The Save Log File As… selection brings up a Save AS dialog box, as shown in Figure 7.29, which allows you to choose the name, location, and format of the archive. You can save events in a binary .evt, comma-delimited, or tab-delimited text file.You can use the .evt format to retain the log file in a compact format, which you can reopen in Event Viewer by selecting Action | Open Log File…, as shown in Figure 7.30.The delimited archive file formats consume more disk space than the .evt format, but they can be imported into a database or an application like Microsoft Excel for further analysis. Choosing to open a log file brings up an Open dialog box, shown in Figure 7.31. In this dialog box, you can locate and choose the archived file. 266 Chapter 7 • Planning, Implementing, and Maintaining a High-Availability Strategy Figure 7.28 Saving a Log File, Selection Menu Figure 7.29 Saving a Log File 301_BD_w2k3_07.qxd 5/11/04 5:01 PM Page 266 Using Service Logs to Monitor Servers As mentioned previously, there are additional event logs for servers in certain roles. A server running the DNS server will have a DNS Server log. A server acting as a domain controller will have logs for the Directory Service and File Replication Service. It is also possible that other services or applica- tions may create their own log files, but most do not. These server log files follow the same format as the other event logs.They can be filtered, searched, and archived using the methods described in the previous sections. These logs exist mainly to collect the events from these services in one place other than the System log.These services generate a greater number of events than do other services. Planning, Implementing, and Maintaining a High-Availability Strategy • Chapter 7 267 Figure 7.30 Opening an Archived Log File Figure 7.31 Selecting an Archived Event Log 301_BD_w2k3_07.qxd 5/11/04 5:01 PM Page 267 Planning a Backup and Recovery Strategy Backups and documentation are usually of critical importance to the continuing operation of an organization. Organizations often account for the value of their computer and communications equipment, but they overlook their data, which can be difficult to valuate. Equipment can be replaced. Staff can be hired. But if data cannot be restored, it is lost forever. You should consider good backups as a form of insurance. Hard drives fail. Cooling fan bearings wear out, and systems overheat. Lightning strikes buildings. Viruses contaminate or destroy data. Buildings get flooded.The important point is the ability to recover from any loss that occurs. When considering the factors that make backups necessary, you should also consider the human side of the situation.The software won’t operate itself, and someone must change tapes. Do not forget to develop good procedures for the people (or person) responsible for your backups. It is important to ensure that there is more than one person who is capable of restoring data, which makes good written procedures essential. When developing your backup and restore procedures, consider the following guidelines: ■ Develop a log This gives you a hardcopy record of your backup activities. ■ Test your procedures, devices, and media frequently A failure in any one of these areas can make data impossible to restore. ■ Keep multiple copies Media can and does go bad. Shelf life, manufacturing defects, and environmental or physical damage can render media impossible to read. ■ Rotate copies offsite Keep the backups in a different location.That way, a local disaster won’t destroy all of your backups. ■ Back up the system The operating system and your applications are a form of data, too, and should be protected accordingly. ■ Use the new Automated System Recovery (ASR) feature This feature saves time in the event of a disaster and can also act as a “last-ditch” effort before a complete rebuild. Perform an ASR backup after each major system change and also on a regular basis. ■ Secure your backups Secure your backup media in the same way that you would secure any other valuable item. Keep your media locked up, if possible, in a safe. ■ Know your data Data that changes frequently may need more frequent backups. Databases require different strategies than documents and spreadsheets. Encrypted File System (EFS) files and folders should have the recovery agent’s EFS private key backed up as well; otherwise, recovering EFS files and folders may not be possible.The DHCP, WINS, DNS, and AD services have specific backup or restore requirements. It is important to understand these requirements when you plan your backup strategy. Understanding Windows Backup Windows Server 2003 includes the Backup Utility for performing backups, restores, and running the ASR Wizard.The utility can back up data to and restore data from almost any removable media 268 Chapter 7 • Planning, Implementing, and Maintaining a High-Availability Strategy 301_BD_w2k3_07.qxd 5/11/04 5:01 PM Page 268 device identified by the operating systems—tape drives, hard drives, and even file shares on the net- work.You cannot, however, back up to recordable CD or DVD drives. In order to perform a backup or restore operation, you must have the appropriate user rights. The Administrators and Backup Operators groups are assigned the necessary rights to perform both functions, so using an account that is a member of either of these groups will suffice. The