WHAT’S IN THIS CHAPTER?
In the day-to-day business of IT, the unexpected can and does happen. To whatever extent possible, we need to anticipate the unexpected. Hardware will fail. Users will make mistakes. As an administrator, your job is to minimize the impact of these failures on your users, as well as yourself and your business. Planning is key to ensuring that when disaster strikes, your business can recover with an acceptable amount of service interruption.
Understanding what options are available out of the box is the first step to devising a plan and determining what is acceptable to your business. Every business situation is different, with different requirements and acceptable costs. For example, an internal SharePoint intranet farm for a small business doesn’t have quite the same uptime demands as a public-facing e-commerce SharePoint site selling decorative spoons with pictures of cats on them. This chapter covers the most common failure scenarios an enterprise is likely to face, along with the different out-of-the-box options available in SharePoint 2013 for proactively devising a strategy and recovering from them.
As a business, your first duty is to your customers. In an IT shop, your customers are typically your end users. In order to effectively meet the needs of your customers, the following agreements are put into place to define the level of service that is expected from a service provider:
At the forefront of any examination of business needs vs. acceptable loss will be business continuity planning (BCP). BCP is a defined process for building a road map that maintains operations in the event of a service-interrupting catastrophe.
The first step in the process is the analysis phase, which as its name suggests is used to analyze the threats, and potential impact of these threats, on the business. The threats could be fire, earthquake, hacking, loss of power, locust invasion, or anything else that can result in data loss or downtime. The impact of these threats must also be analyzed and guarded against. The following objectives help to define the tolerance of the business against these threats, and later help to identify the technical implementations required to meet these tolerances:
As noted for each objective, the more granular the level of recovery, the more expensive the solution generally becomes. Of course, ideally your users want no data loss (short RPO), immediate availability (short RTO), and recovery down to the item level (short RLO). Unfortunately, you cannot completely eliminate the possibility of downtime or data loss, and the closer you get to that unobtainable goal the more exponentially expensive the solution gets. Unless your company has a collection of solid gold coins that fills a swimming pool, like Scrooge McDuck, you need to find a compromise that balances customer needs with the IT department’s budget and manpower.
The second step in the process is the solution design phase. This phase is intended to identify the most cost-effective implementations for meeting the preceding objectives regarding tolerable data loss and downtime. For this phase it is essential to understand what out-of-the-box capabilities and features are available in not only SharePoint 2013, but also SQL Server, Windows Server, and IIS so that you can identify and recommend the most effective solutions based on the analysis of business impact and the identified objectives for mitigating it. It is also important to understand that different types of data require different levels of impact mitigation. However, the chosen solution, typically based on the most critical data, usually ends up applying to all the data. In addition, it is during this phase that documentation is created detailing the implementation and testing of the recommended solutions.
The implementation phase technically implements the selected solutions and tests them for intended functionality. Once the implementation phase is complete, it is time to move on to organizational testing. During this phase, the solutions are tested under real workloads to validate projected workloads, adjusting as necessary, to ensure stability and reliability of the recovery objectives, and to drive acceptance within the organization.
After testing is successfully completed, the final phase is maintenance. During this phase, data accuracy is verified, documentation is handed off, and further testing is conducted at regular intervals to ensure that the solutions remain functional as the business and its requirements change.
The rest of this chapter discusses the methods available for content recovery, disaster recovery, and high availability using SharePoint 2013. These features play a significant role in designing solutions to meet the needs of your business continuity plan.
The most accessible, and most frequently used, method of data recovery in SharePoint is at the content level. Several options are available for content recovery depending on the retention policies in place and the nature of the deletion or corruption from which you need to recover:
Some of the preceding recovery methods provide more than one way to accomplish the task, including PowerShell, Central Administration, and even SQL Server Management Studio, all three of which is covered in detail in this section.
Before we get into the methods for recovering data, it is important to understand how the data itself is stored in SharePoint. Each content database is created with a common table structure, with tables for Site Collections, Users, Web Parts, Lists and Libraries, and the documents themselves. Each item in these tables is relationally linked to the items in other tables via ID columns. For example, in order for SharePoint to know that item.docx belongs to a specific library, there is an entry for the document in the dbo.AllDocs table in the content database with a Document ID column for the document itself, as well as a reference List ID column pointing to the library it belongs to in the dbo.AllLists table.
The document itself is stored in another table called dbo.DocStreams as what is called a binary large object, or BLOB, with a reference Document ID column pointing to the document in the dbo.AllDocs table. In other words, the way data is represented to an end user does not translate directly to how the data is stored and interacted with in the content databases. A document does not physically reside in a SharePoint list as displayed in the browser. Instead, it is associated with it in the manner just described.
As long as you have a good content database backup, you will have a way to recover all content — even if a site or list is corrupted and no longer viewable via the browser. It may require some creative thinking to access it, but it is there. A good database backup means you can probably save both your users’ content and your job. And of course, always keep a backup of your resume on a USB thumb drive at home. You know, just in case that database backup isn’t as good as you think it is.
