Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Disaster Recovery and IIS 6.0: Metabase Backups in a Nutshell Chris Adams Web Platform Supportability Lead Microsoft Corporation Agenda Part I: Disaster Recovery and IIS Part II: Tools & Implementing Disaster Recovery What constitutes a disaster? Data points to consider if disaster occurs Configuration: Capturing Backups Effectively backing up Operating System Data Backing up IIS with native IIS tools Using XCopy and other tools to backup Web Content Summary Agenda Part I: Disaster Recovery and IIS Part II: Tools & Implementing Disaster Recovery What constitutes a disaster? Data points to consider if disaster occurs Configuration: Capturing Backups Effectively backing up Operating System Data Backing up IIS with native IIS tools Using XCopy and other tools to backup Web Content Summary Part I: Disaster Recovery and IIS What constitutes a disaster? Hardware Failures Loss of Hard Disk(s) or Arrays Boot Partitions being lost leads to loss of critical data Best Practice: Always have system state backups current and available Creating System State Backups in Windows 2000\2003: http://support.microsoft.com/default.aspx?scid=kb;enus;315412 Use RAID 5 for redundancy preferrable with hot swappable Store web content on separate partition or remotely Part I: Disaster Recovery and IIS What constitutes a disaster? Operating System crashes Loses key data that is unavailable in subsequent (clean) installs of IIS on new OS installs Disasters can cause large amounts of overhead to re-establish services Labor requirements: Very high if not well planned Best Practice: Always have system state backups current and available Creating System State Backups in Windows 2003: http://support.microsoft.com/default.aspx?scid=kb;en-us;315412 Store content on partitions separate from boot partition (aka – where %windir% exists) Store log files on separate partitions from boot partition or content partitions Part I: Disaster Recovery and IIS Key Data Points Operating System IIS Metadata Machine Keys Certificates (and subsequent stores) Users and\or Groups Bindings (Optional) IIS Schema (mbschema.xml) IIS Metabase (metabase.xml) Application Content Web specific content such as static and dynamic content Part I: Disaster Recovery and IIS Understanding Data Points and IIS Operating System Machine Keys Unique to each Windows 2003 installation Cannot be duplicated or copied to new installations IIS uses machine keys to secure all “secure data” in the IIS metadata Part I: Disaster Recovery and IIS Understanding Data Points and IIS Operating System Certificates Only pertinent to installations that use Secure Socket Layer (SSL) Certificates are stored within the operating system IIS natively offers no built-in mechanism to backup or restore certificates Certificate Types: Only concerned in this disaster scenario about Server Certificates (not Client Certificates) Part I: Disaster Recovery and IIS Understanding Data Points and IIS Operating System Users and\or Groups Key User: IUSR_Machinename (aka Anonymous Account) Key Group: IIS_WPG (aka Worker Process Group) Who is a member, where do they exist (local or domain accounts) Web application specific users\groups FrontPage Users Part I: Disaster Recovery and IIS Understanding Data Points and IIS Operating System Bindings Only concern in large environments where 100’s or 1000’s of web sites and bindings exist Unique listen lists in HTTP.sys would require large amounts of labor if not strategically thought out Bindings are stored in the HTTP.sys configuration that resides in the registry Purpose: Cause website bindings to listen on specific IP addresses vs. all Further details: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventI D=1032240563&Culture=en-US Part I: Disaster Recovery and IIS Understanding Data Points and IIS IIS Metadata Schema Schema’s are very important, but often are not unique hence not typically a pain point Schema’s need backing up only if the schema has been extended Metabase Stores key, very key, data specific to your installation of IIS All website, application configuration data stored in this single entity Often the missing link in disaster scenarios because stale or out-dated backups are all that remain History feature of IIS 6.0 is not a backup, but a running log of changes – misunderstood!!!! Backups of metabase are complete file backups including all services which use it Part I: Disaster Recovery and IIS Understanding Data Points and IIS Web & Application Content Filters Static Content ISAPI filters are key to many applications, but if files are corrupt or missing leads to IIS worker processes not starting HTML, Images, CSS, and .js files Dynamic Content ISAPI based applications ASP content COM+ dependencies Extensions can be treated as files and just backed up (.dll, .com, etc.) CGI based applications are .exe’s and need no special treatment except to be backed up via backup methods Demonstration One Finding Key Data Points The goal is to demonstrate how to locate the important data and scope the task of successfully backing up pertinent data Agenda Part I: Disaster Recovery and IIS Part II: Tools & Implementing Disaster Recovery What constitutes a disaster? Data points to consider if disaster occurs Configuration: Capturing Backups Effectively backing up Operating System Data Backing up IIS with native IIS tools Using XCopy and other tools to backup Web Content Summary Part II: Tools With respect to anything, knowing what tools are available and how to use them is the key Breaking down the Data Points into Tools OS related tools IIS Metadata System State Backups Certificates MMC & IIsCertDeploy IIsBack Web & Application Content Xcopy Component Services & comrepl.exe Part II: Tools & Implementing Disaster Recovery Operating System Tools System State Backups (Windows Backup) IISCertDeploy for Certificate Backups IIS Metadata Captures SAM database (users) Captures Registry - Bindings IIS Manager (graphical) & command-line tool(s) IIsBack.vbs\IIsCNFG.vbs Web & Application Content Windows Backup Component Services MMC Part II: Tools Operating System Tools (Cont.) System State Backups System State Components Boot Files Registry (including COM settings) SysVol (not needed for IIS) Active Directory NTDS.DIT (only for DC’s) Certificate Store Key pieces – Registry (Bindings) Part II: Tools Operating System Tools (Cont.) Part II: Tools Operating System Tools (Cont.) User and Group Accounts These are tricky because the unique SID’s are built using the machine’s SID + a unique RID Most effective means to correct issues with anonymous user account is to save the metabase to a xml file and editing it directly to reflect the new anonymous user account IIS_WPG should be easily resolved on new machine because account name is Universal although the group isn’t a well known SID Part II: Tools Operating System Tools Backing up SSL Certificates To effectively backup certificates, do not use System State backup Use the Certificate MMC if small IIS and SSL footprint IIS 6.0 Resource Kit utility IIsCertDeploy.vbs is designed to backup (export) and restore (import) certificates IIsCertDeploy.vbs uses programmatic interfaces to the certificate store to access the certificate store Process (for each certificate) Export certificate to PFX file Import certificate to appropriate store upon disaster Part II: Tools Using IIsCertDeploy IIsCertDeploy Syntax and Usage Exporting Certificates: IISCertDeploy.vbs -e .pfx – I w3svc/# -p pfxpassword Importing Certificates: IISCertDeploy.vbs -c cert.pfx -p pfxpassword -i w3svc/1 -s iisserver1 -u Administrator -pwd aal34290 http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en Part II: Tools IIS Metadata IIS Manager Good mechanism for doing “one off” backups Backups are ALWAYS stored on boot partition %windir%\system32\inetsrv\metaback Available in IIS 5.0 Internet Services Manager, but not with ability to produce non-protected metabase Backups in IIS 6.0 are available using a password to protect the administrator password for the file as well to protect the secure properties Backup using IIS Manager - Part II: Tools IIS Metadata (Cont.) Command-line utility IIsBack.vbs Can be used locally or remotely against any server in an enterprise Backs up all data – Schema and Metabase are backed up Backups are ALWAYS stored on boot partition %windir%\system32\inetsrv\metaback Part II: Tools IIS Metadata (Cont.) Effective Backup Strategy Build a batch file that backs up metabase AND copies to secure location (different partition) Make backup, Copy to secure Location BACKUP.BAT SET SERVER=MyServer SET NAME=DATE-SERVER iisback /backup /b NAME /e PASSWORD Xcopy windir\system32\inetsrv\metaback\NAME.* \\mybackupserver\share$\SERVER From IIS 6.0 Resource Guide <insert URL> Part II: Tools Web & Application Content Web & Application Content Windows Backup This is standard backup procedure for Windows systems All Programs Accessories System Tools Backup Part II: Tools Web & Application Content Using XCopy for Web Content Backups Often used in Web Farms where applications such as Application Center 2000 are not available XCopy can be added to simple batch files such as backup.bat to automate IIS Metadata & web content backups Good for static content such as htm, images, css, and .js files BACKUP.BAT Xcopy /o /x /e /h /y /c c:\WEB \\mybackupserver\share$\SERVER Part II: Tools Web & Application Content If using Active Server Pages, it might be necessary to backup any pertinent Com+ applications Backing up Com+ Applications Use the Component Services MMC or comrepl.exe /export COM+ Export Wizard - Implemention… Scripting your Backups! REM Enterprise Contoso Backup Script SET SERVER=MyServer SET NAME=DATE-SERVER REM Get SSL Certificates Iiscertdeploy.vbs -e .pfx – I w3svc/# -p pfxpassword REM Get IIS Metadata iisback /backup /b NAME /e PASSWORD Xcopy windir\system32\inetsrv\metaback\NAME.* \\mybackupserver\share$\SERVER REM Get Web Content Xcopy /o /x /e /h /y /c c:\WEB \\mybackupserver\share$\SERVER\ Implemention… Scripting your Backups! REM Enterprise Contoso Backup Script REM Straight from the IIS 6.0 Resource Kit SET SERVER=MyServer SET NAME=DATE-SERVER REM Get SSL Certificates Iiscertdeploy.vbs -e .pfx – I w3svc/# -p pfxpassword REM Get IIS Metadata iisback /backup /b NAME /e PASSWORD Xcopy windir\system32\inetsrv\metaback\NAME.* \\mybackupserver\share$\SERVER REM Get Web Content Xcopy /o /x /e /h /y /c c:\WEB \\mybackupserver\share$\SERVER Demonstration Two Disaster Recovery in Action The goal of this demo is to put it all together and show how we pull together all the pertinent data and centralize it to a backup server Agenda Part I: Disaster Recovery and IIS Part II: Tools & Implementing Disaster Recovery What constitutes a disaster? Data points to consider if disaster occurs Configuration: Capturing Backups Effectively backing up Operating System Data Backing up IIS with native IIS tools Using XCopy and other tools to backup Web Content Summary Summary: Making Disasters “work for you” Define disaster scenarios prior to them occurring Do not depend solely on offline backups Plan and Understand Backup Scenarios What is in your environment Capture key data points Execute backup strategy to capture this key data Sit back…sleep well…be happy! References and Resources IIS 6.0 Help – Backing up the Metabase http://www.microsoft.com/resources/documentation/iis/6 /all/proddocs/en-us/gs_backupmetabase.mspx How to Backup SSL Certificates http://www.microsoft.com/resources/documentation/iis/6 /all/proddocs/en-us/gs_getcert.mspx HOW TO: Use Windows Backup and Recovery Tools to Make a Data Backup of Internet Information Services http://support.microsoft.com/view/tn.asp?kb=301420 IIS 6.0 Resource Kit: http://www.microsoft.com/resources/documentation/iis/6/all/proddocs/enus/gs_backupmetabase.mspx Q&A