It is recommended to perform the tasks examined in the following sections on a monthly basis.
Maintaining File System Integrity
The physical disks on which ISA runs should be tested for file systemlevel integrity on a monthly basis with a utility such as CHKDSK. CHKDSK, included with Windows Server 2003, scans for file system integrity and can check for lost clusters, cross-linked files, and more. If Windows Server 2003 senses a problem, it runs CHKDSK automatically at startup.
To run CHKDSK maintenance on an ISA server, do the following:
If errors are detected, it is important to back up the system and perform the changes (using the /f switch) during designated maintenance intervals because there is an inherent risk of system corruption when CHKDSK is used in write mode. Without the switch, however, CHKDSK can be run as often as desired.
Testing the UPS
An uninterruptible power supply (UPS) can be used to protect the system or group of systems from power failures (such as spikes and surges) and keep the system running long enough after a power outage so that an administrator can gracefully shut down the system. It is recommended that an administrator follow the UPS guidelines provided by the manufacturer at least once a month. Also, monthly scheduled battery tests should be performed.
Once a month, an administrator should validate backups by restoring the backups to a server located in a lab environment. This is in addition to verifying that backups were successful from log files or the backup program's management interface. A restore gives the administrator the opportunity to verify the backups and to practice the restore procedures that would be used when recovering the server during a real disaster. In addition, this procedure tests the state of the backup media to ensure that they are in working order and builds administrator confidence for recovering from a true disaster.
ISA Server XML Export files can be validated if they are imported on test ISA servers in a lab environment. This activity can be performed on a monthly basis so that administrators become familiar with the process and are also provided with a current copy of the production ISA server(s) in the lab environment.
Updating Automated System Recovery Sets
Automated System Recovery (ASR) is a recovery tool that should be implemented in all Windows Server 2003 environments. It backs up the system state data, system services, and all volumes containing Windows Server 2003 system components. ASR replaces the Emergency Repair Disks (ERDs) used to recover systems in earlier versions of Windows.
After building a server and any time a major system change occurs, the ASR sets (that is, the backup and floppy disk) should be updated. Another best practice is to update ASR sets at least once a month. This keeps content in the ASR sets consistent with the current state of the system. Otherwise, valuable system configuration information may be lost if a system experiences a problem or failure.
To create an ASR set, do the following:
This process may take a while to complete, so be patient. Depending on the performance of the system being used and the amount of information to be transferred, this process could take several minutes to a few hours to complete.
An integral part of managing and maintaining any ISA environment is to document the network infrastructure and procedures. The following are just a few of the documents that should be considered for inclusion in an ISA environment:
As systems and services are built and procedures are ascertained, document these facts to reduce learning curves, administration, and maintenance.
It is not only important to adequately document the ISA environment, but it's often even more important to keep those documents up to date. Otherwise, documents can quickly become outdated as the environment, processes, and procedures change with business changes.
For more information on documenting an ISA environment, see Chapter 20, "Documenting an ISA Server 2004 Environment."