Preventing Disasters • Chapter 11 covers the processes to take to prevent a disaster. The most prudent actions include • Implement redundant hardware • Implement redundant services • Using Clustering • Redundant Hardware • To prevent data loss from disk failure you can implement RAID • RAID is a system in which multiple disks are combined into a single logical unit in which the failure of a single disk does not result in data loss • RAID 1 and RAID 5 are the most common RAID configurations • RAID 1 is mirroring • RAID 5 is true RAID striping with parity
Preventing Disasters (2) • Redundant Services • Exchange Server 2003 relies on network services to function properly • DNS • With no DNS Exchange is unavailable to deliver mail to external sites • DNS fault tolerance is achieved by having at least two DNS servers available on the network and configuring Exchange to use both DNS servers • DNS is used to find Domain Controllers for authentication • Active Directory • Users cannot authenticate with Active Directory • At least two Domain Controllers should be configured to ensure fault tolerance
Preventing Disasters (3) • Clustering • Active/Active Clustering - • Exchange 2003 is configured and running on at least two servers • Each node actively responds to user requests and manages messages • When one server fails the other takes over its tasks • Cost effective because all hardware is being utilized • Active/Passive Clustering • Exchange is installed on up to eight servers • Runs on only up to seven servers • When an active server fails one of the inactive servers takes its place • More scalable • More expensive
Planning for Disaster Recovery • Overview • Properly planning for disaster recovery is essential to successful disaster recovery • Without the right information even a complete backup of the Exchange Server 2003 databases is not enough to bring Exchange back online • There are several key tasks involved in disaster recovery planning • Documentation • Document system version and service packs • Document server network configuration, including IP address and DNS servers • Exchange Server 2003 Service Packs • Name of the Exchange organization • Name of the administrative group in which the server is located • Names of the storage grops on the server • Names of the logical databases in the storage groups on the server
Planning for Disaster Recovery (2) • Logging • A set of log files is maintained for each storage group on an Exchange 2003 • All databases changes for a storage group are written to a log file(s) before the database is updated • Log files are used by Exchange 2003 to keep track of partially completed transaction if a problem occurs • Circular Logging removes information from the log files after it is committed to the database • If circular logging is used the system can only be restored to the point of the last backup
Planning for Disaster Recovery (3) • Log File Location • Log files should be stored on physically different drives from database to aid recovery • If stored on the same drive Exchange is only recoverable to the most recent backup • If kept on separate drives Exchange can be restored to the point just before the failure occurred • Backup Scheduling • Ideally a full backup should be performed every night • Administrators should confirm backups ran successfully and logging where successful backups are kept • Monitoring and logging backups ensures that they are available when required
Planning for Disaster Recovery (4) • Available Disk Space • Repairing databases requires free disk space equivalent to the database plus about 10 extra percent for working space on the drive • Another suggestion is to keep free disk space on each Exchange 2003 server equivalent to the largest storage group on the server • Written Instructions • Ensure that there are written instructions on how to perform restores on • Servers • Storage Groups • Databases • Mailboxes • Written instructions limit the amount of thinking required to perform a recovery • Be sure to test the instructions before publishing them
Backing up Exchange Server 2003 • Overview • Backup is an essential step in disaster recovery • Important concepts • Database backups • Backup software • What to Backup • Offline backups • Full-Text Indexes • Database Backups • Full Backup • Takes a copy of the database files and transaction logs • Clears the transaction logs off of the hard drive • If transaction logs are not clear they become too big and will eventually force Exchange to shut down • Full backups can restore storage groups • No other backups are necessary with a full backup • Differential Backup • Does not take a copy of the database files • Does not remove transaction logs from the hard drive • Smaller and Faster than a full backup • Only the most recent differential backup and full backup are required to restore Exchange successfully • Incremental Backup • Does not take a copy of the database files • Takes a copy of the transaction logs and removes the transaction logs from the hard drive • Can be used partway through the day to supplement a daily full backup • Incremental backups must be used in conjunction with a full backup • The full backup and incremental backups performed since the full back are required to restore it
Backing up Exchange Server 2003 (2) • Backup Software • Standard version of NT Backup and most third party cannot backup Exchange while it is running • An updated version of NT Backup is installed when Exchange databases and transaction logs while Exchange is running • Updated version of NT Backup uses the Exchange backup API • Third party apps that can back up and restore individual messages perform what is called a brick-level backup and restore. • Some third party apps use the new Volume Shadow Copy service to perform backups • Does not slow down performance • Takes a snapshot and backup is performed on the backup
Backing up Exchange Server 2003 (3) • What to Backup • OS directories • System state • System state is a set of data residing within several important but disparate components that are required for recovery • Exchange Server 2003 folders (except the databases and log files) • Exchange database and log files • Cluster quorum(if in a cluster) • Cluster disk signatures (if in a cluster) • Offline Backups • Offline backups are performed by taking a copy of the Exchange database and transaction logs when the Exchange services are stopped • Services must be stopped • Users cannot access services while they are stopped • Offline backup does not remove transaction logs • Can be used if third party backup solution does not support Exchange backup API • NT backup is always preferred for online backups
Backing up Exchange Server 2003 (4) • Full-Text Indexes • It is not necessary to back up indexes because they contain redundant information that is already contained in the databases
