PCS7 System Recovery With Veritas en

Download as pdf or txt
Download as pdf or txt
You are on page 1of 19

How do you create an

image of the
operating systems
during operation
Siemens
SIMATIC PCS 7 / Veritas System Recovery Industry
Online
https://support.industry.siemens.com/cs/ww/en/view/56897157 Support
This entry is from the Siemens Industry Online Support. The general terms of use
(http://www.siemens.com/terms_of_use) apply.

Security Siemens provides products and solutions with industrial security functions that support the
informa- secure operation of plants, systems, machines and networks.
tion
In order to protect plants, systems, machines and networks against cyber threats, it is
necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial
security concept. Siemens’ products and solutions only form one element of such a
concept.

Customer is responsible to prevent unauthorized access to its plants, systems, machines


and networks. Systems, machines and components should only be connected to the
enterprise network or the internet if and to the extent necessary and with appropriate
security measures (e.g. use of firewalls and network segmentation) in place.
Additionally, Siemens’ guidance on appropriate security measures should be taken into
account. For more information about industrial security, please visit
http://www.siemens.com/industrialsecurity.

Siemens’ products and solutions undergo continuous development to make them more
secure. Siemens strongly recommends to apply product updates as soon as available and
to always use the latest product versions. Use of product versions that are no longer
supported, and failure to apply latest updates may increase customer’s exposure to cyber
threats.

To stay informed about product updates, subscribe to the Siemens Industrial Security
RSS Feed under http://www.siemens.com/industrialsecurity.
 Siemens AG 2018 All rights reserved

Table of content
1 Introduction ........................................................................................................ 3
2 General Information ........................................................................................... 4
2.1 Hard Disk Image ................................................................................... 4
2.2 System Configuration ........................................................................... 4
3 Introduction of a Disaster Recovery Plan (DRP) ............................................ 5
3.1 Introduction of a DRP in a New Plant ................................................... 5
3.2 Introduction of a DRP in an Existing Plant ........................................... 5
4 Hardware Environment ..................................................................................... 6
4.1 Local Backup ........................................................................................ 6
4.2 Local Backup and Central Storage ...................................................... 7
4.3 Backup via the Terminal Bus ............................................................... 8
4.4 Backup via an Additional Network ........................................................ 9
4.5 Installation of Veritas System Recovery............................................. 10
4.6 Recommendations for Time Settings ................................................. 10
4.7 Recommendations for Configuration Settings.................................... 11
4.8 Recommendations for Performance Settings .................................... 13
5 Restore with Veritas System Recovery ......................................................... 14
5.1 Recovery CD ...................................................................................... 14
5.2 Restore ............................................................................................... 15
5.3 Clear Management Data of Microsoft SQL for PCS 7 V8.0 /
V8.1 .................................................................................................... 16

Creating images of operating systems


Entry-ID: 56897157, V 2.0, 05/2018 2
1 Introduction

1 Introduction
This document shows you a solution for creating a disk image while the system is
in operation.
It also includes instructions for configuration using the following Veritas products.

 Veritas System Recovery

This software can be procured from the manufacturer at


http://www.veritas.com

WARNING Please note that we do not give any warranty for the functioning of the
procedure described in this entry, nor do we assume any liability for any
faults that might arise when using the Veritas software or the software of
any other provider.
Please also note the system requirements of the backup software used.

Limitation
This document is not a substitute for the manual supplied with the backup software
used.
 Siemens AG 2018 All rights reserved

The use of system recovery tools is not a substitute for the PCS 7 redundancy
concept or for the provision of an uninterruptible power supply (UPS) required by a
process control system.
This document deals only with the backup of the operating system and installed
software. The backup of project data is done in the SIMATIC Manager using the
"Archive" function.

Creating images of operating systems


Entry-ID: 56897157, V 2.0, 05/2018 3
2 General Information

2 General Information
2.1 Hard Disk Image
Using the appropriate software you can create a 1:1 image of hard disks or single
partitions. In the case of an error you can quickly restore the system by playing
back this image (Bare Metal Restore). The disadvantage here is that the backup
can only be made on systems which have practically identical hardware.
In the meantime there are also solutions available which enable an incremental
procedure. In this case, the complete hard disk or partition is imaged with the first
backup. Each subsequent backup saves only the changes. This sort of backup
procedure is necessary in particular when the system is continuously changed by
an automatic update function, for example.

