1

Preventing Disasters

Chapter 11 covers the processes to take to prevent a disaster. The most prudent actions include Implement redundant hardware Implement redundant services Using Clustering

Redundant Hardware To prevent data loss from disk failure you can implement RAID RAID is a system in which multiple disks are combined into a single logical unit in which the

failure of a single disk does not result in data loss RAID 1 and RAID 5 are the most common RAID configurations

RAID 1 is mirroring RAID 5 is true RAID striping with parity

2

Preventing Disasters (2)

Redundant Services Exchange Server 2003 relies on network services to function properly

DNS With no DNS Exchange is unavailable to deliver mail to external sites DNS fault tolerance is achieved by having at least two DNS servers

available on the network and configuring Exchange to use both DNS servers

DNS is used to find Domain Controllers for authentication Active Directory

Users cannot authenticate with Active Directory At least two Domain Controllers should be configured to ensure fault

tolerance

3

Preventing Disasters (3)

Clustering Active/Active Clustering -

Exchange 2003 is configured and running on at least two servers Each node actively responds to user requests and manages messages When one server fails the other takes over its tasks Cost effective because all hardware is being utilized

Active/Passive Clustering Exchange is installed on up to eight servers Runs on only up to seven servers When an active server fails one of the inactive servers takes its place More scalable More expensive

4

Planning for Disaster Recovery Overview

Properly planning for disaster recovery is essential to successful disaster recovery Without the right information even a complete backup of the Exchange Server 2003 databases is not enough

to bring Exchange back online There are several key tasks involved in disaster recovery planning

Documentation Document system version and service packs Document server network configuration, including IP address and DNS servers Exchange Server 2003 Service Packs Name of the Exchange organization Name of the administrative group in which the server is located Names of the storage grops on the server Names of the logical databases in the storage groups on the server

5

Planning for Disaster Recovery (2) Logging

A set of log files is maintained for each storage group on an Exchange 2003 All databases changes for a storage group are written to a log file(s) before

the database is updated Log files are used by Exchange 2003 to keep track of partially completed

transaction if a problem occurs Circular Logging removes information from the log files after it is committed to

the database If circular logging is used the system can only be restored to the point of the

last backup

6

Planning for Disaster Recovery (3) Log File Location

Log files should be stored on physically different drives from database to aid recovery If stored on the same drive Exchange is only recoverable to the most recent backup If kept on separate drives Exchange can be restored to the point just before the failure

occurred Backup Scheduling

Ideally a full backup should be performed every night Administrators should confirm backups ran successfully and logging where successful

backups are kept Monitoring and logging backups ensures that they are available when required

7

Planning for Disaster Recovery (4) Available Disk Space

Repairing databases requires free disk space equivalent to the database plus about 10 extra percent for working space on the drive

Another suggestion is to keep free disk space on each Exchange 2003 server equivalent to the largest storage group on the server

Written Instructions Ensure that there are written instructions on how to perform restores on

Servers Storage Groups Databases Mailboxes

Written instructions limit the amount of thinking required to perform a recovery Be sure to test the instructions before publishing them

8

Backing up Exchange Server 2003

Overview Backup is an essential step in disaster recovery Important concepts

Database backups Backup software What to Backup Offline backups Full-Text Indexes

Database Backups Full Backup

Takes a copy of the database files and transaction logs Clears the transaction logs off of the hard drive If transaction logs are not clear they become too big and will eventually force Exchange to shut down Full backups can restore storage groups No other backups are necessary with a full backup

Differential Backup Does not take a copy of the database files Does not remove transaction logs from the hard drive Smaller and Faster than a full backup Only the most recent differential backup and full backup are required to restore Exchange successfully

Incremental Backup Does not take a copy of the database files Takes a copy of the transaction logs and removes the transaction logs from the hard drive Can be used partway through the day to supplement a daily full backup Incremental backups must be used in conjunction with a full backup The full backup and incremental backups performed since the full back are required to restore it

9

Backing up Exchange Server 2003 (2) Backup Software

Standard version of NT Backup and most third party cannot backup Exchange while it is running

An updated version of NT Backup is installed when Exchange databases and transaction logs while Exchange is running

Updated version of NT Backup uses the Exchange backup API Third party apps that can back up and restore individual messages perform what is called a

brick-level backup and restore. Some third party apps use the new Volume Shadow Copy service to perform backups

Does not slow down performance Takes a snapshot and backup is performed on the backup

10

Backing up Exchange Server 2003 (3)

What to Backup OS directories System state

System state is a set of data residing within several important but disparate components that are required for recovery Exchange Server 2003 folders (except the databases and log files) Exchange database and log files Cluster quorum(if in a cluster) Cluster disk signatures (if in a cluster)

Offline Backups Offline backups are performed by taking a copy of the Exchange database and transaction logs when the Exchange services are

stopped Services must be stopped Users cannot access services while they are stopped Offline backup does not remove transaction logs Can be used if third party backup solution does not support Exchange backup API NT backup is always preferred for online backups

11

Backing up Exchange Server 2003 (4)Full-Text Indexes

It is not necessary to back up indexes because they contain redundant information that is already contained in the databases

12

Restoring a Failed Exchange 2003 Server

Overview Only necessary when server has experienced a catastrophic failure Identical hardware is not necessary for restore of full backup Requires same drive letters Requires identical OS patching to original server

Restore Process Install the same version of Windows on new or repaired hardware with a temporary name

Server should not be joined to domain Install all Windows service packs to match the failed server Restore the last operating system backup from the old server, including the system state

Restores computer name to the same name as the failed server Install Exchange 2003 in disaster recovery mode.

