Backing up information is one of the main ways to protect it from loss due to equipment failure.

You should start by distinguishing between backup systems and backup individual files.

Here are a few simple rules to help you save information.

1. Frequency of copying.

Consider first the backup of the operating system.

Creating a backup will help you avoid installing the entire system, configuring it, installing programs, and so on. With the improvement of computer technology, these methods become irrelevant, because. any operating system itself creates backup copies and restores them in case of failure.

Backup of other information.

For those who are constantly subjecting their system to some kind of change that can "kill" it, it is best to backup the files every time before starting such work. It will be quite a shame to lose the fruits of your work for a few days, forgetting to make another backup before the system crashes. Of course, it is not necessary to make a backup before each installation of any new program. It is usually recommended to make a backup if you need to save any new data, the creation of which took a lot of time and money. For ordinary users, one backup per month is enough.

2. Storage.

Before you make a backup, the question arises - where to store information?

First you need to understand how important and confidential this information is. If the information is of value only to the user himself, then the following methods can be used.

a) Of course, you can store a backup copy on the computer itself if the hard disk is divided into several logical ones. In this case, the backup copy is saved on any of the disks, except for the system one. It is the system disk on which the operating system is located that is most often prone to various failures from the programs installed on it.

b) Storage on external media, for example, on a flash drive, or on a removable disk, will protect you from losing information if the entire hard drive in the computer fails.

c) Storing information on the Internet.

Network drives, such as Yandex disk and others, are gaining more and more popularity. Storing data is convenient enough, but not secure.

If the information contained in the backup is of interest not only to the user, then you should think about the security of access to it. Any external media can be simply stolen.

3. Data verification.

After a backup is made, it is necessary to check whether the information is in the backup and whether it will be possible to use it. Simply put, the user can make a mistake and make a backup copy of the wrong file that he needs.

Built-in OS features.

as mentioned above, any operating system itself creates backup copies of system files.

Consider this function on the example of the windows 7 operating system. It is called the "Backup and Restore Center".

In order to launch the "Backup and Restore Center" utility, do the following:

In the window that opens, you can make a complete copy of the operating system, make a copy of individual databases, or restore files after a system crash.

This service fully satisfies the needs of ordinary users.

After a failure, it is enough to find your backup copy, run it, then the system itself will tell you what actions need to be taken.

If the user is still not satisfied with the standard way of creating backups, then there are many paid and free utilities that will help you make a backup.

Here are the most popular programs for creating backups.

Top three paid programs:

1. Norton Ghost
2. Paragon Backup & Recovery
3. Acronis True Image Home

Free programs:

• FBackup 4.8
• File Backup Watcher Free 2.8
• Back2zip 125
• The Copier 7.1
• Comodo BackUp 1.0.2

From the list of listed free programs, you can choose any that is most suitable for the nature and activity of using your computer. The "weakest" copying program is File Backup Watcher Free 2.8, but this program has one big plus - it creates ISO images. Back2zip is suitable for those who rarely have to deal with backups, and in fact there is almost nothing to copy. The Copier is quite complex to use, but can help you back up up to 300 gigs of data.

Comodo BackUp is one of the professional programs that will help you create backup copies of documents, set up automatic backup settings and send them to an external resource or FTP server.

Disk cloning.

Probably everyone faced the problem when the disk runs out of free space.
What to do if there is nothing to delete, but there is still not enough space?
You have to buy a new hard drive with a larger capacity. It's good if there is room in the system unit for a second hard drive, but what if you can only replace one hard drive with another? You need to somehow transfer all the data from the old hard drive to the new hard drive. This can be done with special disk cloning programs.

The most common - Acronis 2011, which helps to qualitatively clone a disk.

This program has 2 cloning modes. Manual and automatic.
In manual mode, the user can select the areas to be copied. The progress of the process is displayed in the program window. After the work is completed, the program will ask you to restart the computer, after which it will be possible to change the old hard drive to a new one.

The next most popular program is HDClone. The principle of operation is almost the same. The difference is only in the price of the product and in a slightly reduced functionality.

The third place is R Drive Image

A fairly easy-to-use program with a step-by-step user interface. The main advantage is the low cost of this product.

There are also many free similar programs that are not inferior in functionality to the above programs. An example of such a program would be Clonezilla and PC Disk Clone Free 8.0. There is also a paid analogue of the second program.

RAIDarrays. No, not insect repellent.

RAID was created in 1987 by A. Petterson, A. Gibson and Katz. Initially, RAID - "redundant array of inexpensive disks" was translated as "a spare array of inexpensive disks". Later, with the increase in the price of hard drives, RAID began to carry the meaning of "redundant array of independent disks", i.e. "spare array of independent disks".

