This Knowledgebase article provides information about how to setup Data Rollback and Volume Shadow Copy.
The Data Rollback Screen
The Data Rollback screen is available if the Rollback button is enabled on the Neverfail Heartbeat Management Client. This feature is available only on Windows 2003. Neverfail’s Data Rollback Module helps avoid problems associated with corrupt data, by enabling data rollback to an earlier point-in-time should data corruption occur.
If this feature is enabled, navigate to the 'Rollback' screen by selecting the Rollback button on the left panel of the screen. Before configuring or using any of the Data Rollback Module features, Neverfail recommends that you first read through and follow the best practices for Using Volume Shadow Copy Service (VSS) and the Data Rollback Module, described below.
Best Practices for Using Volume Shadow Copy Service & Data Rollback Module
The storage of Shadow Copies is performed by the Volume Shadow Copy Service (VSS) component of Windows 2003. See
Knowledgebase article #825
- How to Configure Windows 2003 to Store Shadow Copies. VSS is also used by the Shadow Copies of Shared Folders (SCSF) feature of Windows 2003, and consequently, some of the following recommendations are based on Microsoft best practices for SCSF.
The recommended steps are:
- Decide which volume to use for storing shadow copies before using the Data Rollback Module. This is because before you can change the storage volume, you must delete the existing shadow copies.
- Neverfail recommends that a separate volume be allocated for storing shadow copies. Do not use a volume for storing both, data that is protected by Neverfail together with data that is not protected, yet updated regularly. For example, do not write backups of data (even temporary) to a volume that contains Neverfail protected files, as that would increase the space used for snapshots.
In accordance with the following guidelines from Microsoft:
"Select a separate volume on another disk as the storage area for shadow copies. Select a storage area on a volume that is not being shadow copied. Using a separate volume on another disk provides two advantages. First, it eliminates the possibility that high I/O load will cause shadow copies to be deleted. Second, this configuration provides better performance.”
- Ensure that you allocate enough space for the shadow copies you wish to retain. This will be dependent on the typical load for your application, such as the number and size of emails received per day, or the number and size of transactions per day. The default is only 10% of the shadowed volume size, so this should be increased. Ideally, dedicate an entire volume on a separate disk to Shadow Storage.
- Configure the schedule to match your clients' working patterns, considering both the required granularity of data-restoration, and the available storage.
The Data Rollback Module provides a means of flexibly scheduling the creation of new shadow copies, and the deletion of older shadow copies. This should be adjusted to the working-patterns of your clients and applications. For example, do clients tend to work 9am-5pm, Monday-Friday in a single time zone, or throughout the day across multiple time zones? You should avoid taking shadow copies during an application's maintenance period, such as Exchange defragmentation, or a nightly backup. In selecting how frequently to create new shadow copies, and how to purge older ones, you must balance the needs for fine-granularity of restorable points-in-time versus the available disk space and the upper limit of 512 Shadow Copies across all shadowed volumes on the server.
Note: The schedule referred to in the Volume Properties -> Shadow Copies -> Settings dialog is for Shadow Copies for Shared Folders. This is not used for Data Rollback Module - the Data Rollback Module schedule is configured on the Rollback -> Configuration panel of the Neverfail Heartbeat client.
Perform a Trial R ollback
Once you have configured the Data Rollback Module, we recommend that you perform a trial rollback, to ensure that you understand how the process functions, and that it operates correctly.
IMPORTANT: all protected applications MUST be stopped during rollback (this is done automatically by Neverfail), which means they will not be available to users. Please see Knowledgebase article #827 - How to Monitor Shadow Copies, for more information about how to configure and perform rollbacks.Note: All client application files must be closed prior to conducting a rollback to ensure all data is rolled back to the previous state.
PERFORMING A DATA ROLLBACK WITHOUT FULLY UNDERSTANDING HOW DATA ROLLBACK FUNCTIONS AND THE CONSEQUENCES ON A SERVER PAIR, CAN LEAD TO UNDESIRED RESULTS.
If you do not select the option ‘Restart applications and replication automatically after rollback’, then you will be able to rollback to Shadow Copies on the passive Server without losing the most recent data.
You will be able to start the application(s) manually, in order to check that it starts successfully using the restored data. Once the test has completed to restart using the application data, as it was immediately before the rollback, you should:
1. Shutdown Neverfail Heartbeat on both servers.
2. Use the 'Server Configuration' wizard to swap the active and passive roles.
3. Restart Neverfail. This will resynchronize the two servers.
Monitor Neverfail Heartbeat in Order to Identify any Shadow Copies Being Discarded by VSS
If the Data Rollback Module finds that any shadow copies it expects to be present have been deleted, it will note this in the Neverfail Heartbeat Event Log. The log can be inspected by opening the Neverfail Heartbeat Management Client and clicking on the Log button and selecting the View Event Log tab. This is an indication that VSS has reached its limit of available space or number of shadow copies. If many shadow copies are automatically discarded, then you should consider adding more storage, or reconfiguring your schedule to create and maintain fewer shadow copies.