Chapter 18. Disaster Recovery Planning

Colin Murphy

Disaster recovery is one of the most important aspects of planning your K2 blackpearl deployment. It is one of those things that you hopefully will never have to actually utilize but that is absolutely critical to any implementation. As you begin planning for disaster recovery and uptime requirements, high-availability planning may also come into consideration as an attempt to minimize the impact of a server failure on your workflows. While this chapter will primarily focus on disaster recovery, an overview of the high-availability options available with K2 blackpearl will also be provided.

Additionally, K2 blackpearl potentially involves many parts, such as:

  • The process servers

  • Windows SharePoint Services/Microsoft Office SharePoint Server 2007

  • IIS (the K2 Workspace)

  • Line-of-business data (such as that which is accessed by SmartObjects)

  • Database servers

While this chapter will provide some guidance on these external systems and some considerations that must be taken into account, it will focus only on the K2 specific pieces of the system and the databases which K2 utilizes.

Disaster recovery planning should be a key consideration within every organization, but it can also be an extremely complex process and quite daunting. K2 blackpearl is also a complex product that potentially involves components installed across multiple servers and that likely interacts with other external systems such as SharePoint or other line-of-business (LOB) systems. This chapter attempts to break down the disaster recovery planning process and also provide step-by-step instructions for each K2 component independent of whether it is installed on a standalone server or within a farm.

This chapter covers the following topics:

  • A general overview of disaster recovery planning

  • Disaster recovery and K2 blackpearl

  • Steps to back up and restore K2 blackpearl components

What Is a Disaster Recovery Plan (DRP)?

A disaster recovery plan (DRP) — also referred to as a Business Continuity Plan (BCP) — is a set of procedures and measures to help ensure that business systems and processes can survive a disaster according to a business's requirements. A DRP typically encompasses three areas of planning:

  • Pre-Planning/Mitigation: Anticipate potential failure points and prepare mitigation strategies where appropriate.

  • Continuity: Develop a plan for how work can continue to be performed while the system is down if necessary.

  • Recovery: Determine the steps required to bring the system back up after a failure and to integrate work performed in the continuity phase back into the system (if necessary).

A disaster recovery plan is also a careful cost-benefits analysis to determine what level of downtime and data loss is acceptable vs. the cost of providing a more robust solution. Your organization may have a Service Level Agreement (SLA) for the application which it might also have to meet. SLAs can be very complex and span a host of service requirements, but a very simple SLA might read:

The system must provide 99.9% uptime within each calendar year.

A 99.9% uptime requirement means that the system can be down a little over eight hours every year, whereas a 99.999% uptime requirement only allows for approximately five minutes of downtime a year! And as you might expect, the difference in cost and resources required to meet the first is far different from the cost and resources required to meet the second.

Setting the Baseline

You may find it helpful to begin your disaster recovery plan by asking yourself a few simple questions (which may have very complex answers):

  • What impact would a system failure have on the business?

  • In the event of a failure, how long can the business reasonably go without the system?

  • In the event of a failure, what level of data loss is acceptable?

These three questions serve as an excellent starting point for beginning your disaster recovery planning and should also be considered during your initial deployment planning (discussed in Chapter 5).

Pre-Planning/Mitigation Planning

Mitigation planning primarily revolves around determining potential failure points within your business process and determining what (if any) steps need to be taken to mitigate those potential failures. Within a K2 blackpearl environment, some common failure points to consider might be:

  • Software Issues: Server patches, configuration issues

  • Server Hardware: Hard drives, power supplies, network cards, RAM, processors, motherboards

  • Network Infrastructure: Routers/switches, load balancers, network connection/transmission issues

  • Local Disasters: Power failures, fire

  • Regional Disasters: Hurricanes, earthquakes, floods

Each issue has a potential mitigation strategy, which may or may not be justified based on your organizations' requirements. Take planning for natural disasters, for example. An example mitigation strategy might be:

Perform tape backups nightly and ship offsite weekly.

Such a mitigation strategy will ensure that, at most, one week of data is lost in the event that the system and all local tapes are destroyed. A mitigation strategy targeted toward no data loss might look something like:

All systems and data will be mirrored in real-time to a duplicate server farm located in a different geography.