WARNING Some manufacturers enable backup of the system partition on changed


hardware or a virtual conversion. This procedure is not enabled for PCS 7.

2.2 System Configuration


When using system recovery tools, it is necessary to separate the operating
 Siemens AG 2018 All rights reserved

system with installed software and the PCS 7 project data at drive level.

Example:

 Drive C: Operating system and PCS 7 installation

 Drive D: Multiproject (ES) or OS project (server/client)

WARNING PCS 7 OS does not support saving or backup of runtime data (Alarm
Logging, Tag Logging). It is mandatory to have a redundant configuration
of the OS server or OS single station in order to keep the runtime data of
PCS 7 consistent even if the server fails.

WARNING When backing up an Engineering Station (ES) the PCS 7 (multi) project
must be closed (Multiproject Engineering Server and Distributed
Engineering Stations).

Creating images of operating systems


Entry-ID: 56897157, V 2.0, 05/2018 4
3 Introduction of a Disaster Recovery Plan (DRP)

3 Introduction of a Disaster Recovery Plan


(DRP)

3.1 Introduction of a DRP in a New Plant


In the case of new plants requiring a DRP, consideration should be given to
possible scenarios throughout the life cycle of the plant, from design to
configuration to operation.
The DRP should monitor and document the possible failure scenarios as a
separate accompanying work package.

Configuration

 Backup frequency
 Backup plan
 Number of images (number of restore instances)
 Central or local storage of the images (access rights)
 Creation, testing and storage of the recovery disk (boot CD / DVD)
 Siemens AG 2018 All rights reserved

 Coordinated backup of project data and images

Runtime
 Performance of the plant during image creation
 Performance of the network with central storage of the images

With FAT / SAT it is absolutely necessary to test the image creation in order to
determine the load of the plant during image creation.

3.2 Introduction of a DRP in an Existing Plant


The criteria for introducing a DRP in new plant apply to their full extent for
introducing a DRP in an existing plant.
However, introducing a DRP in an existing plant is a lot more complex than with a
new plant. Tests for failure and restoring, and performance measuring can only be
made to a limited extent on running plant.

Creating images of operating systems


Entry-ID: 56897157, V 2.0, 05/2018 5
4 Hardware Environment

4 Hardware Environment
4.1 Local Backup
You have the option of storing the image of the system partition locally on the
computer. This can be an existing drive, an additionally installed internal data
memory or a data memory connected by USB or eSATA.

WARNING When backing up the system partition there is a great deal of reading and
writing. We recommend using an additional hard disk; an additional
partition is not sufficient.
When using external drives make sure that they are available at the time of
the backup.

Figure 4-1

Backup OS client
system
 Siemens AG 2018 All rights reserved

Additional
int. HDD

Terminal bus

OS server (pair)

USB
External USB External
HDD HDD

Plant bus

Advantages
 Low loading of the terminal bus
 Low additional hardware costs

Disadvantages
 System images are not stored centrally
 No access to local data media if the hardware fails
 External memories must always be available

WARNING If a backup is made on the partition on which the PCS 7 archives are
configured, you must make sure that there is sufficient memory available.

Creating images of operating systems


Entry-ID: 56897157, V 2.0, 05/2018 6
4 Hardware Environment

4.2 Local Backup and Central Storage


In order to be able to restore the system if there is a hardware failure, the local
backup must also be on a data media that is available in such a case.
Some backup systems offer an option here of creating an off-site copy. Once a
backup has been made it is copied automatically to one or more storage media.

Figure 4-2

Backup OS client
system NAS

Offsite
copy

Additional
int. HDD

Terminal bus

OS server (pair)

USB
External USB External
HDD HDD
 Siemens AG 2018 All rights reserved

Plant bus

Note With this sort of system backup there is a temporary high data transfer load on
the terminal bus. If the offsite copy is made, there might be display delays on the
OS client.

Advantages
 Local backup takes less time
 Central storage of the system images on a network drive or an FTP server
(NAS, for example)
 High data security if the PC hardware fails

Disadvantages
 High network and computer loading during the offsite copying

Creating images of operating systems


Entry-ID: 56897157, V 2.0, 05/2018 7
4 Hardware Environment

4.3 Backup via the Terminal Bus


Data backup via the available network is practical for storing all the system images
centrally at one location. The backup system itself can be the storage location;
alternatively it can be a network storage facility (NAS – Network Attached Storage).
Another advantage of this method in addition to the central storage is the possibility
of simply configuring data backup in the form of a RAID system.