specific user rights required to perform a backup or restore can be individually assigned by using the Local Security Policy utility, shown in Figure 7.32, or a GPO if the user is a member of an AD domain.The following are the user rights required to perform backup and restore operations: ■ Back up files and directories Allows a user to bypass (if necessary) established permis- sions on files, directories, and Registry keys and values. Be cautious when assigning this right, because this can be a security risk. A user with this right could easily back up all of your company’s most sensitive information and carry it out the door. ■ Bypass traverse checking Gives a user the ability to cross directories, whether or not that user has permissions to those directories. ■ Restore files and directories The corollary user right to Back up files and directories. Allows a user to bypass (if necessary) the established permissions on files, directories, and Registry keys and values.This effectively gives a user the ability to restore objects, regard- less of the objects’ assigned permissions.You should be cautious with this right due to the potential security risk and possibility of destroying or corrupting data. Types of Backups Most good backup strategies adopt a method of backing up different amounts of data at different times and for different purposes.The length of time required to back up data on a server increases as the amount of data on a server grows. On many systems, a large amount of data is static or changes infrequently. Finally, the costs associated with consumable media (such as tape cartridges) mean that economics force the issue of using the media in cycles.The basic backup cycle includes a complete or full backup and several incremental or differential backups. Each type of backup serves a specific need. Planning, Implementing, and Maintaining a High-Availability Strategy • Chapter 7 269 Figure 7.32 Detailed User Rights, Accessed from Local Security Policy 301_BD_w2k3_07.qxd 5/11/04 5:01 PM Page 269 Full Backups The Windows Backup Utility calls a full backup a normal backup.The full backup, as its name implies, backs up everything specified by the user performing the backup operation. A full backup can include the operating system, system state data, applications, and any other data. With a full backup, everything that is backed up has the file system archive bit reset (cleared).This allows the incremental and differential backup types to determine if the file needs to be backed up. If the bit is still clear, the other backup types know that the data has not changed. If the bit is set, the data has changed, and the file needs to be backed up. The full backup is usually the first backup performed on a server. It takes the longest of all the backup types to complete, because it backs up all specified files, regardless of the state of the archive attribute. A full backup consumes the largest amount of backup media of any backup type. Depending on the amount of information chosen to back up and the underlying backup tech- nology involved, it may require multiple backup media to complete. The main advantage of the full backup type is the ability to rapidly restore the data. All of the information is contained in a single backup set when this type of backup is used.The disadvantages of full backups are high media consumption and long backup times. Figure 7.33 illustrates a series of full backups.The values listed are relative. Incremental Backups During an incremental backup operation, all specified files have their archive bit examined. If the bit is set, the file is backed up, and then the bit is cleared.This backup type is used to back up data that has changed or been created since the last full (normal) or incremental backup. It can also be used after a copy or differential backup, but because these do not reset the archive attribute, there is no way for the incremental backup to tell which files have changed since one of those backups last ran. As a result, every file with the archive attribute set is backed up. The incremental backup type is used between full backups. It is quick to perform, collects the least amount of data, and consumes the smallest amount of media. A complete restore, however, requires the last full backup and every incremental backup (in sequence) since the full backup was performed. 270 Chapter 7 • Planning, Implementing, and Maintaining a High-Availability Strategy Figure 7.33 Full (Normal) Backup Pattern 100 100 100 100 100 100 100 100 Su M Tu W Th F Sa Su Full (Normal) Backup Scenario 301_BD_w2k3_07.qxd 5/11/04 5:01 PM Page 270 The primary benefits of using the full/incremental backup combination, as illustrated in Figure 7.34, are time and media savings.The main drawback of this combination is longer and more com- plex restore operations if there are long periods between full backups. Differential Backups The differential backup type is sometimes used as a substitute for the incremental type. A differential backup collects data that has changed or been created since the last full (normal) or incremental backup, but it does not clear the archive bit on the file. It can also be used after a copy or differential backup, but as with an incremental backup, every file with the archive attribute set is backed up. The differential backup is advantageous when you want to minimize the restoration time. A complete system restore