Solved

SBS 2011 Disaster Recovery Planning - Specific Advice Requested

Posted on 2014-02-11
5
831 Views
Last Modified: 2014-02-12
I have recently installed as SBS 2011 Server in my small network environment, and this has caused me to revisit and revise my DR plan.  In doing my usual online research, I have noticed several options and scenarios, and realize now that the best approach for each specific network might be very different, so here are my details and my questions:

SBS 2011 is the primary AD controller, and the Exchange server and Sharepoint server for our small network. (20 users)  I have a separate Windows 2003 Standard server that is configured as an additional AD server, and catalog server, for fault tolerance purposes.  I am using the built in Windows Backup solution for the SBS 2011, and getting a full "bare metal" backup every night, including all drive partitions with my data.  I have another server that I plan to only use in the event that the SBS 2011 server breaks down, and the hardware issues can't be quickly resolved.  I have tested the Bare Metal restore of the SBS 2011 to this machine (which is not connected to the network - because I'm just testing) and was successful with the exception that AD is not operational.  After what I have read online, I think this would be normal.

My question is - if this were a real-life disaster and I restored the bare metal backup of SBS 2011, and then connected the machine to my network, would everything replicate from my current backup domain controller?  The only other option I could see would be to take the backup DC offline (or demote it) and then in addition to the bare metal restore on SBS 2011, also perform a system state recovery in DSRM mode...  I guess I am asking which would be the preferred method to recover from a complete failure of the SBS 2011 machine... Thanks for any suggestions.
0
Comment
Question by:Rob Grinage
5 Comments
 
LVL 12

Expert Comment

by:ktaczala
Comment Utility
Why wouldn't AD be operational on your test system.  SBS is the FSMO roles holder.
Although it wouldn't see the other AD server.

You shouldn't have any issues doing what you are doing.
Like you said a few hardware changes/issues when using the spare server.
But even if you virtualized it you'd have that issue too.

As long as your backups are 100%...

You could always test the whole thing by virtualizing everything then trying out different scenarios in the virtual environment.
0
 
LVL 22

Expert Comment

by:Olaf De Ceuster
Comment Utility
The SBS BU will restore everything. If AD is not working there is an issue.
The second DC can be used but in normal restore scenarios won't be used.
Advantage of SBS BU: You can restore exchange and sharepoint by themselves too. Very handy.
I would suggest you run the SBS  BPA to find what is wrong with your network:
http://support.microsoft.com/kb/2673284
We are up to version 1.5
Hope that helps,
Olaf
0
 
LVL 1

Author Comment

by:Rob Grinage
Comment Utility
I appreciate the advice.  I will check again to see what is the extent of working and non-working components, and provide more information as soon as I can.  This has me concerned, so I will investigate in depth.  Thanks!
0
 
LVL 38

Accepted Solution

by:
Philip Elder earned 250 total points
Comment Utility
I suggest having a read of one of our blog posts here: http://bit.ly/KJ8lOE

This particular post outlines the very problem you are facing. How to restore.

It is the chronicle of our walking through recovering a client's domain after a catastrophic failure.

Essentially, in an SBS network that second DC can actually be your Achilles' Heel.

After over 10 years working with SBS I can say this: Our best line of defense in a disaster situation is a _known good_ backup. What is that? It is a backup that has been test restored to bare metal or Hypervisor at least on a quarterly basis.

That IMNSHO is the only disaster recovery plan an SBS network really needs.

Oh, and we use ShadowProtect so we have the option to restore that backup virtually anywhere.

Philip
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 250 total points
Comment Utility
I agree with Philip about that second DC -- the problem is that if you allow it to continue to run after your SBS fails, then you do a BMR of the SBS, the AD Replication will be out of sync.

The reason for this is that other than SBS, BMR's of DCs are not supported by Microsoft.

(Similarly, Exchange on a DC isn't supported unless it's SBS, etc)

SBS is unique because it has a special management system that keeps everything running the way it should -- as long as its deployed the way it was designed.  Most 20-person organizations don't need a 2nd DC, and you especially don't need one if your SBS can recover from failure almost immediately.

If your organization cannot afford downtime of your SBS, then I HIGHLY suggest you look at getting a DATTO Backup Device.  These things are just incredible and they are priced right for the SMB market.  If your SBS fails, you can turn on a VM backup of the SBS on the DATTO in less than 30 seconds.

If up-time is important to you, then you need to consider using this type of DR solution.

Jeff
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now