This second mitigation strategy will ensure very limited data loss and very good continuity, but the costs associated with such an approach are significant and may not be justified by the processes deployed.

Continuity Planning

Continuity planning is focused on how the business will continue to operate while the system is down in the event that your mitigation strategies have been ineffective. Common approaches to continuity are:

  • No Continuity: No work will be performed until the system comes back up.

  • Paper/Manual Process: While the system is down, users will continue to perform their duties through using a manual or paper-based process.

  • Redundant/Backup System: While the system is down, users will switch to using a backup system.

There is not necessarily a one-size-fits-all continuity plan, and in many cases, a hybrid approach may also be required. For example, the work involved in bringing a backup system online, switching all users to it, and then migrating the data back into the primary system upon recovery may only be justified for outages lasting long periods of time.

Recovery Planning

Recovery planning focuses on restoring the system to a working state after a disaster. For simple failures, such as a single drive in a RAID array, this might be as simple as swapping a drive out, while for more severe failures it could involve completely rebuilding a machine or an entire server farm and restoring the data.

It is also important to consider how to merge work that was performed according to your continuity plan back into the system when it is brought back up. This should not be overlooked and can require considerable effort.

Testing

Once your plan has been established and your disaster recovery procedures are in place, it is extremely important to also test those procedures periodically. No software system is static, and it is very important that the recovery plan be reviewed and tested periodically to ensure that it adequately addresses the needs of the organization.

Disaster Recovery and K2 blackpearl

K2 blackpearl supports a variety of different configurations, ranging from a single standalone server to large farm configurations consisting of a large number of servers. Additionally, K2 very likely interacts with external systems such a Microsoft Office SharePoint Server (MOSS), LOB, or custom applications. With so many different systems interacting, developing an effective disaster recovery process can prove to be quite challenging.

For that reason, this chapter will discuss the various pieces of K2 that need to be considered, rather than the individual servers on which those components reside. The components which will be discussed are:

  • K2 databases

  • K2 Web Components

  • K2 blackpearl server

  • K2 for Reporting

  • K2 for SharePoint

Additional components that are not K2-specific but that also must be considered in any complete disaster recovery plan are:

  • Forms (ASP.NET/InfoPath)

  • External databases utilized by your K2 processes

Backup/Restoration of the Windows Server Machines

The sections that follow will focus on the individual K2 blackpearl components and provide DR recommendations for each, but it is also critical to have plans in place to be able to restore each server utilized within your install to a clean state (such as restoring the server from a previous backup or a drive image) prior to restoring K2 blackpearl.

All restoration instructions within this chapter assume that you have a working, baseline Windows 2003 Server.

Database Disaster Recovery Options

K2's databases are really the heart of your disaster recovery strategy since so much of K2 lives inside of the databases, including workflow instances, process definitions, SmartObject definitions, and environment variables just to name a few. Disaster recovery planning for K2's databases is very similar to the disaster recovery planning one would do for any set of SQL databases.

SQL Server 2005 provides several different disaster recovery options, which can be used for K2 disaster recovery, and those are outlined in the following table:

Option

Description

Strengths

Weaknesses

Backup and Restore

Creates a backup copy of the database, which can be stored in a safe location. Supports both full and incremental backups.

Backups can be stored to removable storage (such as tape) and do not have to be dependant on network access.

Data added since the last backup will be lost.

Restoration is not an automatic process

Database is unavailable while restore is in progress

Log Shipping

Similar to replication, data is replicated from one server to another, but the mechanism differs as Log Shipping relies on the transaction log.

Standby server can be brought online more quickly than restoring from backup.

All schema changes are reflected.

More efficient than replication.

Well suited for warm-standby servers or higher latency locations.

Database changes are only shipped after a transaction log backup (some potential data loss).

Requires additional database server.

Failover is not automatic.

Database Mirroring

Similar to replication and log shipping, data is replicated from one server to another, but the mechanism differs.

Very low latency.

Very quick switchover.

Must be configured per database.

Not suited for high-latency connections.

Automatic failover possible.

Requires additional database server.