with a full/differential backup combination, as illustrated in Figure 7.35, requires only the most recent full backup and the most recent differential backup. Differential backups start with small volumes of data after a recent full or incremental backup, but often grow in size each time, because the volume of changed data grows.This means that the time to perform a differential backup starts small but increases over time as well. In theory, if full or incremental backups are infrequent, a differential backup could end up taking as long and reaching the same volume as a full backup. Planning, Implementing, and Maintaining a High-Availability Strategy • Chapter 7 271 Figure 7.34 Full (Normal) Backup/Incremental Backup Pattern 100 10 15 10 20 50 40 100 Su M Tu W Th F Sa Su Weekend Full (Normal)/Daily Incremental Backup Scenario Figure 7.35 Full (Normal) Backup/Differential Backup Pattern 100 10 15 25 35 50 75 100 Su M Tu W Th F Sa Su Weekend Full (Normal)/Daily Differential Backup Scenario 301_BD_w2k3_07.qxd 5/11/04 5:01 PM Page 271 Volume Shadow Copy More of a new feature than a backup type, Volume Shadow Copy allows you to back up all files on the system, including files that are open by applications or processes. In previous versions of Windows, the applications would need to be stopped or users logged out to allow these files to be closed and backed up using the Windows Backup Utility. With Volume Shadow Copy, these files can continue to remain in use without affecting the integrity of the backup. This feature is enabled by default, but it may need to be disabled if data managed by some crit- ical applications would be affected by the use of Volume Shadow Copy.The feature can be tem- porarily disabled by clicking the Advanced button in the Backup Utility’s Backup Job Information dialog box, as shown in Figure 7.36. Unless specified by vendor documentation, leave this feature turned on. Determining What to Back Up Because the data on your servers may be largely static, frequent backups of such data may be redun- dant.The corollary of this is that more dynamic data needs more frequent backups. Some types of data are structured as multiple files but must be backed up and restored as a single unit to maintain integrity.These factors and more combine to make the development of an efficient backup strategy challenging. One of the basic techniques you can use to assist you in developing an effective backup and restore strategy is to place your data into basic categories and structure the system around them. For example, on a server that is used for file and print sharing as well as hosting a database, a good struc- ture would be to have separate logical drives for the operating system, the shared files, the applica- tion software packages, and the databases.This allows you to easily treat each set of data differently for backup purposes, meeting the specific requirements of each type of data. 272 Chapter 7 • Planning, Implementing, and Maintaining a High-Availability Strategy Figure 7.36 Disabling Volume Shadow Copy for a Backup 301_BD_w2k3_07.qxd 5/11/04 5:01 PM Page 272 Data Backup If you separate your data into categories, the time required to perform backups can be greatly reduced. For example, once a month, the static parts of the system (operating system and software volumes) could be backed up to tape. For the rest of the month, you can perform either incremental or differential backups.The shared file volume can follow a different schedule, depending on the rate and volume of change in the data.The volume that contains the database files may need full backups nightly in order to expedite restore procedures and also due to the nature of the database applica- tion. It, too, can be easily backed up on a separate schedule from the rest of the system.Tailoring the behavior of backups to each type of data will speed backup and restore operations and minimize the ongoing costs associated with consumable media. System State Data The system state data is a special collection of key system and service information.The system state data is present on all Windows Server 2003 systems and includes the following: ■ The Registry ■ The COM+ Registration database ■ Critical boot and system files ■ Files protected by Windows File Protection ■ The AD database and logs, and the SYSVOL directory (on domain controllers) ■ The Certificate Services database (on Certificate Services servers) ■ The Cluster Services data (on cluster member servers) ■ The Internet Information Server (IIS) Metadirectory (when IIS is installed) The system state components are designed to allow a system’s full identity to be restored, and therefore they are backed up as an entire unit.You can back up system state only locally (unless you’re using a third-party application) and restore it only to the system from which it originated. The Restore to Alternate Location feature is available with a system state restoration, but only the Registry, SYSVOL, cluster data, and boot files will be restored.The other components of system state cannot be put in an alternate location and will not be restored.The normal (and arguably best) practice is to back up the system state, boot, and system volumes together. Also, use the ASR feature, which is covered in the “Planning System Recovery with ASR” section later in this chapter. DHCP,WINS, and DNS Databases DHCP, WINS, and DNS are services that can be