While version history is not a disaster recovery technique in the classic sense, it is your first line of defense against users making potentially unwanted changes to files, or even corruption. The version history provides users with a self-service means to quickly revert to an earlier version of any documents or list items.
Versioning is not enabled by default on user-created document library apps when they are created. However, some system-created apps, such as those that are created by activating the Publishing Infrastructure feature, do enable version history by default. To enable versioning, a user must have at least Manage List permissions to the desired app. The version history configuration dialog consists of four sections:
In previous releases of SharePoint, storing multiple versions had the potential to significantly increase the size of your content databases because each uploaded version of a file was stored as an entire file. For example, suppose you had a 100MB PowerPoint file in your content database explaining why cats are better pets than dogs. If someone opened that document and simply replaced the word “cat” with “kitties” on the first slide, the new version would occupy another 100MB of space in the content database. Before you know it, your content database is as big as a house.
SharePoint 2013 introduces a new technology called Shredded Storage. This technology enables SharePoint to store only the changes made to a document, instead of the entire file each time. Of course, despite the magic of Shredded Storage, all your site collections should have size quotas in place to ensure they don’t grow out of control.
The following steps describe how to configure versioning for libraries:
Enabling version history for a list is virtually identical to libraries, but with a few minor differences:
To restore a previous version, perform the following steps:
Although versioning isn’t technically a disaster recovery technique, it can be quickly used by a user to bring back an old version of a document if the current version is corrupt or unacceptable for some reason.
The Recycle Bin has been around since Windows SharePoint Services (WSS) 3.0 and has seen many enhancements over the last couple of versions. The Recycle Bin offers a self-service capability for users to recover deleted content — whether it be documents, lists, or list items. SharePoint 2010 Service Pack 1 added the Site and Site Collection Recycle Bins, which are covered in more detail here.
The Recycle Bin is enabled by default and can be configured at the web application level through Central Administration. The Recycle Bins themselves are divided into the following stages:
Farm administrators can configure the maximum size limit to specify when the oldest files in the Recycle Bin should be deleted automatically. SharePoint determines the age of the file according to when it was first deleted, not when it was moved to the stage 2 Recycle Bin.
Files in the stage 2 Recycle Bin do not count toward the site collection quota. Instead, the size of the Recycle Bin is calculated at a percentage (default is 50%) of the size of the site collection quota. This means that in addition to the size quota for each site collection, you must also factor in an additional 50% overhead on the content database size for stage 2 Recycle Bin growth. If no quota is assigned to the site collection, then there is no limit to the size of the stage 2 Recycle Bin. Be sure your site collections have quotas.
The Recycle Bin is enabled by default and configured at the web application level in Central Administration. To configure each web application’s Recycle Bin policies, use the following steps:
For readers who keep accidentally deleting their content, this Recycle Bin is for you. To get your content back, follow these steps:
If you can’t find your document in the stage 1 Recycle Bin, the next place to look is the Site Collection Recycle Bin. To get to the Site Collection Recycle Bin, you need to take a slightly different route:
Site Collection recovery is handled a little differently. Obviously, you can’t restore a site collection from within the stage 2 Recycle Bin, as it would be contained within the site collection you are trying to recover! Instead, site collections must be recovered through the PowerShell cmdlet, Get-SPDeletedSite. This recovery method is unchanged from SharePoint 2010 Service Pack 1, where it was first introduced. To recover a deleted site collection, do the following:
Get-SPDeletedSite
Get-SPDeletedSite –Identity "SiteId" | Restore-SPDeletedSite
If at this point you are thinking that recovering a deleted site collection is the best thing since sliced bread, there are some shortcomings to keep in mind. First, only site collections that are deleted from the browser can be recovered. If a site collection is deleted from PowerShell, or from code, it can’t be recovered. Second, in order to recover a site collection, the user running PowerShell must be in the ShellAdmins group of that content’s database.
SharePoint 2013 maintains much of the Content Deployment feature set that provides the functionality for the Export and Import process from SharePoint 2010. Using either Central Administration or PowerShell, it is possible to export and import lists, libraries, or even whole webs, with a number of options for maintaining security settings and version history. The exported content is compressed into Microsoft standard CAB files with an extension of .cmp (which is an acronym for content migration package), and it may span one or more files.
The Content Deployment application programming interface (API) in SharePoint is primarily intended, as its name suggests, for deploying content between site collections, web applications, and even farms. However, a side benefit is that it can also be used to deploy that content out to the filesystem (considered exporting) to be later imported to the same location as a data recovery tool, or to an alternate path. This flexibility makes it a useful tool not only as a backup strategy, but also in your development and migration from testing to production strategies.
