Backup Strategy

Doing regular backups of data on servers and local hard disks prevents data loss and damage caused by disk failures, power outages, virus infection, and network problems. Backup operations based on careful planning and reliable equipment make file recovery easier and less time consuming.

Windows NT includes the backup program, Ntbackup.exe, that enables you to use a tape drive to back up and restore files on Windows NT file system (NTFS) or file allocation table (FAT) volumes. The Ntbackup program also simplifies archiving. You can easily save data for legal or historical purposes and remove older, unused files, knowing that you can recover them, if necessary.

Ntbackup can perform several different kinds of backups:

A normal backup, also called a full backup, copies all selected files and marks each as having been backed up. With normal backups, you can restore files quickly because files on the last tape are the most current.
A copy backup copies all selected files but does not mark each file as having been backed up. Copying is useful if you want to back up files between normal and incremental backups, because copying does not invalidate these other backup operations.
An incremental backup backs up only those files created or changed since the last normal or incremental backup. It marks files as having been backed up. If you use a combination of normal and incremental backups, restoring requires starting with your last normal backup and then working through all the incremental tapes.
A differential backup copies those files created or changed since the last normal (or incremental) backup. It does not mark files as having been backed up. If you are doing normal and differential backups, restoring requires only the last normal and last differential backup tape.
A daily backup copies all selected files that have been modified the day the daily backup is performed. The backed up files are not marked as having been backed up. (This can be useful if you want to take work home and need a quick way to select the files that you worked on that day.)

Chapter 6, "Backing Up and Restoring Network Files," in the Windows NT Server Concepts and Planning book, describes developing your backup plan and using Ntbackup.

When developing your backup plan:

Be sure to have spare hardware in case of a failure in your backup device.
Plan to test your backed up data regularly to verify that you can rely on your backup procedures and equipment.
Include stress testing of your backup hardware (tape drives, optical drives, and controllers) and software (backup program and device drivers).
Consider security regarding your backups. If you have implemented physical security to protect your computers, but unauthorized people can get access to your backup tapes, your data are not protected.

This section:

Provides an approach for backing up computers on a small LAN and discusses backing up very large servers and ones that must be available 24 hours a day.
Discusses the types of data that you should regularly back up.
Lists questions that you should consider when planning your backup procedures.

Backup Approaches

There are two extremes when it comes to backing up data on computers running Windows NT:

You have a small, simple network.
The computer that you want to back up needs to be available 24 hours a day, 7 days a week, or contains a large amount of data to back up.

This section discusses backup approaches for these two situations.

Small and Medium LANs

This section describes an approach for backing up computers running Windows NT Server and Windows NT Workstation on a small to medium LAN. There are no backup devices connected to computers running Windows NT Workstation. Therefore, data from those computers needs to be backed up on computers running Windows NT Server.

This network has the following characteristics:

1 - 10 computers running Windows NT Server.
Total disk space 1 - 25 GB on each computer running Windows NT Server.
Typical daily data modifications in the range of 100-1000 MB.
Typically has scheduled downtime at night or on weekends.
There are a minimum of two backup devices on different computers running Windows NT Server. One should be on the primary domain controller (PDC). If you have backup domain controller (BDC), this computer should have the second backup device.
All computers running Windows NT Server are capable of hosting the backup devices.

These are suggested guidelines for backing up all of the computers that are running Windows NT, assuming that you are using Ntbackup or a similar program to back up your data to a cartridge tape:

If you are using tape drives that are SCSI controlled, insure that the drives will work in all of the computers. Are there spare SCSI IDs available on the chain?
Does each computer still function correctly after you install the tape drive?
Does Ntbackup work on each computer, and does a test restore work on each computer?
All backup devices should use the same media. Preferably, all backup devices are the same make and model.
Verify that the media works in all of the backup devices.
The backup device must be fast enough to complete a backup in the time allotted, which could be overnight, or a specified number of hours.
Perform a complete backup (called normal or full in NTBackup) on a regular basis, such as once a week.
Do an incremental backup of files on the days that you do not perform a full backup.
The backup media should be capable of writing a complete incremental backup on one cartridge. Preferably, a full backup fits on one cartridge.
Label all backup media with the date, the computer on which it was created, and the type of backup, such as full or incremental.
Rotate your backup media. Some suggestions are described in Chapter 6, "Backing Up and Restoring Network Files," in the Windows NT Server Concepts and Planning book.
Secure the backup media in a fireproof safe large enough for a full rotation's worth of cartridges.
Split nightly backups on all computers running Windows NT Server among the backup devices for load balancing and reliability.
Back up the Registry on your PDC and BDC every night.
Back up critical data located on computers running Windows NT Workstation every night. Users should copy important files from the client computers to an area on the computer(s) that do the backup.

Considerations for 24 Hour Operations or Very Large Backups

If the data set being backed up is very large, such as a SQL database or a number of large graphics files, it is difficult to back up the data within a reasonable amount of time, given the limitations of existing tape hardware. If Windows NT has locked the file for backup, and it is still locked when the clients start trying to access the file the next morning, the procedure described in the preceding section will not work. If the time available for backups is very small because the files are needed 24 hours a day, you will need a different approach than the one previously described.

You could configure the disks that require daily backup separately from the Windows NT Server system disks by using Redundant Array of Inexpensive Disks (RAID) arrays. For your critical computers, you could implement a software mirror of two separate hardware-controlled RAID arrays. With this configuration, if either a disk or an entire array fails, operations can continue. If a component such as a network interface card, video device, IDE adapter, or power supply fails, it can be easily replaced. If the computer running Windows NT Server itself fails, you should have a spare computer with Windows NT Server already installed to which you can move the data disks.

Note

RAID arrays provide disk fault-tolerance completely within hardware that you purchase from a vendor. In RAID arrays, the controller interface handles the creation and regeneration of redundant information that is automatically used if there is a failure in one of the disks in the array. See "Planning a Fault-Tolerant Disk Configuration," presented later in this chapter, for more information about RAID arrays.

One approach to backing up data on a critical computer running Windows NT Server involves logically removing the computer from the network by:

Disconnecting all users.
Pausing the Server service by using the Services option on Control Panel.
Ensuring that all files are closed, so that they can be accessed by the backup procedure.

The following methods are variations on this approach. The first two methods can be used to back up the data once you have removed the computer from the network. In these methods, we call the computer that contains the data to be backed up DATA. The computer that actually does the backup is called TARGET. The third method allows users to continue to access the data on DATA while it is being backed up.

Backup Method 1

Copy the data from DATA to TARGET. When the data are on NTFS volumes, you can use the Scopy program to copy the permissions as well as the data. If you don't need permissions, you can use the Xcopy program to just copy the data. To copy database files, use functions in the database application. If you expect the network to be busy when you will be doing the copy, it is best to dedicate a computer-to-computer link. Once the data are on TARGET, you can bring DATA online and back up the files from TARGET. Copying the data to TARGET minimizes the amount of time that DATA is not available to users.

Note

The Scopy program (on the Windows NT Server Resource Kit CD) does not support copying only the files that have been modified. The Xcopy program (on the Windows NT Server product CD) does support copying only modified files, but does not copy the file permissions. You need to decide whether Scopy or Xcopy works best for your situation, or whether you need to use a different program to copy the files.

Ideally, you should do a complete file comparison between the data on DATA and TARGET to verify the transferred data. However, comparing the data will take about twice as long as it takes to copy the data. Typical Ethernet or Token Ring transfer speeds are 1 MB per second, if the network is not busy. Use this transfer rate and the total amount of data to transfer to determine the expected transfer time. If you do not have enough time, you will need to use a faster network connection, or a different backup method.

Backup Method 2

Copy the data that you want to back up to another disk or disks on DATA. This process is usually faster than copying to another computer over the network because it occurs within the same computer. You can now bring DATA online. The copy of the data can then be backed up by using a backup device connected to DATA. If you do not want run the backup program on DATA, you can transfer the copy of the data to TARGET, from which you do the backup.

