Warning - this blog contains opinions, strong language, occasional bold text, and HTML. Viewer discretion is advised.


So True

My VP of Business Development sent me this article. While its not in my nature just to agree with sales guys right off the bat, and the article itself falls into the trap of using JACA (just another car analogy), I whole-heartedly agree with everything. And I'll take it a step further as well. Its not about what you do, but how you do it.


Backing Up Windows Home Server

So, I haven't really been paying attention. NTBackup does not work for backing up a WHS. I mean, we've got it backing up our PCs, and that's fine. But what about the server? Vlad Mazek talked about this a bit on his blog a while back. I've already got the remote critical data backups covered, but as I mentioned before, I'm lazy and I don't want to rebuild everything from scratch if my WHS dies. Would ShadowProtect or some other image based software help us here? Its a solid maybe - WHS makes use of logical volumes and the bastard step-child of software mirroring. Maybe it wouldn't matter if you restored the entire image to one large drive. I might need to try that.

Anyway here's how I discovered this - I was futzing with the WHS web server files today as I migrated my websites from a virtualized Linux box over to IIS on the home server. I modified a silly .html file, saved too quickly, and then decided I wanted the original back. So I went to grab an old version out of my latest NTbackup. As I attempted to index the .bkf file and restore the document I wanted, I'm greeted by the above. So no love there. Really, all I want is for the semi-important stuff to be "off-box", ideally a local image, since my really critical stuff is already off-site using a remote backup service. At this point it doesn't look likely that we can replicate the PC backups off the box, but I'm not too worried about those either.

So until something better comes along, you can actually still use NTBackup if you want, you just can't back up the fancy logical volume in WHS (which makes up most of the D: drive). What you can back up is C:\, SystemState, and then your WHS shares over the network (i.e. you would add \\ server\users) to your backup selections. Could you do a bare-metal restore from this? Ehm, probably not. But's it's something I'd try, and maybe some day I will. In the meantime, it allows you to use a familiar, reliable backup tool to offload important and critical files to another device or elsewhere on your home network.

So is this enough? If your critical data is covered, then yeah, I think so. You could avoid ALL of the issues above I suppose and run WHS inside Virtual Server or Hyper-V, but then I think you lose one really nice thing that WHS lets you do - use cobbled-together hardware you already had laying around the house. The way the logical volume system works, its designed for that, with disk drives that WILL fail in mind. I've had two drives fail in mine in the last year, and in both cases the process to replace them was pretty painless. Your mileage will definitely vary.


You're doing it wrong

Marcus Ranum - if you've never heard of this guy, you need to check him out. He has a no-nonsense stance towards security and like me, doesn't believe you need to know intricate details about every 0-day exploit to be able to defend a network against intruders. His stance towards security is very "design based", as in you can't skip any steps, and you have to start at the bottom. You can't "add" security on top of an existing gong-show and expect it to be effective. Companies waste money every day with this approach, and security vendors are reaping the benefits.

Really, Blogger?

I find I'm getting lazy in my old age. In the past I've run blogs with Greymatter, Wordpress, tinkered with MySQL, CSS, HTML, PHP, and on and on. So I'm giving Blogger a go now, and so far, its not bad. Fairly simple, does the job, and I don't have to get too far under the hood unless I really want to. Plus, it's in the cloud, which has certain advantages over running it on aging hardware out of my cellar (yes, I have one of those). So, onward...

ShadowProtect vs Virtual Server 2005

There's some gotchas when doing a P2V server recovery using StorageCraft's ShadowProtect IT Edition and Virtual Server 2005 as the destination.
  1. At one time this went without saying, but then we got lazy because recovery software started doing it for us. Make sure your destination volumes (VHDs in this case) are big enough to accept your recovered volumes. This article came in handy.

  2. The HAL is going to be different. Once you successfully recover the ShadowProtect images into VHDs, you'll need to grab HAL.DLL and NTOSKRNL.EXE from the original installation media, or alternately, another (ideally similar) VM running under Virtual Server 2005.

  3. ShadowProtect's HIR feature helps you out by trying to neuter your driver configuration so that you can restore to any hardware. But you have to return the favor and make sure you don't do anything exotic right off the bat. When configuring your VM initially under Virtual Server 2005, use IDE disks until you get things up and running (and the VM additions installed). Then you can bring down the VM and switch to good old SCSI drivers.

You can see a bit of my progression towards the points above here, on the StorageCraft forums:

If I had to do it all again, would I use ShadowProtect? Its a solid maybe. I've actually had an easier time just using NTBackup.