Database Clustering

Two database servers share the same disk array.

No latency.

Automatic failover.

Servers should be in the same geographic location.

Requires an additional database server.

Increased cost.

Share disk array is still a single point of failure.

SQL Server 2005 supports one additional option which is sometimes used to replicate data called replication; however, replication is not supported by K2.

Each solution has strengths and weaknesses, and it will be up to you to determine which option is the best fit for your needs. In almost all scenarios, you will always perform periodic backups and then may additionally utilize one of the other options. For high-availability scenarios, K2 blackpearl supports both clustering and mirroring.

Because of the complexity involved with configuring these options, this chapter will only focus in detail on the simple backup and restore mechanism for disaster recovery. For more detail on the other disaster recovery options you should consult a book focused on SQL Server 2005 like SQL Server 2005 Bible by Paul Nielsen (Wiley, 2006).

Backup/Restoration of the K2 blackpearl Databases

The following discussion focuses on the tools that come with SQL Server 2005; however, there are a variety of third-party backup solutions on the market that make database maintenance and backup significantly easier. Though the steps might vary slightly if you are using one of these third-party tools, the information should still be very applicable.

The K2 blackpearl Databases

K2 blackpearl utilizes 14 distinct databases, which are discussed in greater detail in Chapter 5. Their default names are:

  • Categories

  • Dependencies

  • EnvironmentSettings

  • EventBus

  • EventBusScheduler

  • HostServer

  • K2Server

  • K2ServerLog

  • K2SQLUM

  • SmartBox

  • SmartBroker

  • SmartFunctions

  • WebWorkflow

  • Workspace

Depending on if your organization utilizes archiving, there may also be archive databases that you must consider as part of your DR strategy (archiving is discussed in Chapter 15).

Additionally, there are several SQL Server system databases that also should be backed up regularly:

  • Master

  • Model

  • Msdb

Understanding the SQL Server Backup Model

SQL Server provides three types of backups:

  • Full

  • Differential

  • Transaction Log

The descriptions, strengths, and weaknesses are listed in the following table:

Option

Description

Strengths

Weaknesses

Full Backup

A complete backup of the entire database.

The quickest and simplest backup to restore.

The slowest backup to perform.

Because of K2's architecture, the K2 s ervice must be stopped in order to perform a full backup.

Differential Backup

A backup of all changes since the last full or differential backup.

Faster to perform than a full backup.

In order to restore a differential backup, you must first restore the last full backup as well as any other differential backups.

Transaction Log Backup

A backup of all database changes since the last full/differential backup or transaction log backup.

Generally the fastest backup option.

Allows for restoring the database to a particular point in time.

Slowest restore.

In order to restore a transaction log backup, you must first restore the last full backup as well as any differential backups, and any previous transaction log backups.

An effective DR strategy will usually make use of a combination of all three types to enable the most efficient backup strategy, which allows the minimum amount of acceptable data loss. For example, a typical backup strategy for a system with fairly high transaction volumes might be to perform full backups weekly on Sundays at 3:00 A.M., differential backups daily at 3:00 A.M., and transaction log backups every 10 minutes.

Such a strategy helps ensure that you can restore your database with a minimal amount of effort and will lose at most 10 minutes worth of data.

Transaction log backups can be set to a maximum frequency of once every minute. For systems where even that level of data loss in unacceptable, mirroring or clustering should be considered.

Performing a Database Backup Manually

SQL Server provides tools that make it quite simple to create backups. These sample steps walk you through performing a simple database backup using one of these tools:

  1. Stop the K2 blackpearl service on all application servers.

  2. Open up Microsoft SQL Server Management Studio or SQL Server Business Intelligence Studio.

  3. Connect to your K2 database server.

  4. Find the desired database you wish to back up.

  5. Right-click it and select Tasks

    Performing a Database Backup Manually
    Figure 18-1

    Figure 18.1. Figure 18-1

  6. Ensure that the Backup type is set to Full and name the backup file as desired.

  7. If this is the first time you are configuring your backup, under Destination click the Add button.

  8. Select a desired backup destination location, and click OK.

  9. Click OK.

Repeat for the other 13 K2 databases.

