Pertaining to business continuity: Strengthening your backup integrity on Windows Server 2012 R2

Though there are many virtualization environments out there, there are essentially three broad data protection areas they all have in common:

• Data Recovery

The most common of all recoveries, data recovery allows the recovery of lost or corrupted data — and yes, these things do “just happen”.

• Failure Recovery

Allows recovery of virtual machines, applications, or services in the event of hardware/software failure or corruption.

• Disaster Protection

Allows recovery of servers, virtual machines, applications and data in the event that these are lost because of external things beyond software/hardware, such as floods or server room fire.

BUT before we can even implement any sort of recovery strategy, we also need to determine a few things:

• Define company-critical resources. These resources include data, services, and the servers that the data and services run.
• Identify risks associated with those resources. How high is the possibility of a disaster such as a power outage or natural disaster happening? How great is your current security measures in case of a hacker?
• Determine the amount of time needed to perform the recovery. In many businesses, time really is money, whereas in others the data can take as long as one day to recover without much loss to productivity/profitability.

Using Windows Server 2012 R2 to strengthen data backup

While Windows Server does have a Windows Server Backup feature installed, it alone is not enough to ensure the safety of your data and server states. Because of this, I want to go over the specific features that strengthen or complement the initial backup feature you are given. For this reason, Windows Server Backup installation is omitted. Some features I will be going through will be specific to Windows products and Windows Server 2012 R2. However, rest assured, that most concepts will overlap with any specific system your company has deployed (Windows Server 2000, 2003, VMWare etc.):

Volume Snapshot Services (VSS)

Applies To: Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Vista

How does it work:

Traditionally, on an application side, a client would save a file straight onto the hard drive or database. With VSS, however, it acts as an intermediate service in between the database and the application itself, and takes the data which you just saved and saves an effective copy in a designated shadow storage. VSS has two modes: Clone (Full Copy) and Copy-on Write (Differential Copy). While the clone might be self explanatory, the second one actually allows you to save space by only saving differences in the original saved files. For the sake of full backups, I recommend the clone mode on VSS. However, consider the copy-on write if you are trying to save space while trying to only save the template of a critical file that is constantly changed.

How to set up: Configuring shadow copies can be as easy as a right click.

• On the drive which you are setting as your data backup drive, right click and click on “configure shadow copies”. Note that Volume Shadow Copies allow to restore previous states of the entire volume, therefore you can’t restore previous states of single files and/or folders.

• The shadow copies configuration page will look like this. It is recommended to have a dedicated shadow copy drive, therefore before you enable, go to Settings of the drive which you wish to enable later for shadow copying.

• From here, we can choose the designated drive we so desire to put our shadow copies for the drive(s) we wish to provide the shadow copies for.

We can also changed the scheduling and frequency of the shadow copies. By default, it does shadow copies twice a day.

Once this is done, we can go back to the previous screen and enable shadow copying on the respective drive.

Mitigation strategies in effect:

It’s important to have at least two copies of your backup data. We are using VSS to replicate files from different departments/branch offices and redirecting to a central data storage and deploying a secondary data center that will contain replicas of most (if not all) of the critical servers in your primary data center.

Other alternatives to VSS: Streaming Backup

Hyper-V Replica

Applies To: Windows Server 2012 R2, Windows Server 2012

How does it work: Simply put, we assign another server the Hyper-V replication role in order to copy all the features of the original Hyper-V and would constantly communicate in order to preserve an exact replica of the original virtualized server. In the case of a failure in the primary location of the server, it will automatically fall over to the replica server.

How to set it up:

• Opening up Server Manager > Tools > Hyper-V Manager >Hyper-V settings will take you to a screen similar to the one on your left.
• From here, setting up replication is a click away through the “Enable this computer as a Replica server” check box. Note how we are also given a choice to allow replication “from any authenticated server(s)/specified server(s)” — here, we choose what servers will be using this machine as the replica server. These options and pluralism also allows us to put more than one machine replica onto the same machine to save on costs of buying another server. Note, however, that the Kerberos authentication (HTTP) specifies that the port listed (80) must be open for incoming traffic.
• If you are having problems or any connectivity issues (no communication, cannot connect to specified server, etc.), ensure your firewall has the specified Kerberos port enabled. To do so, you can click Control Panel > System and Security > Windows Firewall > Advanced Settings > Inbound Rules and verify that the firewall is allowing “Hyper-V Replica HTTP/HTTPS”.

Mitigation strategies in effect:

• Having at least two copies and a fail-over of your current Hyper-V server settings (including users/computer objects created saving your Sysadmin tremendous time).
• Ability to to replicate server from different departments/branch offices and redirecting to a single or multiple central storage or replica server.
• Deploying a secondary center that will contain replicas of your Hyper-V for quick recovery.
• Maximizing up-time of availability in case of data corruption, failure, or disasters in the primary location.

Alternatives to Hyper-V: VMWare’s vSphere 5.1

Windows Azure Backup

Applies to: Windows 7 and above, Windows Server 2008 SP2 and above, Windows Storage 2012 and 2012 R2.

How does it work: With the rise of the cloud in modern world, any IT expert will testify that the future of your business will be within these mega data centers. Windows Azure is not only a service for many structures necessary to remain competitive against powerful corporations today, but also an increasingly reliable source of data backup. At a reasonable price, you can set up not only Windows Server Backup to a secondary location, but you can also have a copy of the data backup onto the Azure cloud and ensure not only Microsoft’s powerful infrastructure to protect the content, but also its mobility.

How to set it up:

• The first thing you’ll be required to have is a current Azure subscription. If you do not have one, one can be made for free.
• From your management portal in your Azure account, click New > Data Services > Recovery Services > Backup Vault and choose Quick Create.

• From the quick create option, we can give our backup a user friendly name to go back to. The region is necessary to ensure you have the least amount of network latency and fastest speed you can, so ensure you choose an appropriate region.

• Once the backup vault is created, we can click on configure to compliment our on-premise data backups and choose Locally Redundant.

Before we can backup the data, we need to ensure the machine requiring data is compatible with Azure. Because of this, a vault credential file must be downloaded from the Azure cloud. To do so;

• Click Recovery Services in the left navigation pane and select the backup vault that you created. On the Quick Start page, click Download vault credentials. The vault credentials must be downloaded somewhere on the machine where it is accessible. If the location of download requires authentication, ensure you have it.

• Once the vault credentials are downloaded, we can now return to Recovery Services and download and install the Microsoft Azure Backup Agent on our server.
• Once we download the installer for the Azure Backup Agent, we can proceed to the registration of the backup. To do so, in the Vault Identification screen, browse and find where you initially downloaded the vault credentials and link it to the vault identification.
• In the Encryption option, it will either generate a new password or you can create one, if you so choose (minimum 16 characters).
• Once this is done, the Register Server Wizard will prompt. This will register your current server to backup into the Azure Vault. Ensure to click on the Launch Microsoft Azure Recovery Services Agent check box in the screen before finishing the installation.

• In the Microsoft Azure Backup Agent, we can now schedule regular backups on our designated backup server. From this point, you will have successfully deployed a backup onto the Azure cloud. For more features and more in-depth instructions, you can visit the Azure website.

Mitigation strategies in effect:

This strategy mitigates every problem we have discussed in relation to data backup. The redundancy on our data backup storage ensures 100% accountability of data. Coupled with the reliance of a software powerhouse such as Microsoft, the integrity of our data is certain on the Azure cloud.

Alternatives to Windows Azure Backup: Amazon Web Services Backup\Recovery, Google Backup