Windows Server 2008 Inside Out- P29

Chia sẻ: Thanh Cong | Ngày: | Loại File: PDF | Số trang:50

0
58
lượt xem
10
download

Windows Server 2008 Inside Out- P29

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Tham khảo tài liệu 'windows server 2008 inside out- p29', công nghệ thông tin, quản trị mạng phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả

Chủ đề:
Lưu

Nội dung Text: Windows Server 2008 Inside Out- P29

  1. Managing Failover Clusters and Their Resources 1367 Configuring Print Settings for a Clustered Print Server You can configure a printer for a clustered print server by completing the following steps: 1. In Failover Cluster Management, expand the node for the cluster you want to work with by double-clicking it. If the cluster you want to work with is not listed, connect to it. 2. Expand the cluster’s Services And Applications node. 3. Right-click the clustered print server and then select Manage Printers. This opens Print Management with a Failover Cluster Management interface. 4. Under Print Management ensure that the clustered print server or the cluster node is listed. If it is not, right-click Print Servers and then select Add/Remove Servers. Type the host name or IP address of the clustered print server and then click Add To List. 5. Right-click the clustered print server and then click Add Printer. This starts the Chapter 39 Add Printer wizard. 6. Follow the prompts to create the shared printer. This is the same wizard that you use with nonclustered servers. After you’ve added the printer, you can manage it as you would any other printer.
  2. CHAPTER 40 Disaster Planning Preparing for a Disaster . . . . . . . . . . . . . . . . . . . . . . . . 1369 Disaster Preparedness Procedures. . . . . . . . . . . . . . . . 1373 A sk three different people what their idea of a disaster is and you’ll probably get three different answers. For most administrators, the term disaster probably means any scenario in which one or more essential systems, services, or applications cannot operate and the prospects for quick recovery are less than hopeful—that is, a disaster is something a service reset or system reboot won’t fi x. To ensure that operations can be restored as quickly as possible in a given situation, every network needs a clear disaster recovery plan. In this chapter, I’m not going to mince words and try to explain why you need to plan for disasters. Instead, I’m going to focus on what you need to do to get ready for the inevitable, because worst-case scenar- ios can and do happen. I’m also going to discuss predisaster preparation procedures. Preparing for a Disaster Chapter 38, “Planning for High Availability,” went into detail about planning for highly available, scalable, and manageable systems. Many of the same concepts go into disas- ter planning. Why? Because, at the end of the day, disaster planning involves imple- menting plans that ensure the availability of systems and services. Remember that part of disaster planning is applying some level of contingency planning to every essential network service and system. You need to implement problem escalation and response procedures. You also need a standing problem-resolution document that describes in great detail what to do when disaster strikes. Developing Contingency Procedures You should identify the services and systems that are essential to network operations. Typically, this list will include the following components: Network infrastructure servers running Active Directory, Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), Terminal Services, and Routing and Remote Access Service (RRAS) File, database, and application servers, such as servers with essential fi le shares or those that provide database or e-mail services Networking hardware, including switches, routers, and firewalls 1369
  3. 1370 Chapter 40 Disaster Planning Use Chapter 38 to help you develop plans for contingency procedures in the following areas: Physical security Place network hardware and servers in a locked, secure access facility. This could be an office that is kept locked or a server room that requires a passkey to enter. When physical access to network hardware and servers requires special access privileges, you prevent many problems and ensure that only autho- rized personnel can get access to systems from the console. Data backup Implement a regular backup plan that ensures that multiple data- sets are available for all essential systems, and that these backups are stored in more than one location. For example, if you keep the most current backup sets on-site in the server room, you should rotate another backup set to off-site stor- age. In this way, if disaster strikes, you will be more likely to be able to recover operations. Fault tolerance Build redundancy into the network and system architecture. At the server level, you can protect data using a redundant array of independent disks (RAID) and guard against component failure by having spare parts at hand. These precautions protect servers at a very basic level. For essential services such as Active Directory, DNS, and DHCP, you can build in fault tolerance by deploy- ing redundant systems using techniques discussed throughout this book. These same concepts can be applied to network hardware components such as routers and switches. Recovery Every essential server and network device should have a written recovery plan that details step by step what to do to rebuild and recover it. Be as detailed and explicit as possible and don’t assume that the readers know any- Chapter 40 thing about the system or device they are recovering. Do this even if you are sure that you’ll be the one performing the recovery—you’ll be thankful for it, trust me. Things can and do go wrong at the worst times, and sometimes, under pressure, you might forget some important detail in the recovery process—not to mention that you might be unavailable to recover the system for some reason. Power protection Power-protect servers and network hardware using an uninter- ruptible power supply (UPS) system. Power protection will help safeguard serv- ers and network hardware from power surges and dirty power. Power protection will also help prevent data loss and allow you to power down servers in an appro- priate fashion through manual or automatic shutdown. Implementing Problem Escalation and Response Procedures As part of planning, you need to develop well-defined problem escalation procedures that document how to handle problems and emergency changes that might be needed. You need to designate an incident response team and an emergency response team. Although the two teams could consist of the same team members, the teams differ in fundamental ways.
