Bare metal recovery

If the user needs to replace their hard drive or completely wipe it, they can use bootable recovery media to perform bare metal recovery. Bare metal recovery removes all existing partitions on the system disk and recreates all partitions, before restoring software onto the PC. Two types of recovery media are supported:

• User-created recovery media using the Create a recovery drive utility in WindowsВ 10. This backs up the files needed to restore the PC to a pristine state.
• Manufacturer-created recovery media for support and refurbishing scenarios by placing a recovery image on a piece of bootable Windows RE media.

When user-created recovery media are used, the bare metal recovery feature can be summarized in the following steps:

1. The system disk is identified.
2. All partitions from the system disk are removed.
3. Data erasure is performed on the system disk (if requested by the user).
4. Factory or default partition layout is recreated on the system disk.
5. All partitions are formatted.
6. Recovery files from recovery media are copied to the OS volume.
7. A new copy of the OS is constructed at the root of the OS volume.
8. Customizations stored in provisioning packages are applied.
9. Drivers are injected into the new OS.
10. Preinstalled Windows apps are restored.
11. Boot files are configured on the system partition.
12. PC reboots to the new OS.
13. OOBE starts.

Data removal options

When users use the bare metal recovery feature, they can choose to perform data erasure on the entire system disk before the factory partition layout is reapplied. On most PCs, this data erasure process is done in software, writing cryptographically random patterns to the entire LBA range of the system disk once.

However, on certain hardware configurations, the data erasure process is performed by the storage device’s hardware controller. This often takes less time to complete and is usually more thorough in removing remnant data. Hardware-based data erasure is supported on PCs with storage devices which meet the following criteria:

• eMMC
• Supports the Secure Trim and Sanitize commands

System disk selection

Bare metal recovery automatically identifies the system disk using the following methods:

Adaptor location path and GUID of the system disk are written to a UEFI variable during OOBE.

Performed only when both the system and Windows partitions are on the system disk.

The variable is updated if necessary when Windows RE gets disabled and then re-enabled.

During bare metal recovery, if multiple internal disks are detected, the system disk is searched in this order:

• Disk with GUID matching the value stored in the UEFI variable.
• Disk with location path matching the value stored in firmware.
• Disk with an existing ESP.
  • If multiple disks with ESP are found, bare metal recovery will not proceed.
• Uninitialized (raw) disk.
  • If multiple uninitialized disks are found, bare metal recovery will not proceed.

On legacy BIOS/MBR systems, the BIOS-reported system disk is used.

User-created recovery media

When users create USB recovery media using the Create a recovery drive utility, the resulting media always contain a bootable copy of Windows RE. This gives users access to troubleshooting and recovery tools when booting from recovery media.

Users can optionally back up files required to perform bare metal recovery. When the option is selected, the following are copied onto the USB recovery media as well:

• Windows Component Store
• Installed drivers
• Backup of preinstalled Windows apps
• Provisioning packages containing preinstalled customizations (under C:\Recovery\Customizations)
• Push-button Reset configuration XML and scripts (under C:\Recovery\OEM)

Manufacturer-created recovery media

Bare metal recovery supports the use of a recovery WIM image when the media are prepared by manufacturers. This type of media is primarily used in support and refurbishing scenarios.

Manufacturer-created media must contain the following:

Windows Server Backup — Bare metal recovery

Сайт является не обновляемой с 20.07.2019 копией сайта alex-white.ru

Введение

Для восстановления сервера на голое железо (Bare metal recovery — BMR) нужно иметь бекап. Бекап можно создать при помощи штатной фичи Windows server 2012, под названием Windows Server Backup.

Установка Windows Server Backup

Как установить Windows Server Backup описано тут. После установки нужно настроить резервное копирование.

Настойка Windows Server Backup

WBS может бэкапить на диск, на раздел диска и на шару. Для экономии места на хранилище, целесообразней использовать инкрементальные бэкапы, но инкрементальные бэкапы WSB может делать только на диск, при этом, когда диск назначается для бэкапов, все данные с него удаляются. Да и на каждый серве не напасешься дисков, поэтому будем использовать ISCSI диски. Для этого нужно настроить ISCSI Target на хранилище и ISCSI initiator на сервере. В моём примере ISCSI target на Windows 2012 сервере.

