Shortcut Design for Windows backup policy

The backup policy involves too many problems and is often closely related to performance and security. Therefore, many system administrators often choose to use the default backup policy when designing a Windows backup policy. In fact, the Windows backup policy is not as terrible as everyone thinks. As long as you grasp the core content behind it, you can find a shortcut to success. As long as the system administrator can solve the following four problems, the backup policy is successful.

I. what data is backed up?

In the Windows server operating system, there is a ServerBackup component that can help the system administrator Back up relevant data. Now, the first question users need to consider is what data needs to be backed up? In fact, data can basically be divided into three types. The first is the operating system file, the second is the application file, and the third is the user file.

Generally, you need to back up all files on the operating system of the server. For common clients, you need to back up the files of the operating system and applications, while for user files, you need to back up the files. After all, there are many files (such as songs and images) on the client that belong to the user and may not be related to work. Generally, you do not need to back up these files from the perspective of improving backup efficiency and saving backup space. This is a basic judgment principle. In actual work, pay attention to the following special files.

First, the application configuration file. For example, a DHCP service or an Oracle database server is implemented on a Windows operating system. These applications often have independent configuration files. For example, Oracle Database listening files and network configuration files. For these third-party application configuration files, special considerations are required when creating backup policies. Generally, I suggest you equate these configuration files with operating system files. Sometimes it is even more important than the operating system file itself. If the operating system fails, you only need to reinstall the operating system. If the configuration file is lost, the workload during reconfiguration is high and the risk is high.

Second, the amount of backup data needs to be treated according to different situations. Take the email application as an example. Enterprise mail storage may adopt different policies. For example, you can choose whether the email is saved locally or on the server. Some enterprises stipulate that a copy will be kept on the server regardless of whether the user downloads the email to the local device. For these two different applications, the data to be backed up is different. As in the preceding example, you can save the email on the client and delete the email on the server. When you select backup data on the client, you need to use the email you downloaded to your local device as the backup object. On the contrary, if all emails are saved on the server, the emails downloaded to the local server do not need to be backed up.

Ii. How to back up data?

When designing a backup policy, the system administrator not only needs to consider which data needs to be backed up, but also determines how to perform the backup. This is a core link. Different backup methods have different restrictions. The operation method is also different. Pay attention to the following content.

First, the device to be backed up. Two types of backup devices are available: disk and tape. If you select disk backup, you can use the ServerBackup component. If you use this tool, you can regularly back up the data identified above to an internal connection (2} 2 [+ c. C! K9 g

Or an external connected disk (remote backup ). However, this tool does not support tape backup. If you need to back up data to tape, you need to use another Microsoft tool, system center Data Protection Manager. Or use third-party applications. Obviously, different backup devices use different technologies. This is a core reason for determining how to back up data.

Second, there are two backup methods: Full backup and differential backup. Full backup means that all data is backed up no matter whether the data changes or not. On the contrary, differential backup requires you to determine whether the data has changed before the backup. Only the changed data is backed up. The two backup methods have their own characteristics. In terms of performance, differential backup can occupy less system resources and have less impact on network performance. On the contrary, full backup is convenient for management. However, the negative impact on the performance of the existing system is greater. Under normal circumstances, the author suggests that you choose a combination of differential backup and full backup based on the actual situation of the enterprise to gain strengths. If a full backup is performed once a week, the rest of the time is differential backup.

The third is the backup cycle. Both full backup and differential backup have a periodic problem. If differential backup is performed, is the backup performed once a day or 8 hours? If regular backup is used, is the backup performed once a day or once a week? When determining this backup cycle, we mainly look at the enterprise's considerations for data security. The higher the backup frequency, the safer the data. On the contrary, the more system resources are consumed. The lower the backup frequency, the lower the performance overhead. And the system overhead is relatively large.

3. How to store backup files?

How to save backup files is also a concern in the backup policy design. Because the backup file contains a lot of confidential information (including system configuration information and user data ). If this backup file is leaked, it may cause irreparable losses to the enterprise. Therefore, you may need to consider the following aspects for Storage Management of backup files.

First, whether remote backup is necessary. For example, the system administrator first backs up the server data on another local hard disk for performance considerations. However, there are some risks. If the server is stolen, the backup file will also be stolen. At this time, enterprises still cannot restore data by backing up files. To solve this problem, enterprise users need to save the backup files in a remote location when appropriate. Or you can directly perform remote backup. For enterprises with high security levels, this remote backup is necessary.

Second, necessary encryption measures must be taken for backup files. After the data is backed up, it is out of the control of the original permissions. After the business data (excluding the system configuration data) is restored, unrelated users can see the relevant data. This will undoubtedly affect enterprise data security. For security considerations, it is best to take necessary encryption measures for backup files. For example, store it in the NTFS file area of the Windows operating system to encrypt the backup file.

Third, you need to regularly verify the availability of backup files. Sometimes the backup file may become invalid due to unexpected situations (such as viruses or sudden power outages. The next time you use the backup file for data recovery, unexpected situations may occur. For example, if the Oracle database file contains Chinese characters, it can be backed up normally during Backup. However, in the data recovery mode, the names of tables or segments named by Chinese characters cannot be restored. Therefore, the data is not backed up. You also need to verify the validity of the backup file from time to time.

4. Who will execute it?

After completing the above three tasks, you need to consider who will perform the task. In fact, it should be said that it is the preliminary and later work. Because of the intermediate backup, the system will automatically execute the task as long as the user sets the time. Therefore, this execution mainly completes the validation of the preliminary data and subsequent management work (including the verification of the backup file validity.

If conditions permit, we recommend that you use two users: one for specific execution, the other is used for monitoring (including the execution of backup policies and security verification of backup files ). If two roles are combined, problems may occur.