Accomplished by using /disasterrecovery switch Prevents Information Stores from being mounted after installation

N.B. During installation, ensure that select only components that were installed on the failed server Place the databases and log files in the same location as they were located on the failed server

Using disaster recovery mode, install all service packs for Exchange Server 2003 to match the failed server Restore the latest version of database files that are available

13

Restoring a Corrupted Exchange 2003 Store

Overview Involves restoring current transaction logs Current transaction logs are replayed after the databases are restored, no information is lost The store that is being restored must be dismounted first

Restore Process Database files from backup are copied back to disk The log files are copied to a temporary directory A restore.env file is created in the same temporary directory as log files.

Restore.env is used to control the restore process and applies to a single store Exchange stores must be restored one at a time or they may be overwritten

Hard recovery is performed Hard recovery plays the transaction logs that were restored Triggered by checking Last Restore Set check box

Option should not be checked if additional incremental or differential restores of transaction logs are required Soft recovery is performed

Replays the current transaction logs and makes the store information current to the point of failure The temporary directory with transaction log files is removed

14

Restoring an Exchange Mailbox or Message

Overview Reasons to recover a mailbox or message

Reviewing deleted message as part of a legal action Retrieving accidentally deleted messages Allowing a manager to review the mail of a terminated employee

Methods Recovering Deleted Items in Outlook Web Access

Message deleted from Inbox or other folder in Outlook is placed in the Deleted Items folder Messages deleted from the Deleted Items folder it is no longer visible to the user but still available to be restored The length of time deleted items are retained is configurable by the Exchange Administrator

Reattaching Mailboxes Mailboxes that are deleted accidentally or belong to a terminated employee can be restored User Id should be recreated Deleted mailboxes are retained for 30 days Deleted mailboxes can be attached to a new or recreated user account Mailboxes can be attached to a different account if a manager/administrator needs to review the contents after a user is dismissed

Using an Alternate Recovery Forest An alternate recovery forest is at least a single server that contains a copy of your entire Exchange organization Alternate recovery forests are completely separate from the production environment and is used for testing and recovery purposes Advantages

Provides the ability to perform restores of public folders Allows testing of backup integrity without affecting the production environment Allows mailbox recovery even after retention period has expired Can act as a test environment for service packs and third party add-ons

Disadvantages Cost and time related to maintaining separate hardware

Using the Recovery Storage Group

15

Restoring Clustered Exchange ServersOverview

Restoring clustered Exchange 2003 severs varies depending on the error

Process to restore clustered Exchange is the same as non-clustered server

Restoring failed sever is a faster process to fix because services on failed server start up on the other servers in the cluster

No need to restore server in exactly the same state before failure because the cluster operates the same without it.

16

Restoring Clustered Exchange Servers (2)Recovery Steps

Use Cluster Administrator to remove the failed server from the cluster

Build a new server to replace the old serverJoin the new server to the clusterInstall Exchange 2003 on the new serverMove resources back to the new server or leave it as a

passive node in the cluster.

17

Summary

Disasters with Exchange Server 2003 can be prevented using: Redundant Hardware

RAID 1 RAID 5 Power Supplies Network Cards

Redundant Services DNS Active Directory

Clustering Helps limit service outages to a few minutes Can be configured as Active/Active or Active/Passive

18

Summary (2)

It is important to plan properly for disaster recovery Configuration Documentation Choosing a logging method Separating Log Files and Databases Having a consistent backup schedule Ensuring enough free space for disaster recovery Preparing detail written instructions for disaster recovery

Exchange keeps transaction logs until a full backup is performed Circular logging deleted transaction logs after their contents have been committed

to the database.

19

Summary (3)

Full, Differential and Incremental BackupsFull backup of Exchange Server 2003 takes a copy of the

database and the transaction logs, and then deletes the transaction logs from disk.

A Differential backup takes a copy of only transaction logs and does not delete the transaction logs from disk.

An incremental backup takes a copy of only the transaction logs and deletes the transaction lgos from disks

20

Summary (4)

Backup Solutions Exchange Server 2003 includes an updated version of NT Backup that is able to

back up Exchange stores while Exchange services are running by using the Exchange backup API

Third party solutions can perform brick level backups and Volume Shadow Copies Backups of Exchange should include the following

OS directories System state Exchange 2003 folders

with Database and logs Exchange stores Cluster quorum and cluster disk signatures

21

Summary (5)

An offline backup is a copy of the Exchange databases taken when the Exchange Services are stopped

Used if a third party backup software does not support the Exchange API A failed exchange server can be restored by reinstalling Windows and Exchange Server

2003 Use Disaster/Recovery switch

A corrupted Exchange Server 2003 store can be restored with windows NT backup Hard Recovery replays the stored transaction logs performed automatically unless Last

Recovery Set box is unchecked Soft Recovery replays the current transaction logs, runs automatically after hard

recovery

22

Summary (6)

Messages and mailboxes can be restored by Recovering deleted items in Outlook Reattaching a mailbox to a user account, Using an alternate recovery forest Using the recovery storage group

An alternate recovery forest is a copy of the Exchange organization that is completely separate from the production environment

Allows restores of public of public folders Allows testing of backup integrity Allows mailbox recovery after retention period has expired Can act as a test environment for service packs

23

Summary (7)

The Recovery storage group is a new feature in Exchange Server 2003Recovers storage group is a stoage group that can be

added any existing Exchange ServerThe only utility that can retrieve messages from the

recovery storage group is ExMergeClustered Exchange servers are restored by

rebuilding them as a new cluster server.

24