70-412: Configuring Advanced Windows Server 2012 services Chapter 3 Implementing Business Continuity...

70-412: Configuring Advanced Windows

Server 2012 services

Chapter 3Implementing Business Continuity and

Disaster Recovery

Objective 3.1: Configuring and

Managing Backups

© 2013 John Wiley & Sons, Inc. 3

Backups• When an organization loses data, the

results can range from a loss of productivity to an entire meltdown of the company itself.

• Having a solid backup strategy along with the systems, processes, and tools to execute the strategy is the key to your ability to recover.

The best method to data recovery is Backup, Backup, Backup.


Lost Data• If you’ve been administering servers for any

length of time, you most likely have experienced or heard of someone who lost data due to:o Hardware failureo Software failureo Human erroro Computer viruso Thefto Natural disaster (flooding, earthquakes, severe

weather, and so on)o Fire


Windows Server Backups

• The Windows Server Backup feature provides full server, bare metal recovery, system state, system reserved, and local/remote volume backup capabilities.

• Recovery Time Objective (RTO): The maximum amount of time you have to bring a system back online before it has a significant impact on your organization.

• Recovery Point Objective (RPO): The amount of data you can afford to lose before it has a significant impact on your organization.


Storing the BackupsWindows Server Backup provides three options to select from when deciding where to store your backups. These options include backing up to:

o Hard disk(s) (recommended) o A volumeo A shared network folder


Backup Folder and File Structure

• When your backup starts, Windows Server Backup creates a folder structure in the target location you specified:o Backup <Date> <ID number>o Catalogo Logso SPPMetadataCacheo MediaID

• The Catalog folder contains information about the volumes backed up and where your backups are stored.


Full versus Incremental

• After the first full backup, you can then automatically run incremental backups, which saves only the data that has changed from the last backup.

• By default, Windows Server Backup creates incremental backups, which function much like full backups, allowing you to restore from a single backup. o In the past, you had to restore a full backup

followed by the necessary incremental backup(s) to complete the restore process.


Optimizing Backups• Windows Server Backup also provides

performance enhancements by using block-level technology and Volume Shadow Copy Service (VSS).

• Block-level backup technology improves performance by bypassing the files and file system.

• Volume Shadow Copy Service (VSS) takes a snapshot of the volume’s current data, which is used by Windows Server Backup to back up the data. The snapshot, or shadow copy, is then deleted when the backup completes.


Backing Up Active Directory Domain

ServicesActive Directory is backed up as part of system state and full backups. These components are included in the system state:

o System startup (boot) fileso System registryo COM+ Class registration databaseo System volume (SYSVOL)o Active Directory


Active Directory Recycle Bin

• To use Active Directory Recycle Bin, your forest functional level should be set to at least Windows Server 2008 R2 or greater and all domain controllers must be running Windows Server 2008 R2 or Windows Server 2012.

• This can be confirmed by selecting Server Manager > Tools > Active Directory Administrative Center.


Creating System Restore Points

• Shadow Copies for Shared Volumes (SCSV) and Hyper-V snapshots provide you with the ability to return to a specific point in time.

• You enable SCSV on a per-volume basis by selecting Server Manager > Tools > Computer Management.

• You need at least 300 MB of free space to create a shadow copy on the selected volume.


Backing Up Hyper-V Virtual Machines

• VMs, created using Hyper-V, are stored as files on your hard disk. o These files contain the VHDs, saved state files,

snapshot files, and configuration files.

• A VSS compoment, the VSS writer, is responsible for preparing their data in order to make the shadow copy and are instructed by VSS to quiesce (pause) its associated application to ensure a consistent backup is made.

• By using the Microsoft Hyper-V VSS writer, Windows Server Backup can create the snapshots while the VM is running.


Exploring Enterprise Backup Solutions

• DPM also provides you with the ability to manage system state and bare metal recovery from a central location.

• The following vendors provide enterprise backup solutions for Windows Server 2012:o Acronis Backup and Restoreo Symantec Backup Exec 2012 and NetBackupo IBM Tivoli Storage Managero Carboniteo CA Technologies ARCserveo Commvault Simpana

Objective 3.2: Recovering Servers


Windows Server 2012 Restores

A written server recovery plan that outlines roles and responsibilities as well as the steps necessary to recover your servers is critical to reducing the overall downtime and loss of productivity in your organization.


Restoring Volumes• The approach used to restore a volume

depends on the type of volume being recovered.

• Data volumes can be restored using Windows Server Backup.

• To restore a system volume, use the Windows Recovery Environment (WinRE) and the Windows installation media.


Restoring the System State

• Recovering the system state of a member server can be performed via the Windows Server Backup program.

• Recovering the system state of a domain controller requires that you boot into Directory Service Restore Mode (DSRM). o DSRM is a special boot mode that is used to

repair and recover Active Directory.


Authoritative Restores• Performing an authoritative restore gives

you the ability to increment the version number of the object in Active Directory that you want to restore.