You need to decide whether to do the backup on DATA or TARGET. This decision depends on factors such as:

Availability of a computer to use as TARGET.
Your overall backup strategy, which might specify that all backups be performed on a few central computers.
Whether the processing overhead of doing the backup on DATA is more than the cost and processing overhead associated with transferring the files over the network to TARGET.
How long you expect the backup to take.

Backup Method 3

There are also third-party utilities that mirror the data onto another computer running Windows NT Server across the network while the files are still being used on DATA. This approach is best when you absolutely cannot take a chance of losing data because a disk or RAID array fails. While there might be some down-time associated with moving data from the mirror computer to the DATA computer after a failure on DATA is fixed, this approach is preferable to losing all data created or changed since the last backup of any kind. Again, performance is better if a network link is dedicated to this task. The other advantage of this approach is that the files being backed up are still available, and there is no downtime required to make copies.

What Data to Back Up

There are different kinds of data that you should back up. This section describes the types of data and why you should back them up.

Registry

The Registry is the most critical set of files on the computer as far as day-to-day operations are concerned. As a user, you would know fairly quickly if a system file is missing or corrupt — the computer would crash or fail to execute the command. The Registry is different. The computer might start, but then hang at the logon screen because all the security settings are missing or some required service did not started. On a computer running Windows NT Server, you need to have a current backup of the Registry. Otherwise, you have to rebuild information about all your users, groups and permissions, and you can never be certain that it is just the way it was before. There are several methods that you can use to back up all or part of the Registry, which are described in Chapter 5, "Preparing for and Performing Recovery." You should develop backup procedures specifically for the Registry to make sure people know who should be doing the backup.

Logon Scripts

Logon scripts are files that can be assigned to user accounts. Each time a user logs on, the assigned logon script is run. You can use logon scripts to configure user working environments by creating network connections and starting applications. Logon scripts are useful when you want to affect the user work environment without managing all aspects of it. A logon script runs automatically whenever a user logs on to a computer running either Windows NT Server or Windows NT Workstation. A logon script is always downloaded from the computer running Windows NT Server that validates a user's logon request.

For users with accounts on Windows NT Server domains that have one or more BDCs, any one of the domain controllers can authorize a user's logon attempt. To ensure that logon scripts always work for users, you should be sure that logon scripts for all user accounts in a domain exist on every PDC and BDC in the domain.

The best way to ensure that logon scripts are always available and consistent is to use the Replicator service. In replication, actual copies of the files are sent across the network to other computers. In the case of logon scripts, you would decide which domain controller should be the sending computer. The receiving computers would be all of the other domain controllers.

You can also replicate information other than Logon scripts, but replication should only be used for critical information that must be available, even if the computer running Windows NT Server it is normally on is unavailable. Replicating files unnecessarily can put a large load on the network and slow it considerably.

Note

You should use replication for such critical data as the DHCP and WINS databases. For more information, see Chapter 7, "Using Microsoft DHCP Servers," and Chapter 8, "Managing Microsoft WINS Servers," in the Windows NT Server Networking Guide.

See Chapter 3, "Managing User Work Environments," in the Windows NT Server Concepts and Planning book, for more information about logon scripts.

Application Programs

Application programs, such as Microsoft Word for Windows, are typically what network users are involved with on a daily basis. You can always reinstall the executable files themselves from the original distribution media, but the down time and lost productivity make this approach less than ideal. Additionally, you might have customized the application programs to suit the needs of your organization. The difficulty of reproducing those settings can be greater than reloading the programs themselves. Fortunately, since the files rarely change, backing up the files are part of your backup procedure insures that the latest version is quickly available, and it does not use a lot of offline storage space. For example, using Ntbackup with the Incremental option insures that any changes made are easily recoverable. Or, you could do a complete backup of the volumes that contain your application programs when you make changes.

User Data

The greatest amount of change on any server is in the users' folders. Users constantly add, modify, or delete files from the computer. You should do daily backups of changes to users' folders.

Some of your users will keep most of the files that they want backed up on file servers. Other users will do most of their work on their own workstation and want that data backed up. Your backup procedures need to cover both situations.

