Re: AD Disaster Recovery Test in Lab Environment
From: Prasetyo (prasetyo_at_microsoft.com)
Date: 10/12/04
- Next message: Denis Wong _at_ Hong Kong: "RE: application error 1202 and 1000"
- Previous message: Ace Fekay [MVP]: "Re: not prompting for password change"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 12 Oct 2004 09:54:04 +0700
You can isolated the network by restricting routing between production and
your lab environment, even when they use the same switch.
"Simon Geary" <simon_geary@hotmail.com> wrote in message
news:uYx2ZBKnEHA.1304@TK2MSFTNGP09.phx.gbl...
>I don't like the sound of your plan Jason, anything that involves having
>the restored DC on the same routed network as the live AD is asking for
>trouble. All you need for an isolated network is a cheap 10Mbit hub, you
>can pick up one of these for a few pounds. It may be slow but it would do
>for testing.
> As for the backups, why don't you use ntbackup on one of the live DC's to
> take a System State backup to a flat .bkf file, then you can copy this
> file to a laptop. Plug this laptop into your new hub and then restore AD
> in isolation using that backup file.
> Alternatively, if your restore hardware is identical to the live stuff,
> you could take a Ghost image and restore that.
>
> "Jason S" <JasonS@discussions.microsoft.com> wrote in message
> news:D0E89EC5-D7B5-43F4-B89B-95154F31E9A6@microsoft.com...
>> They are two different subnets, but the two subnets can talk to each
>> other
>> over the LAN. This is something I can't change for two reasons:
>> 1. The tape backup and restore server is on the same subnet as the
>> production servers and
>> 2. I don't have access to the Cisco Equipment that would allow me to
>> shut
>> off communication between the two subnets.
>>
>> So I'm tasked with proving that we can recover with tape backups, but
>> stuck
>> in this corner of not being able to physically seperate the two. My
>> thinking
>> so far has been that if I restore one of the servers, unplug the network
>> cable, reboot, change the IP address and DNS settings to it's new self,
>> and
>> reboot again, I should be able to plug in the network cable without
>> issue,
>> but I want to be sure.
>>
>> The only other thing I have been able to verify so far is that network
>> broadcasts aren't crossing the two subnets.
>>
>> Jason
>>
>> "Simon Geary" wrote:
>>
>>> Do you mean that the test servers will be on the same physical subnet as
>>> your production servers? i.e. the servers have connectivity to each
>>> other?
>>> If so, this would be a mistake, you shouldn't mix live and test servers
>>> on
>>> the same network, especially as in a DR scenario you may want to give
>>> the DR
>>> servers the same name as the live ones.
>>> What you should do is create a physically isolated test lab which will
>>> allow
>>> you to experiment without risking your live servers.
>>>
>>> "Jason S" <Jason S@discussions.microsoft.com> wrote in message
>>> news:65F14AEA-EECA-433C-8E1B-59969AEE4DD9@microsoft.com...
>>> > Hello,
>>> >
>>> > I have a lab environment that I need to test DR with for our ADS and
>>> > DNS
>>> > servers. The problem is that I these servers can, and have to, see
>>> > the
>>> > same
>>> > subnet as the production servers. I want to make sure I don't take
>>> > down
>>> > production when I perform the test. How can I do that?
>>>
>>>
>>>
>
>
- Next message: Denis Wong _at_ Hong Kong: "RE: application error 1202 and 1000"
- Previous message: Ace Fekay [MVP]: "Re: not prompting for password change"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
