Routine Maintenance


You neglect routine maintenance tasks at your peril. Tasks such as backup, virus and spyware scanning, archiving, disk maintenance, data replication, and other services that secure your network services can consume a considerable percentage of your resources and budget. Still, the potential damage that can occur due to hardware or software errors greatly outweighs the cost of the insurance you purchase by staying on top of these services.

Note

The key to making routine maintenance work for you is to automate as many of these tasks as you possibly can. You shouldn't rely on manual methods for routine maintenance. Backups should be scheduled, as should all the other tasks involved in routine maintenance. You might need a scripting tool or scheduler utility to automate these tasks, but many of the utilities in this class come with their own schedulers as part of the package.


Backups

It's a little-appreciated fact that the average organization uses approximately 15% of its servers for backing up its corporate data. This means that 3 out of every 20 servers are backup servers. Therefore, backup should be one of the first services you deploy, and it should be one of the components that is fully specified with any server deployment. Every server should have at least two different backups that you can fall back on in case of problems. This is in addition to any hardware redundancies you build into the system.

Not too long ago, servers and workstations came with their own tape backup drives as part of the build. That's less true today, although it is still possible to incorporate tape systems such as LTO or SuperDLT to back up modern high-capacity disk drives and RAID systems. More often, you install tape libraries or tape carousels as tape systems. However, the large size of data now stored and the faster performance hard disks offer has tended to popularize disk-to-disk backup as the primary first-level backup system in use. As per-gigabyte disk prices have fallen so dramatically over the past few years, the price of disk-to-disk backup has begun to approach that of tape storage.

Disk backup can be mirrored, but more often a backup writes data by using a snapshot technology. A mirrored disk can provide failover, but a snapshot provides a historical record that you can fall back to. You aren't simply held captive to the current state of data on your disk; you can go back and restore to the data that existed on a particular date and time. A second-level backup can be archival to tape, but if you have the budget, it is best to have a second-level backup that provides a faster response time than that.

Among the market leaders in the backup software category are the following:

  • VERITAS Backup Exec

  • VERITAS NetBackup

  • EMC Legato NetWorker

  • EMC Dantz Retrospect

  • Computer Associates BrightStor ARCserve

  • CommVault Galaxy

  • IBM Tivoli Storage Manager

  • BakBone NetVault

  • St. Bernard Software's Open File Manager

Backup systems for enterprise applications are a little different from just standard XCOPY or block-oriented backup technologies. Many applications maintain system locks on their data files that make backups a more problematic proposition. To back up databases and messaging systems, you need to purchase software or specialized extensions for your backup software that can perform open file backup. These software packages are most often sold as packages aimed for particular applications, such as Microsoft Exchange, and they tend to command a higher price than general backup softwareoften two to five times the price of general backup software. Sometimes you can find software agents that are essentially client-side (even though they run on both servers and client systems) software modules for backup server applications.

Backup isn't sexy, but it is essential. If you find that backup services and the infrastructure necessary to support them don't represent at least 15% of your proposed budget either for an individual server's deployment or for a fleet of them, you need to go back to your project specification and take a careful look at whether you have really protected yourself.

Virus Scanning and Spyware Detection

Other essential routine network services these days are virus scanning, spyware detection, and problem removal. These services should run at all times, and it's best to take a multilevel approach to them. That is, you should employ these services on front-facing servers such as firewalls as your first-level detection, on your servers, and on your clients. Desktop systems can be scanned across the network or from a webservice, and many do not require that client software run locally on them; however, any system, such as a laptop, that travels should be protected by its own firewall, virus, and spyware programs. As with all other routine maintenance tasks, every system should have an automated system for running the service at regular and appropriate intervals.

Many of the vendors who sell antivirus software for PCs sell a version designed specifically for servers. Actually, in many cases, the opposite is true: Companies start out with a server antivirus program that then gets pushed out to the desktop. You'll find packages for servers that are specifically package to monitor email or databases, as well as those that are part of firewalls. This is a large category of software, and the following is a representative list of the better-known server-class antivirus solutions:

  • Trend Micro's ServerProtect

  • Data Fellows F-Secure Anti-Virus

  • Symantec's Corporate AntiVirus

  • Computer Associates's eTrust Antivirus

  • Alladdin's eSafe

  • F-Secure Anti-Virus

  • Kaspersky Lab's Anti-virus

  • McAfee's Anti-Virus

  • Panda Software's Titanium Anti-Virus

  • Sophos Anti-Virus

All these companies have Microsoft versions of their product, and almost all sell their products for other operating systems, such as Linux, NetWare, and others. You will also find that companies differentiate their product by market. Thus there may be a version for the desktop, one for small business users, another for enterprise-class deployments, some for firewalls and gateways, and versions for specific applications, such as Exchange or Domino.

Note

Microsoft maintains a list of antivirus partners that you can use as a jump page. It is found at www.microsoft.com/security/partners/antivirus.asp.


While viruses, worms, Trojans, and other security threats were and are early concerns, the growth of spyware software has become a more recent concern. Spyware sets up a monitoring situation or creates a security hole that can then be exploited (see for example, www.securitypipeline.com/56900521). Spyware is thus an extension of the antivirus threat. That being the case, you will often find antivirus products bundled with spyware-scanning software and other security utilities into what the vendors are calling "security suites."

The following are some of the products that include spyware-scanning capabilities:

  • Aluria Software's Paladin

  • Ashantipic Ltd.'s Spyware Defense

  • Blue Coat Systems's Proxy SG/Proxy AV, Spyware Interceptor, and WinProxy 6.0

  • Citadel Security Software's Hercules 3.5

  • Computer Associates's eTrust PestPatrol Anti-Spyware

  • Eset Software's NOD32

  • Intrusion's SpySnare

  • LANDesk Software's LANDesk Security Suite

  • Lavasoft Ad-aware SE Enterprise

  • McAfee's Anti-spyware Enterprise

  • PC Tools Software's Spyware Doctor

  • Sunbelt Software's CounterSpy and Counterspy Enterprise

  • SurfControl pic's SurfControl Enterprise Threat Shield

  • Tangent Computer's Packet Hawk

  • Webroot Software's Spy Sweeper and Spy Sweeper Enterprise

  • Websense's Websense Web Security Suite Lockdown Edition

  • Webwasher AG's (Cyberguard) Webwasher CSM Suite

Note

Network World maintains a database of networked security products. See its listing of spyware products at www.networkworld.com/bg/2004/spyware/results.jsp?_tablename=antispy_live.


Disk Defragmentation

Another common routine maintenance task is disk defragmentation (or defrag). Some server operating systems have built-in defragging technologies, but most don't. Windows is one operating system that does have built-in defragmenting; it's a scaled-back version of Executive Software's Diskeeper. A host of software products are available for disk defragmentation, but only a fewsuch as Raxco Software's PerfectDisk, Diskeeper, and Defrag Commanderare really geared to server systems.

Disk defragmentation software for servers isn't often necessary. A server's storage system employs multiple disk heads that access multiple disks for multiple users. Having contiguous files doesn't always make all that much difference in this instance, although it does make some difference when files are smaller, contiguous, and not already in memory. Some published studies suggest performance improvements of 7% to 11%, which, although not negligible, isn't substantial. If you run a background defrag service, you will probably negate this advantage, so if you do choose to defrag your disk system, you should only do so when fragmentation is high and at times of low server usage.




Upgrading and Repairing Servers
Upgrading and Repairing Servers
ISBN: 078972815X
EAN: 2147483647
Year: 2006
Pages: 240

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net