This process can also be scripted so that it can be run from the command line. The following is a sample backup script that will back up all 14 K2 databases to the disk location C:BACKUPK2:

BACKUP DATABASE [Categories] TO DISK = N'C:BACKUPK2Categories.bak'
WITH NOFORMAT, NOINIT, NAME = N'Categories-Full Database Backup', SKIP,
NOREWIND, NOUNLOAD, STATS = 10
GO
BACKUP DATABASE [Dependencies] TO DISK =
N'C:BACKUPK2Dependencies.bak' WITH NOFORMAT, NOINIT, NAME =
N'Dependencies-Full Database Backup', SKIP, NOREWIND, NOUNLOAD, STATS =
10
GO
BACKUP DATABASE [EnvironmentSettings] TO DISK =
N'C:BACKUPK2EnvironmentSettings.bak' WITH NOFORMAT, NOINIT, NAME =
N'EnvironmentSettings-Full Database Backup', SKIP, NOREWIND, NOUNLOAD,
STATS = 10
GO
BACKUP DATABASE [EventBus] TO DISK = N'C:BACKUPK2EventBus.bak' WITH
NOFORMAT, NOINIT, NAME = N'EventBus-Full Database Backup', SKIP,
NOREWIND, NOUNLOAD, STATS = 10
GO
BACKUP DATABASE [EventBusScheduler] TO DISK =
N'C:BACKUPK2EventBusScheduler.bak' WITH NOFORMAT, NOINIT, NAME =
N'EventBusScheduler-Full Database Backup', SKIP, NOREWIND, NOUNLOAD,
STATS = 10
GO
BACKUP DATABASE [HostServer] TO DISK = N'C:BACKUPK2HostServer.bak'
WITH NOFORMAT, NOINIT, NAME = N'HostServer-Full Database Backup', SKIP,
NOREWIND, NOUNLOAD, STATS = 10
GO
BACKUP DATABASE [K2Server] TO DISK = N'C:BACKUPK2K2Server.bak' WITH
NOFORMAT, NOINIT, NAME = N'K2Server-Full Database Backup', SKIP,
NOREWIND, NOUNLOAD, STATS = 10
GO
BACKUP DATABASE [K2ServerLog] TO DISK = N'C:BACKUPK2K2ServerLog.bak'
WITH NOFORMAT, NOINIT, NAME = N'K2ServerLog-Full Database Backup',
SKIP, NOREWIND, NOUNLOAD, STATS = 10
GO
BACKUP DATABASE [K2SQLUM] TO DISK = N'C:BACKUPK2K2SQLUM.bak' WITH
NOFORMAT, NOINIT, NAME = N'K2SQLUM-Full Database Backup', SKIP,
NOREWIND, NOUNLOAD, STATS = 10
GO
BACKUP DATABASE [SmartBox] TO DISK = N'C:BACKUPK2SmartBox.bak' WITH
NOFORMAT, NOINIT, NAME = N'SmartBox-Full Database Backup', SKIP,
NOREWIND, NOUNLOAD, STATS = 10
GO
BACKUP DATABASE [SmartBroker] TO DISK = N'C:BACKUPK2SmartBroker.bak' WITH
NOFORMAT, NOINIT, NAME = N'SmartBroker-Full Database Backup', SKIP,
NOREWIND, NOUNLOAD, STATS = 10
GO
BACKUP DATABASE [SmartFunctions] TO DISK =
N'C:BACKUPK2SmartFunctions.bak' WITH NOFORMAT, NOINIT, NAME =
N'SmartFunctions-Full Database Backup', SKIP, NOREWIND, NOUNLOAD, STATS
= 10
GO
BACKUP DATABASE [WebWorkflow] TO DISK =
N'C:BACKUPK2WebWorkflow.bak' WITH NOFORMAT, NOINIT, NAME =
N'WebWorkflow-Full Database Backup',
SKIP, NOREWIND, NOUNLOAD, STATS = 10
GO
BACKUP DATABASE [Workspace] TO DISK = N'C:BACKUPK2Workspace.bak'
WITH NOFORMAT, NOINIT, NAME = N'Workspace-Full Database Backup', SKIP,
NOREWIND, NOUNLOAD, STATS = 10
GO

The previous script simply tells SQL Server to perform full backups on all 14 K2 databases. To run the script, utilize the SQLCMD utility from the command prompt:

C:> SQLCMD -s <servername> -i <script file name>

In order to ensure that the backed-up K2 and K2Log databases remain in sync, the K2 service must be stopped prior to performing a full backup.

