Now that you have created a
backup plan and verified your procedures for backup and restore, you
will want to understand the process in more depth so that you can
configure backup operations to be more flexible, more automated or
perhaps even easier.
Understanding VSS
Windows Server 2003
offers VSS, also referred to as “snap backup.” VSS allows the backing up
of databases and other files that are held open or locked due to
operator or system activity. Shadow copy backups allow applications to
continue to write data to a volume during backup, and allow
administrators to perform backups at any time without locking out users
or risking skipped files.
Although VSS is an
important enhancement to the backup functionality of Windows Server
2003, it is nevertheless best practice to perform backups when
utilization is low. If you have applications that manage storage
consistency differently while files are open, that can affect the
consistency of the files in the backup of those open files. For critical
applications, or for applications such as Microsoft SQL Server that
offer native backup capabilities, consult the documentation for the
application to determine the recommended backup procedure.
Backup Security
You
must have the Backup Files And Directories user right, or NTFS Read
permission, to back up a file. Similarly, you must have the Restore
Files And Directories user right, or NTFS Write permission to the target
destination, to restore a file. Privileges are assigned to both the
Administrators and Backup Operators groups, so the minimum required
privileges can be given to a user, a group, or a service account by
nesting the account in the Backup Operators group on the server.
Users with the Restore
Files And Directories user right can remove NTFS permissions from files
during restore. In Windows Server 2003, they can additionally transfer
ownership of files between users.
Therefore, it is important
to control the membership of the Backup Operators group and to
physically secure backup tapes. A “loose” backup tape makes it easy for
any intelligent individual to restore and access sensitive data.
Managing Media
The Backup Utility of
Windows Server 2003 works closely with the RSM service. RSM, which is
designed to manage robotic tape libraries and CD-ROM libraries, accepts
requests for media from other services or, in this case, applications,
and ensures that the media is correctly mounted or loaded.
RSM is also used with
single-media devices, such as a manually loaded backup tape drive,
CD-ROM, or Iomega Jaz drive. In the case of single-media drives, RSM
keeps track of media through their labels or serial numbers. The impact
of RSM is that, even in a single-media drive backup system, each tape
must have a unique label.
Media Pools
The Backup Utility of Windows Server 2003 manages tapes with RSM using media pools, as seen in Figure 1.
There are four media pools related to backup:
Unrecognized Tape media that are completely blank or in a foreign format are contained in the Unrecognized pool until they are formatted.
Free This
pool contains newly formatted tape media, as well as tapes that have
been specifically marked as free by an administrator. Free media can be
moved into the backup media pool by writing a backup set to them.
Backup
This pool contains media that have been written to by the Backup
Utility. The Backup Utility will only write to media in the Free media
pool (and it will label the tape with the name you enter just before
starting the backup) and to media, specified by name, in the Backup
media pool.
Import
This pool contains tape media that are not cataloged on the local disk
drive. Cataloging such a tape will move the tape into the backup media
pool.
Managing Tapes and Media Pools
In conjunction
with backup procedures and tape rotation, you will need to manage your
tapes in and out of these media pools. To that end, the following
actions are available from the Restore And Manage Media page of the
Backup Utility:
Format a tape
Right-click a tape and choose Format. Formatting is not a secure way to
erase tapes. If you need to erase tapes for legal or security reasons,
use an appropriate third-party utility. Formatting does, however,
prepare a tape and move it into the free media pool. Not all drives
support formatting.
Retension a tape Right-click a tape and choose Retension. Not all drives support retensioning.
Mark a tape as free Right-click a tape and choose Mark As Free. This moves the tape into the free media pool. It does not erase the tape. If you need to erase tapes for legal reasons, use an appropriate third-party utility.
Catalogs
When the Backup
Utility creates a backup set, it also creates a catalog listing files
and folders included in the backup set. That catalog is stored on the
disk of the server (the local or on-disk catalog) and in the backup set
itself (the on-media catalog). The local catalog facilitates quick
location of files and folders to restore. The Backup Utility can display
the catalog immediately, rather than load the catalog from the
typically slower backup media. The on-media catalog is critical if the
drive containing the local catalog has failed, or if you transfer the
files to another system. In those cases, Windows can recreate the local
catalog from the on-media catalog.
The Restore And Manage Media page of the Backup Utility allows you to manage catalogs, as follows:
Delete Catalog
Right-click a backup set and choose Delete Catalog if you have lost or
damaged the backup media or if you are transferring files to another
system and no longer require its local catalog. The on-media catalog is
not affected by this command.