Questions to Consider in Developing Backup Procedures

The critical nature of backups requires complete verification of the entire backup and restore process. Because backup programs vary in their specifics and procedures, this section identifies some of the questions that you should ask, and answer, concerning the process.

Who

These are questions to consider when you are deciding who should be doing certain tasks:

Who determines what files and computers will be backed up, and how will the policy be published?
Who is responsible for doing the backup? Is this responsibility formally part of their job description?
To whom is the success or failure of the backup reported?
If the designated backup operator(s) are unavailable, who is the alternate?
How are users notified if the backup fails?
If the backup takes place unattended, but in a location that has off-shift personnel, are they trained to monitor the backup?
Should they intervene in case of failure?
Who do they notify of a problem?
What is the process they should follow?
Do they have some way to contact the responsible individual(s)?
Are these individuals required to be available by telephone or wear pagers?
If trained personnel are to monitor the backup, how are they scheduled for the next day?
Is there coverage for their other duties if there are problems with doing the backup, or they need to do a lengthy restore?
During vacations, sickness, or other absences, who will do the backup?
If a backup fails because of a hardware problem, who is the contact point with the vendor or manufacturer?
If the backup fails because of software problems, who do you contact?

When

You also need to consider when and how often the backups should take place:

If you want to back up as many files as possible, the backup will probably occur after-hours. Will this be true only for full backups or all backups?
How often do you do full backups and incremental backups?
At what time should the backup occur, immediately after hours or before business hours early the next day?
If the backup fails because of hardware problems, is there standby hardware, or can a loaner be obtained from the vendor?
Will the vendor guarantee availability of a loaner?
How long will it take to replace the failed hardware?
Is the vendor's technical support available at all times?
Is software technical support available at all times?
Do you have a configuration book that contains information about the computers running Windows NT Server that any technical support person might need?
If not, how long will it take to create this information when you have a problem?
What are the policies of the hardware or software vendor concerning fixes and how long they might take?
How long will it take to retrieve the backups or copies from a local or remote storage area?
Can the remote copies be obtained at any time or only during business hours?
How long will it take to do a full restore if the computer totally fails?

Where

Where you do the backups and where you store the backup media are also important questions:

Is the backup taking place in a secure area?
If so, how is it monitored?
Where are the backup tapes stored?
Is the storage location secure?
Is it fireproof, waterproof, and otherwise protected from disasters?
Are the tapes that are stored on site accessible at all times to the people who might need them?
Are there copies, and where are they stored?
Is the offsite location secure?
Is it fireproof, waterproof, and otherwise protected from disasters?
Is it bonded?
Will the backup be done to a local tape drive, remotely over the LAN, or remotely over the WAN?
How is the connection verified before the backup begins?
How are computers equipped for power outages if operators are not present and backups are taking place?

What

You need to decide what to back up:

What is the backup plan?
Are all modified files to be backed up, or will there be a policy regarding specific users, groups, departments, divisions, or company-critical files?
Will there be disks or volumes on the computer running Windows NT Server that are not backed up?
Will users be responsible for backup of their individual client systems?
Will there be a chargeback system for the amount of storage used?

How

You also need to determine how you will do the backups and how to determine if backups work correctly:

How is the backup process certified?
Has every option that you expect to use been tested?
Do the scripts work?
Do the logs get created and are they correct?
If the path is long, the filename odd, the file size very large, or the number of files is large, does the backup still work? Can you restore files that have these chacteristics?
How is the backup started: from the command line, an icon, or by batch?
Do these methods all work the same?
If you schedule your backups, do they occur as scheduled?
Is the tape actually verifying the data?
Does a test restore work?
Does the system have to be in a certain condition before the backup starts?
What is the typical or expected state of the system before, during, and after the backup?
What is the actual condition?
Are there any unforeseen behaviors?
When you make changes to the operating system (such as installing a service pack), or the backup program, do you recertify the backup/restore process?
If you make hardware changes on the computer, such as installing a new controller or tape drive, or changing the BIOS on the motherboard, do you recertify the backup/restore process?
How do you certify that you can use your old tapes when you have changed hardware of software involved in the backup?