Configuring Automatic Backups

While you may occasionally need to back up databases manually, it is more likely that you will want to configure automatic backups for your K2 databases, which run periodically.

An example schedule might be full backups weekly on Sundays at 3:00 A.M., differential backups daily at 3:00 A.M., and transaction log backups every 10 minutes.

One of the simplest mechanisms for creating backup jobs is to utilize the script generation capabilities of Management Studio.

Follow these steps to create a Full Backup job that runs nightly and an Incremental job that runs periodically during the day:

  1. Open up Microsoft SQL Server Management Studio or SQL Server Business Intelligence Studio.

  2. Connect to your K2 database server.

  3. Expand the SQL Server Agent.

  4. Right-click Jobs and select New Job. See Figure 18-2.

    Figure 18-2

    Figure 18.2. Figure 18-2

  5. Name the Job K2 Full Backup.

  6. Click on the Steps page.

  7. Click the New button to create a new step.

  8. Name the step Stop K2 Service, and set its type to CmdExec.

  9. Choose Run As to a proxy which has permissions to start/stop the K2 Service on your K2 server (you may need to first add the proxy and credentials).

  10. Enter the command sc <k2ServerName> stop "K2 [blackpearl] Server" replacing <k2ServerName> with your actual server name. If there are multiple K2 servers in your application farm, add an individual line for each server. See Figure 18-3.

    Figure 18-3

    Figure 18.3. Figure 18-3

  11. Click OK.

  12. Click the New button to create a new step.

  13. Name the step Backup K2 Databases and set its type to Transact-SQL script (T-SQL).

  14. Enter the commands to back up each database (an example follows):

    BACKUP DATABASE [Categories] TO DISK = N'C:BACKUPK2Categories.bak'
WITH NOFORMAT, NOINIT, NAME = N'Categories-Full Database Backup', SKIP,
NOREWIND, NOUNLOAD, STATS = 10
GO
BACKUP DATABASE [Dependencies] TO DISK =
N'C:BACKUPK2Dependencies.bak' WITH NOFORMAT, NOINIT, NAME =
N'Dependencies-Full Database Backup', SKIP, NOREWIND, NOUNLOAD, STATS =
10
GO
BACKUP DATABASE [EnvironmentSettings] TO DISK =
N'C:BACKUPK2EnvironmentSettings.bak' WITH NOFORMAT, NOINIT, NAME =
N'EnvironmentSettings-Full Database Backup', SKIP, NOREWIND, NOUNLOAD, STATS = 10
GO
BACKUP DATABASE [EventBus] TO DISK = N'C:BACKUPK2EventBus.bak' WITH
NOFORMAT, NOINIT, NAME = N'EventBus-Full Database Backup', SKIP,
NOREWIND, NOUNLOAD, STATS = 10
GO
    BACKUP DATABASE [EventBusScheduler] TO DISK =
N'C:BACKUPK2EventBusScheduler.bak' WITH NOFORMAT, NOINIT, NAME =
N'EventBusScheduler-Full Database Backup', SKIP, NOREWIND, NOUNLOAD,
STATS = 10
GO
BACKUP DATABASE [HostServer] TO DISK = N'C:BACKUPK2HostServer.bak'
WITH NOFORMAT, NOINIT, NAME = N'HostServer-Full Database Backup', SKIP,
NOREWIND, NOUNLOAD, STATS = 10
GO
BACKUP DATABASE [K2Server] TO DISK = N'C:BACKUPK2K2Server.bak' WITH
NOFORMAT, NOINIT, NAME = N'K2Server-Full Database Backup', SKIP,
NOREWIND, NOUNLOAD, STATS = 10
GO
BACKUP DATABASE [K2ServerLog] TO DISK = N'C:BACKUPK2K2ServerLog.bak'
WITH NOFORMAT, NOINIT, NAME = N'K2ServerLog-Full Database Backup',
SKIP, NOREWIND, NOUNLOAD, STATS = 10
GO
BACKUP DATABASE [K2SQLUM] TO DISK = N'C:BACKUPK2K2SQLUM.bak' WITH
NOFORMAT, NOINIT, NAME = N'K2SQLUM-Full Database Backup', SKIP,
NOREWIND, NOUNLOAD, STATS = 10
GO
BACKUP DATABASE [SmartBox] TO DISK = N'C:BACKUPK2SmartBox.bak' WITH
NOFORMAT, NOINIT, NAME = N'SmartBox-Full Database Backup', SKIP,
NOREWIND, NOUNLOAD, STATS = 10
GO
BACKUP DATABASE [SmartBroker] TO DISK = N'C:BACKUPK2SmartBroker.bak'
WITH NOFORMAT, NOINIT, NAME = N'SmartBroker-Full Database Backup',
SKIP, NOREWIND, NOUNLOAD, STATS = 10
GO
BACKUP DATABASE [SmartFunctions] TO DISK =
N'C:BACKUPK2SmartFunctions.bak' WITH NOFORMAT, NOINIT, NAME =
N'SmartFunctions-Full Database Backup', SKIP, NOREWIND, NOUNLOAD, STATS =
10
GO
BACKUP DATABASE [WebWorkflow] TO DISK = N'C:BACKUPK2WebWorkflow.bak'
WITH NOFORMAT, NOINIT, NAME = N'WebWorkflow-Full Database Backup',
SKIP, NOREWIND, NOUNLOAD, STATS = 10
GO
BACKUP DATABASE [Workspace] TO DISK = N'C:BACKUPK2Workspace.bak'
WITH NOFORMAT, NOINIT, NAME = N'Workspace-Full Database Backup', SKIP,
NOREWIND, NOUNLOAD, STATS = 10
GO

