380 likes | 541 Views
Disaster Recovery and IIS 6.0: Metabase Backups in a Nutshell. Chris Adams Web Platform Supportability Lead Microsoft Corporation. Agenda. Part I: Disaster Recovery and IIS What constitutes a disaster? Data points to consider if disaster occurs Part II:
E N D
Disaster Recovery and IIS 6.0: Metabase Backups in a Nutshell Chris Adams Web Platform Supportability Lead Microsoft Corporation
Agenda • Part I: • Disaster Recovery and IIS • What constitutes a disaster? • Data points to consider if disaster occurs • Part II: • Tools & Implementing Disaster Recovery • Configuration: Capturing Backups • Effectively backing up Operating System Data • Backing up IIS with native IIS tools • Using XCopy and other tools to backup Web Content • Summary
What is a Disaster Key Data in Disasters Capturing that Data
Agenda • Part I: • Disaster Recovery and IIS • What constitutes a disaster? • Data points to consider if disaster occurs • Part II: • Tools & Implementing Disaster Recovery • Configuration: Capturing Backups • Effectively backing up Operating System Data • Backing up IIS with native IIS tools • Using XCopy and other tools to backup Web Content • Summary
Part I: Disaster Recovery and IISWhat constitutes a disaster? • Hardware Failures • Loss of Hard Disk(s) or Arrays • Boot Partitions being lost leads to loss of critical data • Best Practice: • Always have system state backups current and available Creating System State Backups in Windows 2000\2003: http://support.microsoft.com/default.aspx?scid=kb;en-us;315412 • Use RAID 5 for redundancy preferrable with hot swappable • Store web content on separate partition or remotely
Part I: Disaster Recovery and IISWhat constitutes a disaster? • Operating System crashes • Loses key data that is unavailable in subsequent (clean) installs of IIS on new OS installs • Disasters can cause large amounts of overhead to re-establish services • Labor requirements: • Very high if not well planned • Best Practice: • Always have system state backups current and available Creating System State Backups in Windows 2003: http://support.microsoft.com/default.aspx?scid=kb;en-us;315412 • Store content on partitions separate from boot partition (aka – where %windir% exists) • Store log files on separate partitions from boot partition or content partitions
Part I: Disaster Recovery and IISKey Data Points • Operating System • Machine Keys • Certificates (and subsequent stores) • Users and\or Groups • Bindings (Optional) • IIS Metadata • IIS Schema (mbschema.xml) • IIS Metabase (metabase.xml) • Application Content • Web specific content such as static and dynamic content
Part I: Disaster Recovery and IISUnderstanding Data Points and IIS • Operating System • Machine Keys • Unique to each Windows 2003 installation • Cannot be duplicated or copied to new installations • IIS uses machine keys to secure all “secure data” in the IIS metadata
Part I: Disaster Recovery and IISUnderstanding Data Points and IIS • Operating System • Certificates • Only pertinent to installations that use Secure Socket Layer (SSL) • Certificates are stored within the operating system • IIS natively offers no built-in mechanism to backup or restore certificates • Certificate Types: Only concerned in this disaster scenario about Server Certificates (not Client Certificates)
Part I: Disaster Recovery and IISUnderstanding Data Points and IIS • Operating System • Users and\or Groups • Key User: • IUSR_Machinename (aka Anonymous Account) • Key Group: • IIS_WPG (aka Worker Process Group) • Who is a member, where do they exist (local or domain accounts) • Web application specific users\groups • FrontPage Users
Part I: Disaster Recovery and IISUnderstanding Data Points and IIS • Operating System • Bindings • Only concern in large environments where 100’s or 1000’s of web sites and bindings exist • Unique listen lists in HTTP.sys would require large amounts of labor if not strategically thought out • Bindings are stored in the HTTP.sys configuration that resides in the registry • Purpose: • Cause website bindings to listen on specific IP addresses vs. all • Further details: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032240563&Culture=en-US
