Professional Windows Server 1002003 Security A Technical Reference [Electronic resources]

Roberta Bragg

نسخه متنی -صفحه : 194/ 139

Chapter 17. Basics of Data Backup and Restore

Every server will fail. Sooner or later, some emergency, natural event, fire, or simple accident will make the data on the server unavailable. Are you ready to recover? The recovery techniques described in this chapter for recovering data, services, and servers, as well as the more mundane restoration of files, require some preparation before recovery is possible. This chapter covers the basics of native Windows Server 2003 backup and recovery processes, including the following:

Ntbackup, the Windows backup and restore application supplied for use in ordinary backups and for backing up system state data.

Automated Systems Recovery, a tool that makes a backup of the system drive and saves configuration information that can be used for system recovery.

Volume Shadow Copy service, a new utility that makes snapshot copies of volumes enabling both the backup of open files by ntbackup and the online recovery of previous versions of files.

Miscellaneous Operations, which include special tools and processes that can back up configuration data for special operating system services, such as DHCP and EFS.

IIS Backup, tools Iisback.vbs, a script that can be customized to back up IIS 6.0.

Certutils backup functions, used for backing up a Windows Server 2003 certification authority.

Restoring Active Directory

Best Practices for Backup

Back up system state in addition to performing a full backup.

Schedule backups to occur at regular intervals.

Keep copies of backups in a safe place on location for quick restorations of critical files and servers.

Keep copies of backups offsite in case a disaster destroys the data center or the local backup media as well as server drives.

Review system logs of backups to ensure scheduled backups are occurring.

Keep a manual log of backups that records when they occur, which tapes or other media were used, where they were stored, and by whom. Be sure to have anyone who handles the backup media sign the log and keep records of where and when backup media is taken offsite.

Provide a secure offsite location miles away from your site. This ensures that a local disaster, such as flood, hurricane, or tornado, does not destroy your site and the offsite backup location.

Back up the system files after system files are changed or new drivers are added. You can do this when backing up system state by using the advanced options.

Develop backup procedures and test them.

Train backup operators on how to back up and how to determine whether the backup or scheduled backup is working, and regularly hold drills in which a new server is built and backups are restored.

Make the following types of backups:

Automated System Recovery (ASR) backup

Complete backup

System state backup

Data backups of critical configuration data

Secure backup devices and media as well as storage locations.

Do not disable volume shadow copy.

To back up clusters, perform an ASR backup of each node in the cluster, each cluster disk, and each individual application running on the nodes.

When backing up critical or sensitive servers, consider making backup media accessible only to the owner of the files or members of the Administrators group.

Use separation of privileges to manage backups of critical or sensitive data and servers. This can be done by not adding members to the Backup Operators group and creating custom groups. One group is given the Backup privilege, while the other group is given the Restore privilege. Because administrators have both rights by default, you may need to restrict them as well by removing or denying privileges. Remember that administrators can give themselves back these rights and audit for its abuse.