1. Understanding the Volume Shadow Copy Service
Windows Server 2003 offers the Volume Shadow Copy Service (VSS), also referred to as snap backup.
VSS allows the backing up of databases and other files that are held
open or locked because of operator or system activity. Shadow copy
backups allow applications to continue to write data to a volume during
backup, and they allow administrators to perform backups at any time
without locking out users or risking skipped files.
Although VSS is an important enhancement to the
backup functionality of Windows Server 2003, it is nevertheless best
practice to perform backups when utilization is low. If you have
applications that manage storage consistency differently while files are
open, that can affect the consistency of the files in the backup of
those open files. For critical applications, or for applications such as
Microsoft SQL Server that offer native backup capabilities, consult the
documentation for the application to determine the recommended backup
procedure.
2. Backup Security
You
must have the Backup Files And Directories user right, or NTFS Read
permission, to back up a file. Similarly, you must have the Restore
Files And Directories user right, or NTFS Write permission to the target
destination, to restore a file. Privileges are assigned to both the
Administrators and Backup Operators groups, so the minimum required
privileges can be given to a user, a group, or a service account by
nesting the account in the Backup Operators group on the server.
Users with the Restore Files And Directories
user right can remove NTFS permissions from files during restore. In
Windows Server 2003, they can additionally transfer ownership of files
between users.
Therefore, it is important to control the
membership of the Backup Operators group and to physically secure backup
tapes. A “loose” backup tape makes it easy for any intelligent
individual to restore and access sensitive data.
3. Managing Media
The Backup Utility of Windows Server 2003 works
closely with the RSM service. RSM, which is designed to manage robotic
tape libraries and CD-ROM libraries, accepts requests for media from
other services or, in this case, applications, and ensures that the
media is correctly mounted or loaded.
RSM is also used with single-media devices, such
as a manually loaded backup tape drive, CD-ROM, or Iomega Jaz drive. In
the case of single-media drives, RSM keeps track of media through their
labels or serial numbers. The impact of RSM is that, even in a
single-media drive backup system, each tape must have a unique label.
Media Pools
The Backup Utility of Windows Server 2003 manages tapes with RSM using media pools, as seen in Figure 1.
There are four media pools related to backup:
Unrecognized Tape media that are completely blank or in a foreign format are contained in the Unrecognized pool until they are formatted.
Free
This pool contains newly formatted tape media, as well as tapes that
have been specifically marked as free by an administrator. Free media
can be moved into the backup media pool by writing a backup set to them.
Backup
This pool contains media that have been written to by the Backup
Utility. The Backup Utility will only write to media in the Free media
pool (and it will label the tape with the name you enter just before
starting the backup) and to media, specified by name, in the Backup
media pool.
Import
This pool contains tape media that are not cataloged on the local disk
drive. Cataloging such a tape will move the tape into the backup media
pool.
Managing Tapes and Media Pools
In conjunction with backup procedures and tape
rotation, you will need to manage your tapes in and out of these media
pools. To that end, the following actions are available from the Restore
And Manage Media tab of the Backup Utility:
Format a tape.
Right-click a tape, and choose Format. Formatting is not a secure way
to erase tapes. If you need to erase tapes for legal or security
reasons, use an appropriate third-party utility. Formatting does,
however, prepare a tape and move it into the free media pool. Not all
drives support formatting.
Retension a tape. Right-click a tape, and choose Retension. Not all drives support retensioning.
Mark a tape as free. Right-click a tape, and choose Mark As Free. This moves the tape into the free media pool. It does not erase the tape. If you need to erase tapes for legal reasons, use an appropriate third-party utility.
Catalogs
When the Backup Utility creates a backup set,
it also creates a catalog listing files and folders included in the
backup set. That catalog is stored on the disk of the server (the local
or on-disk catalog) and in the backup set itself (the on-media catalog).
The local catalog facilitates quick location of files and folders to
restore. The Backup Utility can display the catalog immediately, rather
than having to load the catalog from the typically slower backup media.
The on-media catalog is critical if the drive containing the local
catalog has failed or if you transfer the files to another system. In
those cases, Windows can re-create the local catalog from the on-media
catalog.
The Restore And Manage Media tab of the Backup Utility allows you to manage catalogs, as follows:
Delete Catalog
Right-click a backup set, and choose Delete Catalog if you have lost or
damaged the backup media or if you are transferring files to another
system and no longer require its local catalog. The on-media catalog is
not affected by this command.
