Individual Component Backup
Whereas full server
backups capture the contents of an entire server to provide recovery
options in the event of a catastrophic failure, the scope and benefits
of an individual component backup are more specific in nature. These
backups commonly provide some form of rollback support and guard against
unwanted configuration changes should something go awry during an
operation such as an upgrade, a patch cycle, or the rollout of new
solution packages to the farm.
Individual
component backups, and their associated recovery operations, usually
require that the server already be operational and in good general
health. This precondition is assumed for each of the backup procedures
that follow.
Files and File Folders
Backing up files and
folders on the server entails using the Windows Server Backup snap-in
and a process that is similar to the one described previously for a full
server backup. The prerequisites for a full server backup apply here,
as well, but with one notable exception: no service account is needed,
as described in prerequisite 3.
Note
Although this specific
walk-through details a one-time backup of files and folders on the
server, it is certainly possible to establish a scheduled backup for
these items. Anytime a scheduled backup is established, it is considered
a best practice to run the scheduled job within the context of a
service account. For one-time backups, however, backup operations are
conducted directly from the context of your user account.
Once you have addressed all prerequisites, you are ready to proceed.
Log on to the server that is to be backed up using your account credentials. Click
the Start button and navigate to Administrative Tools, Windows Server
Backup. Doing so brings up the Windows Server Backup MMC snap-in, as
shown previously in Figure 1. Click
the Backup Once link under the Actions menu on the right side of the
menu to launch the Backup Schedule Wizard. After a few moments with a
progress bar, the Getting Started page of the Backup Schedule Wizard
appears with some basic information about the wizard. Click the Next
button to continue. The Backup Once Wizard appears as shown in Figure 8.
If one or more scheduled backup jobs exist, the Scheduled backup
options selection is available. The selection of interest for this
exercise, however, is the Different Options selection. Choose this
option button and click the Next button to continue. You are prompted to select either a Full Server or a Custom backup, as shown in Figure 10. Select the Custom option to specify a subset of folders and files, and then click the Next button to continue.
The Select Items for Backup page appears as shown in Figure 11.
It is here that files and folders are selected as backup targets.
Initially, no files and folders are selected. Click the Add Items button
to begin the selection process.
Note
The
Advanced Settings button affords you some additional control over the
backup operation, including the option to specify backup exclusions and
the ability to indicate how application log files should be handled by
the Volume Shadow Copy Service (VSS) during the backup operation. The
default settings for these options are sufficient for onetime backups,
but investigate the Advanced Settings if you desire greater control for
the areas mentioned.
The Select Items dialog box appears, as shown in Figure 12.
It is here that you can specify files, folders, system state, and
additional backup targets. In this example, all the files in the GAC (at
C:\Windows\assembly) are selected for a one-time backup. Once the GAC has been selected, the OK button is clicked to continue.
The Select Items dialog box closes, and the Select Items for Backup page (Figure 11) becomes active again. At this point, the list of items for backup now includes the C:\Windows\assembly folder. Click the Next button to continue. You are prompted to select one of the local drives or a remote shared folder as destination for the backup, as shown in Figure 13. Select the Remote Shared Folder option, and click the Next button to continue.
The
Specify Remote Folder dialog box appears. It is here that a network
share is specified as a destination for the backup. In addition to
selecting a remote folder, you must specify
one of two Access control options. The Inherit option is selected by
default, and it leaves the permissions of the remote share and created
subfolders intact during the backup. If the Do Not Inherit option is
selected, Windows Server Backup attempts to restrict access to the WindowsImageBackup
subfolder that is created within the specified location to a single
user account. For the purposes of this exercise, the default Inherit
option is selected, along with the remote share (as shown in Figure 14). Click the Next button to continue.
If
the remote share already contains a backup for the current server,
either scheduled or one-time, a warning dialog box appears to inform you
that the backup operation that is about to be performed will overwrite
the existing backup. Click the OK button to continue. The Confirmation page of the Backup Once Wizard appears, as shown in Figure 15. Validate the selection you have made, and click the Backup button to begin the backup process.