Настройка ISCSI Target на Windows Server

Настройка ISCSI Target и ISCSI initiator на Windows Server 2012 описана подробно тут и тут

После настройки таргета и иницаитора, в системе появится диск. Его нужно сделать “online”. За тем “зашедулерить” WSB. Тут и тут есть описание как это сделать. Скажу лишь, то что бэкап будем делать всего сервера целиком. В моём случае даже с виртуальными машинами Hyper-V

И так половину дела сделали. Бэкапы делаются, их можно доставать при необходимости через раздел Recovery того же WSB. Но что же делать если железо сервера полностью вышло из строя и восстановлению не подлежит. В этом случае понадобится Bare metal recovery т.е дословно «восстановление на голом железе». Но для восстановления на железе нужно что то загрузить на этом железе, что сможет получить доступ к бекапу.

Windows Recovery Environment — Winre 4.0

Windows Recovery Environment WinRE– Средство восстановления Windows основанное на Windows Preinstallation Environment . Это средство загружается автоматически при сбое Windows. Или его можно создать записать на диск флешку или WDS. Windows Deployment Services — WDS гораздо удобней в использовании. Сегвер загружает WinRE по сети и готов к восстановлению. Но не всё так просто. По умолчанию Winre не умеет работать с ISCSI дисками, нет файлового менеджера, нет Powershell и тд. этому мы его и научим.

Новые возможности службы развертывания ОС можно посмотреть тут. Подробней о его настройке сделана презентация.

Настрйка WinRE.wim версии 4.0

WinRE.win можно взять в каталоге ОС: c:\Windows\System32\Recovery\winre.wim Обращаю внимание, файл скрытый и просто так не виден.

— Создаём каталог d:\winre d:\WinRE_Mount

— Копируем c:\Windows\System32\Recovery\winre.wim в d:\winre

Делаем его видимым.

— Далее нужно примонтировать Wim образ. Для этого нужно выполнить:

dism /Mount-Wim /WimFile:d:\WinRE\WinRE.wim /index:1 /MountDir:d:\WinRE\WinRE_Mount

— Можно посмотреть информацию о установленных пакетах

Dism /image: d:\WinRE\WinRE_Mount /Get-Packages

— Как добавлять другие пакеты и их описание можно посмотреть тут.

dism /image:D:\Wim_Mount /Add-Package /PackagePath:»c:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-WDS-tools.cab»

Dism /image:D:\Wim_Mount /Remove-Package /PackageName:Microsoft-Windows-WinPE-LanguagePack-Package

-Добавляем драйвера для Raid контроллера

Этот шаг необязателен, поскольку Windows PE содержит базовый набор драйверов, в том числе и для сетевых карт. Доступ к сети может вам понадобиться, например, для сохранения захваченного WIM-образа на сетевом диске.

Если возникла необходимость, с помощью DISM можно добавить:

-отдельный драйвер, указав путь к INF-файлу

-все драйверы из папки, указав путь к ней и ключ /recurse

Примеры этих команд:

dism /Image:d:\WinRE\WinRE_Mount /Add-Driver /Driver:C:\drivers\mydriver.INF

dism /Image:d:\WinRE\WinRE_Mount /Add-Driver /Driver:C:\drivers /recurse

— Добавление своих утилит и сценариев

Я скопиовал файменеджер TotalCMD в папку util и туду же утилиты sysinternals.

Так же добавил оснастку для GUI управления ISCSI инициатора

А в папку script положил скрипт который поднимает сеть и монтирует ISCSI а потом запускает bmrui утилиту восстановлния бекапа.

