1
Jan 02, 2016
1
Preventing Disasters
Chapter 11 covers the processes to take to prevent a disaster. The most prudent actions include Implement redundant hardware Implement redundant services Using Clustering
Redundant Hardware To prevent data loss from disk failure you can implement RAID RAID is a system in which multiple disks are combined into a single logical unit in which the
failure of a single disk does not result in data loss RAID 1 and RAID 5 are the most common RAID configurations
RAID 1 is mirroring RAID 5 is true RAID striping with parity
2
Preventing Disasters (2)
Redundant Services Exchange Server 2003 relies on network services to function properly
DNS With no DNS Exchange is unavailable to deliver mail to external sites DNS fault tolerance is achieved by having at least two DNS servers
available on the network and configuring Exchange to use both DNS servers
DNS is used to find Domain Controllers for authentication Active Directory
Users cannot authenticate with Active Directory At least two Domain Controllers should be configured to ensure fault
tolerance
3
Preventing Disasters (3)
Clustering Active/Active Clustering -
Exchange 2003 is configured and running on at least two servers Each node actively responds to user requests and manages messages When one server fails the other takes over its tasks Cost effective because all hardware is being utilized
Active/Passive Clustering Exchange is installed on up to eight servers Runs on only up to seven servers When an active server fails one of the inactive servers takes its place More scalable More expensive
4
Planning for Disaster Recovery Overview
Properly planning for disaster recovery is essential to successful disaster recovery Without the right information even a complete backup of the Exchange Server 2003 databases is not enough
to bring Exchange back online There are several key tasks involved in disaster recovery planning
Documentation Document system version and service packs Document server network configuration, including IP address and DNS servers Exchange Server 2003 Service Packs Name of the Exchange organization Name of the administrative group in which the server is located Names of the storage grops on the server Names of the logical databases in the storage groups on the server
5
Planning for Disaster Recovery (2) Logging
A set of log files is maintained for each storage group on an Exchange 2003 All databases changes for a storage group are written to a log file(s) before
the database is updated Log files are used by Exchange 2003 to keep track of partially completed
transaction if a problem occurs Circular Logging removes information from the log files after it is committed to
the database If circular logging is used the system can only be restored to the point of the
last backup
6
Planning for Disaster Recovery (3) Log File Location
Log files should be stored on physically different drives from database to aid recovery If stored on the same drive Exchange is only recoverable to the most recent backup If kept on separate drives Exchange can be restored to the point just before the failure
occurred Backup Scheduling
Ideally a full backup should be performed every night Administrators should confirm backups ran successfully and logging where successful
backups are kept Monitoring and logging backups ensures that they are available when required
7
Planning for Disaster Recovery (4) Available Disk Space
Repairing databases requires free disk space equivalent to the database plus about 10 extra percent for working space on the drive
Another suggestion is to keep free disk space on each Exchange 2003 server equivalent to the largest storage group on the server
Written Instructions Ensure that there are written instructions on how to perform restores on
Servers Storage Groups Databases Mailboxes
Written instructions limit the amount of thinking required to perform a recovery Be sure to test the instructions before publishing them
8
Backing up Exchange Server 2003
Overview Backup is an essential step in disaster recovery Important concepts
Database backups Backup software What to Backup Offline backups Full-Text Indexes
Database Backups Full Backup
Takes a copy of the database files and transaction logs Clears the transaction logs off of the hard drive If transaction logs are not clear they become too big and will eventually force Exchange to shut down Full backups can restore storage groups No other backups are necessary with a full backup
Differential Backup Does not take a copy of the database files Does not remove transaction logs from the hard drive Smaller and Faster than a full backup Only the most recent differential backup and full backup are required to restore Exchange successfully
Incremental Backup Does not take a copy of the database files Takes a copy of the transaction logs and removes the transaction logs from the hard drive Can be used partway through the day to supplement a daily full backup Incremental backups must be used in conjunction with a full backup The full backup and incremental backups performed since the full back are required to restore it
9
Backing up Exchange Server 2003 (2) Backup Software
Standard version of NT Backup and most third party cannot backup Exchange while it is running
An updated version of NT Backup is installed when Exchange databases and transaction logs while Exchange is running
Updated version of NT Backup uses the Exchange backup API Third party apps that can back up and restore individual messages perform what is called a
brick-level backup and restore. Some third party apps use the new Volume Shadow Copy service to perform backups
Does not slow down performance Takes a snapshot and backup is performed on the backup
10
Backing up Exchange Server 2003 (3)
What to Backup OS directories System state
System state is a set of data residing within several important but disparate components that are required for recovery Exchange Server 2003 folders (except the databases and log files) Exchange database and log files Cluster quorum(if in a cluster) Cluster disk signatures (if in a cluster)
Offline Backups Offline backups are performed by taking a copy of the Exchange database and transaction logs when the Exchange services are
stopped Services must be stopped Users cannot access services while they are stopped Offline backup does not remove transaction logs Can be used if third party backup solution does not support Exchange backup API NT backup is always preferred for online backups
11
Backing up Exchange Server 2003 (4)Full-Text Indexes
It is not necessary to back up indexes because they contain redundant information that is already contained in the databases
12
Restoring a Failed Exchange 2003 Server
Overview Only necessary when server has experienced a catastrophic failure Identical hardware is not necessary for restore of full backup Requires same drive letters Requires identical OS patching to original server
Restore Process Install the same version of Windows on new or repaired hardware with a temporary name
Server should not be joined to domain Install all Windows service packs to match the failed server Restore the last operating system backup from the old server, including the system state
Restores computer name to the same name as the failed server Install Exchange 2003 in disaster recovery mode.