Part I: Disaster Recovery and IISUnderstanding Data Points and IIS • IIS Metadata • Schema • Schema’s are very important, but often are not unique hence not typically a pain point • Schema’s need backing up only if the schema has been extended • Metabase • Stores key, very key, data specific to your installation of IIS • All website, application configuration data stored in this single entity • Often the missing link in disaster scenarios because stale or out-dated backups are all that remain • History feature of IIS 6.0 is not a backup, but a running log of changes – misunderstood!!!! • Backups of metabase are complete file backups including all services which use it
Part I: Disaster Recovery and IISUnderstanding Data Points and IIS • Web & Application Content • Filters • ISAPI filters are key to many applications, but if files are corrupt or missing leads to IIS worker processes not starting • Static Content • HTML, Images, CSS, and .js files • Dynamic Content • ISAPI based applications • ASP content • COM+ dependencies • Extensions can be treated as files and just backed up (.dll, .com, etc.) • CGI based applications are .exe’s and need no special treatment except to be backed up via backup methods
Demonstration OneFinding Key Data PointsThe goal is to demonstrate how to locate the important data and scope the task of successfully backing up pertinent data
Agenda • Part I: • Disaster Recovery and IIS • What constitutes a disaster? • Data points to consider if disaster occurs • Part II: • Tools & Implementing Disaster Recovery • Configuration: Capturing Backups • Effectively backing up Operating System Data • Backing up IIS with native IIS tools • Using XCopy and other tools to backup Web Content • Summary
Part II: Tools • With respect to anything, knowing what tools are available and how to use them is the key • Breaking down the Data Points into Tools • OS related tools • System State Backups • Certificates MMC & IIsCertDeploy • IIS Metadata • IIsBack • Web & Application Content • Xcopy • Component Services & comrepl.exe
Part II: Tools & Implementing Disaster Recovery • Operating System Tools • System State Backups (Windows Backup) • Captures SAM database (users) • Captures Registry - Bindings • IISCertDeploy for Certificate Backups • IIS Metadata • IIS Manager (graphical) & command-line tool(s) IIsBack.vbs\IIsCNFG.vbs • Web & Application Content • Windows Backup • Component Services MMC
Part II: Tools Operating System Tools (Cont.) • System State Backups • System State Components • Boot Files • Registry (including COM settings) • SysVol (not needed for IIS) • Active Directory NTDS.DIT (only for DC’s) • Certificate Store • Key pieces – • Registry (Bindings)
Part II: ToolsOperating System Tools (Cont.) • User and Group Accounts • These are tricky because the unique SID’s are built using the machine’s SID + a unique RID • Most effective means to correct issues with anonymous user account is to save the metabase to a xml file and editing it directly to reflect the new anonymous user account • IIS_WPG should be easily resolved on new machine because account name is Universal although the group isn’t a well known SID
Part II: ToolsOperating System Tools • Backing up SSL Certificates • To effectively backup certificates, do not use System State backup • Use the Certificate MMC if small IIS and SSL footprint • IIS 6.0 Resource Kit utility IIsCertDeploy.vbs is designed to backup (export) and restore (import) certificates • IIsCertDeploy.vbs uses programmatic interfaces to the certificate store to access the certificate store • Process (for each certificate) • Export certificate to PFX file • Import certificate to appropriate store upon disaster
Part II: ToolsUsing IIsCertDeploy • IIsCertDeploy Syntax and Usage Exporting Certificates: IISCertDeploy.vbs -e .pfx – I w3svc/# -p pfxpassword Importing Certificates: IISCertDeploy.vbs -c cert.pfx -p pfxpassword -i w3svc/1 -s iisserver1 -u Administrator -pwd aal34290 http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en