Write-host ========Recovery Windows server============
Write-host ========abelov@agava.com 27.03.2013========
write-host

Write-host «1 Step: — initialize network»
x:\windows\system32\wpeutil.exe initializenetwork
Write-host «Test network»
$hNAme = Read-Host «Type ISCSI host name. For example b1.vpsagava.ru»
ipconfig /all
ping $hNAme

Write-host «2 Step: — initialize ISCSI»
Write-host «Start Service msiscsi»
Start-Service msiscsi
Write-host «Connect to iscsi on $hNAme »
New-IscsiTargetPortal –TargetPortalAddress $hNAme
Get-IscsiTarget | Connect-IscsiTarget

Write-host «3 Step: — Recovery Windows server»
x:\windows\system32\bmrui.exe
x:\windows\system32\iscsicpl.exe
Write-host «4 Step: — open image and recovery server»

— Сохранение изменений и отключение образа

Обе операции выполняются в рамках одной команды.

dism /Unmount-Wim /MountDir:D:\WinRE\WinRE_Mount /Commit

Добавляем Wim в WDS. Загружаемся с него. Запускаем скрипт

Много полезного есть здесь

Back up system state and bare metal

This version of Data Protection Manager (DPM) has reached the end of support, we recommend you to upgrade to DPM 2019.

System Center Data Protection Manager (DPM) can back up system state and provide bare metal recovery (BMR) protection.

System state backup: Backs up operating system files, enabling you to recover when a machine starts but you’ve lost system files and registry. A system state backup includes:

Domain member: Boot files, COM+ class registration database, registry

Domain controller: Active Directory (NTDS), boot files, COM+ class registration database, registry, system volume (SYSVOL)

Machine running cluster services: Additionally backs up cluster server metadata

Machine running certificate services: Additionally backs up certificate data

Bare metal backup: Backs up operating system files and all data except user data on critical volumes. By definition a BMR backup includes a system state backup. Provides protection when a machine won’t start and you have to recover everything.

This table summarizes what you can back up and recover. You can see detailed information about app versions that can be protected with system state and BMR in What can DPM back up?

Backup	Issue	Recover from DPM backup	Recover from system state backup	BMR
File data Regular data backup BMR/system state backup	Lost file data	Y	N	N
File data DPM backup of file data BMR/system state backup	Lost/damaged operating system	N	Y	Y
File data DPM backup of file data BMR/system state backup	Lost server (data volumes intact	N	N	Y
File data DPM backup of file data BMR/system state backup	Lost server (data volumes lost)	Y	No	Yes (BMR followed by regular recovery of backed up file data)
SharePoint data: DPM backup of farm data BMR/system state backup	Lost site, lists, list items. documents	Y	N	N
SharePoint data: DPM backup of farm data BMR/system state backup	Lost or damaged operating system	N	Y	Y
SharePoint data: DPM backup of farm data BMR/system state backup	Disaster recovery	N	N	N
Hyper-V DPM backup of Hyper-V host or guest BMR/system state backup of host	Lost VM	Y	N	N
Hyper-V DPM backup of Hyper-V host or guest BMR/system state backup of host	Lost or damaged operating system	N	Y	Y
Hyper-V DPM backup of Hyper-V host or guest BMR/system state backup of host	Lost Hyper-V host (VMs intact)	N	N	Y
Hyper-V DPM backup of Hyper-V host or guest BMR/system state backup of host	Lost Hyper-V host (VMs lost)	N	N	Y BMR recovery followed by regular DPM recovery
SQL Server/Exchange BMR/system state backup	Lost app data	Y	N	N
SQL Server/Exchange BMR/system state backup	Lost or damaged operating system	N	y	Y
SQL Server/Exchange BMR/system state backup	Lost server (database/transaction logs intact)	N	N	Y
SQL Server/Exchange BMR/system state backup	Lost server (database/transaction logs lost)	N	N	Y BMR recovery followed by regular DPM recovery

How system state backup works

When a system state backup runs, DPM communicates with WSB request a backup of the server’s system state. By default DPM and WSB will use the drive with the most available free space, and information about this drive is saved in the PSDataSourceConfig.XML file. This is the drive WSB will use to do backups to.