A Backup Progress dialog box similar to the one shown in Figure 10
appears. As the backup operation runs, the progress being made is
reflected on the form. You can close the dialog box at any time during
the actual backup operation, or you can wait until the backup has
completed in its entirety before closing it. If the dialog box is closed
prior to the completion of the backup operation, the backup continues
in the background until it completes.
IIS Configuration
Creating
a backup of the IIS7 configuration files is a relatively
straightforward affair provided the Path environment variable has been
updated to include the %WINDIR%\System32\inetsrv path.
Open
a PowerShell window by opening the Start menu and navigating to All
Programs, Accessories, Windows PowerShell, Windows PowerShell. Type appcmd.exe add backup “<name>”, where <name>
is replaced by the name you want to give the backup file set. After you
have entered the full command, press the Enter key to execute the
backup. When the backup is complete, you are presented with a status message similar to the one shown in Figure 16.
Close the PowerShell window by typing exit and pressing the Enter key.
The backup that you have
created can be left in place or moved to an alternate location as
needed. By default, the backup is in a directory within the %WINDIR%\System32\inetsrv\backup folder that matches the name you specified in step 2. Figure 17 demonstrates this for the example shown earlier.
Note
Microsoft’s
TechNet documentation for SharePoint 2010 recommends against using
“metabase backup” to protect IIS settings. Instead, Microsoft recommends
manual documentation of all IIS configuration settings or the use of a
tool (such as Microsoft System Center Configuration Manager) to automate
the process. Because IIS7’s configuration backup files are XML, they
are still largely human-readable—meaning that even if you elect not to
use them for direct restore purposes, you can still examine them to
extract a significant quantity of configuration information. At the end
of the day, simply make sure you have a plan in place for how you intend
to use your backup files, and test that plan regularly.
SSL Certificates
SSL
certificates are commonly backed up in visual fashion using either the
Certificates MMC snap-in or the IIS Manager snap-in. The example that
follows demonstrates the latter approach, although both lead to the same
endpoint.
Start
the Internet Services Manager by opening the Start menu and navigating
to Administrative Tools, Internet Information Services (IIS) Manager. When the IIS Manager starts, locate the Start Page
root node in the Connections Tree-View control on the left side of the
snap-in. Select the node representing the current server that appears
just below the Start Page node. In the example shown in Figure 18, the current server is SPDEV.
When
the current server node is selected, the central task pane in the
snap-in is populated with various ASP.NET, IIS, and Management Features.
Locate the Server Certificates Feature under those listed for IIS, and
double-click it. The central task pane shifts to display Server Certificates, as shown in Figure 19.
Each line in the central task pane represents an SSL certificate that
is installed and available for use by IIS7. Select the one that you want
to back up by clicking on it, and then click the Export link that
appears under Actions on the right side of the snap-in.
The Export Certificate dialog box appears, as shown in Figure 20,
and you are prompted to select a file name and a password for the
exported certificate. Specify these values, and then click the OK button
to execute the export.
Note
You
are prompted for a password, because the certificate you select is
exported with its private key data. Any server possessing the private
key for a certificate may act and respond as the server named by the
certificate, so naturally it is important that any certificate export
that contains private key data is protected.
The
export executes and completes without confirmation. To verify that the
export succeeds, browse to the location you selected for your export,
and verify that the appropriate certificate export file is present, as
shown in Figure 21.
Windows Registry
You accomplish exports of the
Windows Registry using the Registry Editor tool. This example exports
the HKEY_LOCAL_MACHINE branch of the Registry to the local file system.
Open the RegEdit.exe tool by clicking Start and selecting Run. When the Run dialog opens, type regedit.exe and click the OK button. The Registry Editor tool appears, as shown in Figure 22. Locate the HKEY_LOCAL_MACHINE node under the Computer root node in the left TreeView control, and select it by clicking on it.
Click on the File menu at the top of the Registry Editor window and select the Export option. A dialog box pops up, as shown in Figure 23.
Specify
path and file name information for the export file, and click the Save
button. The Registry Editor carries out the requested export without
confirmation or an indication of completion. To verify that the export
was successful, browse to the specified destination, as demonstrated in Figure 24.
|