Previously, RAID arrays were used only for servers, but now with the constant development of technology, RAID arrays are also used for home computers.

RAID array is designed to speed up the computer and increase the reliability of data protection and storage. Depending on the configuration of the choice of the RAID array, the increase in the speed of the computer or the reliability of data storage depends.

The RAID array works as follows: a special controller controls a set of hard drives, which are one logical drive. Recording/playback operations are performed in parallel, which ensures high performance. All records are duplicated and checksums are created, which increases the reliability of data storage.

There are several models of RAID arrays.

RAID 0 - disk array of increased performance with striping, without fault tolerance;

RAID 1 - mirror disk array;

RAID 2 is reserved for arrays that use Hamming code;

RAID 3 and 4 - disk arrays with striping and a dedicated parity disk;

RAID 5 - striped disk array with "non-dedicated parity disk";

RAID 6 is a striped disk array using two checksums calculated in two independent ways;

RAID 10 - a RAID 0 array consisting of RAID 1 arrays;

RAID 50 - a RAID 0 array consisting of RAID 5 arrays;

RAID 60 is a RAID 0 array made up of RAID 6 arrays.

This article discusses what the concept of "fail-safe" means, what types of additional data security can RAID arrays provide, and what backups can and cannot do when there is a need to ensure the security of valuable information.

Familiarity with any data recovery program is the first step to ensuring the safety of your data for a long time. Fault-tolerant systems, redundant storage arrays, and even scheduled backups, as a rule, do not eliminate the need to have a data recovery program on hand. Why is it the way it is?

Content:

Failsafe systems

Many businessmen who care about the safety of valuable information purchase computers with a high level of reliability. At the same time, manufacturers Sony, Toshiba, Hitachi, Samsung assure that a fault-tolerant system provides such additional reliability to the computer, and the computer equipped with it will continue to work fully even if one or more of its components fail. As for the way information is stored, fault-tolerant systems use either distributed storage or RAID arrays, or both, so that there is confidence that when one or more hard drives fail, the subsystem that stores data , will continue to run, responding to user requests. Therefore, in situations where a conventional computer fails, computers equipped with fault-tolerant systems will continue to work smoothly, even if some of their components break down.

Then why do we need an information recovery program if such a data storage system seems invulnerable? The answer is simple and lies in the kind of “fail-safety” provided by such systems. In an emergency, the “failsafe” option will allow the computer to work even with one or more damaged hard drives, which means that the system will protect data in case of any physical hardware failure, but it will be useless when it comes to ensuring the logical integrity of data.

A software failure, a file system failure, a virus attack, malicious acts, or even a simple user error can cause all user data to become inaccessible on all hard drives at the logical level, while at the physical level everything will be work just fine. Logical errors are best resolved by using data recovery utilities such as Hetman Partition Recovery, which will recover files and folders from hard drives with damaged, broken or missing file systems.

Redundant Arrays and RAID Arrays

Businesses with limited budgets, as well as ordinary users, often use a redundant array subsystem to further protect their data.

However, RAID arrays, when used on their own, only partially protect a computer. So, if it is still possible to somehow cope with the failure of one or more hard drives, then a broken RAID controller will lead to the fact that the entire system will cease to function.

As with fault-tolerant systems, a RAID array will only provide a limited level of security in the event of a physical problem with one or more of the hard drives that comprise the array. Even the best RAID array will not protect against accidental deletion of a file, or a virus that cleared an entire folder, or a user error that caused a file system crash and denied access to blocks. Therefore, in relation to fans of redundant RAID arrays, it is recommended that you familiarize yourself with a good data recovery utility (such as Hetman Partition Recovery) is very imperative.

Backup planning

Proper planning of backups can greatly reduce the user's concern about the safety of their information. Regularly and meticulously performing backups, you can save information even in the event of a logical damage to the system. But if you have already wondered how to recover deleted files, then use Hetman Uneraser. The utility will perform data recovery much easier and faster. You can download the program for free from our website.

Hello, friends! In the last article, we are with you, but what if one hard disk is already full of files and we need to create a mirror for it. I propose to do this today. Before work, I will briefly remind you of what a RAID array or Mirroring is.

The principle of operation of a RAID array is duplication of information, in simple words, your computer will use two hard drives to store files, which will completely copy each other, if you have written any file to the first hard disk, it will also be copied to the second disk. This is done for the safety of your information, and if one hard drive suddenly breaks down, then all files will remain safe and sound on the other hard drive! The only drawback of a RAID 1 array is that two of your hard drives will work as one, for example, when two 1TB hard drives are installed in the system unit, they will both be defined in the operating system as one 1TB hard drive.