You can customize the drive that DPM uses for the system state backup. To do this on the protected server, go to drive:\Program Files\Microsoft Data Protection Manager\DPM\Datasources. Open the PSDataSourceConfig.XML file for editing. Change the value for the drive letter. Save and close the file. If a protection group protects the computer’s system state, run a consistency check. If the consistency check generates an alert, click Modify protection group link in the alert, and then step through the wizard. After finishing, run another consistency check.

Note that if the protection server is in a cluster it’s possible that a cluster drive will be selected as the drive with the most free space. It’s important to be aware of this because if that drive ownership has been switched to another node and a system state backup runs, the drive won’t be available and the backup will fail. In this situation, you’ll need to modify the PSDataSourceConfig.XML to point it to a local drive.

Windows Server Backup (WSB) creates a folder called WindowsImageBackup on the root of the. As it creates the backup, all data is placed in this folder. When the backup completes the file will then be transferred over to the DPM server. Note that:

This folder and its contents do not get cleaned up after the backup or transfer is done. The best way to think of this is that the space is being reserved for the next time a backup is done.

The folder gets created every time a backup is done. The time/date stamp will reflect the time of your last system state backup..

BMR backup

For BMR (including a system state backup) the backup job is performed directly to a share on the DPM server and not to a folder on the protected server.

DPM server calls WSB and shares out the replica volume for that BMR backup. In this case it doesn’t tell WSB to use the drive with the most free space, but instead to use the share created for the job.

When the backup finishes the file is transferred to the DPM server. Logs are stored in C:\Windows\Logs\WindowsServerBackup.

Prerequisites and limitations

BMR isn’t supported for computers running Windows Server 2003 or for computers running client operating systems.

You can’t protect BMR and system state for the same computer in different protection groups.

A DPM server can’t protect itself for BMR.

Short-term protection to tape (D2T) isn’t supported for BMR. Long-term storage to tape (D2D2T) is supported.

Windows Server Backup must be installed on the protected computer for BMR.

For BMR protection (unlike system state protection) DPM doesn’t have any space requirements on the protected computer. WSB directly transfers the backups to the DPM server. Note that the job for this doesn’t appear in the DPM Jobs view.

If you use Modern Backup Storage and want to increase the BMR default replica size > 30 GB, use the registry key: HKLM\Software\Microsoft\Microsoft Data Protection Manager\Configuration ReplicaSizeInGBForSystemProtectionWithBMR (DWORD).

If you use Modern Backup Storage, SystemState and BMR backups consume more storage (than legacy storage) due to ReFS cloning. Each SystemState or BMR backup is a full recovery point. To mitigate this storage consumption, you may want to:

• schedule fewer System State or BMR recovery points,
• use a smaller retention period for the recovery points,
• increase the available storage for System State or BMR backups.

The following limitations do NOT apply to Modern Backup Storage (MBS). The following limitations apply only when using legacy storage, after upgrading DPM 2012 R2 to DPM 2016.

DPM reserves 30 GB of space on the replica volume for BMR. You can change this on the Disk Allocation page in the Modify Protection Group Wizard or using the Get-DatasourceDiskAllocation and Set-DatasourceDiskAllocation PowerShell cmdlets. On the recovery point volume, BMR protection requires about 6 GB for retention of five days. Note that you can’t reduce the replica volume size to less than 15 GB. DPM doesn’t calculate the size of BMR data source, but assumes 30 GB for all servers. Admins should change the value as per the size of BMR backups expected on their environments. The size of a BMR backup can be roughly calculated sum of used space on all critical volumes: Critical volumes = Boot Volume + System Volume + Volume hosting system state data such as AD. Process System state backup

If you move from system state protection to BMR protection, BMR protection will require less space on the recovery point volume. However, the extra space on the volume is not reclaimed. You can shrink the volume size manually from the Modify Disk Allocation page of the Modify Protection Group Wizard or using the Get-DatasourceDiskAllocation and Set-DatasourceDiskAllocation cmdlets.