hosted by Windows Server 2003. However, each requires some amount of special treatment. DHCP allows the automatic assignment of IP addresses to systems on the network. When installed, DHCP operates continuously and creates an automatic backup of the DHCP database in %systemroot%\System32\Dhcp\Backup.To manually back up the DHCP database, use the Action | Backup command in the DHCP utility.You should then use the Windows Backup Utility to copy this file to your backup media.To restore a DHCP database, first restore the database backup from Planning, Implementing, and Maintaining a High-Availability Strategy • Chapter 7 273 301_BD_w2k3_07.qxd 5/11/04 5:01 PM Page 273 your backup media, and then use the Action | Restore command in the DHCP utility.The DHCP service will be temporarily stopped during the restore operation. WINS is a service that provides a method of mapping NetBIOS names to IP addresses. WINS is commonly (but not exclusively) used with older versions of Windows. WINS has a built-in backup function, but the function is not activated until you first specify a backup path for the database in the WINS administrative tool by selecting the WINS server and selecting Action | Properties,as shown in Figure 7.37. Once you have specified a backup directory path, WINS automatically performs a back up of the local WINS database every 24 hours.You should use the Windows Backup Utility to back up this directory to your backup media. To restore the WINS database, you must first restore the WINS backup directory path from your backup media.Then stop the WINS service, remove all files from the WINS database path, start the WINS utility, select Action | Restore Database, and select the file from which to restore the database. DNS is the name resolution protocol and service used to convert host names to IP addresses. AD is designed to use DNS, and Windows Server 2003 can be used as a DNS server. How DNS data is backed up and restored depends on how DNS is configured. If DNS is configured as an Active Directory-integrated zone, the DNS information is stored in the AD database.This means it is backed up and restored as part of the system state data. If DNS is not configured as an Active Directory-integrated zone, the individual zone files are automatically backed up by the DNS service, and these files should be used for backup and restore operations.These files are stored in %systemroot%\DNS\Backup. Cluster Disk Signatures and Partition Layouts Some special care must be taken when backing up and restoring clustered computers. If a clustered server needs to be restored, the original disk signatures and partition structure must also be restored. 274 Chapter 7 • Planning, Implementing, and Maintaining a High-Availability Strategy Figure 7.37 Configuring the WINS Backup Path 301_BD_w2k3_07.qxd 5/11/04 5:01 PM Page 274 This is best accomplished by using the ASR feature (covered in the “Planning System Recovery with ASR” section later in this chapter). All cluster nodes should have an ASR backup performed on them, making sure that one node has ownership of the cluster’s quorum resource when the ASR Wizard is running. In the event that clustered disks need recovery, you can use the ASR backup to restore the clustered disk partitions and disk signatures. Using Backup Tools The Windows Backup Utility is included in Windows Server 2003 for backing up and restoring your servers.The Backup Utility uses all of the new backup- and restore-related features of Windows Server 2003, including ASR and Volume Shadow Copy. If you are currently using a third- party backup and restore application, you may be surprised by all of the features that the Backup Utility offers in Windows Server 2003. Using the Windows Backup Utility The Windows Backup Utility supports three modes of operation: the Backup or Restore Wizard, Advanced Mode, and command-line operation. Each mode is meant to fit different circumstances. The Backup Utility is accessed from Start | All Programs | Accessories | System Tools | Backup. It can also be started from a command-line by typing NTBackup.exe. Backup or Restore Wizard The first time you start the Backup Utility, you are presented with the Backup or Restore Wizard, as shown in Figure 7.38.The purpose of the Wizard is to simplify the backup or restore process by stepping you through the process, making the most common options available.The Wizard is best used for initial or manual backups on standardized hardware configurations. The Wizard does allow you to take advantage of some of the more advanced options, like scheduling, but these options are best configured and controlled by using Advanced Mode. Planning, Implementing, and Maintaining a High-Availability Strategy • Chapter 7 275 Figure 7.38 The Backup or Restore Wizard 301_BD_w2k3_07.qxd 5/11/04 5:01 PM Page 275 . surprised by all of the features that the Backup Utility offers in Windows Server 2003. Using the Windows Backup Utility The Windows Backup Utility supports three modes of operation: the Backup or. format as the other event logs.They can be filtered, searched, and archived using the methods described in the previous sections. These logs exist mainly to collect the events from these services. to determine if the file needs to be backed up. If the bit is still clear, the other backup types know that the data has not changed. If the bit is set, the data has changed, and the file needs to