Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed

It is recommended to perform the tasks examined in the following sections on a monthly basis.

Maintaining File System Integrity

The physical disks on which ISA runs should be tested for file systemlevel integrity on a monthly basis with a utility such as CHKDSK. CHKDSK, included with Windows Server 2003, scans for file system integrity and can check for lost clusters, cross-linked files, and more. If Windows Server 2003 senses a problem, it runs CHKDSK automatically at startup.

To run CHKDSK maintenance on an ISA server, do the following:

1.

At the command prompt, change to the partition that will be checked (for example, C:\).

2.

Type CHKDSK without any parameters to check only for file system errors, as shown in Figure 17.5.

Figure 17.5. Running the CHKDSK utility on ISA Server disks.

3.

If any errors are found, run the CHKDSK utility with the /f parameter to attempt to correct the errors found.

CAUTION

If errors are detected, it is important to back up the system and perform the changes (using the /f switch) during designated maintenance intervals because there is an inherent risk of system corruption when CHKDSK is used in write mode. Without the switch, however, CHKDSK can be run as often as desired.

Testing the UPS

An uninterruptible power supply (UPS) can be used to protect the system or group of systems from power failures (such as spikes and surges) and keep the system running long enough after a power outage so that an administrator can gracefully shut down the system. It is recommended that an administrator follow the UPS guidelines provided by the manufacturer at least once a month. Also, monthly scheduled battery tests should be performed.

Validating Backups

Once a month, an administrator should validate backups by restoring the backups to a server located in a lab environment. This is in addition to verifying that backups were successful from log files or the backup program's management interface. A restore gives the administrator the opportunity to verify the backups and to practice the restore procedures that would be used when recovering the server during a real disaster. In addition, this procedure tests the state of the backup media to ensure that they are in working order and builds administrator confidence for recovering from a true disaster.

ISA Server XML Export files can be validated if they are imported on test ISA servers in a lab environment. This activity can be performed on a monthly basis so that administrators become familiar with the process and are also provided with a current copy of the production ISA server(s) in the lab environment.

Updating Automated System Recovery Sets

Automated System Recovery (ASR) is a recovery tool that should be implemented in all Windows Server 2003 environments. It backs up the system state data, system services, and all volumes containing Windows Server 2003 system components. ASR replaces the Emergency Repair Disks (ERDs) used to recover systems in earlier versions of Windows.

After building a server and any time a major system change occurs, the ASR sets (that is, the backup and floppy disk) should be updated. Another best practice is to update ASR sets at least once a month. This keeps content in the ASR sets consistent with the current state of the system. Otherwise, valuable system configuration information may be lost if a system experiences a problem or failure.

To create an ASR set, do the following:

1.

Open Windows Server 2003's NTBackup utility by choosing Start, All Programs, Accessories, System Tools, Backup.

2.

Click Advanced Mode link from the first screen in the Backup or Restore Wizard.

3.

Click the Automated System Recovery Wizard button.

4.

Click Next in the Automated System Recovery Preparation Wizard window.

5.

Select the backup destination, as shown in Figure 17.6, and then click Next to continue.

Figure 17.6. Using the ASR tool.

6.

Click Finish.

NOTE

This process may take a while to complete, so be patient. Depending on the performance of the system being used and the amount of information to be transferred, this process could take several minutes to a few hours to complete.

Updating Documentation

An integral part of managing and maintaining any ISA environment is to document the network infrastructure and procedures. The following are just a few of the documents that should be considered for inclusion in an ISA environment:

  • Server build guides

  • Disaster recovery guides and procedures

  • Checklists

  • Configuration settings

  • Change configuration logs

  • Historical performance data

  • Special user rights assignments

  • Special application settings

As systems and services are built and procedures are ascertained, document these facts to reduce learning curves, administration, and maintenance.

It is not only important to adequately document the ISA environment, but it's often even more important to keep those documents up to date. Otherwise, documents can quickly become outdated as the environment, processes, and procedures change with business changes.

For more information on documenting an ISA environment, see Chapter 20, "Documenting an ISA Server 2004 Environment."

    Категории