If you move from system state protection to BMR protection , BMR protection will require more space on the replica volume. The volume will be extended automatically. If you want to change the default space allocations you can use Modify-DiskAllocation.

If you move from BMR protection to system state protection you’ll need more space on the recovery point volume. DPM might try to automatically grow the volume. If there is insufficient space in the storage pool, an error will be issued.

If you move from BMR protection to system state protection you’ll need space on the protected computer because system state protection first writes the replica to the local computer and then transfers it to the DPM server

Before you start

Deploy DPM: Verify DPM is deployed correctly. If you haven’t see:

System requirements for DPM

Set up storage-You can store backed up data on disk, on tape, and in the cloud with Azure. Read more in Prepare data storage.

Set up the DPM protection agent-You’ll need to install the DPM protection agent on machine you want to back up. Read Deploy the DPM protection agent

Back up system state and bare metal

Set up a protection group as described in Deploy protection groups. Note that you can’t protect BMR and system state for the same machine in different groups, and that when you select BMR system state is automatically enabled.

Click Protection > Actions > Create Protection Group to open the Create New Protection Group wizard in the DPM console.

In Select protection group type click Servers.

In Select Group Members expand the machine and select BMR or system state

Remember that you can’t protect BMR and system state for the same machine in different groups, and that when you select BMR system state is automatically enabled. Learn more in Deploy protection groups.

In Select data protection method specify how you want to handle short and long-term backup. Short-term backup is always to disk first, with the option of backing up from the disk to the Azure cloud with Azure backup (for short or long-term). As an alternative to long-term backup to the cloud you can also configure long-term back up to a standalone tape device or tape library connected to the DPM server.

In Select short-term goals specify how you want to back up to short-term storage on disk. In Retention range you specify how long you want to keep the data on disk. In Synchronization frequency you specify how often you want to run an incremental backup to disk. If you don’t want to set a back-up interval, you can check, just before a recovery point so that DPM will run an express full backup just before each recovery point is scheduled.

If you want to store data on tape for long-term storage in Specify long-term goals indicate how long you want to keep tape data (1-99 years). In Frequency of backup specify how often backups to tape should run. The frequency is based on the retention range you’ve specified:

When the retention range is 1-99 years, you can select backups to occur daily, weekly, bi-weekly, monthly, quarterly, half-yearly, or yearly.

When the retention range is 1-11 months, you can select backups to occur daily, weekly, bi-weekly, or monthly.

When the retention range is 1-4 weeks, you can select backups to occur daily or weekly.

On a stand-alone tape drive, for a single protection group, DPM uses the same tape for daily backups until there is insufficient space on the tape. You can also colocate data from different protection groups on tape.

On the Select Tape and Library Details page specify the tape/library to use, and whether data should be compressed and encrypted on tape.

In the Review disk allocation page review the storage pool disk space allocated for the protection group.

Total Data size is the size of the data you want to back up, and Disk space to be provisioned on DPM is the space that DPM recommends for the protection group. DPM chooses the ideal backup volume, based on the settings. However, you can edit the backup volume choices in the Disk allocation details. For the workloads, select the preferred storage in the dropdown menu. Your edits change the values for Total Storage and Free Storage in the Available Disk Storage pane. Underprovisioned space is the amount of storage DPM suggests you add to the volume, to continue with backups smoothly in the future.

In Choose replica creation method select how you want to handle the initial full data replication. If you select to replicate over the network we recommended you choose an off-peak time. For large amounts of data or less than optimal network conditions, consider replicating the data offline using removable media.

In Choose consistency check options, select how you want to automate consistency checks. You can enable a check to run only when replica data becomes inconsistent, or according to a schedule. If you don’t want to configure automatic consistency checking, you can run a manual check at any time by right-clicking the protection group in the Protection area of the DPM console, and selecting Perform Consistency Check.

If you’ve selected to back up to the cloud with Azure Backup, on the Specify online protection data page make sure the workloads you want to back up to Azure are selected.