• Note: Read the following article and this section ""

So, imagine the situation, you have two hard drives installed on your computer: a solid-state drive with Windows 8.1, as well as a simple 250 GB hard drive with the most important files that you should never lose, so we create the simplest RAID 1 array of two hard drives, that is, we buy another 250 GB hard drive and install it in the system unit.

After that, turn on the computer and after loading the operating system, go to "Disk Management" and see three hard drives:

Disk 0- Solid state drive SSD, drive C: with Windows 8.1.

Disc 1- a regular HDD (New volume (D:) with a capacity of 250 GB, with your files, we will create a mirror for it.

Disc 2- clean HDD, also 250 GB, it will be a mirror of Disk 1.

The volume of the disks does not have to be the same, the main thing is that the mirror should not be smaller in the volume of the disk from which it is created.

Right-click Disk 1 and select Convert to Dynamic Disk.

We make sure that the disk is selected correctly. OK.

Transform

Disk 1 (New Volume (D:) converted to Dynamic Disk, nothing happened to our files, they are available.

Click on New volume (D:) with the right mouse and select Add mirror,

Select Disk 2 with the left mouse button and click on the Add mirror volume button.

There is a process of synchronizing the contents of hard drives, all information from The new volume (D:) is copied to the mirror.

"Disk Management" reports that the synchronization is complete, the disks are healthy and you can work.

This PC window A RAID 1 array is presented as a single volume.

Many companies require servers with a high-capacity, high-performance disk subsystem, which is achieved by using a large number of high-performance disks. We have a case when a company used a solution of 10 HDDs with a SAS interface with a capacity of 600 GB, organized in a RAID 50 array (the useful capacity of the array is 600 * 8 = 4800 GB). This RAID 50 is a combined array, which we consider as two RAID 5 arrays combined into a RAID 0 array. This solution allows you to get a higher write speed to the array compared to a regular RAID 5 with the same number of member disks, because for formation of a parity block requires a smaller number of read operations from the disks of participants (the speed of calculating the parity block itself can be neglected due to the fact that it represents a very small load for modern RAID controllers). Also in RAID 50, in some cases, fault tolerance will be higher, since the loss of up to two disks is acceptable (provided that the disks are from different RAID 5 arrays included in this RAID). In the case we are considering, according to the system administrator, 2 disks failed, which led to the stop of the RAID array. Then followed the actions of the system administrator and the service department of the company selling the server, which cannot be described due to inconsistent and contradictory testimony.

In our case, the disks are numbered by the customer's representative from 0 to 9 with the words: "in this order they were used in the array, and no one changed their places." This statement is subject to mandatory verification. We were also informed that this array was used as storage for an ESXi server, and it should contain several dozen virtual machines.

Before starting any operations on disks from the array, it is necessary to check their physical integrity and serviceability, as well as create copies and then work exclusively with copies for safe work. If there are seriously damaged drives, consider the need for data extraction work, that is, if only one drive is seriously damaged, then it is necessary to find out by analyzing the array assembled from the remaining drives, whether the problematic HDD contained actual data, or it should be neglected and the missing data should be obtained for account XOR operations on the other members of one of the RAID 5, which included this disk.

Copies were made, as a result of which it turned out that 4 drives have defects between LBA 424,000,000 and LBA 425,000,000, this is expressed in the form of unreadable several dozen sectors on each of the problem drives. We fill the unread sectors in the copies with the 0xDE 0xAD pattern so that later it will be possible to identify the affected data.

The primary analysis involves identifying the RAID controller to which the disks were connected, or rather, identifying the location of the RAID controller metadata so that these areas are not included when assembling into an array.

In this case, in the last sector of each of the disks, we find characteristic 0xDE 0x11 0xDE 0x11 with a further mark of the brand of the RAID controller. The metadata of this controller is located exclusively at the end of the LBA range, any buffer zones in the middle of the range are not used by this controller. Based on this and previous data, the conclusion follows that the collection of the array should start from LBA 0 of each of the disks.

Knowing that the total capacity of the array is more than 2 TB, we search in LBA 0 for each of the partition table disks (protective MBR)

and GPT header in LBA 1.

In this case, these structures were not found. These structures usually fall victim to the rash actions of the server maintenance personnel, who did not work out the situations of failure of the storage system and did not study the features of the operation of a particular RAID controller.

