Spend time now to enable VSS—save time later when users need to recover files
Volume Shadow Copy Service (VSS) offers two features that can save you time and peace of mind. The first is a snapshot—think of it as a short-term backup—of all the files on an NTFS volume. This snapshot, or shadow copy, lets your users restore files for themselves—for example, if they accidentally delete a file or choose Save when they meant Save As. (VSS is not designed to replace your current backup strategy, as I discuss later.) The second feature is VSS's ability to back up files that are currently open or locked by an application such as Microsoft SQL Server or Microsoft Exchange.
VSS creates shadow copies on a regular basis or whenever you tell it to. Using VSS in Windows 2003 and in Vista's System Restore is easy—let's take a look at how to configure and monitor backups with VSS in Windows 2003, then discuss how converting basic disks to dynamic disks might affect your shadow copies. Later, as you implement VSS, you might want to refer to the list of VSS tips I've included.How VSS Works
By default, the shadow copy cache is created on the source volume, but you can specify that it be created on a physically separate disk to boost performance and provide fault tolerance. You need to decide where to store the shadow copy cache before you enable VSS, because you can't move the cache later without losing all the snapshots it contains. Also, note that disabling shadow copies on a volume permanently deletes all existing shadow copies.
VSS can be enabled only on NTFS volumes. You can't choose to include or exclude specific files or folders—it's all or nothing. Data residing in mounted volumes isn't included in the shadow copy of the parent volume. However, you can enable shadow copies on mounted volumes themselves. Note that shadow copies preserve both encryption and NTFS permissions, which might cause problems when you restore a file.
To enable VSS, click Start, choose My Computer, then rightclick the volume on which you want to enable VSS and choose Properties. On the Properties page, click the Shadow Copies tab. If you haven't already done so, decide whether you want to store the shadow copy cache on another volume that's located on a different disk.
Next, highlight the source volume and click Settings. In the Settings dialog box, you can select a different volume to be the shadow copy storage volume, as Figure 1 shows. You can change the size of the storage area and change the schedule (click the Schedule button) if the default schedule doesn't fit your needs. The default schedule creates snapshots Monday through Friday at 7 a.m. and at noon. You should create snapshots only as necessary—once an hour might be overkill.
After you configure your settings, click OK. On the Properties page, click Enable to turn shadow copies on for that volume. You'll be asked whether you want to use the default schedule and settings; go ahead and click Yes, then click OK again.
If you enjoy using command-line utilities, as I do, you'll want to learn how to use Vssadmin and Schtasks instead of the GUI to configure VSS. Vssadmin lets you create, delete, and resize shadow copies, among other things. Use Schtasks to create, edit, and delete scheduled tasks.
Let's talk about how much disk space you might need. When you enable VSS, 100MB of storage space is allocated immediately, and VSS can use up to 10 percent of the space on the hard disk. Snapshots record only what has changed since the last snapshot, so they don't take up as much room as you might think. However, a shadow copy cache can store only 64 shadow copies. If you run out of disk space or create a 65th snapshot, the oldest snapshot is deleted to make room for the new one. Due to the overhead of creating snapshots, I recommend enabling VSS only on volumes that hold user data or on which you'd like to be able to back up open files.
Using Windows 2003 Shadow Copies
To let client computers access previous versions of files, you need the Previous Versions Client application, which comes with Vista and Windows 2003. You can also install the Previous Versions Client on Windows XP Professional SP1 (you'll find the twcli32.msi file in the %Windir%\System32\Clients\ Twclient\X86 folder on the Windows 2003 CD-ROM) and on Windows 2000 (download the Win2K version from the Microsoft Web site at http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=e382358f-33c3-4de7-acd8a33ac92d295e&displaylang=en). To install the client on users' PCs, double-click the file or deploy it through Group Policy or Microsoft Systems Management Server (SMS).