Part II: ToolsIIS Metadata • IIS Manager • Good mechanism for doing “one off” backups • Backups are ALWAYS stored on boot partition - %windir%\system32\inetsrv\metaback • Available in IIS 5.0 Internet Services Manager, but not with ability to produce non-protected metabase • Backups in IIS 6.0 are available using a password to protect the administrator password for the file as well to protect the secure properties
Part II: ToolsIIS Metadata (Cont.) • Command-line utility • IIsBack.vbs • Can be used locally or remotely against any server in an enterprise • Backs up all data – • Schema and Metabase are backed up • Backups are ALWAYS stored on boot partition - %windir%\system32\inetsrv\metaback
Part II: ToolsIIS Metadata (Cont.) • Effective Backup Strategy • Build a batch file that backs up metabase AND copies to secure location (different partition) • Make backup, Copy to secure Location BACKUP.BAT SET SERVER=MyServer SET NAME=DATE-SERVER iisback /backup /b NAME /e PASSWORD Xcopy windir\system32\inetsrv\metaback\NAME.* \\mybackupserver\share$\SERVER From IIS 6.0 Resource Guide <insert URL>
Part II: ToolsWeb & Application Content • Web & Application Content • Windows Backup • This is standard backup procedure for Windows systems • All Programs Accessories System Tools Backup
Part II: ToolsWeb & Application Content • Using XCopy for Web Content Backups • Often used in Web Farms where applications such as Application Center 2000 are not available • XCopy can be added to simple batch files such as backup.bat to automate IIS Metadata & web content backups • Good for static content such as htm, images, css, and .js files BACKUP.BAT Xcopy /o /x /e /h /y /c c:\WEB \\mybackupserver\share$\SERVER
Part II: ToolsWeb & Application Content • If using Active Server Pages, it might be necessary to backup any pertinent Com+ applications • Backing up Com+ Applications • Use the Component Services MMC or comrepl.exe /export
Implemention… • Scripting your Backups! REM Enterprise Contoso Backup Script SET SERVER=MyServer SET NAME=DATE-SERVER REM Get SSL Certificates Iiscertdeploy.vbs -e .pfx – I w3svc/# -p pfxpassword REM Get IIS Metadata iisback /backup /b NAME /e PASSWORD Xcopy windir\system32\inetsrv\metaback\NAME.* \\mybackupserver\share$\SERVER REM Get Web Content Xcopy /o /x /e /h /y /c c:\WEB \\mybackupserver\share$\SERVER\
Implemention… Straight from the IIS 6.0 Resource Kit • Scripting your Backups! REM Enterprise Contoso Backup Script REM SET SERVER=MyServer SET NAME=DATE-SERVER REM Get SSL Certificates Iiscertdeploy.vbs -e .pfx – I w3svc/# -p pfxpassword REM Get IIS Metadata iisback /backup /b NAME /e PASSWORD Xcopy windir\system32\inetsrv\metaback\NAME.* \\mybackupserver\share$\SERVER REM Get Web Content Xcopy /o /x /e /h /y /c c:\WEB \\mybackupserver\share$\SERVER
Demonstration TwoDisaster Recovery in ActionThe goal of this demo is to put it all together and show how we pull together all the pertinent data and centralize it to a backup server
Agenda • Part I: • Disaster Recovery and IIS • What constitutes a disaster? • Data points to consider if disaster occurs • Part II: • Tools & Implementing Disaster Recovery • Configuration: Capturing Backups • Effectively backing up Operating System Data • Backing up IIS with native IIS tools • Using XCopy and other tools to backup Web Content • Summary
Summary: Making Disasters “work for you” • Define disaster scenarios prior to them occurring • Do not depend solely on offline backups • Plan and Understand Backup Scenarios • What is in your environment • Capture key data points • Execute backup strategy to capture this key data • Sit back…sleep well…be happy!
References and Resources • IIS 6.0 Help – Backing up the Metabase http://www.microsoft.com/resources/documentation/iis/6/all/proddocs/en-us/gs_backupmetabase.mspx How to Backup SSL Certificates http://www.microsoft.com/resources/documentation/iis/6/all/proddocs/en-us/gs_getcert.mspx HOW TO: Use Windows Backup and Recovery Tools to Make a Data Backup of Internet Information Services http://support.microsoft.com/view/tn.asp?kb=301420
IIS 6.0 Resource Kit: http://www.microsoft.com/resources/documentation/iis/6/all/proddocs/en-us/gs_backupmetabase.mspx