  4. Preparing for a Disaster 1371 Incident response team The incident response team’s role is to respond to secu- rity incidents, such as the suspected cracking of a database server. This team is concerned with responding to intrusion, taking immediate action to safeguard the organization’s information, documenting the security issue thoroughly in an after-action report, and then fi xing the security problem so that the same type of incident cannot recur. Your organization’s security administrator or network security expert should have a key role in this team. Emergency response team The emergency response team’s role is to respond to service and system outages, such as the failure of a database server. This team is concerned with recovering the service or system as quickly as possible and allow- ing normal operations to resume. Like the incident response team, the emergency response team needs to document the outage thoroughly in an after-action report, and then, if applicable, propose changes to improve the recovery process. Your organization’s system administrators should have key roles in this team. SIDE OUT Using and configuring a UPS Putting in a UPS requires a bit of planning, because you need to look not only at serv- ers but also at everything in the server room that requires power. If the power goes out, you want to have ample time for systems to shut down in an orderly fashion. You may also have some systems that you do not want to be shut down, such as routers or servers required for security key cards. In most cases, rather than using individual UPS devices, you should install enterprise UPS solutions that can be connected to several servers or components. Chapter 40 After you install a UPS, you can configure servers to take advantage of the UPS using the management software included with the UPS. You can then configure the way a server reacts when it switches to battery power. Typically, you’ll want servers to start an orderly shutdown within a few minutes of switching to battery power. In your planning, remember that 90 percent of power outages last less than 5 minutes and 99 percent of power outages last less than 60 minutes. With this in mind, you may want to plan your UPS implementation so that you can maintain 7 to 10 minutes of power for all server and network components and 60 to 70 minutes for critical systems. You would then configure all non-critical systems to shut down automatically after 5 minutes, and critical systems to shut down after 60 minutes. Creating a Problem Resolution Policy Document Over the years, I’ve worked with and consulted for many organizations, and I’ve often been asked to help implement information technology (IT) policy and procedure. In the area of disaster and recovery planning, there’s one policy document that I always use, regardless of the size of the company I am working with. I call it the problem resolution policy document.
  5. 1372 Chapter 40 Disaster Planning The problem resolution policy document has the following six sections: Responsibilities The overall responsibilities of IT and engineering staff during and after normal business hours should be detailed in this section. For an orga- nization with 24/7 operations, such as a company with a public Web site main- tained by internal staff, the after-hours responsibilities section should be very detailed and let individuals know exactly what their responsibilities are. Most organizations with 24/7 operations will designate individuals as being “on call” 7 days a week, 365 days a year, and in that case, this section should detail what being “on call” means, and what the general responsibilities are for an individual on call. Phone roster Every system and service that you’ve identified in your planning as essential should have a point of contact. For some systems, you’ll have several points of contact. Consider, for example, a database server. You might have a sys- tem administrator who is responsible for the server itself, a database administra- tor who is responsible for the database running on the server, and an integration specialist responsible for any integration components running on the server. Note The phone roster should include both on-site and off-site contact numbers. Ideally, this means that you’ll have the work phone number, cell phone number, and pager number of each contact. It should be the responsibility of every individual on the phone roster to ensure that contact information is up to date. Chapter 40 Key contact information In addition to a phone roster, you should have contact numbers for facilities and vendors. The key contacts list should include the main office phone numbers at branch offices and data centers, and contact numbers for the various vendors that installed infrastructure at each office, such as the building manager, Internet service provider (ISP), electrician, and network wiring specialist. It should also include the support phone numbers for hardware and software vendors and the information you’ll be required to give in order to get service, such as customer identification number and service contract information. Notification procedures The way problems get resolved is through notification. This section should outline the notification procedures and the primary point of contact in case of outage. If many systems and services are involved, notification and primary contacts can be divided into categories. For example, you may have an external systems notification process for your public Internet servers and an internal systems notification process for your intranet services. Escalation When problems aren’t resolved within a specific timeframe, there should be clear escalation procedures that detail whom to contact and when. For example, you might have level 1, level 2, and level 3 points of contact, with level 1 contacts being called immediately, level 2 contacts being called when issues