Catalog
A tape from a foreign system that is not cataloged on the local machine
will appear in the import media pool. Right-click the media, and choose
the Catalog command. Windows will generate a local catalog from the
tape or file. This does not create or modify the on-media catalog.
Tip
If
you have all the tapes in the backup set and the tapes are not damaged
or corrupted, open the backup Options dialog box and, on the General
tab, select Use The Catalogs On The Media To Speed Up Building Restore
Catalogs On Disk. If you are missing a tape in the backup set or a tape
is damaged or corrupted, clear that option. This will ensure that the
catalog is complete and accurate; however, it might take a long time to
create the catalog. |
4. Backup Options
Backup options are configured by choosing the
Options command from the Tools menu. Many of these options configure
defaults that are used by the Backup Utility and the Ntbackup command.
Those settings can be overridden by options of a specific job.
General Options
The General tab of the Options dialog box includes the following settings:
Compute Selection Information Before Backup And Restore Operations This backup option estimates the number of files and bytes that will be backed up or restored before beginning the operation.
Use The Catalogs On The Media To Speed Up Building Restore Catalogs On Disk
If a system does not have an on-disk catalog for a tape, this option
allows the system to create an on-disk catalog from the on-media
catalog. However, if the tape with the on-media catalog is missing or if
media in the set is damaged, you can deselect this option and the
system will scan the entire backup set (or as much of it as you have) to
build the on-disk catalog. Such an operation can take several hours if
the backup set is large.
Verify Data After The Backup Completes The
system compares the contents of the backup media to the original files
and logs any discrepancies. This option obviously adds a significant
amount of time for completing the backup job. Discrepancies are likely
if data changes frequently during backup or verification, and it is not
recommended to verify system backups because of the number of changes
that happen to system files on a continual basis. So long as you rotate
tapes and discard tapes before they are worn, it should not be necessary
to verify data.
Backup The Contents Of Mounted Drives
A mounted drive is a drive volume that is mapped to a folder on another
volume’s namespace, rather than, or in addition to, having a drive
letter. If this option is deselected, only the path of the folder that
is mounted to a volume is backed up and the contents are not. By
selecting this option, the contents of the mounted volume is also backed
up. There is no disadvantage in backing up a mount point; however, if
you back up the mount point and the mounted drive as well, your backup
set will have duplication.
If you primarily back up to file and then save that file to another media, clear the following options. If you primarily back up to a tape or another media managed by Removable Storage, select the following options:
Show Alert Message When I Start The Backup Utility And Removable Storage Is Not Running.
Show Alert Message When I Start The Backup Utility And There Is Recognizable Media Available.
Show Alert Message When New Media Is Inserted.
Always Allow Use Of Recognizable Media Without Prompting.
Tip
The
Always Allow Use Of Recognizable Media Without Prompting option can be
selected if you are using local tape drives for backup only, not for
Remote Storage or other functions. The option eliminates the need to
allocate free media using the Removable Storage node in the Computer
Management console. |
Backup Logging
The Options dialog box has a tab named Backup
Log. Logging alerts you to problems that might threaten the viability of
your backup, so consider your logging strategy as well as your overall
backup plan. Although detailed logging will list every file and path
that was backed up, the log is so verbose you are likely to overlook
problems. Therefore, summary logging is recommended and is the default.
Summary logs report skipped files and errors.
The system will save 10 backup logs to the path %UserProfile%\Local
Settings\Application Data\Microsoft\Windows NT\Ntbackup\Data. There is
no way to change the path or the number of logs that are saved before
the oldest log is replaced. You can, of course, include that path in
your backup and thereby back up old logs.
File Exclusions
The
Exclude Files tab of the Options dialog box also allows you to specify
extensions and individual files that should be skipped during backup.
Default settings result in the Backup Utility skipping the page file,
temporary files, client-side cache, debug folder, and the file
replication service (FRS) database and folders, as well as other local
logs and databases.
Files can be excluded based on ownership of the
files. Click Add New under Files Excluded For All Users to exclude
files owned by any user. Click Add New under Files Excluded For User
<username> if you want to exclude
only files that you own. You can specify files based on Registered File
Type or based on an extension using the Custom File Mask. Finally, you
can restrict excluded files to a specific folder or hard drive using the
Applies To Path and the Applies To All Subfolders options.