In Specify online backup schedule specify how often incremental backups to Azure should occur. You can schedule backups to run every day/week/month/year and the time/date at which they should run. Backups can occur up to twice a day. Each time a back up runs a data recovery point is created in Azure from the copy of the backed-up data stored on the DPM disk.

In Specify online retention policy you can specify how the recovery points created from the daily/weekly/monthly/yearly backups are retained in Azure.

In Choose online replication specify how the initial full replication of data will occur. You can replicate over the network, or do an offline backup (offline seeding). Offline backup uses the Azure Import feature. Read more.

On the Summary page review your settings. After you click Create Group initial replication of the data occurs. When it finishes the protection group status will show as OK on the Status page. Backup then takes place in line with the protection group settings.

Recover system state or BMR

You can recover BMR or system state to a network location. If you’ve backed up BMR use the WIndows Recovery Environment (WinRE) to start up your system and connect it to the network. Then use Windows Server Backup to recover from the network location. If you’ve backed up system state just use Windows Server Backup to recover from the network location.

Restore BMR

Run recovery on the DPM server:

In the Recovery pane find the machine you want to recovery > Bare Metal Recovery.

Available recovery points are indicated in bold on the calendar. Select the date and time for the recovery point you want to use.

In Select Recovery Type select Copy to a network folder.

In Specify Destination select where you want to copy the data to. Remember that the selected destination will need enough room. We recommend a new folder.

In Specify Recovery Options select the security settings to apply and select whether you want to use SAN-based hardware snapshots for quicker recovery (only an option if you have a SAN with this functionality enabled and the ability to create and split a clone to make it writable. In addition the protected machine and DPM server must be connected to the same network).

Set up notification options and click Recover on the Summary page.

Set up the share location:

In the restore location navigate to the folder that contains the backup.

Share the folder above WindowsImageBackup so that the root of the shared folder is the WindowsImageBackup folder. If it isn’t restore won’t find the backup. To connect using WinRE you’ll need a share that you can access in WinRE with the correct IP address and credentials.

Restore the system:

Start the machine for which you want to restore the image to using the Windows DVD to match the system you are restoring.

On the first screen verify language/locale settings. .On the Install screen select Repair your computer.

On the System Recovery Options page select Restore your computer using a system image that you created earlier

On the Select a system image backup page select Select a system image > Advanced > Search for a system image on the network. Select Yes if a warning appears. Navigate to the share path, input the credentials, and select the recovery point. This scans for specific backups available in that recovery point. Select the recovery point.

In Choose how to restore the backup select Format and repartition disks. In the next screen verify settings and click Finish to begin the restore. Restart as required.

Restore system state

Run recovery on the DPM server:

In the Recovery pane find the machine you want to recovery > Bare Metal Recovery.

Available recovery points are indicated in bold on the calendar. Select the date and time for the recovery point you want to use.

In Select Recovery Type select Copy to a network folder.

In Specify Destination select where you want to copy the data to. Remember that the selected destination will need enough room. We recommend a new folder.

In Specify Recovery Options select the security settings to apply and select whether you want to use SAN-based hardware snapshots for quicker recovery (only an option if you have a SAN with this functionality enabled and the ability to create and split a clone to make it writable. In addition the protected machine and DPM server must be connected to the same network).

Set up notification options and click Recover on the Summary page.

Run Windows Server Backup

Click Actions > Recover > This Server > Next.

Click Another Server > Specify Location Type page > Remote shared folder. Provide the path to the folder that contains the recovery point.

In Select Recovery Type click System state. In Select Location for System State Recovery click Original Location

In Confirmation click Recover. You’ll need to restart the server after the restore.

You can also run a system state restore from the command-line. To do this start Windows Server Backup on the machine you want to recover. From a command prompt type: wbadmin get versions -backuptarget to get the version identifier.

Use the version identifier to start system state restore. At the command line type: wbadmin start systemstaterecovery -version: -backuptarget: Confirm that you want to start the recovery. You can see the process in the command window. A restore log is created. You’ll need restart the server after the restore.