  6. Disaster Preparedness Procedures 1373 aren’t resolved in 30 minutes, and level 3 contacts being called when issues aren’t resolved in 60 minutes. Note You should also have a priority system in place that dictates what types of incidents or outages take precedence over others. For example, you could specify that service-level outages, such as those that involve the complete system, have priority over an isolated outage involving a single server or application, but that suspected security incidents have priority over all other issues. Post-action reporting Every individual involved in a major outage or incident should be expected to write a post-action report. This section details what should be in that report. For example, you would want to track the notification time, actions after notification, escalation attempts, and other items that are important to improving the process or preventing the problem from recurring. Every IT group should have a general policy with regard to problem resolution proce- dures, and this policy should be detailed in a problem resolution policy document or one like it. The document should be distributed to all relevant personnel throughout the organization, so that every person who has some level of responsibility for ensur- ing system and service availability knows what to do in case of an emergency. After you implement the policy, you should test it to help refi ne it so that the policy will work as expected in an actual disaster. Chapter 40 Disaster Preparedness Procedures Just as you need to perform planning before disaster strikes, you also need to per- form certain disaster preparedness procedures. These procedures ensure that you are able to recover systems as quickly as possible when a disaster strikes and include the following: Backups Startup repair Recovery disks Startup and recovery options Recovery Console Performing Backups You should perform regular backups of every Windows Server 2008 system. Backups can be performed using several techniques. Most organizations choose a combination of dedicated backup servers and per-server backups. If you use professional backup
  7. 1374 Chapter 40 Disaster Planning software, you can use one or more dedicated backup servers to create backups of other servers on the network, and then write the backups to media on centralized backup devices. If you use per-server backups, you run backup software on each server that you want to back up and store the backup media on a local backup device. By combining the techniques, you get the best of both worlds. With dedicated backup servers, you purchase professional backup software, a backup server, and a scalable backup device. The initial costs for purchasing the required equipment and the time required to set up the backup environment can be substantial. However, after the backup environment is configured, it is rather easy to maintain. Centralized backups also offer substantial time savings for administrators, because the backup process itself can be fully automated. With per-server backups, you use a backup utility to perform manual backups of indi- vidual systems. The primary tool for performing per-server backups is the Windows Server Backup utility, which is discussed in Chapter 41, “Backup and Recovery.” Because this tool is included with Windows Server 2008, there is no initial cost for implementation. However, because the backup options are fairly limited, the process may require more time than using centralized backup servers. Using Startup Repair Like Windows Vista, Windows Server 2008 has several automatic repair features. If the boot manager or corrupted system file is preventing startup, the Startup Repair wizard is started automatically and will initiate repair of the server. The Startup Repair wizard can be helpful if one or more of the following problems are preventing startup: Chapter 40 A virus infection in the master boot record A missing or corrupt boot manager A boot configuration data store with bad entries A corrupted system file Although Startup Repair typically runs automatically, you can manually initiate this feature using the Windows installation disc. For this reason, part of your recovery plan- ning should include ensuring that a Windows installation disc is available for each hardware architecture used in your server deployments. With a Windows installation disc, you can manually run Startup Repair by completing the following steps: 1. Insert the Windows installation disc for the hardware architecture and then boot from the installation disc by pressing a key when prompted. If the server does not allow you to boot from the installation disc, you may need to change firmware options to allow booting from a CD/DVD-ROM drive.