Note With this sort of system backup there is a high data transfer load on the terminal
bus. When the system backup is made, there might be display delays on the OS
client.
When using this configuration we recommend operating the terminal bus with a
1-Gbit network.

Figure 4-3

Backup OS client
system NAS
 Siemens AG 2018 All rights reserved

Terminal bus

OS server (pair)

Plant bus

Advantages
 Central storage of the system images on a computer or NAS
 Simple integration of data security through a RAID system
 Low additional hardware costs

Disadvantages
 High loading of the terminal bus (possibly increased image opening times
during backup).
 During restore with the Veritas Restore DVD it must be possible to access the
network. It might be necessary to create an appropriate computer-specific
Restore DVD.
Instructions are available in the Veritas documentation and in section 5.1.

Creating images of operating systems


Entry-ID: 56897157, V 2.0, 05/2018 8
4 Hardware Environment

4.4 Backup via an Additional Network


In order to compensate the disadvantage of increased network load, you have the
option of installing an additional network. However, this requires additional network
adapters, cables and network distributors for all the OS stations.

Figure 4-4

Backup OS client
system NAS

Additional Ethernet

Terminal bus OS server (pair)

Plant bus
 Siemens AG 2018 All rights reserved

Advantages
 Central storage of the system images on a computer or NAS
 Simple integration of data security through a RAID system
 No loading of the terminal bus

Disadvantages
 More hardware to install (additional network adapters, cables and network
distributors are necessary)
 Additional administration required for the network
 The order of the network cards is important for operating PCS 7 (see PCS 7
README)
 During restore with the Veritas Restore DVD it must be possible to access the
network. It might be necessary to create an appropriate computer-specific
Restore DVD.
Instructions are available in the Veritas documentation and in section 5.1.

Creating images of operating systems


Entry-ID: 56897157, V 2.0, 05/2018 9
4 Hardware Environment

4.5 Installation of Veritas System Recovery


It is only necessary to make a full installation on the backup server. Install the
software according to the Veritas instructions on a dedicated system.

In order to make a remote backup of a system it is necessary to install the Veritas


System Recovery Agent on the target computer. This can be installed through the
basic setup or installed on the target computer by the backup server using the
"Implement Agent" function.

Note Please note that the settings of a firewall might hinder installation and connection
via the network. Refer to the description of Veritas to see which ports and
programs have to be configured in the firewall for operating the backup software.

You must restart the system after installing the "Backup and Recovery
Service".

WARNING If the OS server does not have a redundant configuration there might be
gaps in the alarm logging and tag logging.
 Siemens AG 2018 All rights reserved

4.6 Recommendations for Time Settings


Image creation during operation increases the load on the system. In order to
minimize this load it is necessary to split the image creation times. Veritas System
Recovery enables you to distribute backup jobs as required.
Note the following points when configuring the backups:
 Always just 1 backup at a time
 Schedule a time buffer to avoid overlapping
 Configure by preference at times of low operation
 Do not start any backups during archive exporting to the CAS
 We recommend that you do not make a backup on the Engineering Station
during compilation or downloading.

Creating images of operating systems


Entry-ID: 56897157, V 2.0, 05/2018 10
4 Hardware Environment

Figure 4-5
 Siemens AG 2018 All rights reserved

Note You can make these settings separately for each computer requiring backup.

Note Please note that the settings of a firewall might hinder installation and connection
via the network. Refer to the description of Veritas to see which ports and
programs have to be configured in the firewall for operating the backup software.

4.7 Recommendations for Configuration Settings


We recommend making the following settings:
 "Drive-based Backup"
Backup of an entire drive. Backup and restoring of the computer (system drive,
usually drive C).
 "Check restoring point after creation"
 "Prepend computer name to backup data file names"
This option is very useful when backing up more than one computer on the
same driver.
 "Save backup files to a unique subfolder"
The new subfolder receives the same name as your computer.
 "Default backup destination" with associated logon data.
 Disable "Show splash screen at startup" (OS client)
A message is displayed when creating the image. Disable this option so as not
to distract the operator.

Creating images of operating systems


Entry-ID: 56897157, V 2.0, 05/2018 11
4 Hardware Environment

You can also set the options below as required:


 Compression levels for drive-based backups.
 Use password
 Use AES encryption

Figure 4-6
 Siemens AG 2018 All rights reserved

Since only the system partition (C:\) is to be backed up, all the other partitions
should be excluded from the monitoring, otherwise the status of all stations would
always be "At Risk".

