Server 2003's Shadow Copy Service Ends File Restore Burdens
Tired of digging out backup tapes every time somebody on your network loses a file? Try using the Shadow Copy service in Windows Server 2003 to automate scores of point-in-time
February 3, 2006
If you had to choose one chore in the life of a network administrator that everyone hates, it would be backup administrator -- or perhaps I should say “restore administrator.” No matter the size of the corporation or number of users you support, you will always need to be at the rescue of a victim who accidentally deletes, incorrectly modifies or corrupts a file, or wipes out an entire folder. The scenario usually turns the most level-headed employee into a suicidal maniac and it’s up to you, the file surgeon, to save the day.
Deleted or destroyed files can always be recovered as long as you are doing regular backups every night and make sure the backups are always working and that you have reliable recovery procedures. You can talk your colleagues off the balcony or ledge they may be about to jump from by advising them that the file can be recovered because a backup of the file exists on tape.
But being able to recover a file from a tape backup does not cut it any more. Once users realize that the file they get back is current only to last night, they can quickly turn from being suicidal to homicidal. In addition, it's extremely time-consuming to request tape cartridges from storage, load them up in a tape drive, fire up the restore software to find the files and then restore them to a location on the network. While it does not happen often, a tape drive can take umbrage to your request for the file and decide to chew the tape to pieces, leaving you no way to recover the file.
In short, the entire file restore burden is one you can live without. On a network supporting hundreds of users, it is not far-fetched to get restore requests every single day, enough to send the network admin to that ledge on the top floor.
There is a solution -- a very elegant one. You can end the file restore burden forever and only maintain tape backups for historical or archival purposes by backing up to disk. File recovery can be achieved without ever resorting to tape backups by simply implementing the shadow copy service. The Shadow Copies of Shared Folders service (shadow copy for short) is not new, yet it is one of those overlooked services that go unused on far too many networks.A shadow copy of a file is a file that is copied at certain intervals, while users are working with it, to a special location on the file server. The shadow copy service on Windows Server 2003 lets you select a shared folder as a candidate for shadow copies and makes copies of the files being used several times a day, as determined by the file server administrator. Recovering the files is simply a matter of accessing the copies, which can be user-driven; thus, you can completely eliminate the restore burden and the problem of losing the most recent changes and additions to a file that was backed up some time ago.The elegance of shadow copy is in its implementation. It might seem simple enough to copy files to another location every now and then. But shadow copy is more than a file or folder copy utility. For starters, any security settings that apply to a folder or file also apply to the shadow copy. A user who does not have access to the actual file -- or the entire folder -- will not have access to the shadow copy. Also, file and folder encryption state is maintained in the shadow copy. For example, a user may be able to retrieve a shadow copy from the service, but if he or she does not have the ability to decrypt it, the restored copy stays encrypted and the user will not be able to read the data. Compression state is also maintained for files in shadow copy. So both security and space management is maintained.
Let’s now examine how the shadow copy service works and then implement it. Before we start, understand that you still need to keep doing regular backups to tape media for system failure and archival needs. Shadow copies will be lost if your hard disk crashes and burns. Only tape backups will be able to restore your system. To mitigate the loss of volumes with shadow copy services running, implement RAID (redundant array of independent disks) on your servers.
To implement a shadow copy service, you need to configure the service on the Windows Server 2003 file server volume and implement the shadow copy client on your users' Windows client computers. (The client component can be found on your server OS CD.)
To implement the service on the server, we need to ask a number of things. First, what server is the service to be implemented on? Shadow copy is implemented on a file server that is dedicated to providing access to a number of shares to users. In a small company, a single server often doubles as a file server and as a database server or email server, so you need to be careful not to start shadow copies over your email or application databases.
Second, what volume is the service to be implemented on? Shadow copies are implemented on a volume on a server and not on any specific folder or folder hierarchy. If you have a dedicated file server or collection of file servers, or even clusters, then shadow copy can be implemented on the volume or volumes that house your user share-points, such as \servernamesharename or \domainsharename for DFS shares. For a small company where the server has several roles, activate shadow copy on the volume holding the file server role shares.Next, how much disk space must we allocate for the service? Here, you have the ability to prevent the service from maxing out all the space on the volume. The default setting is always 10 percent of the volume chosen for the service, but you can change this and provide a more suitable level. It all depends on the users and the work they do.In early 2005, I implemented shadow copy for a volume on which the accounting and financial department of an insurance company depended. Like all mid-sized companies with large financial departments, the number of spreadsheets they work with on a daily basis is nothing short of astronomical. Besides the gazillion files being used, a large number of users were frequently accessing the shared files and folders. Before the service was implemented, I was running to the backup tapes several times a day. Users would overwrite each other's files, or make changes to the files that were wrong. Often, files in the directory simply vanished for no reason, at least according to the users, or turned to garbage. The files I restored would set the users back anything from one to ten hours, or more. In one case, the CFO lost a spreadsheet he was working with overnight.