  8. Disaster Preparedness Procedures 1375 2. If Windows Setup doesn’t start automatically, select Windows Setup (EMS Enabled) on the Windows Boot Manager menu to start Windows Setup. 3. On the Install Windows page, select the language, time, and keyboard layout options that you want to use. Click Next. 4. When prompted, do not click Install Now. Instead, click the Repair Your Computer link in the lower-left corner of the Install Windows page. This starts the System Recovery Options wizard. Keep the following in mind: If the boot manager is damaged, the wizard will repair it at this point to obtain a list of available operating systems. If a server has only one operating system, click Next to continue. If your server has multiple operating systems, you’ll need to select the oper- ating system to use and then click Next. If a server has multiple operating system and the operating system you want to use is unavailable, click Load Drivers to load the drivers for your server’s hard disks. 5. On the System Recovery Options page, click Command Prompt to access the MINWINPC environment. As discussed in Chapter 3, “Installing Windows Server 2008,” the mini Windows PC environment gives you access to the command-line tools listed in Table 3-5 on page 90. 6. At the command prompt, enter cd recovery to access the X:\Sources\Recovery directory. 7. At the command prompt, enter startrep to run the Startup Repair wizard. Follow Chapter 40 the prompts to attempt to repair the server and enable startup. Getting Outside Help As part of your disaster planning you should plan for scenarios where you or another administrator are unable to recover a server and need help. A key part of this planning includes the escalation procedures discussed previously, where you contact more senior administrators when necessary. When escalation fails and you need to get a server back online, you may need to turn to outside help. Windows Server 2008 includes a facility for obtaining diagnostic information during setup and recovery, and then delivering this information to Microsoft Product Support. This diagnostic information comes from the Windows diagnostics and troubleshooting logs and can help diagnose problems that are preventing installation or recovery. To share troubleshooting information about the server with Microsoft Product Support, follow these steps: 1. Insert the Windows installation disc for the hardware architecture and then boot from the installation disc by pressing a key when prompted. If the server does not allow you to boot from the installation disc, you may need to change firmware options to allow booting from a CD/DVD-ROM drive.
  9. 1376 Chapter 40 Disaster Planning 2. If Windows Setup doesn’t start automatically, select Windows Setup (EMS Enabled) on the Windows Boot Manager menu to start Windows Setup. 3. On the Install Windows page, select the language, time, and keyboard layout options that you want to use. Click Next. 4. When prompted, do not click Install Now. Instead, click the Repair Your Computer link in the lower-left corner of the Install Windows page. This starts the System Recovery Options wizard. Keep the following in mind: If the boot manager is damaged, the wizard will repair it at this point to obtain a list of available operating systems. If a server has only one operating system, click Next to continue. If your server has multiple operating systems, you’ll need to select the oper- ating system to use and then click Next. If a server has multiple operating system and the operating system you want to use is unavailable, click Load Drivers to load the drivers for your server’s hard disks. 5. On the System Recovery Options page, click Command Prompt to access the MINWINPC environment. As discussed in Chapter 3, “Installing Windows Server 2008,” the mini Windows PC environment gives you access to the command-line tools listed in Table 3-5 on page 90. 6. Insert a floppy disk into the server’s floppy disk drive or a USB flash drive into a USB port. This ensures that the disk or flash drive is available when you start the wizard. Chapter 40 7. Change directories to X:\Sources\Recovery by typing cd recovery. 8. Start the Microsoft Product Support Service wizard by typing psswiz at the command prompt. When the wizard starts, write down the contact information provided, including the support phone number. This information is different depending on your locale. 9. Select the drive letter of the floppy disk or flash device and then click Next to save the data. Remove the floppy disk or flash device. 10. On another computer that is started and connected to the Internet, insert the floppy disk or flash device and then contact Microsoft Product Support. Follow the instructions given to you by Microsoft Product Support. Note You don’t necessarily need to deliver this information to Microsoft Product Support. You can just as easily deliver this information to a senior administrator or a skilled technical expert on staff who is not in the office currently or is located at another office. On the floppy disk or flash device, the diagnostics files are created as standard text files. You can open these files in any text editor or easily add them to an e-mail message.