For further analysis of the features of the array, it is necessary to search one of the disks for regular expressions of monotonically increasing sequences. These can be either FAT tables or a fairly large MFT fragment, or other structures convenient for analysis. Knowing that this array contained virtual machines with Windows OS, we can assume that the NTFS file system was used inside these machines. Based on this, we search for MFT records using the characteristic regular expression 0x46 0x49 0x4C 0x45 with a zero offset relative to the 512-byte block (sector). In our case, after LBA 2,400,000 (1.2GB), a fairly long (more than 5000 records) MFT fragment is found. In our case, the MFT record size is standard and is 1024 bytes (2 sectors).

Let's localize the boundaries of the found fragment with MFT records and check for the presence of a fragment with MFT records within these boundaries on the other disks participating in the array (the boundaries may differ slightly, but no more than the size of the block used in the RAID array). In our case, the presence of MFT records is confirmed. We leaf through the records with the analysis of numbers (the DWORD number is located at offset 0x2C). We analyze the number of blocks, where the increase in the MFT record number occurs with a change by one, based on this we calculate the block size used in this RAID array. In our case, the size is 0x10000 bytes (128 sectors or 64KiB). Next, we select among the MFT records one of the places where the MFT records or the result of their XOR operation are symmetrically located on all member disks and compose a matrix with the numbers of the records from which the array blocks with a doubled number of rows begin.

By the record numbers, we determine which of the disks are included in the first RAID 5, and which in the second. We perform the correctness check using the XOR operation. In our case, according to the table, we see that the numbering of disks by the customer's representative was done incorrectly, since the matrices of both arrays differ in the location of the parity block (denoted as “XOR”). We also see that there is no parity delay in this array, since the position of the parity block changes with each row.

Having filled the table with the MFT record numbers for the specified offsets from each of the disks, we can proceed to filling in the double disk usage matrix. It is doubled due to the fact that we started to form the matrix in an arbitrary place. The next task is to determine from which row the correct matrix begins. The task is easily accomplished by taking the first five offsets indicated in the figure above and multiplying by 8. Then solve a simple example in the form a=a+b blocks with data contained in the disk usage matrix) and solve it in a loop until it reaches one of the offset values ​​multiplied by 8.

After constructing the disk usage matrix, we can collect the array using any means available for this that can work with a matrix of arbitrary size. But such an option for collecting an array will not take into account the relevance of data on all disks, and therefore additional analyzes are needed to exclude a disk containing irrelevant data (it was the first one excluded from the array).

A full array collection is usually not required to determine if a drive is out of date. It is enough to collect the first 10-100GB and analyze the structures found. In our case, we operate with the beginning of an array of 20GB. As already mentioned, there are no protective MBR and GPT on the disks, and, of course, they are not in the assembled array, but when searching, you can quickly find the VMFS magic block, subtracting 0x100000 (2048 sectors) from its position, we get the start point of the VMFS partition. Having determined the location of fdc.sf (file descriptor system file), let's analyze its contents. In many cases, analysis of this structure will allow you to find a place where erroneous entries are present. Comparing it with the disk usage matrix, we get the number of the disk containing outdated data. In our case, this turned out to be sufficient and no additional analytical measures were required.

Having completed the collection of the entire array with compensation for the missing data due to the XOR operation, we got the full image of the array. Knowing the localization of defects and the localization of virtual machine files in the image, it is possible to determine which virtual machine files have defects. After copying the virtual machine files from the VMFS storage, we can mount them in the OS as separate disks and check the integrity of the files contained in the virtual machines by searching for files containing sectors with the 0xDE 0xAD pattern. Having formed a list of damaged files, the work on restoring information from a damaged RAID 50 can be considered completed.

I draw your attention to the fact that this publication deliberately does not mention professional data recovery complexes that make it possible to simplify the work of a specialist.

© Andrey Egorov, 2005. TIM Company.

Modern business in any field consists in obtaining, storing, processing and issuing information. The volume of such information in the organization annually doubles on average. Unique information is becoming more and more expensive, and its storage requires considerable costs.

RAID array and backup

Let's name the industries in which the loss of working information can be literally catastrophic: the armed forces, energy, all types of transport, the financial system, government planning, healthcare, housing and communal services, scientific research ...

The two main categories of reasons why information disappears are traditional not only for Russia: roads and fools. Seriously, these are natural causes and the human factor. The first category includes: floods and fires, earthquakes and hurricanes, power outages and hardware problems, i.e. iron failure for any reason.

The anthropogenic category includes deliberate and "accidental" threats from humans: hacker attacks and computer viruses, sabotage and sabotage, software bugs and unintentional destruction of data. Banal personnel errors account for the lion's share of all cases of data loss: forgotten user passwords and lost encryption keys, incorrect synchronization of versions, or accidental deletion of a file by a user.