Catalog A
tape from a foreign system that is not cataloged on the local machine
will appear in the import media pool. Right-click the media and choose
the Catalog command. Windows will generate a local catalog from the tape
or file. This does not create or modify the on-media catalog.
Tip
If
you have all the tapes in the backup set and the tapes are not damaged
or corrupted, open the backup Options dialog box and, on the General
tab, select Use The Catalogs On The Media To Speed Up Building Restore
Catalogs On Disk. If you are missing a tape in the backup set or a tape
is damaged or corrupted, clear that option. This will ensure that the
catalog is complete and accurate; however, it might take a long time to
create the catalog. |
Backup Options
Backup options are
configured by choosing the Options command from the Tools menu. Many of
these options configure defaults that are used by the Backup Utility and
the command-line backup tool, Ntbackup. Those settings can be
overridden by options of a specific job.
General Options
The General tab of the Options dialog box includes the following settings:
Compute Selection Information Before Backup And Restore Operations Backup estimates the number of files and bytes that will be backed up or restored before beginning the operation.
Use The Catalogs On The Media To Speed Up Building Restore Catalogs On Disk
If a system does not have an on-disk catalog for a tape, this option
allows the system to create an on-disk catalog from the on-media
catalog. However, if the tape with the on-media catalog is missing or if
media in the set is damaged, you can deselect this option and the
system will scan the entire backup set (or as much of it as you have) to
build the on-disk catalog. Such an operation can take several hours if
the backup set is large.
Verify Data After The Backup Completes
The system compares the contents of the backup media to the original
files and logs any discrepancies. This option obviously adds a
significant amount of time for completing the backup job. Discrepancies
are likely if data changes frequently during backup or verification, and
it is not recommended to verify system backups because of the number of
changes that happen to system files on a continual basis. So long as
you rotate tapes and discard tapes before they are worn, it should not
be necessary to verify data.
Backup The Contents Of Mounted Drives A
mounted drive is a drive volume that is mapped to a folder on another
volume’s namespace, rather than, or in addition to, having a drive
letter. If this option is deselected, only the path of the folder that
is mounted to a volume is backed up; the contents are not. By selecting
this option, the contents of the mounted volume is also backed up. There
is no disadvantage in backing up a mount point, however if you back up
the mount point and the mounted drive as well, your backup set will have
duplication.
If you primarily back up to file and then save that file to another media, clear the following options. If you primarily back up to a tape or another media managed by Removable Storage, select the following options.
Show Alert Message When I Start the Backup Utility And Removable Storage Is Not Running.
Show Alert Message When I Start The Backup Utility And There Is Recognizable Media Available.
Show Alert Message When New Media Is Inserted.
Always Allow Use Of Recognizable Media Without Prompting.
Tip
The
Always Allow Use Of Recognizable Media Without Prompting option can be
selected if you are using local tape drives for backup only, not for
Remote Storage or other functions. The option eliminates the need to
allocate free media using the Removable Storage node in the Computer
Management console. |
Backup Logging
The Options dialog
has a tab called Backup Log. Logging alerts you to problems that might
threaten the viability of your backup, so consider your logging strategy
as well as your overall backup plan. Although detailed logging will
list every file and path that was backed up, the log is so verbose you
are likely to overlook problems. Therefore, summary logging is
recommended, and is the default. Summary logs report skipped files and
errors.
The system will save 10 backup logs to the path %UserProfile%
Local Settings \Application Data\Microsoft\Windows NT\Ntbackup\Data.
There is no way to change the path or the number of logs that are saved
before the oldest log is replaced. You can, of course, include that path
in your backup and thereby back up old logs.
File Exclusions
The
Exclude Files tab of the Options dialog box also allows you to specify
extensions and individual files that should be skipped during backup.
Default settings result in the Backup Utility’s skipping the page file,
temporary files, client-side cache, debug folder, and the File
Replication Service (FRS) database and folders, as well as other local
logs and databases.
Files can be excluded
based on ownership of the files. Click Add New under Files Excluded For
All Users to exclude files owned by any user. Click Add New under Files
Excluded For User <username>
if you want to exclude only files that you own. You can specify files
based on Registered File Type or based on an extension using the Custom
File Mask. Finally, you can restrict excluded files to a specific folder
or hard drive using the Applies To Path and the Applies To All
Subfolders options.