Shadow copy was the answer. By making a shadow copy of the file several times a day, as often as is practical, restore to the last known good version was simply a matter of accessing a share's properties and entering the shadow copy management service.
The administrator also does not need to be the person responsible for recovering files from the shadow copy store. While the service works only with a server share, users with rights to the share can recover their own files through Windows Explorer (after installation of the client bits). Through the service, the user also gets a point-in-time view of the folder, so navigating to the exact time before a file was deleted is also possible.
To use the service, do the following:
Identify the drives for the service. Make sure not to use OS disks and volumes like the C: drive.
Set aside the initial space for the service. A typical starting allocation would be about 10 percent.
Set up a schedule for “copy making.” The default is about twice a day, early morning and mid-day. You can adjust or fine-tune the schedule later. For example, you could schedule the copy every hour.
As mentioned earlier, the shadow copy service should not be enabled on data drives that belong to applications like Exchange or SQL Server. Also, keep in mind the attributes of the machine on which you're enabling the shadow copy service. While 10 percent is a ballpark figure for the disk space allocation, if you only have a 30GB space available, 3Gbyte is not going to get you very far. Ten percent on a 300 GB volume, however, would be just dandy for a small company or a department.
Setting up the schedule also takes a little trial and error. If you take copies too infrequently, users will not find the service too helpful. In other words, the more copies available, the more the likelihood that users will find the versions of files they need. It helps that you are able to take up to 64 shadow copies on a volume; when copy number 64 is done, the next copy will over-write the first copy, or the oldest copy. Let’s say you set the service to take a copy once on the hour; then you would have about two and a half days, give or take a few hours, before the oldest copy is purged from the store. The more aggressive the copy schedule, the more disk space you will use.Setting up an end user for the client UI is a simple matter of installing a plug-in. The client software is installed from the twcli32.msi installer package and can also be delivered via group policy or Systems Management Server. There is nothing to do or to set after installation; the “Previous Versions” tab on the folder properties dialog box will be immediately available after installation.
To access the install file for Windows XP, open your Windows Server 2003 disk to the following folder: %Windir%System32ClientsTwclientX86. The software will install on Windows XP Home, Windows 2000 Server (SP3 and above), Windows 2000 Professional, and Windows 98.
While you don’t need to install the client on the server, as soon as the client is installed, users will be able to recover their own files as follows:
To Recover a Deleted File
Drill down to the folder the file was deleted from.
Click in the list and then right-click the mouse to select Properties from the bottom of the menu. Select the Previous Versions tab from the Properties dialog box.
Select the version of folder that contains the file before it was deleted. Then click View. This will open the folder showing you the last saved version of the file. You can now select the file and drag and drop or cut and paste it from the folder to the target destination.
It is easier to recover a corrupt or overwritten file because you have something to select in the folder:
Right-click the bad file and click Properties.
Select Previous Versions as described above. To view the safe version, click View. To copy the old version to another location, simply click Copy and to replace the current version with the older version, simply click Restore.
You can also recover an entire folder that was nuked or damaged. In the folder where the folder was removed, right-click the mouse, select Properties from the bottom of the menu, and then click the Previous Versions tab as described earlier. Select Copy or Restore. Restore allows the user to recover everything in that folder, including all subfolders. The Restore option will not delete any files.
Once you have the server and clients set up, you have a perfect solution to allow users to recover from any kind of file and folder deletion, corruption or other accident. The next time a user spills a cup of coffee on his or her keyboard that caused the Hurricane Katrina of file deletions, the only call to tech support will be for a new keyboard. Restoring files and folders is a thing of the past. Now you can go out onto the ledge, to enjoy the sunshine. Careful not to fall; Shadow Copy of Share Folders cannot restore broken bones or lost teeth -- yet.Once you have a good shadow copy experience going, and you are backing up the server’s shadow copy volume, implement the service on the share on the server set aside for home folder redirection. With group policy, users will save files to My Documents and be redirected to the server. Now, without any local tape drives and backup licenses needed, you can implement a highly sophisticated file recovery for every user in the enterprise. And that’s just the motivation you need to get that long-awaited SAN into the current IT budget.
Server Pipeline columnist Jeffrey R. Shapiro is the co-author of Windows Server 2003 Bible (Wiley) and is an infrastructure architect who manages a large Windows Server network for an insurance firm.
You May Also Like