one directory on a hard disk to another directory on that same hard disk is effective until the hard disk crashes and both copies of the data are inaccessible. In addition, by copying the data to the same drive, you neglect to copy any of the security or account information. This means you have to re-enter that information manually. Don't you think it's a better idea to back up all files, such as system, application, and user data, to another physical medium, such as a tape or other backup device, and then rotate that device off-site periodically?

Many organizations place on a network their critical business functions and data, such as e-mail, accounting information, payroll, personnel records, and operations. Loss of just one segment of that information hinders an organization's operations, even if it's just for a short time. Imagine if the payroll information disappeared from the system, and all or some of the employees did not receive their checks on time. We wouldn't want to be there!

Data loss occurrences can be as simple as one corrupt file or as complex as the entire contents of a server's hard disk becoming unreadable. Organizations can avoid data loss problems almost entirely by backing up their networks on a regular basis.

All types of threats pose danger to data. Everything from fires to computer viruses can obliterate data on a network. Planning for each type of disaster can help you completely secure and restore your organization's data should that disaster occur.

Data loss on a network can occur in many ways. If you know what the potential threats are and plan for them, you can prevent both serious damage to your network and loss of data. We urge you to always back up your network and to rotate a recent copy off-site.

Following are some of the potential threats you and your network can encounter:

Hard disk crash: Even if you've built fault tolerance (such as mirroring or duplexing) into your server, don't expect those methods to always work and recover everything 100 percent. We've seen mirrored drives go out of synch without notice until the hard disk crashes. Without backups , you can lose all your data or segments of it. It's a good idea to complement mirroring and duplexing with regular backups.
Ungraceful shutdown: Every once in a while, you get a smart-aleck employee who hits the on/off switch to the server, causing it to shut down improperly. Most servers today come right back up - but not always. Shutting the server down in this manner can render the hard disks unreadable. You should put your servers in a secure location away from end users. And don't forget to back up on a regular basis!
Viruses: Many organizations connect to the Internet, allowing employees to download all types of data to the local area network that could introduce viruses. Viruses pose a real threat to organizations. One virus can ruin an entire computer and render it useless in a very short time. If this computer happens to be a server on your network, someone's going to be reading the employment classifieds. Installing virus protection software on the server allows you to check for viruses before they're stored on the server. Put a backup plan in place that allows you to restore the data on your network as it was before the introduction of the virus.
Environmental disasters: We've seen many organizations lose data during environmental disturbances, such as a bad storm . If lightning can zap the electronics in your home, imagine what it can do to the data on a network.

Some environmental disasters you should plan for include

Fire: One fire in a building or on a floor can annihilate an entire organization. If your organization loses everything in a fire, you'll be the savior if you produce a recent tape of the network that was sitting safely off-site somewhere. If you store your backup tapes on top of your server in the computer room, however, you'll be the one pounding the pavement.
Floods: Placing a computer room, server, or backup equipment in the basement or first floor of a building is a bad idea, particularly in flood-prone areas. One flood can obliterate an entire organization. Even if a flood does occur, you're safe with your backup tapes off-site - away from the flood zone.
Hurricanes: Hurricanes bring high winds and rain with them. Don't put your server or backup equipment in a computer room with outside windows . You could come back and find everything strewn around the computer room and sopping wet - and have no backup tapes to restore.
Temperature: Something as simple as placing a server or a backup machine in an enclosed room without proper air conditioning and ventilation can cause problems. Don't put a server or backup equipment in a small room with other heavy heat equipment, such as a copier , without cool air flowing through it. Buildings do shut down their air systems on weekends and holidays, and the heat can kill servers.

Some viruses have a gestation period; therefore, they can be inserted into your network but go unnoticed until after a set number of days. We've seen disgruntled employees place viruses on networks and then leave a company - 30 days later, a virus appears. Incorporate this thought into your backup plan by always backing up on a 30-day rotation scheme. If a virus like this is introduced onto your network, you can go back at least 30 days in your backup tapes to try to restore the network prior to the virus's introduction. If you have only a week's worth of backup, all the backups you have contain the virus. Virus software from Norton (http://www. symantec .com/) and McAfee (http://www. mcafee .com/) tend to have fewer conflicts with Windows 2003 than other brands of virus software.