  15. Click OK.

  16. Click the New button to create a new step.

  17. Name the step Start K2 Service, and set its type to CmdExec.

  18. Choose Run As to a proxy that has permissions to start/stop the K2 Service on your K2 server (you may need to first add the proxy and credentials).

  19. Enter the command sc <k2ServerName> start "K2 [blackpearl] Server" replacing <k2ServerName> with your actual server name. If there are multiple K2 servers in your application farm, add an individual line for each server.

  20. Click OK.

  21. Click on the Schedules page.

  22. Click the New button.

  23. Name the schedule entry Weekly, and configure its frequency to run Weekly on Sunday at 3:00 A.M. See Figure 18-4.

    Figure 18-4

    Figure 18.4. Figure 18-4

  24. Click OK.

  25. Click OK.

Now repeat these steps to create a Differential backup job and Transaction Log backup jobs. Differential backups still require the K2 Service to be stopped, but Transaction Log backups do not.

I generally recommend a backup schedule that consists of a weekly full backup, a nightly differential backup, and a transaction log backup every 10–15 minutes; however, your organization's needs may vary.

Restoring a Database

Restoring a database is also fairly straightforward using the SQL Server 2005 UI.

Note

Restoring a database will overwrite all changes since the previous backup!

  1. Stop the K2 Service on all K2 servers.

  2. Open up Microsoft SQL Server Management Studio or SQL Server Business Intelligence Studio.

  3. Connect to your K2 database server.

  4. Find the desired database you wish to restore.

  5. Right-click it and select Tasks

    Restoring a Database

  6. Select the point in time to which you wish to restore (the default is the most recent possible).

  7. Click OK.

K2 Web Components

The K2 blackpearl Web Components consist of the Worklist, Management Console, Report Designer, and Notification Event Designer. Generally, these components serve as the "face" of K2 to administrators and users of the system.

There are two primary approaches which can be taken for DRP around the Web Components:

  1. Since these components do not contain any kind of unique data or configuration settings (everything is stored in the K2 databases) that will be lost in a disaster, it is fairly simple to reinstall the Web components using the K2 Installation media.