  10. Disaster Preparedness Procedures 1377 Other Windows Recovery Environment Features As long as the CPU architectures are the same, you can use any Windows installa- tion disc to recover any server running Windows Server 2008. Once you access the Windows Recovery Environment by selecting the Repair Your Computer option, you can access the following tools: Windows Complete PC Restore Allows you to recover a server’s operating sys- tem or perform a full system recovery. With an operating system or full system recovery, make sure your backup data is available and that you can log on with an account that has the appropriate permissions. With a full system recovery, keep in mind that existing data that was not included in the original backup will be deleted when you recover the system. This includes any volumes that are cur- rently used by the server but were not included in the backup. Windows Memory Diagnostics Tools Allows you to diagnose a problem with the server’s physical memory. Three different levels of memory testing can be per- formed: basic, standard, or extended. The basic memory tests are: MATS+, INVC, and SCHCKR (cache enabled). The standard memory tests include all the basic tests, plus LRAND, CHCKR3, WMATS+, WINVC, and STRIDE6 (cache enabled). The extended memory tests include all the basic and standard tests, plus ERAND, CHCKR4, STRIDE38, WSCHCKR, WSTRIDE6, WCHCKR3, CHCKR8, MATS+ (cache disabled), and STRIDE6 (cache disabled). Note Chapter 40 When memory diagnostics starts, you can press F1 to access the Options menu. You can then select the test mix as Basic, Standard, or Extended. Using the Tab key on the Options menu, you can set the Cache and Pass Count options. Cache controls how cach- ing is used with the memory tests: Default uses the default settings as listed previously, On turns the cache on for all tests, Off turns off the cache off for all tests. Pass Count sets the total number of times the entire test mix will repeat. The default setting is 2, meaning each test in the selected test mix will be performed twice. To return to testing from the Options menu, press F10 to apply your changes or Esc to cancel your changes. You can also access a command prompt within the mini Windows PC environment (WinPE). This command prompt gives you access to the command-line tools listed in Table 3-5 on page 90 as well as to these additional programs: On-Screen Keyboard (X:\Sources\Setuposk.exe) Allows you to enter keystrokes using the On-Screen Keyboard. This means you can use a mouse or another pointer device to type commands or enter key combinations. Function keys are provided as well as letters, numerals, and the following special characters: ` - = , . /[]\
  11. 1378 Chapter 40 Disaster Planning Rollback wizard (X:\Sources\Rollback.exe) Normally the Rollback wizard is started automatically if Windows Setup encounters a problem during installation. You can use this wizard to subsequently attempt to restore the previous version of Windows. If the Rollback wizard is successful, the previous version of Windows is completely restored. If the Rollback wizard is unsuccessful, the server typically is left in an unbootable state and you must either perform a full restore of the pre- vious operating system or a clean installation of Windows Server 2008. Startup Repair wizard (X:\Sources\Recovery\StartRep.exe) Normally this tool is started automatically on boot failure if Windows detects an issue with the boot sector, the boot manager, or the boot configuration data (BCD) store. You can use this wizard to initiate a startup repair. If the repair is successful, you should be able to start the server and log on. If the repair is unsuccessful, you’ll need to use another recovery technique to restore the server. Startup Recovery Options (X:\Sources\Recovery\Recenv.exe) Allows you to start the Startup Recovery Options wizard. If you previously entered the wrong recov- ery settings, use this wizard to restart the System Recovery Options wizard so that you can provide different options. Note that you cannot change the language or time options. You can, however, change the keyboard layout and selected oper- ating system. You can recover a server’s operating system or perform a full system recovery by using a Windows installation disc and a backup that you created earlier with Windows Server Backup. With an operating system recovery, you recover all critical volumes but do not recover non-system volumes. If you recover your full system, Windows Server Backup reformats and repartitions all disks that are attached to the server. Because of this, you Chapter 40 should use this method only when you want to recover the server data onto separate hardware or when all other attempts to recover the server on the existing hardware have failed. Setting Startup and Recovery Options As part of planning for the worst-case scenarios, you need to consider how you want systems to start up and recover in case a stop error is encountered. The options you choose can add to the boot time or they can mean that if a system encounters a stop error it does not reboot. You can configure startup and recovery options by completing the following steps: 1. Click Start and then click Control Panel. In Control Panel, click System And Maintenance\System to start the System utility. 2. In the Tasks pane, click Advanced System Settings. This opens the System Properties dialog box. 3. On the Advanced tab, click Settings in the Startup And Recovery panel. This displays the dialog box shown in Figure 40-1.
  12. Disaster Preparedness Procedures 1379 Figure 40-1 Configuring startup and recovery options. 4. In the Startup And Recovery dialog box, you configure the settings as follows: If a server has multiple operating systems, you can set the default operating system by selecting one of the operating systems in the Default Operating System list. These options are obtained from the boot manager. Chapter 40 When multiple operating systems are installed, the Time To Display List Of Operating Systems option controls how long the system waits before booting to the default operating system. In most cases, you won’t need more than a few seconds to make a choice, so reduce this wait time to perhaps 5 or 10 seconds. Alternatively, you can have the system automatically choose the default operating system by clearing this check box. When you want to display recovery options, the operating system uses the Time To Display Recovery Options When Needed setting to determine how long to wait for you to choose a recovery option. The default wait time is 30 seconds. If you don’t choose a recovery option in that time, the system boots normally without recovery. As with operating systems, you won’t need more than a few seconds to make a choice, so reduce this wait time to perhaps 5 or 10 seconds. Under System Failure, you have several important options for determining what happens when a system experiences a stop error. By default, the Write An Event To The System Log check box is selected so that the system logs an error in the system log. The check box is dimmed, so it cannot normally be changed. The Automatically Restart check box is selected to ensure that the system attempts to reboot when a stop error occurs.