Advanced Backup Options
After selecting files to back up and clicking
Start Backup, you can configure additional, job-specific options by
clicking Advanced. Among the more important settings in the Advanced
Backup Options dialog box are the following:
Verify Data After Backup This setting overrides the default setting in the Options dialog box.
If Possible, Compress The Backup Data To Save Space
This setting compresses data to save space on the backup media, an
option not available unless the tape drive supports compression.
Disable Volume Shadow Copy
VSS allows the backup of locked and open files. If this option is
selected, some files that are open or in use might be skipped.
5. The Ntbackup Command
The Ntbackup command provides the opportunity to script backup jobs on Windows Server 2003. Its syntax is
Ntbackup backup {"path to backup" or "@selectionfile.bks"} /j "Job Name" options
The command’s first switch is backup,
which sets its mode—you cannot restore from the command line. That
switch is followed by a parameter that specifies what to back up. You
can specify the actual path to the local folder, network share, or file
that you want to back up. Alternatively, you can indicate the path to a
backup selection file (.bks file) to be used with the syntax @selectionfile.bks.
The at (@) symbol must precede the name of the backup selection file. A
backup selection file contains information on the files and folders you
have selected for backup. You have to create the selection file using
the graphical user interface (GUI) version of the Backup Utility.
The third switch, /J “JobName”, specifies the descriptive job name, which is used in the backup report.
You can then select from a staggering list of
switches, which are grouped below based on the type of backup job you
want to perform.
Backing Up to a File
Use the switch
/F “FileName”
where FileName is the logical disk path and file name. You must not use the following switches with this switch: /T, /P, or /G.
The following example backs up the remote Data share on Server01 to a local file on the E drive:
ntbackup backup "\\server01\Data" /J "Backup of Server 01 Data folder"
/F "E:\Backup.bkf"
Appending to a File or Tape
Use the switch
/A
to perform an append operation. If appending to
a tape rather than a file, you must use either /G or /T in conjunction
with this switch. It cannot be used with /N or /P.
The following example backs up the remote
Profiles share on Server02 and appends the set to the job created in the
first example:
ntbackup backup "\\server02\Profiles"
/J "Backup of Server 02 Profiles folder" /F "E:\Backup.bkf" /A
Backing Up to a New Tape or File, or Overwriting an Existing Tape
Use the switch
/N “MediaName”
where MediaName specifies the new tape name. You must not use /A with this switch.
Backing Up to a New Tape
Use the switch
/P “PoolName”
where PoolName
specifies the media pool that contains the backup media. This is
usually a subpool of the backup media pool, such as 4mm DDS. You cannot
use the /A, /G, /F, or /T switches if you are using /P.
The following example backs up files and folders listed in the backup selection file c:\backup.bks to a tape drive:
ntbackup backup @c:\backup.bks /j "Backup Job 101"
/n "Command Line Backup Job" /p "4mm DDS"
Backing Up to an Existing Tape
To specify a tape for an append or overwrite
operation, you must use either the /T or /G switch along with either /A
(append) or /N (overwrite). Do not use the /P switch with either /T or
/G.
To specify a tape by name, use the /T switch with the following syntax:
/T “TapeName”
where TapeName specifies a valid tape in the media pool.
To back up the selection file and append it to the tape created in the previous example, you would use this command line:
ntbackup backup @c:\backup.bks /j "Backup Job 102"
/a /t "Command Line Backup Job"
To specify a tape by its GUID, rather than its name, use the /G switch with the following syntax:
/G “GUIDName”
where GUIDName specifies a valid tape in the media pool.
Job Options
For each of the job types just described, you can specify additional job options using the following switches:
/M {BackupType} Specifies the backup type, which must be one of the following: normal, copy, differential, incremental, or daily.
/D {“SetDescription”} Specifies a label for the backup set.
/V:{yes | no} Verifies the data after the backup is complete.
/R:{yes | no} Restricts access to this tape to the owner or members of the Administrators group.
/L:{f | s | n} Specifies the type of log file: f=full, s=summary, n=none (no log file is created).
/RS:{yes | no} Backs up the migrated data files located in Remote Storage.
Tip
The
/RS switch is not required to back up the local Removable Storage
database, which contains the Remote Storage placeholder files. When you
backup the %Systemroot% folder, the Backup Utility automatically backs up the Removable Storage database as well. |
/HC:{on | off} Uses hardware compression, if available, on the tape drive.
/SNAP:{on | off} Specifies whether the backup should use a Volume Shadow Copy.
