News Stay informed about the latest enterprise technology news and product updates.

Linux saves the day by recovering data in Windows servers

While the fear of losing stored data is a major issue for IT managers, not being able to recover what is lost is even more of a concern. Expert Gary Olsen provides some options for retrieving lost data, including a cool way to recover data from a Windows disk using a Linux server.

One of the most frightening aspects of computer technology for any IT manager is the loss of data stored on mass storage devices (disk drives).

Loss of data can have disastrous effects on a business with financial and legal implications. Consider one company that had a sophisticated storage area network (SAN) with redundant sites hosting mirrored data. The problem was that a series of hardware failures and administrative mistakes made the data inaccessible on both sites, and it forced the IT department to restore a great amount of data from tape.

But what would have happened if the backup tapes failed in this instance? It happens all the time. Tape is not the most reliable medium there is, and this company could conceivably have been put out of business.

This article will review some options for recovering data including a cool way to recover data from a Windows disk using a Linux server.

You've lost data. Now what?

As an IT manager, you have probably never lost all of your company's data, but it's likely you have had that stomach-dropping experience of losing some data. A lot of money is spent on technology that ensures that data is not only backed up but is readily available to be restored from other media. Recovering terabytes of data from tape is not reliable or efficient as it could take days and further impact your business.

In the Windows world, Microsoft's Volume Shadow Service (VSS) and Data Protection Manager as well as other backup products, in combination with relatively inexpensive disk storage media, have made backing up to disk a viable data recovery option. Recovering data from disk to disk is not only several magnitudes faster than tape to disk, but you don't have to worry about the tape media being bad or being able to find the tape. Plus, data is easily verifiable on disk media.

A trick learned from a case study

In addition to the resources mentioned, there is a very powerful method to restore data from a seemingly impossible failure.

I once ran into a case where there was critical data on a disk located on an external storage (SAN) device. A Microsoft utility called chkdsk had been run on the storage disk while it was connected to a Windows NT server. Then they connected the disk to then connected it to a Windows 2000 Server and ran the Windows 2000 version of chkdsk. Bottom line: Windows could not see the disk. We called in Microsoft engineers to look at it, but after a couple of weeks, we gave up and assumed the data was irrecoverable. At that time, there was nothing to indicate the data was corrupt, but it was most definitely inaccessible.

We puzzled over this for quite awhile and then a Linux admin had an idea. Why not hook up a Linux server to the storage array, mount the disk and do a block-level copy of the data to another disk? Well, it worked. We were able to copy the data to a new disk, configure Windows to see the new disk and all the data was intact. I have since used this method to recover data at other sites. While the causes differ, the problem is the same -- Windows is unable to see a disk that it once put data on. Linux, of course, knows nothing about Windows security, so that isn't a problem, and doing a block-level copy just copies raw data.

As an IT manager, this procedure may recover valuable data for you someday. It's not something you'll find on Microsoft's Web site and your staff has probably never heard of this method. So here is the process we used:

  1. Create a disk large enough to hold the data to be copied. Mount it on the Linux server.
  2. Make sure the disk is a "basic" disk.
  3. In the SAN fabric, add the Linux server, Windows server, the new empty disk and the old data disk to a single zone. Make sure Linux is SUSE 10 or higher. You can use older versions of Linux, but you will have to compile the NTFS driver. QLogic host bus adapters (HBAs) have the proper driver in SUSE 10.
  4. On the Linux box, execute the command:
    dmesg | grep sd you will see sdX where X is a drive letter (A, B, C…)
    mount /dev/sdX /windows_data (where sdX is the old Windows data drive) and
    windows_data is where the data is located.
  5. On the Linux box, copy the data from the old Windows disk to the new disk.
      cd /windows filesystem/

      cp -p -R * /new_filesystem

Just a standard copy will go about 60 MB/sec on a single (basic) disk, single path, through a 2 GB switched fabric. You may be able to find third-party utilities that will do it faster.

Again, you might have all that data on tape, but the speed and reliability of disk-to-disk transfer will be worth the effort even if you have to buy the Linux server software and install it. Most likely you have a Linux SUSE box somewhere that you can use.

Don't panic, there's a comfort zone

There is a lot to know about data recovery. The important thing is to make sure you understand that tape is historically the medium of preference to which we have created a comfort zone. And, disk storage of backed up data is becoming increasingly popular because of its speed and reliability. Make sure you develop a good recovery plan, and then make sure your staff is up to date on the technical aspects of how to make it work and how to test it. You will sleep better at night!

Gary Olsen is a systems software engineer for Hewlett-Packard in Global Solutions Engineering. He authored Windows 2000: Active Directory Design and Deployment and co-authored Windows Server 2003 on HP ProLiant Servers.

Dig Deeper on Windows Server storage management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.