Before using the import and export cmdlets, ensure that you are a member of the WSS_ADMIN_WPG local group on the server you are logged into. If you have a lot of servers in the farm and need to add this privilege to all of them at once, you can use the following command in the SharePoint 2013 Management Shell to add a user to the WSS_ADMIN_WPG group on all servers, and add the user to the SharePoint_Shell_Access role in the farm configuration database and any content databases where data is being either exported or imported:
Add-SPShellAdmin contosoadministrator
This is covered in more detail in Chapter 7, which focuses on PowerShell.
Windows PowerShell cmdlets provide a great deal of functionality and automation to the arsenal of SharePoint 2013 features. The Export-SPWeb cmdlet provides the capability to export not only webs, as the name suggests, but even lists and libraries, which can be imported back to the same farm or other SharePoint 2013 farms.
When using the Export-SPWeb cmdlet, the following options are available:
Export-SPWeb –identity http://portal.contoso.com -path C:ackupssite.cmp
To export a list or library, use the following command syntax, (all on one line) adding the ItemUrl parameter:
Export-SPWeb –identity http://portal.contoso.com
-path C:ackupslist.cmp –ItemUrl
"/Shared Documents"
To see all the parameters for this or any other PowerShell cmdlet, use the following syntax from the SharePoint 2013 Management Shell:
Get-Help Export-SPWeb -full
Similar to the export functionality, the Import-SPWeb cmdlet provides the capability to import sites, lists, and libraries via the SharePoint 2013 Management Shell with the following options:
To import a site, list, or library, use the following syntax: (enter this all on one line)
Import-SPWeb http://portal.contoso.com
-Path C:ackupslist.cmp -UpdateVersions
Overwrite
When importing a site, the URL into which you are importing must be using the same template as the exported content. For example, if an exported site was created using the Team Site template (STS#0), the destination site must also use the STS#0 template.
As you can see, PowerShell provides a lot of flexibility when you are performing exports and imports, but sometimes you just need a quick and easy way to export some desired content. Central Administration also provides a way to export sites, lists, and libraries easily.
As we go through this section you will notice that the Backup and Restore page in Central Administration doesn’t offer any means for importing your newly exported package. You will still need to use the PowerShell cmdlets covered earlier to perform an import.
To export a site, list, or library using Central Administration, do the following:
Why is there a UNC path, and not just a normal drive path? If you’ve set your farm up correctly (Least Privilege), your SharePoint Timer service is running as a user who has no privileges to the local filesystem on the Central Administration server. Requiring a UNC path forces you to configure a new file share (don’t use the default admin file shares!) on any one of your servers, and give both the Timer Service and the SQL Service accounts Read/Write permissions to it. This little bit of up-front work offers greater flexibility and greatly reduces the likelihood of a failed export due to unknown permissions requirements, which could make your server less secure.
The reason this is not a requirement when exporting with PowerShell is because, as you’ve seen, the PowerShell code executes directly as the logged-in user, not the Timer Service. If the user is logged in directly to the server, it stands to reason that the user has permissions to the destination folder. If the user doesn’t, PowerShell is kind enough to point that fact out.
Note that nondeclarative workflows and alerts are not exported with the content. Declarative workflows (workflows created with SharePoint Designer) will get exported, however they will not automatically be re-associated with their targeted lists or libraries. This is because the export and import tools are primarily focused on content deployment, so functionality that is not content is not always brought over. This is also true for many third-party add-ons that may have been used through the sites.
Also of note is that exports and imports, in addition to being part of a backup strategy, are also intended to be used to duplicate subsites, sometimes in the same farm. When exporting and importing a subsite, web and list IDs do not get retained. This can have a significant impact on web parts, or other processes, that refer to specific list IDs, and these will need to be reconfigured to point to the new list IDs once the import is completed. Be sure to test content exports and imports to verify that they cover all the pieces you think you are covering before you consider your disaster recovery mission accomplished.
Up to this point you have seen that sites, lists, and libraries can be backed up using PowerShell or Central Administration, but only PowerShell can restore them. The same holds true for site collection backups and restores with the exception of restoring from an unattached content database, which can only be done through Central Administration, not PowerShell.
Site collection backups can be a very useful tool in any backup strategy, but its usage should be limited to very important site collections under 100GB in size. That’s because the site collection backup and restore can be very resource-intensive for the SQL server, which can affect performance or even fail if the site collection coexists with other active site collections in the same database. In any case, for site collections over 100GB, it is recommended that you backup and restore the content database itself, as covered later in this chapter.
Like exports and imports, PowerShell is a very effective tool for performing site collection backups, whether you want to automate the task or just have more flexibility and control over it.
The Backup-SPSite cmdlet produces a single-file backup of a site collection with a .bak extension. Unlike the exports you performed earlier, these backups are full fidelity, meaning workflows, alerts, and everything else within the site collection is backed up. Site collection backups are portable, but with some restrictions. If you want to restore the site collection to the same farm from which it was backed up, you have to do some fancy footwork. A content database can contain only one copy of a given site collection. If you want to restore your backup to the same web application from which it was backed up, you need to either delete the original site collection or create a new content database into which the backup can be stored. Aside from that, the site collection backup may be restored to either the same farm or a different farm, as long as the destination farm is the same build or later as the source farm.
