Cut Your Losses
FirstDefense-ISR can be your first line of defense against disk failure and data loss.
- By Erik Westgard
I've never met a security patch I didn't like. While there's always the risk of installing a bad patch, the law of averages should work to your advantage. Most of the patches you'll need to install will work as they're supposed to and not cause any further problems. The misery caused by viruses and worms and other attacks that exploit the vulnerabilities of any Internet-connected system has outstripped most of the issues with bad patches.
This fragile balance between keeping systems running and keeping them secure with the latest patches and updates has brought the subject of backup and recovery to
the forefront. One recent glaring example is the
production version of
Windows XP SP2, which has had me a little worried of late. While the beta was flawless, blue screens of death have been a common occurrence for me since the end of the beta cycle.
After a few weeks of operating at this level of uncertainty, the concept of backup and recovery has my full attention. I installed FirstDefense-ISR on a Windows 2000 system in my lab, a process that was quick and easy. Right away it develops an image or "snapshot" of your system for the main NTFS system disk, and stores the image on the same disk. Consequently, it's not an offline backup tool, but is quite handy for a quick disk image.
Documentation 10% ————— 8
Installation 30% ——————— 10
Feature Set 30% ——————— 9
Performance 10% —————— 10
Management 20% —————— 8
Overall Rating: 9.1
1: Virtually inoperable or nonexistent
5: Average, performs adequately
Backup for Boots
FirstDefense lets you make copies of your system and settings. You can develop and store about 10 system snapshots. It has a special boot loader tool that figures out what system copies or snapshots you have out there and lets you choose the one from which you want to boot your system.
It also lets you make a master boot record recovery floppy, which can bring up the tool set if your machine won't boot. You can run the tool in backup mode where it copies the contents of the C: drive, or in system backup mode where it just saves and restores system information. You can manually exclude files and directories from backup to conserve space and expedite the process. The system can also take snapshots manually or on a pre-determined schedule.
There are lots of message alerts, so you can always see what FirstDefense is doing. It seems to create some new directories under a root, called C:\$ISR\0 or C:\$ISR\1, which is where it stores the system copies. One thing I learned early on is that these are real copies, and they're quite large. My system disk was nearly full after one snapshot, and I was unable to create a second.
|Figure 1. FirstDefense-ISR has a Wizard-driven interface that guides you through the process of creating a system snapshot. (Click image to view larger version.)
Moving to a system that was running XP Home, I installed FirstDefense, set up a second snapshot of the system and proceeded to download and install XP SP2. The snapshot was slightly larger than 3GB and took about an hour to generate. My test system came up right away, and on the next boot, FirstDefense asked which snapshot I wanted to use: the pre- or post-XP SP2 snapshot. I picked the pre-SP2 image. Instantly,
my system came back up with the pre-SP2 settings and configuration. I could have also easily gone back to the post-SP2 configuration. There
was no delay, no loading of disks and I didn't spend hours waiting for a system reload to be completed.
To round out my evaluation, I loaded FirstDefense on another lab system with Windows 2003 loaded on it. FirstDefense had no difficulty with either one. When you uninstall it, the system goes right back to the original base configuration.
Data Anchoring is another feature provided by FirstDefense. The idea is that you can set aside some data sets that more than one of the snapshots can access. You can change the bootable operating system snapshots and get back to another version, but still retain access to application data sets across the different versions.
|Figure 2. Once you have several system snapshots stored, you can choose which one you want to use for rebooting. (Click image to view larger version.)
The server version of
FirstDefense contains a
command-line interface, handy for remote control and administration of the product's backup and disk imaging functions. I sent a note to a Raxco engineer about this, and he said, "First Defense can be remotely deployed via Active Directory Group Policy, or another deployment technology that can 'push' out Windows Installer packages." He also said the command-line interface allows products like Microsoft Systems Management Server (SMS) to remotely manage and schedule FirstDefense images.
A Tool for All Seasons
FirstDefense is a useful utility for just about any lab or production setting.
It's suitable for all kinds
of uses. One of the most
valuable is for boot
recovery from serious OS errors or a bad driver. It's not a generalized, comprehensive backup program, so it should be used in
conjunction with a formal backup and recovery process; but it does what it does very well.
Erik Westgard, CCSP, MCSE, is a Convergence Consultant at a major ISP. At work
he spends a lot of time on next-generation VPN architectures for voice and data,
ITIL and solutions for health care. In his spare time, he's active in amateur
radio, emergency communications and sailing. Erik may be reached at email@example.com.