Shadow copies were designed to be used with the Common Internet File System (CIFS—an enhanced version of the Server Message Block protocol), so to access previous versions of a file or folder on a server, you must connect through a shared folder. Even if you're logged on to a server, you need to connect through a Universal Naming Convention (UNC) path. For example, to access the previous versions of a file that's stored on a server named UptownDC in a shared folder named Sales, you'd click Start, Run and type
Click OK, then right-click the file you want to see and select Properties. The Previous Versions tab lists the snapshots and shows the date and time they were taken, as Figure 2 shows. You'll also see three options: View, Copy, and Restore. View opens a read-only copy of the file, which is useful for determining which previous version you need. The Restore option restores the document and its NTFS permissions and encryption settings to the original location, overwriting the current version. The safer choice is Copy, which lets you copy the file to a new location.
If you need to recover a file that's been deleted, you obviously can't right-click the file in the shared folder and select its properties. In this case, you need to work at the folder level. Instead of connecting to the UNC path \\Uptowndc\Sales, you'd connect to the administrative share of the C drive (which is where the Sales folder resides): \\Uptowndc\C$. Right-click the Sales folder, select Properties, and click the appropriate button to view, copy, or restore the entire contents of the folder. If you're interested in only one file, copy the folder to a new location, then right-click the file and work with that file's previous versions.
Vista and Shadow Copies
Vista is the first desktop OS with built-in shadow copy capabilities. In Vista, shadow copies are part of System Restore and are called restore points. Restore points are enabled by default for the C volume, so right out of the gate you get shadow copies of your files daily, as long as the volume has at least 300MB of free space.
The default scheduled task that creates restore points is called SR, and it runs only when the computer has been idle for 10 minutes or more and is on AC power. If for some reason the SR task fails to run at its scheduled time, it will run as soon as possible. You can also enable restore points for other volumes if you choose. Vista uses up to 15 percent of available hard disk space for storing restore points.
To configure and manage restore points, click the Start orb and right-click Computer, then choose Properties; on the Tasks menu select System protection. Accessing System protection requires administrative privileges, so when prompted by the User Account Control UI, choose Continue.
On the System Protection tab of the System Properties page, which Figure 3 shows, you can manually create a one-time restore point by selecting the volume and clicking Create, naming the restore point, and clicking Create again. The process can take a few minutes, depending on the size of your volume, but when it's finished you get a message confirming success. If you choose to enable automatic restore points for a volume, Vista creates a new restore point for that volume every day and at system startup time.
Accessing previous versions of files and folders on Vista is performed in the same manner as accessing them through a shared folder on Windows 2003 from a client that has the Previous Versions Client application installed. But Vista lets you access the previous versions of files and folders locally. Simply open Windows Explorer, right-click the file or folder you want, select Properties, then click the Previous Versions tab, which Figure 4 shows. The options are the same on Vista as they are for the earlier Previous Versions Client, and they work the same way.
VSS and SANs
Another cool feature of VSS on Windows Server 2003 Enterprise Edition and Datacenter Edition is the ability to quickly and easily copy and move data on a SAN. VSS can create a shadow copy of a multi-terabyte volume that you can then export from a SAN and import to a server in a matter of minutes, thereby transferring a large amount of data very quickly. Every storage vendor sets up this capability differently, so contact your vendor for details.
For volumes with VSS enabled, I recommend you configure 16KB or larger cluster sizes. VSS tracks changes to files in 16KB blocks. On volumes that are from 2GB to 2TB in size, 4KB is the default cluster size. But on clusters smaller than 16KB, the VSS provider can't determine whether a file has been defragmented or changed. So VSS treats a defragmented file as it does a changed file—it generates a new shadow copy of the file. After defragmentation of a disk that has small clusters, VSS might cause the shadow copy cache to grow very quickly and overwrite all existing shadow copies. (For more information, see the Microsoft article "Shadow copies may be lost when you defragment a volume" at http://support.microsoft.com/kb/312067.)
To find the cluster size on a volume, you can use the Fsutil command. For example, to find the cluster size for volume C, you'd type the following at a command prompt:
fsutil fsinfo ntfsinfo C:
If your cluster size is smaller than 16KB and you want to increase it, you need to back up your data, reformat the volume with a larger cluster size, then restore your data. Be aware that NTFS compression works only with 4KB cluster sizes, so you might need to decide whether compression or VSS is more important in your environment.