The Backup-SPSite cmdlet for performing a site collection backup offers some familiar and some not-so-familiar parameters for control:
The syntax for performing a single site collection backup is as follows (enter it all on a single line):
Backup-SPSite –Identity http://portal.contoso.com/sites/legal
-Path C:ackupslegal.bak
[-Force] [-NoSiteLock] [-UseSQLSnapshot] [-Verbose]
The beauty of PowerShell is the ability to get more done with less administrative effort. For example, if you needed to back up 30 site collections across 10 web applications, it would be a huge hassle to run the preceding command so many times. Instead, you can use the following syntax to loop through each web application in the farm, then each site collection, and back each one up (again, enter this all on a single line in PowerShell):
Get-SPWebApplication | Get-SPSite –Limit All | ForEach-Object{$FilePath =
"C:ackups" +
$_.Url.Replace("http://","").Replace("/","-") +
".bak"; Backup-SPSite –Identity $_.Url –Path $FilePath}
Before you go off to conquer the world of site collection backups, check the size of any site collections you will be backing up to ensure that you won’t exceed your server’s drive space and risk corruption. The following command will print out the size of all of your site collections, in megabytes:
Start-SPAssignment -Global; Get-SPWebApplication | Get-SPSite |
ForEach-Object{
(Get-SPSiteAdministration -Identity $_)} |
ForEach-Object{Write-Host $_.Url "size in megabytes: ";
[math]::truncate($_.DiskUsed / 1MB)}; Stop-SPAssignment -Global
Site Collection backups are not much good unless you can restore them. As you likely assume, just as there is a Backup-SPSite cmdlet, there is a complementary Restore-SPSite cmdlet. As always, using the Get-Help cmdlet will provide all the gory details about the Restore-SPSite cmdlet.
Along with the regulars such as Identity, Path and Force, the Restore-SPsite cmdlet has some additional parameters that provide flexibility in terms of how your site collections are restored:
To restore a site collection using PowerShell, use the following syntax (you guessed it, all on a single line in PowerShell):
Restore-SPSite –Identity http://portal.contoso.com/sites/legal
-Path
C:ackupslegal.bak [-DatabaseServer <Database Server Name>]
[-DatabaseName
<Content Database Name>] [-Force] [-GradualDelete]
[-Verbose]
Similar to the export functionality, Central Administration provides functionality for performing site collection backups. Unfortunately, the same limitations apply — namely there is no functionality for restoring a site collection through Central Administration. You must use PowerShell, as discussed earlier in this chapter, to restore any backed up site collections to your farm.
To perform a site collection backup using Central Administration, follow these steps:
Whether you back up your site collections with PowerShell or Central Admin, you need to practice restoring them before a disaster strikes. Those practice runs let you test the process in peace without your phone ringing constantly, your IM client blinking incessantly, and your boss tapping his foot impatiently while you figure out how to restore a site collection. It’s much easier to figure it out without all those distractions. A couple of practice runs will also help you build your confidence, so in the unlikely event of a SharePoint disaster you’ll know you can restore that important content, and maybe you’ll be able to avoid that painful knot in the pit of your stomach.
Imagine a situation in which a deleted document has expired or was emptied out of the stage 1 and stage 2 Recycle Bins. It wouldn’t make sense to restore an entire content database, site collection, site, or even a whole library just to retrieve this one document. Any of these method’s actions would result in a lot of collateral damage, as all the other documents are restored along with these containers.
Recall from earlier in the chapter that as long as you have a content database, you can always recover data. This is your first line of defense for the preceding situation. The capability to restore a content database to SQL Server and then recover data from it without ever attaching it to a web application is a feature that was added in SharePoint 2010, and it remains a lifesaving option in SharePoint 2013.
In order to restore content from an unattached content database, do the following:
SQL Server snapshots are a feature of SQL Server Enterprise Editions only. This feature enables you to create a read-only view of the source database that is transactionally consistent with the source database at the time the snapshot is created. Restoring a snapshot to a live site overwrites previous values, bringing the content in the database back to the point in time at which the snapshot was created.
Although snapshots are useful for both reporting and recovery, they can have an adverse effect on the performance of an SQL server. This is due to the overhead of writing previous values to the snapshot because they are overwritten in the source, as well as the disk space required for an ever-growing snapshot. For this reason, the snapshot functionality is best used in development scenarios or as a method of rollback during a content push that may have undesirable effects.
Support for database snapshots was introduced in SharePoint 2010 and continues in SharePoint 2013. The only means for creating a snapshot is by using T-SQL statements through supported APIs, or via SQL Server Management Studio as shown in Figure 9-16. The method for creating the snapshot in SQL Server 2012 is virtually identical to its predecessors.