  2. Alternately, scheduled backups of the server can occur periodically so that the server can be restored. With this approach, the key areas that must be backed up/restored are the K2 blackpearl installation directory (the default is "C:Program FilesK2 blackpearl") as well as your IIS Metabase.

Restoring K2 Web Components

To restore K2 Web Components, follow these steps:

  1. Return the Windows machine to a working state.

  2. Install the K2 Web Components.

  3. (Optional) Restore the K2 blackpearl installation directory from backup.

  4. Run the K2 Configuration Wizard.

K2 blackpearl Server(s)

The K2 blackpearl server(s) handle processing of workflows, SmartObject requests, SmartObject Services, and so on. Unlike the Web Components, there are some customizations of the server that do not live in the server. These customizations are primarily limited to:

  • Configuration file changes (changes to .config or .setup files)

  • Logging files

  • Custom DLLs such as custom security providers or SmartObject Services

Therefore, it is important to back up the entire K2 blackpearl installation directory (the default is C:Program FilesK2 blackpearl).

Reinstalling the K2 Server Components will require obtaining a new license key (even if nothing else on the server has changed). Obtaining a new license key through standard channels can normally take a day; you may find it helpful to request an evaluation key in the meantime. Evaluation keys are valid for 72 hours.

There are two primary scenarios for restoring a K2 blackpearl environment:

  • Restoring to a machine with the same machine name (Cold Standby).

  • Restoring to a new machine (Warm/Hot Standby).

Restoring to a cold standby is fairly straightforward

Restoring the K2 blackpearl Server Components to a Cold Standby

To restore the server components to a cold standby, follow these steps:

  1. Return the Windows machine to a working state.

  2. Install the K2 Server Components.

  3. Restore the K2 blackpearl installation directory from backup.

  4. Run the K2 Configuration Utility and enter an updated license key.

Setting Up the K2 blackpearl Server Components on a Warm or Hot Standby

Setting up the warm or hot standby environment is a rather involved process. Unlike restoring to a cold standby machine, restoring to a warm or hot standby requires preparation performed on the standby machine prior to the disaster occurring. This preparation is necessary because K2 stores configuration and licensing information within the K2 configuration databases. Since these machines are standby machines and are intended to be running only in the event of a disaster, you need to keep their configuration and licensing details out of the normal, day-to-day database setup. To do this, you first need to back up the production K2 databases, then install standby servers, back up the "standby" version of the relevant K2 databases, and then restore the original production K2 databases.

A warm standby server is fairly complicated to set up and bring online. A simpler approach is to deploy K2 in a farm configuration and install the K2 blackpearl server Components on two machines in the farm. If you have some need not to run the farm in an active/active cluster, you can simply shut down the second server in the farm. When the first fails, simply bring the other server in the farm online, and the server will begin processing new requests. As a bonus, you shouldn't have to reconfigure external references, since they will have been using the farm name and not the server name.

Depending on how you have licensed the K2 software, there may be additional costs associated with configuring a standby server. Contact your K2 representative to determine what license terms are available for this scenario.

To prepare the server components so that they can be restored in a warm or hot standby scenario, follow these steps:

In your primary environment:

  1. Stop the K2 Service on your K2 blackpearl server(s).

  2. Perform a full backup of your K2 databases.

In your warm standby environment:

  1. Install the K2 Server Components.

  2. Run the K2 Configuration Utility.

  3. Validate that the environment is working properly.

  4. Back up the following two database tables and save this backup to be used in the event of a disaster:

    • _Server table in K2Server DB

    • LicenseKeys table in HostServer DB

  5. Take the warm standby servers offline.

In your primary environment:

  1. Restore the K2 databases from the full backup.

  2. Restart the K2 Service on your K2 blackpearl server(s).

Restoring the K2 blackpearl Server Components to a Warm/Hot Standby

To restore server components in a warm or hot standby, follow these steps:

  1. Bring the warm standby environment online.

  2. Restore the K2 blackpearl ServiceBroker directory (K2 blackpearlServiceBroker) from backup.

  3. Restore/deploy any other custom assemblies that your processes may require to the machine.

  4. Restore the following two database tables to the database server from the backup taken when setting up the standby environment:

    • _Server table in K2Server DB

    • LicenseKeys table in HostServer DB

  5. Update all references to the old machine (external ASPX pages, links to the Workspace, Worklist Web parts in SharePoint, and so on, to point to the new machine name).