• This object will then appear to be newer than the existing version of the same object being held by the other replication partners (domain controllers).

• Because the object appears as newer, it will be replicated to the other domain controllers and overwrite their data.


Non-Authoritative Restores

• If you don’t select the “perform an authoritative restore of Active Directory files" option, you’re performing a non-authoritative restore.

• The restored domain controller will then use normal replication with other replication partners (domain controllers) to gather information that was changed after the backup was taken.

• These changes overwrite the state you restored and bring the domain controller up to date with the current copy of the Active Directory database.


Performing a Bare Metal Recovery

Restore• A bare metal recovery restore allows you

to restore the server without having to load the operating system beforehand.

• It does require that you have your Windows installation media from which to boot.


Recovering Servers Using WinRE and Safe

ModeIf you experience problems that prevent Windows Server 2012 from booting, use the Windows Recovery Environment (WinRE) to troubleshoot and repair the system.


Command-Line Tools• Bootrec: Troubleshoots and repairs the

master boot record, boot sector, and Boot Configuration Data (BCD) store.

• Bcdedit: Displays how Windows is configured to boot and can also be used to troubleshoot issues with the Windows Boot Manager.

• Format: Formats partitions.


Command-Line Tools• System File Checker: Checks the integrity of your

hard drive. If a file is missing or corrupt, it can be restored with this tool. SFC validates the digital signatures of all the Windows system files and restores any it finds that are incorrect.o Sfc /scannow: Scans all of your protected system files and

repairs problems by replacing incorrect versions with the correct Microsoft versions.

o Sfc /verifyonly: Scans for integrity of all protected system files but does not perform a repair operation.

• Diskpart: Loads the Windows Disk management program. Using this program, you can shrink, expand, create, and delete existing partitions as well as gather information about your hard drives.


Safe Mode• Starting in safe mode allows you to

troubleshoot situations where you cannot access the system due to faulty hardware, software, device drivers, and virus infections.

• Safe mode loads a minimal set of drivers and services

• If you can boot into safe mode but can’t boot normally, the system most likely has a conflict with hardware settings, services, drivers, or some type of registry corruption.


MSConfig• MSConfig (also called System

Configuration) is a tool used to troubleshoot the system startup process.

• It can be used to disable or enable software, device drivers, and services that run at startup.

• MSConfig can also be used to change boot parameters if necessary.


Windows Boot Environment

• The boot environment (as shown in Figure 9-17) is split into two components:o Windows Boot Manager: Makes it possible

for you to choose which boot loader/application to load.

o Windows Boot Loader: Is a small program or application that moves the operating system into memory.

Objective 3.3: Configure Site-Level Fault

Tolerance


Hyper-V Replica• Hyper-V replica (offline copy):

o Allows you to replicate a Hyper-V VM from one Hyper-V host at a primary site to another Hyper-V host at the Replica site.

o Is used as a spare server, which is stored on another central storage device at another site.

o Tracks the write operations on the primary VM and then replicates the changes to the replica over a wide area network (WAN) link to keep the replica updated.

o Enables you to restore virtualized workloads to a point in time depending on the Recovery History options for the VM.

• If the primary site goes down, you can bring up the replica server in minutes.


Hyper-V Encryption• Use certificate-based authentication

(HTTPS) to apply encryption to the replication.

• Then use an existing X.509v3 certificate or create a self-signed certificate.


Multi-Site Failover Cluster

• Another solution is to create a multi-site failover cluster. A multi-site failover cluster has the following advantages, as compared to a replica VM: o When a failure occurs, a multi-site cluster automatically

fails over the clustered service or application to another.o Because a site fails over automatically, a multi-site cluster

has less administrative overhead than a cold standby server, which needs to be turned on and configured.

• A multi-site failover cluster is similar to a standard failover cluster; however, the two sites are usually connected with a significantly slower WAN link as compared to links found in Local Area Networks (LANs).


Multi-Site Storage• Because of the slower WAN link, there is

no shared storage that cluster nodes on the two sites can use.

• You need to use two separate storage systems, one at each site, and have some method to replicate the data between the two sites.


Quorum and Failover Settings

• Understand that WAN links will have slower bandwidth and higher latency.

• Since failover is triggered by missing heartbeats, you may need to tweak the quorum and failover settings so that the failover will work more efficiently if it is a multi-site cluster.

• By default, the heartbeat occurs once every second (1,000 milliseconds).

• If a node misses five heartbeats in a row, another node will initiate failover.


Quorum and Failover Settings

• When sites are geographically dispersed, you cannot use quorum configuration that requires a witness disk.

• You can use the Node Majority with File Share Majority quorum.

• When using Node Majority with File Share Majority quorum, you need to place the file share witness at a third site.

• In a multi-site cluster, a single server can host the file share witness. However, you must create a separate file share for each cluster.

70-412: Configuring Advanced Windows Server 2012 services Chapter 3 Implementing Business Continuity...

Documents

Transcript of 70-412: Configuring Advanced Windows Server 2012 services Chapter 3 Implementing Business Continuity...