Some SharePoint operations, such as Backup-SPSite, automatically manage the creation of the SQL Server snapshot if you use the appropriate parameters.
The preceding sections have covered many out-of-the-box features provided by SharePoint 2013 for recovering deleted or corrupted content. While these features should be an integral part of any business continuity plan for quickly recovering lost content, none of these features are truly sufficient for disaster recovery scenarios.
If your SQL server crashes, or the entire farm is wiped out due to a natural disaster and has to be rebuilt, recovering the data through individual site collection restores would be an arduous task, and it really only covers the content. You also need to get the rest of the farm services and service applications back up and running as quickly as possible. You would also need rebuild all the web applications and configure them. This section covers your available options for meeting the disaster recovery needs of your business continuity plan.
SharePoint 2013 provides tools and features to help you protect the following aspects of your farm and recover quickly from disaster:
As with all content backup and restore functionality, all of the preceding disaster recovery backups can be performed through Central Administration and Windows PowerShell.
So far this chapter has focused on backing up and restoring different content within a content database. However, in a disaster or migration scenario, you are going to need a way to back up and restore entire content databases using either full or differential (any changes since the last full backup) methods.
To back up a content database using Windows PowerShell, use the following syntax (on a single line):
Backup-SPFarm –Directory <Backup Folder> –BackupMethod (Full | Differential)
–Item
<Content Database Name> [-Verbose]
Restoring a content database via Windows PowerShell is very similar in syntax to the backup command (on one line):
Restore-SPFarm –Directory <Backup Folder> –RestoreMethod Overwrite
–Item
<Content Database Name> [-BackupId <GUID>] [-Verbose]
To back up a content database using Central Administration, follow these steps:
After the backup starts you can view the status of the job on the Backup and Restore Job Status page, shown in Figure 9-18. Selecting the View History link on the page will show you the status of previous jobs that have been run. If you have already browsed away from the page, you can get back to it by returning to Backup and Restore and clicking Check Backup and Restore Status under the Farm Backup and Restore section.
Unlike previous examples, in which you could only back up certain content through Central Administration, but not restore it, you can restore content databases directly through Central Administration:
In addition to the core SharePoint backup and restore functionality, SQL Server provides several options for backing up and restoring content databases. Full and Simple recovery models enable you to specify whether you just want database backups at regular intervals (Simple), or whether you will need point-in-time recovery (Full).
If you have a third-party backup utility, you will probably use the Simple recovery model. Otherwise, you are likely to run into disk space issues as your SQL transaction logs grow very large without any maintenance. If you will be doing your backups via SQL maintenance plans, you may want to use the Full recovery model, which provides greater flexibility at the cost of more frequent backups. Maintenance plans can be configured to automatically truncate and shrink the transaction log files every time they are backed up, preventing the unmanaged growth mentioned earlier. It is not uncommon to see hourly transaction log backups to greatly reduce the risk of data loss in the event of a disaster and to keep the transaction log sizes small. For the greatest safety, you should never store the backup files on the same storage location as the original data files, but be aware that frequent transfers of large backup files across the network is not without its own impact on available resources.
In addition to the recovery models there are backup types, including Full, Differential, and Incremental. Depending on your specific recovery point and recovery time objectives, you will most likely combine these options to meet business needs. The Full database backup is the simplest form of backup, providing a complete copy of the content database. This works well for smaller databases for which the backup can be accomplished in a minimal amount of time. For larger databases it is common to move to a less frequent Full backup, weekly in some cases, with daily Differential or Incremental backups to pick up any changes since the Full backup.
Differentials capture any changes since the last full backup, so they tend to get bigger as the period between the last Full backup and the next Differential backup grows. When restoring via a Full/Differential combination, you only need to restore the Full database and then the last Differential right before the point-in-time you need restored. This can greatly speed up recovery time and is less likely to succumb to a bad backup due to data corruption in the backup files.
Incremental backups capture changes since the last Incremental backup was taken. This results in very fast and very compact backup files. However, when restoring, it is necessary to first restore the Full backup and then restore every Incremental up to the point in time you need restored. The other downside is that if any of the Incremental backup files in the chain are lost or corrupted, you won’t be able to recover anything past that recovery point.
Follow these steps to perform a Full backup of an individual SharePoint 2013 content database using SQL Server Management Studio:
To perform a restore of an individual SharePoint 2013 content database using SQL Server Management Studio, do the following:
The service application architecture of SharePoint 2013 expands upon the service applications provided in the previous version. Several new service applications, with associated databases, have been added, while others have been updated or removed. The methods for backing up and restoring service applications remain much the same as they were before.
As with many of the other backup and restore scenarios covered previously, the two options available are Windows PowerShell cmdlets and Central Administration. Using these tools you have the option to back up entire service applications, including data, or just each service application’s unique configuration.