How NTBackup and VSS Work Together
In the past, if a file was open or locked by a service or application while a backup was being performed, the locked or open file wasn't backed up, causing problems when administrators needed to restore that file. Data consistency is paramount when it comes to applications that require many files to be open at the same time, such as databases. When multiple files are open during a backup, it's possible that between the time that the first and last file is backed up, changes might have occurred in the last file. So when the database is restored, the data is no longer in a consistent state.
Windows 2003's backup utility, NTBackup, uses VSS to ensure that backups are consistent and complete. VSS works in conjunction with a piece of code, called a writer, from a file's application. A writer protects the application's data and provides information such as the location of the data and the backup and restore methods available. Applications that don't contain a writer are not VSS aware. Administrators need to know whether their applications are VSS-aware. In a worst-case scenario, an administrator might try to restore an important file and discover it's not even there—it never got backed up because the application wasn't VSS aware. Windows 2003 includes writers for AD and NTFS. To find all available writers on a server, type the following at a command prompt:
vssadmin list writers
When you run NTBackup in Windows 2003, the utility requests a list of all writers that VSS is aware of. VSS not only lists the writers, but also provides all known metadata about the writers, such as each writer's backup and restore methods. VSS uses the metadata to determine which applications support shadow copies. When NTBackup asks VSS to create a shadow copy, VSS sends a message to the known writers to freeze all data writes, create a shadow copy, and store it in a difference file. A difference file keeps track of what has changed or is different since the last shadow copy was created. Then VSS lets the writer continue its write operations. The backup is performed using the data in the difference file.
Monitoring VSS Performance
Monitoring the performance of shadow copies using System Monitor on Windows 2003 can help you head off potential problems before they affect users. For example, System Monitor can tell you that the amount of space used for shadow copies is nearing the maximum amount of space allocated. By default, System Monitor doesn't contain objects or counters that monitor shadow copy performance, but you can add some. (See the Microsoft article "Add counters to System Monitor" at http://technet2.microsoft.com/windowsserver/en/library/47a7a162-294d4307-af7e-b679e65858521033.mspx?mfr=true for directions on creating counters.)
Running the Microsoft Windows Server 2003 Resource Kit utility Volperf (with the /install switch) adds the shadow copy objects to System Monitor along with the following counters:
Basic-to-Dynamic-Disk Conversion and VSS
There might come a day when you'd like to provide a new level of hardware fault tolerance by creating a mirror set. Mirror sets can be created only on dynamic disks, so a disk that's currently configured as a basic disk must first be converted to a dynamic disk. Most documentation states that converting disks from basic to dynamic doesn't cause any data loss. What the documentation doesn't mention, however, is that improperly converting a basic disk to a dynamic disk might delete existing shadow copies. When the source volume and shadow copy cache are on separate volumes, things can get sticky. (For more information about the differences between basic and dynamic disks, see "Choosing Basic vs. Dynamic Disk Storage for Windows Servers," December 2002, InstantDoc ID 27085.)
The procedure you must follow to convert a VSS-enabled basic disk to a dynamic disk depends on whether the shadow copy cache is stored on the boot volume.
Scenario 1—the shadow copy cache doesn't reside on the boot volume. If the shadow copy cache is not stored on the boot volume, you must first dismount the source volume (the volume you've taken the snapshot of) by using the Mountvol command-line utility with the /P parameter (/P dismounts the volume). Next, convert the volume that contains the shadow copy cache to a dynamic volume. Now, the clock is ticking—you have only 20 minutes to mount the source volume using either the Mountvol utility or the Microsoft Management Console Disk Management snap-in. If 20 minutes pass before you've mounted the source volume, all existing shadow copies are lost. Finally, bring the source volume back online and convert it to a dynamic volume.
Scenario 2—the shadow copy cache resides on the boot volume. If the shadow copy cache is stored on the boot volume, simply convert the volume that contains the shadow copy cache to a dynamic volume—there's no need to dismount the source volume first. Next, reboot the server twice, then convert the source volume to a dynamic volume.What Benefits End Users Also Benefits You