  6. Start the K2 blackpearl Service.

K2 for Reporting Services

The K2 for Reporting Services components are installed on your SQL Reporting Services server and are required for the reporting functionality within K2 blackpearl. These components contain no customizations, so can safely be reinstalled after a disaster.

An additional consideration however, is any customized reports which may have been created. These reports are stored within the SQL Reporting Server databases and any backup strategy must also include these databases. The Reporting Service databases are:

  • ReportServer

  • ReportServerTempDb

Similarly to the main K2 databases, you should frequently perform backups of these databases.

Restoring the K2 for Reporting Services Components

To restore Reporting Services components, follow these steps:

  1. Return the Windows machine to a working state.

  2. Install the K2 Reporting Components.

  3. Restore Reporting Services databases.

K2 for SharePoint

K2 for SharePoint components are installed on the servers in your SharePoint farm and provide integration between SharePoint and K2 blackpearl. The K2 components do not require any specialized backup considerations outside of your organization's SharePoint disaster recovery procedures. A complete discussion of SharePoint disaster recovery is outside the scope of this book, but SharePoint provides several mechanisms to perform backups and restores including through Central Admin or the command line.

This sample command will perform a farm-level backup of your SharePoint farm:

Stsadm.exe -o backup -directory c:ackuplocation -backupmethod full

Similarly, this sample command will perform a farm-level restoration:

Stsadm.exe -o restore -directory c:ackuplocation -restoremethod overwrite

Additionally, you should also perform backups of your SharePoint directory on the file system.

Additional Components

Many K2 blackpearl workflows are designed to interact with external systems such as Active Directory, SharePoint, LOB databases, or external Web services. These systems are often overlooked as part of the K2 blackpearl disaster recovery plan, since they are likely covered by their own disaster recovery plan/SLA, but it is very important to also factor these systems in to your continuity planning.

This can be a challenge for administrators, especially since the systems your organization's processes interact with may be extremely fluid. Any new process that is published to the K2 servers might introduce a new external dependency. It is very important, therefore, to have good procedures in place for deployment so that you can understand which external systems could potentially impact your workflows.

For example, imagine that you have a workflow that accesses lookup data from a list in SharePoint in order to determine routing. If SharePoint goes offline, what will happen to workflow process instances that attempt to access this list data? The answer to this question largely depends on the process design, but the likely outcome is that all processes which attempt to access the SharePoint resource will error out and will need to be repaired once SharePoint comes back online. By knowing ahead of time that this workflow has a dependency on SharePoint, you can warn users or take alternative action so that workflows of this type are not started or actioned during the outage.

High-Availability Planning

During the course of your continuity planning, you might discover that the simple backup/restore paradigm is not sufficient to meet your organization's requirements. K2 blackpearl supports a variety of deployment configurations aimed towards fulfilling high-availability requirements. The following table gives a brief outline of the four basic configurations supported by K2 blackpearl:

Deployment Type

Description

Standalone

All K2 components (including database) are installed on a single server.

Small Scale

All K2 components except for the database are installed on a single server. The databases are installed on a separate server or a cluster.

Medium Scale

All K2 components are installed on multiple servers in a network load balanced environment. The databases are installed on a database cluster.

Large Scale

The K2 workspace is installed on multiple servers that are network load balanced. All other K2 components are installed on multiple servers which are network load balanced. The databases are installed on a database cluster.

Each configuration provides greater redundancy and performance than the one before it, but also increases in implementation complexity and cost. For more information about these configurations, refer to Chapter 5.

Summary

Disaster recovery planning is a vital component within all organizations and must be addressed early on in the design process. This chapter has highlighted some of the challenges that arise in disaster recovery planning for a distributed system like K2 blackpearl as well as provided guidance on common disaster recovery steps for the components of K2 blackpearl.

In order to be prepared for a disaster, it is important to begin planning early, to implement disaster recovery procedures, and to validate/test those procedures frequently.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset