S 6.99 Regular backup of important system components for Windows Server
Initiation responsibility: Head of IT, IT Security Officer
Implementation responsibility: Person responsible for the data backup
The system components of a Windows server are to be backed up regularly since the server may be subject to constant configuration changes, depending on the role the server assumes. Unintentional changes that can provoke errors in the system such as incorrectly installed updates can make it necessary to recover important system components. Important system components not only include the actual system files, but also configuration data, e.g. Registry database, IIS metabase, status information, databases of DHCP, WINS, and log data. The files can be backed up by a backup program or individually through the file system, for example using a script. As a rule, the data backup policy must specify that the status information and log data are to be backed up daily at a minimum using the Windows Server backup or a suitable third-party program (see module S 1.4 Data backup policy).
System state backup (System State)
The backup program in Windows Server 2003 (Backup) contains the predefined System State backup. This backup generally covers all important system components for all standard server roles supplied with Windows Server 2003.
Under Windows Server 2008, Microsoft introduced a new solution for backup and restoring; this can be called via the Microsoft Management Console with the snap-in "Windows Server Backup". However, this component is not included in the standard installation and must be installed separately.
Important system components can be found on the system partition as well as on other hard disk partitions. Where they are located depends on, among other things, whether or not alternative installation paths were configured during the installation of a component, for example for the log files.
The system data can be backed up using the Windows backup program. Using the System State backup component of the backup program then allows you to do the following:
If the backup program is used on a domain controller, for example, all system components and all distributed services required by Active Directory are backed up when System State is selected depending on the storage locations specified during installation.
Examples of system state data:
System state data after a basic installation:
- system start files
- system registration
- Class Registration database of COM+ (an extension to the Component Object Model)
- logging data
- additional system state data on a domain controller, for example:
- SYSVOL directory
- DNS database
- Active Directory
Examples of additional role-specific system state data:
- Cluster Service status (if installed)
- Certificate Services database (if installed)
It must be determined if there are additional system and/or program folders beyond those in the predefined System State backup that still need to be backed up based on the corresponding server role and the server products installed. It may be necessary to back up the entire system partition as well as other partitions in this case.
Data backup programs
The Windows backup solutions only contain the basic features of a data backup program and are only suitable for use when the protection requirement is low. They are only adequate for backing up the system state files belonging to Windows Server as they are limited in terms of reliability (check mechanisms do not perform a checksum) and hardware support, among other items, and only offer rudimentary logging, monitoring, and scheduling capabilities. It must be examined if backup programs from other manufacturers should be preferred based on the corresponding server role and data backup requirements.
Restoring system state data
The Windows Backup program can only restore the entire system state from a backup. Programs from third party providers sometimes allow the recovery of configuration data for individual roles, e.g. for Active Directory. In each case, the base operating system must be set up exactly like before recovery because otherwise the recovery will fail completely or leave you with a system that will not run due to incorrect parameters. The following must be clarified:
The recovery of the system state should never be performed on a production server, not even for testing purposes. Only use a separate test system when implementing S 6.41 Training data reconstruction. If this does not meet the protection requirements of the system, then you must consider implementing alternative backup strategies for the system state (e.g. via hard disks images, server virtualisation).
Example of a test scenario:
The system partition is located on a drive with RAID Level 1 (mirroring). A hard disk is removed from the RAID system and the system is switched offline to preserve the original state of the system. Afterwards, a test of the recovery of the system state is performed and the system is checked to see if it operates properly. After finishing the test, the hard disk removed earlier is switched back online and mirrored back to restore it to its original state.
Disaster recovery
The Automated System Recovery (ASR) backup component contained in the Windows Server 2003 data backup program consists of two functions. One function is a backup function that is called from the Backup program, and the other is a recovery function that can be called using the F2 key when running the Windows Server 2003 installation routine. When creating the preparatory ASR record, the system state data, system services, and all data media linked to operating system components are stored in a file. Furthermore, a data carrier containing information on the backup, the hard disk configurations such as the base volumes and dynamic volumes, and information for recovery is created when the ASR record is created. No user data is restored when you perform a recovery using ASR. An ASR recovery only restores the basic operating system. The user data and other important system components for the server role assumed must be backed up separately and restored separately, if necessary. If there are system components for a given server role that are not backed up in a standard backup, then it must be examined which procedure is suitable for backing up the important system components. ASR is inadequate in such a case. Furthermore, it must be taken into account that diskettes #ditto# (and therefore unreliable removable media) are necessary for the ASR procedure and that it is impossible to perform regular, automated backups with ASR. For this reason, it is necessary to select the backup procedure variant best suited to backing up the important system data for the corresponding server role and to test this procedure regularly. In this case, not only is success of the recovery a decisive factor for selection, but the recovery time required is also particularly important (see S 6.76 Creation of a contingency plan for failure of a Windows network).
Under Windows Server 2008 and higher, the Windows Server backup is able to create data backups that can be used for recovery of the system. Here, selection can be made between "complete server backup" (with all file systems) and "Bare Metal Recovery" (only with the file systems required for the system). Recovery is made via the Windows recovery environment that can be started from a setup data carrier by pressing F8 during system start or by selecting the Repair computer option.
Review questions:
- Are the important system components (e.g. system files, configuration data, status information and log data) of Windows servers backed up regularly?
- Was the Windows server backup or a suitable third-party program for data backup installed as set up on a Server 2008?
- Is it ensured before recovering system state data that the basic operating system has been set up exactly as before and that recovery is not performed on a productive system?
- Are the recovery procedure and the time required for recovery tested and improved upon in the framework of a contingency plan for the server based on the server role and the availability requirements?