  13. 1380 Chapter 40 Disaster Planning Note In some cases, you may want the system to halt rather than reboot. For example, if you are having problems with a server, you may want it to halt so that an administrator will be more likely to notice that it is experiencing problems. Don’t, however, prevent auto- matic reboot without a specific reason. The Write Debugging Information options allow you to choose the type of debugging information that should be created when a stop error occurs. In most cases, you will want debug information to be dumped, so that you can use it to determine the cause of a crash. Note If you choose a kernel memory dump, you dump all physical memory being used at the time of the failure. You can create the dump file only if the system is properly configured. The system drive must have a paging file at least as large as RAM and adequate disk space to write the dump file. By default, dump files are written to the %SystemRoot% folder. If you want to write the dump file to a different location, type the file path in the Dump File box. Select the Overwrite Any Existing File check box to ensure that Chapter 40 only one dump file is maintained. 5. Click OK twice to close all open dialog boxes.
  14. CHAPTER 41 Backup and Recovery Developing Backup Strategies . . . . . . . . . . . . . . . . . . . 1381 Backing Up and Restoring Active Directory . . . . . . . . 1409 Backing Up and Recovering Your Data . . . . . . . . . . . . 1387 Troubleshooting Startup and Shutdown . . . . . . . . . . . 1416 W ay back in Chapter 1, I provided a detailed discussion on the support architecture in Windows Server 2008. As I discussed, Restart Manager, Problem Reports And Solutions, Startup Repair Tool, Performance Diagnostics console, and Windows Mem- ory Diagnostics are all a part of this support architecture, and when things go wrong, they can really save the day. That said, it’s fitting to end this book with a look at what you must do to ensure that you can recover your servers, your applications, and your data in case the worst happens because the worst can and usually does happen. Every Windows Server 2008 system on your network represents a major investment in time, resources, and money. It requires a great deal of planning and effort to deploy a new server successfully. It requires just as much planning and effort—if not more—to ensure that you can restore a server when disaster strikes. Why? Because you not only need to plan and implement a backup for each and every server on your network, but you also need to perform backups regularly. You also need to test the backup process and procedures to ensure that when disaster strikes you are prepared. Developing Backup Strategies Backups are insurance plans, plain and simple—and every administrator should see them that way. When disaster strikes, your backup implementation will either leave you out of harm’s way or drowning without a life preserver. Trust me: you don’t want to be drowning when it should be your moment to shine. After all, if you’ve implemented a well-thought-out backup plan and practiced the necessary recovery procedures until they are second nature, a server that has stopped working is nothing more than a bump in the road that you can smooth out even if you have to rebuild a server from scratch to do it. Creating Your Backup Strategy So where to start? Start by outlining a backup and recovery plan that describes the serv- ers and the data that need to be backed up. Ask yourself the following questions: How important is the role that the server is performing? How important is the data stored on the server? 1381
  15. 1382 Chapter 41 Backup and Recovery How often does the data change? How much data in total is there to back up? How long does each backup take? How quickly do you need to recover the data? How much historical data do you need to store? Do you have the equipment needed to perform backups? Do you need to store backups off site? Who will be responsible for performing backups? The answers to these questions will help you develop your backup and recovery plan. Often you’ll find that your current resources aren’t enough and that you’ll need to obtain additional backup equipment. It might be one of the ultimate ironies in admin- istration, but you’ll often need more justification for backup equipment than for any other type of equipment. Fight to get the backup resources you need and do so without reservation. If you have to make incremental purchases over a period of several months to get the backup equipment and supplies, do so without hesitation. Backup Strategy Considerations In most cases, your backup strategy should involve performing some type of backup of every server daily and full backups of these servers at least once a week. You should also regularly inspect the backup log fi les and periodically perform test restores of the data to ensure that data is being properly written to the backup media. It’s All About the Data Much of your backup strategy depends on the importance of the data, the frequency of change, and the total amount of data to back up. Data that is of higher importance or frequently changed needs to be backed up more often than other types of data. As Chapter 41 the amount of data you are backing up increases, you will need to be able to scale your backup implementation. If you are starting out with a large amount of data, you will need to consider how much time a complete backup of the data set will take. To ensure that backups can be performed in a timely manner, you might have to purchase faster equipment or purchase backup devices with multiple tape drives. Plan separate backup strategies for system fi les and data files. System files are used by the operating system and applications. These fi les change when you install new components, service packs, or patches. They include sys- tem state data.