To back up a service application using Windows PowerShell, you first need to get the path and name of the service application you want to back up using the following command:
Backup-SPFarm –ShowTree
This command outputs a tree structure of the farm layout. You need to know the full path of the service application through this tree in order to use to the Backup-SPFarm command. It looks something like the following:
FarmShared ServicesShared Services Applications
Business Data Connectivity Services
To perform the backup of the service application, use the following syntax in the SharePoint Management Shell, replacing the example –Item path with the correct path to your service application:
Backup-SPFarm –Directory C:ackups –BackupMethod (Full | Differential)
–Item
"FarmShared ServicesShared Services Applications
Business Data Connectivity Services" [-Verbose]
To perform a restore of a service application, first look up the Operation ID of the backup you want to restore from using the following command:
Get-SPBackupHistory –Directory C:ackups –ShowBackup
To perform the actual restore, use the following syntax:
Restore-SPFarm -Directory C:ackups -Item "FarmShared Services
Shared Services
ApplicationsBusiness Data Connectivity Services"
-RestoreMethod Overwrite [ -BackupId <OperationID>] [-Verbose]
Backing up and restoring a service application in Central Administration is nearly identical to the content database backup. To perform a service application backup, do the following:
To restore a service application through Central Administration, do the following:
Many service applications have databases; and when they do, the contents of the database are what you really care about — the configuration of the service application itself is pretty trivial. In most cases you can back up the service application’s database in SQL Server and restore it to a new instance of that service application. You’ll still need to configure it, but you won’t lose any data.
For instance, if you back up your Managed Metadata service application database, you’ve backed up all your term sets. To recover that data you could create a new Managed Metadata service application, in either the original farm or a new one. When you’re asked to provide a database name for the service application, give it the name to which you restored the database. When the Managed Metadata service application comes online, it will have all the terms that were in the database. You may still need to configure the service application’s permissions, or whether it’s the default Managed Metadata service application, but that’s small potatoes compared to re-creating the terms themselves. The following service applications support being created with restored databases:
The capability to perform a Full farm backup is useful in situations for which an entire farm topology needs to be recovered to existing hardware or to a standby configuration. However, the usefulness of this type of backup depends on your RPOs and RTOs, as this sort of farm restore results in prolonged downtime in order to bring a new standby farm online. Organizations with large, complex topologies will be better served using more efficient methodologies such as a warm standby solution using SQL Server log-shipping to maintain up-to-date copies of the farm databases between live and standby SQL servers.
In addition to Full farm backups is the capability to back up just the farm configuration. This feature makes hardware migration scenarios, and duplicating farm configurations between development and production, a breeze. The farm configuration backup backs up only the elements of the configuration that are not tied to the unique properties of the farm being backed up, such as server names, web applications, service applications, and so on. This enables you to duplicate the root configuration of your farm, such as InfoPath Forms Service configuration, sandbox solutions, farm solution configuration, and so on, without having to worry about differences in topology.
To perform a farm backup using Windows PowerShell, enter the following command in the Microsoft SharePoint 2013 Management Shell:
Backup-SPFarm -Directory <Backup folder> -BackupMethod {Full | Differential}
[ -Verbose]
If an error occurs during the backup, you can view the spbackup.log file created in the backup directory. As a best practice, you should always use the -Verbose switch to monitor the operation and its status. For farms that have not been previously backed up, you must use the -Full switch. If you only want to capture the farm configuration, add the -ConfigurationOnly switch to the preceding command.
To restore from a full farm backup, use the following syntax:
Restore-SPFarm -Directory C:ackups -RestoreMethod {New | Overwrite} [ -Verbose]
As with a farm backup, if an error occurs during the restore, you can view the spbackup.log file created in the backup directory. As a best practice, always use the -Verbose switch to monitor the operation and its status. Similarly, use the -ConfigurationOnly switch to restore only the farm configuration.
By now a pattern should be emerging. Backing up various elements of a farm is done using the same Perform a Backup link in Central Administration. The primary difference is the selections you make. To perform a backup of the entire farm, do the following:
To restore a farm through Central Administration, do the following:
Another area that you should address in your backup strategy is the IIS configuration of your SharePoint farm. While not recommended as a restore source due to SharePoint’s control of the site configuration, the backups should be performed as a documentation strategy to keep track of nonstandard changes to the web.config file or the folder structure of the sites in case they ever need to be rebuilt.
IIS includes a command-line utility for performing backups and restores of the windowssystem32inetsrvconfig directory. This is the location where all IIS configuration settings are stored.