Anything can happen - here's an example. The employee's son, a student, came in to print a term paper. I sat down at my dad's computer, began to format the floppy disk (I learned it recently), and, of course, accidentally deleted all the files from the network drive. The existence of a company that has suddenly lost its customer base, history of settlements or other information necessary for its life becomes very problematic...

Preserving important business information is our common goal. In the end, her personal loss of the boss should worry much more, because, in the worst case, the system administrator will find another job, and the manager risks not only his information - his enterprise and business, reputation and fortune, well-being and even health!

The last line of defense against data loss is their backup(in English - Backup). It is called backup because redundant copies of files and directories are saved to removable media just “just in case”. As we have already seen, data can be lost; and in order to restore them, just a backup copy is used. Backup(Save) should be done daily - this copies any new or changed files so that they are sure to be available for recovery.

In words " backup»concluded a whole science, in practice, this is a real branch of the information business. This concept includes methodology, specialized hardware and software.

For Reserve copy information is used, first of all, tape drives, less often - magneto-optical disks, rewritable CDs or network hard disk arrays. The simplest programs Reserve copy are built into any operating system, but commercial software products such as BakBone NetVault, Veritas BackupExec, ArcServe, Yosemite TapeWare and others provide all the richness of opportunities.

All operations Reserve copy are automatically included in the corresponding journal. However, reports on all important operations should be printed out, because in case of data loss, it will be impossible to access the lists of backed up files.

An emergency plan is created in advance. It clearly states who and what actions are taken in certain cases. All the necessary installation disks are collected so that at a critical moment they do not have to be searched throughout the office. A detailed instruction is written, which literally describes the procedure step by step: insert CD No. 1, reboot, after the appropriate request, use the magnetic tape (tapes) in accordance with the magazine Reserve copy.

In information theory, indicators of the quality of information are its relevance and availability. Relevance determines the degree of preservation of the value of information for management at the time of its use and depends on the dynamics of changes in its characteristics and on the time interval that has elapsed since the occurrence of this information. Availability determines the proportion of time during which information is ready for use, and is expressed as a percentage: for example, 99.99% (“four nines”) means that no more than 53 minutes of information system downtime for any reason are allowed during the year.

To ensure acceptable relevance of information, regular (daily) checks should be made. backup. Availability depends on the speed of information recovery in case of loss from backup media.

Tape drives (streamers) were originally designed to store data. They use a removable media cartridge, have the highest capacity, have the highest speed, are extremely reliable, the most cost-effective, provide information protection and are an open industry standard. Since its inception, magnetic tapes have gone through five generations of development, have proven their worth in practice and are rightfully a fundamental element of backup practice.

Recently, it has become fashionable to discuss hard disk-to-disk backup (D2D) backup technologies using as the target device RAID array. The prerequisites for this trend are, on the one hand, the emergence of fast and inexpensive Serial ATA hard drives with a very large capacity, and, on the other hand, the need to carry out the procedure for saving the required amount of data in a limited time. At the same time, SCSI RAID is recommended where the main requirement is the highest speed of saving and restoring, and SATA RAID is used where the ratio of capacity and cost is more important.

The time it takes to make a backup is called the backup window. The copying window is determined by the following criteria: since the creation of a backup requires absolute access to data, this process is carried out during non-working hours, when it has the least possible impact on staff work, server and local network load. Suppose that the most ardent workaholics are unlikely to stay up after midnight, and the "larks" will not arrive at work before 6 in the morning. Therefore, we get 6 hours, during which all the necessary information must be moved to backup media - this is where we may need such an important feature of hard drives as their excellent speed.

If the amount of data transferred during one session exceeds the size of the tape cartridge, it becomes necessary to manually replace the media at the request of the program Reserve copy. Obviously, at night this can be problematic (by the way, this is why the most prudent system administrators choose not a simple drive, but an autoloader or a tape library). In addition to excellent speed, hard disk storage can help us in this case by providing free space for recording a backup that exceeds the capacity of a single cartridge.

The advantages of storing data backups on hard disks (primarily high speed of saving and restoring) and on magnetic tapes (low cost of storage and unlimited capacity) are combined in disk-to-disk-to-tape (D2D2T) solutions. This approach involves using the disk cache as an intermediate step in the procedure Reserve copy, whose ultimate goal is still magnetic tapes.

Andrey Egorov, head of the department for work with corporate clients of the TIM company, certified professional - MCSE, Master CNE, CIA, ICIS, etc.