Creating images of operating systems


Entry-ID: 56897157, V 2.0, 05/2018 12
4 Hardware Environment

4.8 Recommendations for Performance Settings


You can make settings that affect the computer performance and network loading
during system backup.

Note You can make these settings separately for each computer requiring backup.

In order to ensure secure operation of PCS 7 you should not set the system load
too high through the backup.
Basically the following holds:
 Fast backup – high system load
 Slow backup – lower system load

The performance setting always reflects the balance between additional load on
the PCS 7 system and the time taken for creating an image. We recommend
setting the speed to not more than 50%.
If you make backups via the terminal bus, you should keep the network load as low
as possible. For this case, Veritas provides a throttling option for the network.
Enable the throttling option and enter the value of 2500 KB/s for maximum network
 Siemens AG 2018 All rights reserved

throttling.

Figure 4-7

Creating images of operating systems


Entry-ID: 56897157, V 2.0, 05/2018 13
5 Restore with Veritas System Recovery

5 Restore with Veritas System Recovery


5.1 Recovery CD
In order to be able to recover the system in an emergency, you need a bootable
recovery CD. For this case Veritas provides the prepared Veritas System Recovery
Disk. This starts the computer with a simplified Windows system in a recovery
environment.
However, it is recommended to create a user-defined Veritas System Recovery
Disk in order to prevent driver incompatibilities. A user-defined Veritas System
Recovery Disk contains the drivers of the current network and the storage devices
of your computer. It helps to ensure that you can access the recovery points in the
case of an emergency which are required to restore your computer.
Proceed as follows to create the recovery CD: Start "Tasks > Create user-defined
recovery disk" and follow the instructions. Then you need the recovery disk
provided by Veritas and drivers to be incorporated in your system.

Figure 5-1
 Siemens AG 2018 All rights reserved

Creating images of operating systems


Entry-ID: 56897157, V 2.0, 05/2018 14
5 Restore with Veritas System Recovery

5.2 Restore
In order to make a backup of the system image you start the computer using the
recovery CD.
Change the network settings as required and configure the storage path of the
backup file as network drive. Start the backup.
After successful backup of the system you still have to transfer the project data
from the ES to the target system.

Note A backup is made always of the status of the system when the backup is
created. If changes are made after this point in time, by the Windows Update
Service or automatic updating of the anti-virus software, for example, then you
have to run these updates again.

WARNING Microsoft SQL saves management data for SQL servers on the system
partition. If an image is backed up on a PC station, the management data
and any old project data is not consistent. Then you must clear the old
management data using Microsoft SQL Server Management Studio.
 Siemens AG 2018 All rights reserved

Creating images of operating systems


Entry-ID: 56897157, V 2.0, 05/2018 15
5 Restore with Veritas System Recovery

5.3 Clear Management Data of Microsoft SQL for PCS 7


V8.0 / V8.1
If the OS project is open or in Runtime when the image is created, the
management data must be cleared in the Microsoft SQL server after the restore.
You do this using the Microsoft SQL Server Management Studio.
In PCS 7 V8.1 SP1 the clearance is done in the PCS 7 software.

WARNING It is not possible to start Runtime or a download of the OS project without


management data clearance.

Note Information about executing SQL statements and SQL scripts is available in the
Help for the Microsoft SQL Server Management Studio and at
http://www.microsoft.com

You must use "DROP" to separate databases that are in the RECOVERY
PENDING state.
You can use "DETACH" to separate all other PCS 7 databases.
 Siemens AG 2018 All rights reserved

You can use the query below to determine which databases are in the RECOVERY
PENDING state.

SELECT * from sys.databases WHERE state_desc = 'Recovery_Pending'

You must separate all the databases that have the following properties.
 Begin with "CC” or *ALG*
 Include *TLG* in the database name

Attached is a script that separates all the PCS 7 in the MS SQL after restore. You
can execute the script in an SQL window.