  16. Developing Backup Strategies 1383 Note For systems that aren’t domain controllers, the system state data includes essential boot files, key system files, and the COM+ class registration database as well as the Registry data. For domain controllers, the Active Directory database and System Volume (Sysvol) files are included as well and this data typically changes on a daily basis. Data files are created by applications and users. Application fi les contain configu- ration settings and data. User files contain the daily work of users and can include documents, spreadsheets, media fi les, and so on. These fi les change every day. Administrators often back up an entire machine and dump all the data into a single backup. There are several problems with this strategy. First, on non-domain controllers, system files don’t change that often but data files change frequently. Second, you’ll typi- cally need to recover data files more frequently than system fi les. You recover data fi les when documents are corrupted, lost, or accidentally deleted. You recover system fi les when you have serious problems with a system and typically are trying to restore the whole machine. Look at the timing of backups as well. With earlier releases of Windows, you are often concerned about the time that backups are performed. You want backups to be per- formed when the system’s usage is low, so that more resources are available and few files are locked and in use. With the advances in backup technology made possible by the Shadow Copy API built into Windows Server 2008, the backup time is less of a concern than it was previously. Any backup programs that implement the Shadow Copy API allow you to back up fi les that are open or locked. This means that you can perform backups when applications are using fi les and no longer have to worry about backups failing because files are being used. Selecting the Optimal Backup Techniques When it comes to backup, there is no such thing as a one-size-fits-all solution. Often you’ll implement one backup strategy for one system and a different backup strategy for Chapter 41 a different system. It will all come down to the importance of the data, the frequency of change, and how much data there is to back up on each server. But don’t overlook the importance of recovery speed. Different backup strategies take longer to recover than others and there may be differing urgencies involved in getting a system or service back online. Because of this, I recommend a multipronged backup strategy that is optimized on a per-server basis. Key services running on a system have backup functions that are unique. Implement and use those backup mechanisms as your fi rst line of defense against failure. Remem- ber that a backup of the system state includes a full backup of a server’s Registry, and that system configuration includes the configuration of all services running on a system. However, if a specific service fails, it is much easier and faster to recover that specific service than to try to recover the whole server. You’ll have fewer problems, and it is less likely that something will go wrong.
  17. 1384 Chapter 41 Backup and Recovery Specific backup and recovery techniques for key services are as follows: With Dynamic Host Configuration Protocol (DHCP), you should periodically back up the DHCP configuration and the DHCP database as discussed in “Saving and Restoring the DHCP Configuration,” on page 734, and “Managing and Main- taining the DHCP Database,” on page 735. With the Windows Internet Naming Service (WINS), you should periodically back up the WINS database as discussed in “Maintaining the WINS Database,” on page 836. With Domain Name System (DNS), your backup strategy will depend on whether you are using Active Directory–integrated zones, standard zones, or both. When you are using Active Directory–integrated zones, DNS configuration data is stored in Active Directory. By default, when you are using standard zones, DNS configu- ration data is stored in the %SystemRoot%\System32\DNS folder and backups of zone data are stored in the %SystemRoot%\System32\DNS\Backup folder. With Group Policy, you should periodically back up the Group Policy object (GPO) configuration as discussed in “Maintaining and Troubleshooting Group Policy” on page 1268. With print servers, you should periodically back up the printer configuration as discussed in “Preparing for Print Server Failure” on page 912. With file servers, you should implement Volume Shadow Copy Service (VSS), as discussed in Chapter 10, “Using Volume Shadow Copy,” for all network fi le shares. This makes it easier to restore previous versions of fi les. In addition, you should back up all user data fi les on the file server regularly. The disaster preparation techniques discussed in Chapter 40, “Disaster Planning,” are your next line of defense. Take the time to develop plans and procedures that can help you through everything from a power outage to the worst case scenario. Don't forget that BitLocker locks a computer until you provide the necessary recovery password. When a computer is locked, you must use the recovery password from a USB flash drive, or use the function keys to enter the recovery password. F1 through F9 represent the digits 1 through 9, and F10 represents 0. Chapter 41 Finally, you will also need to perform regular backups of both system and user data. Most backup programs, including Windows Backup, which is included in Windows Server 2008, support several types of backup jobs. The type of backup job determines how much data is backed up and what the backup program does when it performs a backup.
