2

So, I'm looking at a bare metal restore situation with my current setup. Not sure if this is possible, but looking at a hypothetical restore path to bounce off of with some Server Fault gurus ;).

As of right now, our DC currently hosts our Exchange 03 services along with some IIS websites. We are currently using Backup Exec 11d to do our backups. It's on a weekly rotation with a full backup performed every night. If I find that we have catastrophic OS failure (putting me in the same place as if I were doing a bare metal restore), I will not be able to get back to point of operation (at least not easily).

I'm thinking that creating an image (using Norton Ghost or Acronis True Image) of the system would give me the base needed to get back to where we were. Even if the image gets to be 6 months old, as long backups were being performed to point of failure, the image could be reloaded and a restore of the last backup could be performed only putting us a day out from the point failure. Are there any flaws to this thinking?

What got me thinking along these lines in the first place is that while doing an inventory of all our software media, it would turn out we are missing quite a few disks in order to build a box from scratch that provides the same services (no Exchange 03 disks, no BackupExec 11d disks, no Windows Server 03 VLK). I am currently addressing this issue, but in the mean time, I need a plan for recovery. Any insight is appreciated.

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108
Chad Harrison
  • 6,960
  • 10
  • 28
  • 41
  • Is this the only server in your environment? The way you ask makes me think this server is your BE Media Server as well. In which case, things are more complicated... – Holocryptic May 17 '11 at 00:55
  • If that's not your only domain controller disk imaging isn't a good idea. You run the risk of upsetting the File Replication Service (NTFRS) and Active Directory itself (creating a USN rollback) if you bring up a months-old disk imaged backup of a DC into an environment with other DCs. – Evan Anderson May 17 '11 at 03:52
  • @Evan you could bring it up in non-authoritative mode using adsrm. That would sidestep that issue, would it not? – Holocryptic May 17 '11 at 10:08
  • Just want to say you are all awesome! Currently, this is the only Windows server as pertains to active directory. We have some older servers they have been keeping from a previous merger before my highering (which was only three months ago). Jumping through some political hoops in getting the files off that server and promoting as another DC at another one our sites and would love to start replicating AD. – Chad Harrison May 17 '11 at 16:27
  • @Holocryptic: There isn't any way that I'm aware of to mark a restored database as "non-authoritative". You can always mark a restore authoritative but not the other way around. Some background re: USN rollback: http://support.microsoft.com/kb/875495 – Evan Anderson May 17 '11 at 17:34

3 Answers3

1

Your right that getting an image of the system would be important at this point since your missing the media needed to reinstall and restore. The problem I see with this is if there is a failure of the hardware you will not have anything to restore that image to anyway and if you replace the hardware with something that is not identical to what the image was taken from you might still have a hard time getting it to restore.

In my opinion you should be looking into having some kind of redundant windows server. Get a second server set up and make it a DC, DC's are multimaster in Windows 2000/2003. Simply promote it to a DC in the domain, and let AD replicate. Replication can also be set up with exchange and then it is just a matter of keeping a copy of the website in IIS on that server and pointing the DNS at it when the primary server fails.

Hope this is of some help for you in thinking through your strategy. And one last thing you might want to look into Bacula and Clonezilla instead of Backup Exec 11d and Acronis True Image, It will save you some money and they have much cooler names :)

Summers
  • 56
  • 3
  • Well noted on the hardware side of things. I have been able to do a repair installation on some XP boxes to correct that problem, but not sure how AD will handle a repair. – Chad Harrison May 17 '11 at 16:29
1

I don't see any flaws in your plan. In fact it's the same plan I have implemented here, even though I do have the disks. It's simple, yet effective.

I've tested our restore capability against different hardware and while sometimes I need to install additional drivers it has worked as expected. In a pinch I can replace any of our Windows servers with any available PC, or even a VM, until a new server is obtained.

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108
  • VM is a direction I would like to go, but convincing my people to go that direction would be pretty foriegn to them. Why get that nice Mustang GT or Hybrid SUV when our Model T still roles on wheels. Know what I mean? – Chad Harrison May 17 '11 at 16:33
  • @hydroparadise, don't be in too much of a hurry to replace the old clunker while it's still doing the job. I've seen many a new server (or car) fall by the wayside while the old reliables just keep on chugging along. Then again, I'm the sort who likes to get up to 10 years out of a good server and at least twice that long out of a car. – John Gardeniers May 17 '11 at 19:06
1

Well, this is... unfortunate. As a short term possibility, you could do an image of the server. You'd have to (I'd do this if I were you) shut down the server and then take the image. That's just my personal preference, but you do have a lot of different services on that box.

On a restore, I would say that your biggest concern would be making sure that services came back up correctly. There's a greater than 0 chance that (especially with a DC in the mix) things don't work correctly right out of the gate. Add Exchange installed on top of a DC (not recommended by the way) and things may get hairy. Also, as Evan points out, some of the AD services can get twisted if you have other DCs in the mix, but I'm pretty sure that bringing up the restored AD in non-authoritative mode via ADSM bypasses that issue.

Continuing down the road, you'll want to try and spread your services out. You don't want Exchange installed on a DC for one thing, and you want a separate media server for your BE (You don't state in your question if that's the case or not; I'll just cover all the bases). This helps avoid a complete service outage in the event of disaster, and can allow your users some functionality while you work to bring up the affected services. Not to mention that if your media server is installed on the same server that goes down.... well, then you're not doing anyone any favors and you'd still have to install from CDs you don't have yet.

You can also look at some of the newer offerings by BE (or some other backup solutions). They've come a long way in the past few years when it comes to imaging, DR, and backups and restores. The version of BE that you're running is at least three major versions behind, and while you might have a support contract, you'll probably like some of the expanded feature sets that the newer software has to offer.

Holocryptic
  • 5,665
  • 2
  • 28
  • 37