DECLARE @Database nvarchar(max)


DECLARE @Sql NVARCHAR(max)

DECLARE cursorDatabaseRP CURSOR FOR select name from sys.databases


WHERE state_desc = 'Recovery_Pending'
DECLARE cursorDatabaseCC CURSOR FOR select name from sys.databases
WHERE name like 'CC%'
DECLARE cursorDatabaseALG CURSOR FOR select name from sys.databases
WHERE name like '%ALG%'
DECLARE cursorDatabaseTLG CURSOR FOR select name from sys.databases
WHERE name like '%TLG%'

OPEN cursorDatabaseRP

Creating images of operating systems


Entry-ID: 56897157, V 2.0, 05/2018 16
5 Restore with Veritas System Recovery

OPEN cursorDatabaseCC
OPEN cursorDatabaseALG
OPEN cursorDatabaseTLG

-- Drop all ALG and TLG segments remaining from restore set to
'Recovery_Pending'
FETCH NEXT FROM cursorDatabaseRP INTO @database
WHILE @@FETCH_STATUS = 0
BEGIN
IF @Database <> 'master' AND @Database <> 'model' AND @Database
<> 'msdb' AND @Database <> 'tempdb'
BEGIN
SET @Sql = 'Drop Database [' + @Database + ']'
print @Sql
EXEC sp_executesql @Sql
END
--Drop database @Database
FETCH NEXT FROM cursorDatabaseRP INTO @database
END

-- Detach CC Database
 Siemens AG 2018 All rights reserved

FETCH NEXT FROM cursorDatabaseCC INTO @database

WHILE @@FETCH_STATUS = 0
BEGIN
IF @Database <> 'master' AND @Database <> 'model' AND @Database
<> 'msdb' AND @Database <> 'tempdb'
BEGIN
SET @Sql = 'SP_DETACH_DB [' + @Database + ']'
print @Sql
EXEC sp_executesql @Sql
END
--Detach database @Database
FETCH NEXT FROM cursorDatabaseCC INTO @database
END

-- Detach ALG Database


FETCH NEXT FROM cursorDatabaseALG INTO @database

WHILE @@FETCH_STATUS = 0
BEGIN
IF @Database <> 'master' AND @Database <> 'model' AND @Database
<> 'msdb' AND @Database <> 'tempdb'
BEGIN
SET @Sql = 'SP_DETACH_DB [' + @Database + ']'
print @Sql
EXEC sp_executesql @Sql
END
--Detach database @Database

Creating images of operating systems


Entry-ID: 56897157, V 2.0, 05/2018 17
5 Restore with Veritas System Recovery

FETCH NEXT FROM cursorDatabaseALG INTO @database


END

-- Detach TLG Database


FETCH NEXT FROM cursorDatabaseTLG INTO @database

WHILE @@FETCH_STATUS = 0
BEGIN
IF @Database <> 'master' AND @Database <> 'model' AND @Database
<> 'msdb' AND @Database <> 'tempdb'
BEGIN
SET @Sql = 'SP_DETACH_DB [' + @Database + ']'
print @Sql
EXEC sp_executesql @Sql
END
--Detach database @Database
FETCH NEXT FROM cursorDatabaseTLG INTO @database
END

CLOSE cursorDatabaseRP
 Siemens AG 2018 All rights reserved

CLOSE cursorDatabaseCC
CLOSE cursorDatabaseALG
CLOSE cursorDatabaseTLG

DEALLOCATE cursorDatabaseRP
DEALLOCATE cursorDatabaseCC
DEALLOCATE cursorDatabaseALG
DEALLOCATE cursorDatabaseTLG

Note In the case of redundant OS systems we recommend that after restore you
delete the project data on the OS before doing the download.
After Download and Start there is automatic synchronization with the redundancy
partner.

To ensure consistency of the project status, after successful backup of the system
you have to transfer the project data from the ES to the target system (download).

Creating images of operating systems


Entry-ID: 56897157, V 2.0, 05/2018 18
5 Restore with Veritas System Recovery

Special features of the domain environment


In order to be able to participate in a domain, each domain computer must
negotiate a trust token with the domain controller. This token is updated by default
every 30 days. You can change this period which is designated as Secure Channel
Trust. However, a trust token in a recovery point is not updated automatically by
the domain controller. Therefore, when a computer is recovered by a recovery
point that contains an old token, the recovered computer cannot participate in the
domain until it is assigned again to the domain by someone with the appropriate
authorization.

Details are available in the Veritas documentation or in the Veritas White Paper.
 Siemens AG 2018 All rights reserved

Creating images of operating systems


Entry-ID: 56897157, V 2.0, 05/2018 19

You might also like