Just how many types of backups are there?

The computer world has only five types of backup methods, and the same is true with the Windows 2003 backup facility. The five types of backups available in Windows Server 2003 are

Normal
Copy
Daily
Differential
Incremental

Before you can truly understand these backup methods, you have to understand a little attribute called the archive bit. Files have attributes , which are the properties of a file. One of the attributes found in Windows 2003 is the archive bit. After a file is created or modified, its archive bit is automatically reset by the operating system. This archive bit indicates that the file needs to be backed up, even if backup software is not installed or configured on the computer. Backup software looks for this bit to identify the status of files. Think of this as a seal on every file on your system. When the operating system, a user, or an application modifies the file, the seal is broken. The backup software then goes through the files and "re-seals" them by backing them up.

Normal

The normal backup copies all selected files and sets the archive bit, which informs the backup software that the files have been backed up. This type of backup is performed the first time computer data is backed up. Also, with this type of backup, only the last tape is required to restore all the files. (See the "Local backup" section later in this chapter for more information on tape backups.)

Copy

The copy backup is useful because it doesn't set the archive bit and, therefore, doesn't affect normal and incremental backups. It can be used to copy selected files between scheduled normal or incremental backups. (See the "Incremental" section later in this section for more information on incremental backups.)

Daily

The daily backup copies selected files that were changed the day the backup job started. A daily backup doesn't set the archive bit. This backup can be used to copy only those files that were changed on that day, and because the archive bit is not set, the regular backup would go on as usual.

Differential

Like the copy and daily backups, the differential backup also doesn't set the archive bit. It copies all files that were created or modified since the last normal or incremental backup. One practice is to use a combination of normal and differential backups to configure the backup job for the computer. In this combination, a normal backup is performed weekly, and differential backups are performed daily. If this is the backup job used and a restore is being performed, only the last normal and the last differential tapes are required.

Incremental

The incremental backup is similar to the differential backup in that it backs up only those files that have been created or modified since the last normal or incremental backup. Unlike differential backups, however, incremental backups do set the archive bit, which indicates that the files have been backed up. A combination of normal and incremental backups can be used to configure a backup job. In this combination, a normal backup is used once a week and incremental backups are performed on a daily basis. To restore the files using this type of backup combination, the last normal and all incremental sets are required.

Configuring a backup job to use this combination is fast and efficiently utilizes storage space, because only those files that were modified get backed up. However, it's important to note that a restoration is more difficult and takes longer compared to the combination of differential and normal backups, simply because you have to use a whole set of incremental tapes. This type of backup combination or configuration is ideal for an enterprise in which an Automated Tape Library (ATL) can be used. Using an ATL, the backup software controls the entire restore operation, including the decision to load the correct tape sequence using its robotic arm.

An ATL is basically a software-controlled backup system in which loading or changing tapes is not necessary. A typical ATL system is usually designed around a container/library, which can hold from just a few tapes to several hundred, with each tape identified by a unique bar code. Inside the library are one or several tape drives to read and write to tape. An ATL system also includes a mechanism responsible for moving the tape to and from the tape drive. This mechanism can be a robotic arm (in the case of large ATLs) or a simple system similar to those found in a cassette tape recorder. The backup software would control the entire operation by instructing the robotic arm to load a specific tape in a specific tape drive and start the backup or restore job.

Network versus local backup

When backing up information on a network, you have a choice between performing a network backup or a local backup. In this section, we cover the particulars of each option.

Network backup

Network backups are used in large network environments. When you use a network backup, a host computer is configured to backup remote computers attached to the host computer through the LAN. In this scenario, data travels from the remote computer over the network to reach the host computer - the one configured with the tape drive. After data is off-loaded from the network interface card (NIC) to the computer's bus, the data is treated as if it were a local backup. (See "The Windows 2003 Backup Facility" section, later in this chapter, for information on how to configure your server to back up a remote computer.)