Accomplished by using /disasterrecovery switch Prevents Information Stores from being mounted after installation
N.B. During installation, ensure that select only components that were installed on the failed server Place the databases and log files in the same location as they were located on the failed server
Using disaster recovery mode, install all service packs for Exchange Server 2003 to match the failed server Restore the latest version of database files that are available
13
Restoring a Corrupted Exchange 2003 Store
Overview Involves restoring current transaction logs Current transaction logs are replayed after the databases are restored, no information is lost The store that is being restored must be dismounted first
Restore Process Database files from backup are copied back to disk The log files are copied to a temporary directory A restore.env file is created in the same temporary directory as log files.
Restore.env is used to control the restore process and applies to a single store Exchange stores must be restored one at a time or they may be overwritten
Hard recovery is performed Hard recovery plays the transaction logs that were restored Triggered by checking Last Restore Set check box
Option should not be checked if additional incremental or differential restores of transaction logs are required Soft recovery is performed
Replays the current transaction logs and makes the store information current to the point of failure The temporary directory with transaction log files is removed
14
Restoring an Exchange Mailbox or Message
Overview Reasons to recover a mailbox or message
Reviewing deleted message as part of a legal action Retrieving accidentally deleted messages Allowing a manager to review the mail of a terminated employee
Methods Recovering Deleted Items in Outlook Web Access
Message deleted from Inbox or other folder in Outlook is placed in the Deleted Items folder Messages deleted from the Deleted Items folder it is no longer visible to the user but still available to be restored The length of time deleted items are retained is configurable by the Exchange Administrator
Reattaching Mailboxes Mailboxes that are deleted accidentally or belong to a terminated employee can be restored User Id should be recreated Deleted mailboxes are retained for 30 days Deleted mailboxes can be attached to a new or recreated user account Mailboxes can be attached to a different account if a manager/administrator needs to review the contents after a user is dismissed
Using an Alternate Recovery Forest An alternate recovery forest is at least a single server that contains a copy of your entire Exchange organization Alternate recovery forests are completely separate from the production environment and is used for testing and recovery purposes Advantages
Provides the ability to perform restores of public folders Allows testing of backup integrity without affecting the production environment Allows mailbox recovery even after retention period has expired Can act as a test environment for service packs and third party add-ons
Disadvantages Cost and time related to maintaining separate hardware
Using the Recovery Storage Group
15
Restoring Clustered Exchange ServersOverview
Restoring clustered Exchange 2003 severs varies depending on the error
Process to restore clustered Exchange is the same as non-clustered server
Restoring failed sever is a faster process to fix because services on failed server start up on the other servers in the cluster
No need to restore server in exactly the same state before failure because the cluster operates the same without it.
16
Restoring Clustered Exchange Servers (2)Recovery Steps
Use Cluster Administrator to remove the failed server from the cluster
Build a new server to replace the old serverJoin the new server to the clusterInstall Exchange 2003 on the new serverMove resources back to the new server or leave it as a
passive node in the cluster.
17
Summary
Disasters with Exchange Server 2003 can be prevented using: Redundant Hardware
RAID 1 RAID 5 Power Supplies Network Cards
Redundant Services DNS Active Directory
Clustering Helps limit service outages to a few minutes Can be configured as Active/Active or Active/Passive
18
Summary (2)
It is important to plan properly for disaster recovery Configuration Documentation Choosing a logging method Separating Log Files and Databases Having a consistent backup schedule Ensuring enough free space for disaster recovery Preparing detail written instructions for disaster recovery
Exchange keeps transaction logs until a full backup is performed Circular logging deleted transaction logs after their contents have been committed
to the database.
19
Summary (3)
Full, Differential and Incremental BackupsFull backup of Exchange Server 2003 takes a copy of the
database and the transaction logs, and then deletes the transaction logs from disk.
A Differential backup takes a copy of only transaction logs and does not delete the transaction logs from disk.
An incremental backup takes a copy of only the transaction logs and deletes the transaction lgos from disks
20
Summary (4)
Backup Solutions Exchange Server 2003 includes an updated version of NT Backup that is able to
back up Exchange stores while Exchange services are running by using the Exchange backup API
Third party solutions can perform brick level backups and Volume Shadow Copies Backups of Exchange should include the following
OS directories System state Exchange 2003 folders
with Database and logs Exchange stores Cluster quorum and cluster disk signatures
21
Summary (5)
An offline backup is a copy of the Exchange databases taken when the Exchange Services are stopped
Used if a third party backup software does not support the Exchange API A failed exchange server can be restored by reinstalling Windows and Exchange Server
2003 Use Disaster/Recovery switch
A corrupted Exchange Server 2003 store can be restored with windows NT backup Hard Recovery replays the stored transaction logs performed automatically unless Last
Recovery Set box is unchecked Soft Recovery replays the current transaction logs, runs automatically after hard
recovery
22
Summary (6)
Messages and mailboxes can be restored by Recovering deleted items in Outlook Reattaching a mailbox to a user account, Using an alternate recovery forest Using the recovery storage group
An alternate recovery forest is a copy of the Exchange organization that is completely separate from the production environment
Allows restores of public of public folders Allows testing of backup integrity Allows mailbox recovery after retention period has expired Can act as a test environment for service packs
23
Summary (7)
The Recovery storage group is a new feature in Exchange Server 2003Recovers storage group is a stoage group that can be
added any existing Exchange ServerThe only utility that can retrieve messages from the
recovery storage group is ExMergeClustered Exchange servers are restored by
rebuilding them as a new cluster server.
24