Advanced Backup Options
After selecting files to
back up, and clicking Start Backup, you can configure additional,
job-specific options by clicking Advanced. Among the more important
settings are the following:
Verify Data After Backup This setting overrides the default setting in the Backup Options dialog box.
If Possible, Compress The Backup Data To Save Space
This setting compresses data to save space on the backup media, an
option not available unless the tape drive supports compression.
Disable Volume Shadow Copy VSS allows the backup of locked and open files. If this option is selected, some files that are open or in use may be skipped.
The Ntbackup Command
The Ntbackup command provides the opportunity to script backup jobs on Windows Server 2003. Its syntax is
Ntbackup backup {"path to backup" or "@selectionfile.bks"} /j "Job Name" options
The command’s first switch is backup,
which sets its mode—you cannot restore from the command line. That
switch is followed by a parameter that specifies what to back up. You
can specify the actual path to the local folder, network share, or file
that you want to back up. Alternatively, you can indicate the path to a
backup selection file (.bks file) to be used with the syntax @selectionfile.bks.
The at (@) symbol must precede the name of the backup selection file. A
backup selection file contains information on the files and folders you
have selected for backup. You have to create the file using the
graphical user interface (GUI) version of the Backup Utility.
The third switch, /J “JobName” specifies the descriptive job name, which is used in the backup report.
You can then select
from a staggering list of switches, which are grouped below based on the
type of backup job you want to perform.
Backing Up to a File
Use the switch
/F “FileName”
where FileName is the logical disk path and file name. You must not use the following switches with this switch: /T /P /G.
The following example backs up the remote Data share on Server01 to a local file on the E drive:
ntbackup backup "\\server01\Data" /j "Backup of Server 01 Data folder" /F
"E:\Backup.bkf"
Appending to a File or Tape
Use the switch:
/A
to perform an append
operation. If appending to a tape rather than a file, you must use
either /G or /T in conjunction with this switch. Cannot be used with /N
or /P.
The following
example backs up the remote Profiles share on Server02 and appends the
set to the job created in the first example:
ntbackup backup "\\server02\Profiles" /J "Backup of Server 02 Profiles folder" /F
"E: \Backup.bkf" /A
Backing Up to a New Tape or File, or Overwriting an Existing Tape
Use the switch:
/N “MediaName”
where MediaName specifies the new tape name. You must not use /A with this switch.
Backing Up to a New Tape
Use the switch
/P “PoolName”
where PoolName
specifies the media pool that contains the backup media. This is
usually a subpool of the backup media pool, such as 4mm DDS. You cannot
use the /A, /G, /F, or /T options if you are using /P.
The following example backs up files and folders listed in the backup selection file c:\backup.bks to a tape drive:
ntbackup backup @c:\backup.bks /j "Backup Job 101" /n "Command Line Backup Job" /p
"4mm DDS"
Backing Up to an Existing Tape
To specify a tape for
an append or overwrite operation, you must use either the /T or /G
switch along with either /A (append) or /N (overwrite). Do not use the
/P switch with either /T or /G.
To specify a tape by name, use the /T switch with the following syntax:
/T “TapeName”
where TapeName specifies a valid tape in the media pool.
To back up the selection file and append it to the tape created in the previous example, you would use this command line:
ntbackup backup @c: \backup.bks /j "Backup Job 102" /a /t "Command Line Backup Job"
To specify a tape by its GUID, rather than its name, use the /G switch with the following syntax:
/G “GUIDName”
where GUIDName specifies a valid tape in the media pool.
Job Options
For each of the job types described above, you can specify additional job options using these switches:
/M {BackupType} Specifies the backup type, which must be one of the following: normal, copy, differential, incremental, or daily.
/D {“SetDescription”} Specifies a label for the backup set.
/V:{yes | no} Verifies the data after the backup is complete.
/R:{yes | no} Restricts access to this tape to the owner or members of the Administrators group.
/L:{f | s | n} Specifies the type of log file: f=full, s=summary, n=none (no log file is created).
/RS:{yes | no} Backs up the migrated data files located in Remote Storage.
Tip
The
/RS command-line option is not required to back up the local Removable
Storage database, which contains the Remote Storage placeholder files.
When you backup the %Systemroot% folder, Backup automatically backs up the Removable Storage database as well. |
/HC:{on | off} Uses hardware compression, if available, on the tape drive.
/SNAP:{on | off} Specifies whether the backup should use a Volume Shadow Copy.