The transfer rate can be a problem with this type of backup because data must traverse and share the LAN with regular traffic. It's more than likely that the LAN is designed around a 10-Mbps Ethernet or a 100-Mbps Fast Ethernet. In either case, data speed would be greatly reduced compared to the local backup. To deal with this problem and to accommodate the needs of an enterprise in which a large amount of data must be backed up each night, the industry has developed the Storage Area Network (SAN). In this architecture, all computers and storage device(s) are attached directly to the loop using a Fibre Channel Arbitrated Loop (FC-AL), which has a bandwidth of 100 Mbps. Furthermore, only computers and the backup device(s) share this bandwidth. Such architecture is expensive, but its benefits for the enterprise more than justify its high cost.

Local backup

The local backup configuration consists of a local tape drive attached to or installed in the computer by means of an Integrated Drive Electronics (IDE) or a Small Computer System Interface (SCSI) interface. Local backup is fast because when you use these interfaces, the tape drive is directly attached to the computer bus. On some of the new SCSI interfaces, such as the Ultra2 Wide SCSI, the transfer rate can reach 80 Mbps. It's more likely that this transfer rate won't be met, however, because the tape drive can achieve only from 4 to 10 Mbps, depending on the drive type. With today's advances in hardware, it's possible to get close to 15GB per hour .

Local backup is relatively inexpensive because it involves the price of only the tape drive, the tapes, and the price of a SCSI or an IDE interface, if required. Most computers are already configured with an extra IDE or a SCSI interface that can be used for this purpose. One additional cost is the price of a license for the backup software, if third-party software is required. However, Windows 2003 comes with powerful backup software that's free!

The backup tapes we use (Hewlett Packard DDS 3) hold up to 24GB of data. Depending how much data you have to back up and the type of tape you're using, you may need more than one tape to hold all your data.

Understanding the technology

Regardless of whether you choose a network or local backup, and regardless of how often you decide to back up, you need to understand some terminology and technology about the equipment used in backup systems and the different methods.

Online, nearline, offline

You hear a lot of buzz about online, nearline, and offline storage options. Choose the method that suits your organization's retrieval time and effort, depending on how often you find yourself restoring data and how fast you want data retrieved. Descriptions of these three backup types follow:

Online: This type of backup is typically performed on your server, usually in the form of a second hard disk that is mirrored or duplexed. Data is readily available to users through their desktops with no intervention from you except that you must regularly check the status of this fault tolerance. Drives can go out of synch without notice unless you monitor the drives manually or through software.
Nearline: This type of backup is performed on a device attached to the network. A nearline backup requires some work on your part because it usually uses some method unknown to the user, such as compression techniques. The data is there, but your users won't know how to perform functions, such as decompressing the files, to access the data.
Offline: This type of backup involves devices that include their own software and hardware and are separate from the server. You need to know how to operate these devices because the users won't know how or might not have the security access to do so. These devices are typically the slowest because data must go from the server to another device. Many organizations place these devices on the network backbone and connect them through fiber- optic cable for higher transmission rates.

As you progress downward in the preceding bulleted list, options become more expensive, it takes longer for you to retrieve information, and more interaction on your part is required.

What's in the hardware?

Backup systems are composed of backup units, backup media, and software components (oh, and you, the operator). The systems come in all sizes, shapes , and dollar signs, depending on your needs. In this section, we describe the most common ones you encounter so you can talk with your vendor about meeting your network needs.

Backup units

A backup unit is hardware that can be as simple as a tape device with one slot or as complex as a jukebox platter system with mechanical arms. If you have small data-storage requirements, a simple tape backup unit that has more capacity than your server will suffice. These units are not that expensive and are available at local computer stores. Some of these units can be daisy-chained if you need more space and don't want to be present to change the tapes.

If your organization has lots of data to back up, you might consider a jukebox approach. A jukebox is a device that looks like a little computer tower with a door. Inside, it has several slots plus a mechanical arm that can insert and move around tapes or CDs. With this type of system, you typically can insert a week's worth of backup tapes and let the system back up unattended.

Another option is magneto-optical (MO) drives , which use a combination of magnetic and optical technologies for rewritable backups. The advantage of this technology is that it performs random access retrievals, which are faster than sequential retrievals. The units are not expensive, but the medium is. If you have large data requirements and need fast retrieval, look into this technology.

Each type of backup unit will have some sort of slot where the medium is placed. The size of this slot depends on the unit. Some come in 4mm, 8mm,