In order to back up your IIS configuration, run the following command:
%windir%system32inetsrvappcmd.exe add backup "First IIS Backup"
Use this to restore:
%windir%system32inetsrvappcmd.exe add restore "First IIS Backup"
In addition to the capability to perform the preceding on-demand IIS backup, IIS 7 has an out-of-the-box feature that automatically captures the configuration history as changes take place. This feature takes snapshots of the ApplicationHost.config file anytime a change is detected, enabling you to restore up to 10 previous versions. IIS checks every 120 seconds for a new version of the ApplicationHost.config file, and then stores the versions in the %systemdrive%inetpubhistory folder. You can find and change the settings that specify how often IIS checks and where the versions are stored in the <system.applicationHost/configHistory> section of the ApplicationHost.config file itself.
Although all your content will be backed up with the content databases, if you have made any sort of customizations you should be sure to back up every piece of supporting material to ensure a smooth recovery. Some of the possible customizations include the following:
Customizations that are typically contained within the content database, but could have elements found elsewhere in the filesystem, such as new SharePoint Features which are the primary type of customizations deployed in on-premises configurations, include the following:
The preferred method for backing up customizations deployed by a development team is to use the built-in features of the development environment, such as Visual Studio Team Foundation, through which the development team can maintain version histories of the codebase along with any related documentation. The benefit of this development method is that it makes it much easier to redeploy any solutions in the event of a disaster.
In addition to the preceding examples, there could also be customizations that fall outside the scope of the development environment’s control. Other places that you might find additional customizations include the SharePoint 15 root, located at %commonfiles%Microsoft SharedWeb Server Extensions15, the website root folder, at %systemdrive%inetpub, and the GAC, at %windir%Assembly. It is important to ensure that any customizations deployed to these locations are well documented and captured in the standard filesystem backups.
Up to this point the chapter has discussed what to back up and what to do in the case of an outage, or worse. However, as stated by Ben Franklin, “An ounce of prevention is worth a pound of cure.” This is just as true when it comes to technology, if not more so. This section covers several things you can do to both avert and weather a bad storm caused by hardware failures, natural disaster, and anything else known to keep administrators from sleeping well at night.
SharePoint 2013 offers several configurations to support scalability, redundancy, and efficient mitigation of downtime. The configurations discussed in this section cover load-balancing, SQL Server 2012 AlwaysOn Failover Clustering and Availability Groups, request-throttling, and site collection gradual deletion. Each of these configurations has a price tag that must be weighed against any service-level agreements in place in your organization.
SharePoint 2013 supports several options for load-balancing the environment, some of which can be configured within SharePoint itself, and others that will likely require additional hardware and resources. The most common configuration is to load balance through either a hardware or a software load balancer to ensure that requests going to the SharePoint sites are divided equally among the web front ends. Whether you choose a hardware or a software, load balancer will mostly depend on the capabilities and scale required to meet your objectives.
New to SharePoint 2013 is the Request Manager service. This new service works in concert with a hardware or software load balancer. It enables a SharePoint administrator to define rules that control what traffic goes to which web front-end server. One of the many rules you can create is based on server health, which helps you balance the load and relieve your farm’s busiest servers. You can read more about the Request Manager service in Chapter 2, “Architecture and Capacity Planning.”
SharePoint’s service application architecture enables you to create multiple service endpoints throughout your farm to help with load-balancing and failover redundancy of service application requests. You can accomplish this by doing the following:
Once you have a service running across multiple servers, SharePoint will manage the service application requests in a round-robin fashion. A service application proxy will request an endpoint for a connected service application from SharePoint’s internal load balancer, which is a software component that executes in the same process as the proxy itself. The load balancer keeps a cache of each of the service application endpoints, and returns the next available endpoint.
Introduced in SQL Server 2005, failover-clustering remains one of the most valuable means for averting SharePoint disasters, as the majority of SharePoint configuration and content is stored within the databases themselves.
Clustering enables the use of a local online spare, referred to as a passive node. If the first, or active node, reboots, has a service crash, or dies altogether, the passive node becomes active and picks up where the previous server left off. Because the active and passive nodes share the same storage, this can shave hours, and in some cases days, off of a hardware or software failure recovery. The clustered servers are directly connected by a network connection through which a “heartbeat” signal is bounced between the servers. Anytime the active node does not respond to a heartbeat, the passive node assumes all clustering responsibilities.
The clustering itself is accomplished through the use of software such as Microsoft Clustering Services. You can find more information on configuring a cluster at http://technet.microsoft.com/en-us/library/cc731844(v=ws.10).aspx.
SQL Server clustering is great for protection against local hardware or software failures, but it is not going to be much help if your server room is flooded, or in the case of a power outage. Although SQL Server mirroring has been deprecated as of SQL Server 2012, SharePoint 2013 also offers support for the new SQL Server 2012 Availability Groups (AG) in order to provide the capability to replicate your configuration and data to different geographic locations in either a hot or warm spare configuration. Some of the enhancements in SQL Server 2012 Availability Groups over mirroring include the following:
The two configuration types for Availability Groups allow for both high availability and disaster recovery at the same time, which is in stark contrast to SQL Server mirroring:
Availability Groups are included only with the Enterprise Edition of SQL Server 2012. For those still using Standard Edition of SQL Server 2012, or earlier versions of SQL Server, mirroring is still an option supported by both SharePoint 2013 and SQL Server 2012, but it is scheduled to be phased out of the product line in future releases.