Restoring a Failed Exchange 2003 Server • Overview • Only necessary when server has experienced a catastrophic failure • Identical hardware is not necessary for restore of full backup • Requires same drive letters • Requires identical OS patching to original server • Restore Process • Install the same version of Windows on new or repaired hardware with a temporary name • Server should not be joined to domain • Install all Windows service packs to match the failed server • Restore the last operating system backup from the old server, including the system state • Restores computer name to the same name as the failed server • Install Exchange 2003 in disaster recovery mode. • Accomplished by using /disasterrecovery switch • Prevents Information Stores from being mounted after installation • N.B. • During installation, ensure that select only components that were installed on the failed server • Place the databases and log files in the same location as they were located on the failed server • Using disaster recovery mode, install all service packs for Exchange Server 2003 to match the failed server • Restore the latest version of database files that are available
Restoring a Corrupted Exchange 2003 Store • Overview • Involves restoring current transaction logs • Current transaction logs are replayed after the databases are restored, no information is lost • The store that is being restored must be dismounted first • Restore Process • Database files from backup are copied back to disk • The log files are copied to a temporary directory • A restore.env file is created in the same temporary directory as log files. • Restore.env is used to control the restore process and applies to a single store • Exchange stores must be restored one at a time or they may be overwritten • Hard recovery is performed • Hard recovery plays the transaction logs that were restored • Triggered by checking Last Restore Set check box • Option should not be checked if additional incremental or differential restores of transaction logs are required • Soft recovery is performed • Replays the current transaction logs and makes the store information current to the point of failure • The temporary directory with transaction log files is removed
Restoring an Exchange Mailbox or Message • Overview • Reasons to recover a mailbox or message • Reviewing deleted message as part of a legal action • Retrieving accidentally deleted messages • Allowing a manager to review the mail of a terminated employee • Methods • Recovering Deleted Items in Outlook Web Access • Message deleted from Inbox or other folder in Outlook is placed in the Deleted Items folder • Messages deleted from the Deleted Items folder it is no longer visible to the user but still available to be restored • The length of time deleted items are retained is configurable by the Exchange Administrator • Reattaching Mailboxes • Mailboxes that are deleted accidentally or belong to a terminated employee can be restored • User Id should be recreated • Deleted mailboxes are retained for 30 days • Deleted mailboxes can be attached to a new or recreated user account • Mailboxes can be attached to a different account if a manager/administrator needs to review the contents after a user is dismissed • Using an Alternate Recovery Forest • An alternate recovery forest is at least a single server that contains a copy of your entire Exchange organization • Alternate recovery forests are completely separate from the production environment and is used for testing and recovery purposes • Advantages • Provides the ability to perform restores of public folders • Allows testing of backup integrity without affecting the production environment • Allows mailbox recovery even after retention period has expired • Can act as a test environment for service packs and third party add-ons • Disadvantages • Cost and time related to maintaining separate hardware • Using the Recovery Storage Group
Restoring Clustered Exchange Servers • Overview • Restoring clustered Exchange 2003 severs varies depending on the error • Process to restore clustered Exchange is the same as non-clustered server • Restoring failed sever is a faster process to fix because services on failed server start up on the other servers in the cluster • No need to restore server in exactly the same state before failure because the cluster operates the same without it.
Restoring Clustered Exchange Servers (2) • Recovery Steps • Use Cluster Administrator to remove the failed server from the cluster • Build a new server to replace the old server • Join the new server to the cluster • Install Exchange 2003 on the new server • Move resources back to the new server or leave it as a passive node in the cluster.
Summary • Disasters with Exchange Server 2003 can be prevented using: • Redundant Hardware • RAID 1 • RAID 5 • Power Supplies • Network Cards • Redundant Services • DNS • Active Directory • Clustering • Helps limit service outages to a few minutes • Can be configured as Active/Active or Active/Passive
Summary (2) • It is important to plan properly for disaster recovery • Configuration Documentation • Choosing a logging method • Separating Log Files and Databases • Having a consistent backup schedule • Ensuring enough free space for disaster recovery • Preparing detail written instructions for disaster recovery • Exchange keeps transaction logs until a full backup is performed • Circular logging deleted transaction logs after their contents have been committed to the database.
Summary (3) • Full, Differential and Incremental Backups • Full backup of Exchange Server 2003 takes a copy of the database and the transaction logs, and then deletes the transaction logs from disk. • A Differential backup takes a copy of only transaction logs and does not delete the transaction logs from disk. • An incremental backup takes a copy of only the transaction logs and deletes the transaction lgos from disks
Summary (4) • Backup Solutions • Exchange Server 2003 includes an updated version of NT Backup that is able to back up Exchange stores while Exchange services are running by using the Exchange backup API • Third party solutions can perform brick level backups and Volume Shadow Copies • Backups of Exchange should include the following • OS directories • System state • Exchange 2003 folders • with Database and logs • Exchange stores • Cluster quorum and cluster disk signatures
Summary (5) • An offline backup is a copy of the Exchange databases taken when the Exchange Services are stopped • Used if a third party backup software does not support the Exchange API • A failed exchange server can be restored by reinstalling Windows and Exchange Server 2003 • Use Disaster/Recovery switch • A corrupted Exchange Server 2003 store can be restored with windows NT backup • Hard Recovery replays the stored transaction logs performed automatically unless Last Recovery Set box is unchecked • Soft Recovery replays the current transaction logs, runs automatically after hard recovery
Summary (6) • Messages and mailboxes can be restored by • Recovering deleted items in Outlook • Reattaching a mailbox to a user account, • Using an alternate recovery forest • Using the recovery storage group • An alternate recovery forest is a copy of the Exchange organization that is completely separate from the production environment • Allows restores of public of public folders • Allows testing of backup integrity • Allows mailbox recovery after retention period has expired • Can act as a test environment for service packs
Summary (7) • The Recovery storage group is a new feature in Exchange Server 2003 • Recovers storage group is a stoage group that can be added any existing Exchange Server • The only utility that can retrieve messages from the recovery storage group is ExMerge • Clustered Exchange servers are restored by rebuilding them as a new cluster server.