Most
Windows Server services that contain a database or local files are
backed up with the System State but also provide alternate backup and
restore options. Because the system restore from Windows Server Backup
is usually an all-or-nothing proposition, except when it comes to
cluster nodes and domain controllers, restoring an entire system might
deliver undesired
results if only a specific service database restore is required. This
section outlines services that either have separate backup/restore
utilities or require special attention to ensure a successful backup.
Disk Configuration (Software RAID Sets)
Disk is not a service
but should be backed up to ensure that proper partition assignments can
be restored. When Dynamic disks are used to create complex volumes—such
as mirrored, striped, spanned, or RAID-5 volumes—the disk configuration
should be saved. This way, if the operating system is corrupt and needs
to be rebuilt from scratch, the complex volumes need to have only their
configuration restored, which could greatly reduce the recovery time.
Only a full system backup can back up disk and volume configuration.
Certificate Services
Installing
Certificate Services creates a certificate authority (CA) on the Windows
Server 2008 system. The CA is used to manage and allocate certificates
to users, servers, and workstations when files, folders, email, or
network communication needs to be secured and encrypted. In many cases,
the CA is a completely separate secured CA server; however, many
organizations use their Exchange server as a CA server. This might be
because of a limited number of servers with several different roles and
services installed on a single server, or because the organization wants
to use Secure Sockets Layer (SSL) and forms-based authentication (FBA)
for secured Outlook Web App and to support encrypted connections from
Outlook 2007 or higher to the Client Access servers, so they install
Certificate Services on an Exchange server. Whatever the case, the CA
needs to be backed up whether on the Exchange server or on any other
server; if the CA server crashes and needs to be restored, it can be
restored so that users can continue to access the system after recovery.
Caution
For security
purposes, it is highly recommended that Certificate Services be enabled
on a server other than the Exchange server. Definitely do not have the
CA services on an Outlook Web App server that is exposed to the
Internet. The integrity of certificate-authenticated access depends on
ensuring that certificates are issued only by a trusted authority. Any
compromise to the CA server invalidates an organization’s capability to
secure its communications.
When the CA allocates a
certificate to a machine or user, that information is recorded in the
certificate database on the local drive of the CA. If this database is
corrupted or deleted, all certificates allocated from this server become
invalid or unusable. To avoid this problem, the certificates and
Certificate Services database should be backed up frequently. Even if
certificates are rarely allocated to new users or machines, backups
should still be performed regularly.
Certificate
Services can be backed up in three ways: backing up the CA server’s
System State, using the CA Microsoft Management Console (MMC) snap-in,
or using the command-line utility Certutil.exe. Backing up Certificate
Services by backing up the System State is the preferred method because
it can be easily automated and scheduled. But using the graphic console
or command-line utility adds the benefit of restoring Certificate
Services to a previous state without restoring the entire server System
State or taking down the entire server for the restore.
To create a backup of the CA using the graphic console, follow these steps:
1. | Log on to the CA server using an account with local Administrator rights.
|
2. | Open Windows Explorer and create a folder named CaBackup on the C: drive.
|
3. | Select Administrative Tools, Certificate Authority.
|
4. | Expand the Certificate Authority server, and select the correct CA.
|
5. | Select Action, All Tasks, Back Up CA.
|
6. | When the backup wizard launches, click Next.
|
7. | On
the Items to Back Up page, check the Private Key and CA Certificate
check box and the Certificate Database and Certificate Database Log
check box.
|
8. | Specify
the location to store the CA backup files. Use the folder created in
the beginning of this process. Click Next to continue.
|
9. | When
the CA certificate and private key are backed up, this data file must
be protected with a password. Enter a password for this file, confirm
it, and click Next to continue.
Note
To restore the CA
private key and CA certificate, you must use the password entered in
step 9. Store this password in a safe place, possibly with the master
account list.
|
10. | Click Finish to create the CA backup.
|
Internet Information Services (IIS)
Internet Information
Services 7.0 (IIS) is the Windows Server 2008 web and FTP services that
support websites like OWA. It is included on every version of the
Windows Server 2008 platform. IIS stores configuration information for
web and FTP site configurations and security, placing the information
into the IIS metabase. The IIS backup methodology has changed quite a
bit from IIS 6.0.
In IIS 7.0, all the
configuration data is stored in %windir%/system32/inetpub/config. If you
have a backup of that directory, the configuration can be restored by
simply returning the files to this location. A more automated process
can be performed by utilizing the appcmd.exe function.
To backup an IIS configuration, simply run appcmd.exe add backup "IIS Backup".
To restore an IIS configuration, simply run appcmd.exe restore backup "IIS Backup".
By creating and scheduling
a batch file to perform the backup, you can take regular snapshots of
the IIS configuration. This can be useful to perform right before making
a change to IIS settings on a Client Access Server so that if the
changes cause any problems, the configuration can be quickly restored.
Backing up Exchange Server 2010 with Windows Server Backup
Although the native
Windows Server Backup is fairly basic in its functionality for Exchange
Server 2010, it can, nonetheless, be used to perform a backup of
Exchange Server 2010 data via the following steps:
1. | Click Start, All Programs, Administrative Tools, Windows Server Backup.
|
2. | In the right pane, click Backup Schedule.
|
3. | When the wizard launches, click Next.
|
4. | When prompted to select your backup configuration, choose Custom and click Next.
|
5. | Select the volumes you want to back up and click Next.
|
6. | Choose the time at which you’d like the backups to run and click Next.
|
7. | Select the disk on which you want to store the backup. Click Next.
|
8. | Note:
The disk you select for the destination will be reformatted and all
data will be lost. Make sure there is no important data on this volume.
|
9. | View the label of the destination disk and click Next.
|
|
|