As with any website, there may come a time when the user load overtakes your server resources in the farm. This can lead to lost farm data if a user clicks Submit and gets an error. The obvious solution is to add more servers or give your existing servers more resources; but despite how my Dell loves this option to vendors, it can sometimes involve lengthy order and delivery processes, not to mention the red tape associated with justifying new expenses.
In the meantime, you don’t want your users to experience extremely long page load times and latency when trying to access their content — or worse yet, dropped sessions altogether. A feature added in SharePoint 2010 and continued in SharePoint 2013 is HTTP Request Monitoring and Throttling. Servers use the settings of this feature to determine how to handle resource load on each of the SharePoint servers in the farm. Each server checks resources every five seconds to determine load, comparing the data against the defined acceptable thresholds. If a server exceeds the acceptable thresholds three times in a row, it goes into throttled mode. Web applications that have the HTTP Throttling enabled stop accepting new session requests, opting to instead deliver an HTTP 503 error, “The server is busy now. Try again later.” Meanwhile, existing sessions continue to function, ensuring that the impact of server load is as minimally disruptive as possible.
Additionally, no new timer jobs will start on that server, and any running jobs will be paused if possible. The server continues to check itself every five minutes, and remains throttled until the server resources fall back below the defined thresholds. All the throttling activity is logged to the System log in the Event Viewer. By default in SharePoint 2013, HTTP Request Monitoring and Throttling is enabled for any new web applications that are created. However, you can disable it through either PowerShell or Central Administration (covered in the following sections).
To get the current values associated with HTTP Request Monitoring and Throttling via PowerShell, use the following syntax:
Get-SPWebApplicationHttpThrottlingMonitor –identity http://portal.contoso.com
To change the current settings for HTTP Request Monitoring and Throttling, use this syntax:
Set-SPWebApplicationHttpThrottlingMonitor –identity http://portal.contoso.com
To configure HTTP Request Monitoring and Throttling from Central Administration, follow these steps:
In addition to overall server resource monitoring and throttling functionality, SharePoint 2013 helps administrators proactively limit resource consumption caused by large SharePoint list views. This is accomplished through settings that can be used to restrict queries executed against large lists. These settings are configured per web application, which provides the flexibility to choose behavior rules based on need or importance.
To configure list-throttling from Central Administration, follow these steps:
In the good old days, sodas cost a dime, the talky movies cost a quarter, and you could take SharePoint down simply by deleting a web or site collection. In some rare, though not nearly rare enough, circumstances, if a web containing a lot of documents was deleted, SQL Server would lock the AllDocs table as it deleted them all. As you surely know, a locked AllDocs table makes for very sad SharePoint. As soon as that table locked, all the site collections in that content database were unavailable. As SharePoint’s adoption grew, this scenario became more and more common. Microsoft put their best and brightest minds to finding a solution. Gradual Site Delete was the silver bullet they came up with, and it’s a pretty good one.
Gradual Site Delete operates via a timer job to efficiently dispose of deleted sites with minimal impact to the server’s resources.
The Gradual Site Delete timer job, which is scoped at the Web Application level, breaks up the site deletion into smaller chunks, which are less likely to cause resource contention. The first piece that is removed is the pointer to the Site Collection from the configuration database and from the Sites table in the content database. The timer job deletes 1,000 rows at a time until the site has been completely removed. Although there isn’t any configuration that a farm administrator can change to affect how this job executes, it warrants a mention in this section to round out our discussion of making a farm more highly available.
As you can tell from the size of this chapter, you have many methods for protecting SharePoint data and configuration. The types of business problems you are protecting against and the budget you have to work with will largely determine which of these techniques you make use of in your business continuity planning.
Content recovery tends to be the first and most important aspect of any backup strategy. The more end users can do for themselves in regard to using the Recycle Bin and versioning functionality, the better. In addition to entire content backups, you also looked at methods for backing up or exporting specific pieces of content such as lists, sites, and site collections.
The second area of attention for mitigating catastrophe is to make use of the high-availability support in SharePoint 2013, and related products such as SQL Server Failover Clustering and AlwaysOn Availability Groups. The scope of your high-availability solution will be largely determined by your service-level agreements and budget constraints.
Disaster recovery is something that everyone needs and hopes never to use. When all else fails, a good disaster recovery solution can save the day. Although numerous technologies and methods were discussed in this chapter, no one solution will fit every scenario. This introduction to what SharePoint 2013 has to offer should help you get started building a solid business continuity plan. Remember, the three most important parts of any business continuity plan is test, test, and test. Test restoring your backups. Test failing over your databases. Test it all. That’s the best way to build confidence in your plan, and hone your skills. The best way to get better at anything is to do it a lot.
3.129.24.180