  18. Developing Backup Strategies 1385 SIDE OUT How backup programs use the archive bit Most backup operations make use of the archive attribute that can be set on files. The archive attribute, a bit included in the directory entry of each file, can be turned on or off. In most cases, a backup program will turn off (clear) the archive attribute when it backs up a file. The archive bit is turned on (set) again when a user or the operating sys- tem later modifies a file. When the backup program runs again, it knows that only the files with the archive attribute set must be backed up—because these are the only files that have changed since the last backup. Understanding Backup Types The basic types of backups include the following: Normal A normal backup is a full backup of all the fi les and folders you select, regardless of the archive attribute’s setting. When a file is backed up, the archive attribute is turned off. Copy A copy backup is a full backup of all fi les and folders you select, regardless of the archive attribute’s setting. Unlike a normal backup, the archive attribute on files isn’t turned off by the backup. This means that you can use a copy backup to create an additional or supplemental backup of a system without interfering with the existing backup strategy. Incremental An incremental backup is used to create a backup of all fi les that have changed since the last normal or incremental backup. As such, an incremen- tal backup is a partial backup. The backup program uses the archive attribute to determine which files should be backed up and turns off the archive attribute after backing up a fi le. This means that each incremental backup contains only the most recent changes. Differential A differential backup is used to create a backup of all fi les that have changed since the last normal backup. Like an incremental backup, in a differen- Chapter 41 tial backup, the backup program uses the archive attribute to determine which files should be backed up. However, the backup program does not change the archive attribute. This means that each differential backup contains all changes. Daily A daily backup uses the modification date on a file rather than the archive attribute. If a file has been changed on the day the backup is performed, the file will be backed up. This technique doesn’t change the archive attributes of files and is useful when you want to perform an extra backup without interfering with the existing backup strategy. As part of your backup strategy, you’ll probably want to perform normal backups on a weekly basis and supplement this with daily, differential, or incremental backups. The advantage of normal backups is that they are a complete record of the files you select.
  19. 1386 Chapter 41 Backup and Recovery The disadvantage of normal backups is that they take longer to make and use more storage space than other types of backups. Incremental and differential backups, on the other hand, use less space and are faster because they are partial backups. The disad- vantage is that recovery of systems and fi les using incremental and differential backups is slower than when you only have to perform a recovery from a normal backup. To see why, consider the following backup and recovery examples: Normal backup with daily incremental backups You perform a normal backup every Sunday and incremental backups Monday through Saturday. Monday’s incremental backup contains changes since Sunday. Tuesday’s incremental backup contains changes since Monday, and so on. If a server malfunctions on Thursday and you need to restore the server from backup, you would do this by restoring the normal backup from Sunday, the incremental backup from Monday, the incremental backup from Tuesday, and the incremental backup from Wednes- day—in that order. Normal backup with daily differential backups You perform a normal backup every Sunday and differential backups Monday through Saturday. Monday’s dif- ferential backup contains changes since Sunday as does Tuesday’s differential backup, Wednesday’s differential backup, and so on. If a server malfunctions on Thursday and you need to restore the server from backup, you would do this by restoring the normal backup from Sunday and then the differential backup from Wednesday. Using Media Rotation and Maintaining Additional Media Sets As part of your backup strategy, you might also want to use copy backups to create extended backup sets for monthly and quarterly use. You might also want to use a media rotation scheme to ensure that you always have a current copy of your data as well as several previous data sets. Although tapes traditionally have been used for back- ups, more and more organizations have been using disk backup instead of tape backup as disk drives have become more affordable. With disks, you can use a rotation sched- ule similar to the one you use with tapes. The point of a media rotation scheme is to reuse media in a consistent and organized Chapter 41 manner. If you use a media rotation scheme, monthly and quarterly media sets can sim- ply be media sets that you are rotating to offsite storage. Consider the following media rotation scenarios: Media rotation with three weekly media sets and one monthly media set In a 24/7 environment, you use a total of 14 tapes or disks as a media set. Seven of those tapes or disks contain your normal weekly backups for a set of servers. The other seven tapes or disks contain your daily incremental backups for that set of servers—one tape or disk for each day of the week. Three weekly media sets are maintained on site. Once a month, you rotate the previous week’s media set to offsite storage.
Đồng bộ tài khoản