Storage zones controller

Prepare storage zones controller for file recovery

Warning:

The ShareFile recovery feature does not automatically back up your persistent storage location. You are responsible for choosing a backup utility and running it every 1 to 7 days.

How you prepare for file recovery depends on where your data is stored:

  • A supported third-party storage system — If you use a third-party storage system with storage zones controller, your third-party storage is redundant and a local backup is not required. However, be aware that a ShareFile user who deletes a file has the ability to recover the file from the Recycle Bin for a brief period. A file cannot be recovered from the ShareFile Recycle Bin after 45 days. After the recovery period, the file is removed from the zone and therefore from the redundant third-party storage. If that recovery time is not adequate, consider one of these solutions:
    • To prevent StorageZone Controller File Cleanup service from purging the actual file from your on premise storage location, change the value of the Period setting in C:\\inetpub\\wwwroot\\Citrix\\StorageCenter\\SCFileCleanSvc\\FileDeleteService.exe.config. For more information, refer to Customize storage cache operations. Keep in mind that increasing the retention time also increases the amount of third-party storage needed.
    • Create a local back up your StorageZone files every seven days and determine the appropriate retention policy for the backups.
  • On-premises storage — If you use a locally-maintained share for private data storage, you are responsible for backing up your on-premises storage zones controller local file storage and registry entries. ShareFile archives the corresponding file metadata that resides in the ShareFile cloud for 3 years. Important: To protect against data loss, it is critical that you take a snapshot of your storage zones controller server, back up its configuration, and back up your local file storage.

After you prepare your storage zones controller for file recovery as described in this topic, you can use the ShareFile Administrator console to:

  • Browse your storage zones for ShareFile Data records for a particular date and time and then tag any files and folders that you want to restore. ShareFile adds the tagged items to a recovery queue. You then run a recovery script to restore the files from your backup to the persistent storage location.

    For more information, refer to Recover files and folders from your ShareFile Data backup.

  • Reconcile the metadata stored on the ShareFile cloud with your on-premises storage when you cannot recover data from your on-premises storage. The ShareFile reconcile feature permanently removes from the ShareFile cloud the metadata for files that are no longer in a storage zone on a specified date and time.

    For more information, refer to Reconcile the ShareFile cloud with a storage zone

Prerequisites

  • A dedicated physical or virtual machine with 2 CPUs and 4 GB RAM
  • Windows Server 2012 R2 (Datacenter, Standard, or Essentials)
  • Windows Server 2016
  • Windows Server 2019
  • Windows PowerShell (32-bit and 64-bit versions) must support .NET 4 runtime assemblies. For more information, refer to “PowerShell scripts and commands” in storage zones controller system requirements.

  • PsExec.exe - PsExec enables you to launch PowerShell using the network service account. You can also use PsExec to schedule recovery tasks. Download PsExec.exe from https://docs.microsoft.com/en-us/sysinternals/downloads/psexec and follow the installation instructions on that page.

Summary of files used for disaster recovery

The following files, located in C:\inetpub\wwwroot\Citrix\StorageCenter\Tools\Disaster Recovery, are used for disaster recovery.

File name Description
DoRecovery.ps1 PowerShell script executed by Windows Task Scheduler to handle the recovery process. This file stores the file backup and storage locations.
Recovery.psm1 PowerShell module that handles the recovery queue operations.
recovery.log Log file that stores the output of a recovery process.
recoveryerror.log Log file that stores the errors in the recovery process.
LitJson.dll A .Net library to handle conversions from and to JSON (JavaScript Object Notation) strings.

To set up the backup folder

On the backup server, create the folder where you will back up the persistentstorage folder.

The storage zones for ShareFile Data file backup should follow the same layout as the storage zones controller persistent storage.

If your backup location does not follow the same layout as the storage zones controller persistent storage, you must perform an additional step during the recovery process to copy files from the backup location to the location that you specify in the Recovery PowerShell script.

Storage layout

Backup layout

\\\\PrimaryStorageIP
  \\StorageLocation
   \\persistentstorage
    \\sf-us-1
     \\a024f83e-b147-437e-9f28-e7d03634af42
      \\fi3d85dc\_1d6c\_49b0\_8faa\_1f36ef3d83b5
       \\fi7d5cbb\_93c8\_43f0\_a664\_74f27e72bc83
        \\fi47cd7e\_64c4\_47be\_beb7\_1207c93c1270

\\\\BackupStorageIP
 \\BackupLocation
  \\persistentstorage
   \\sf-us-1
    \\a024f83e-b147-437e-9f28-e7d03634af42
     \\fi3d85dc\_1d6c\_49b0\_8faa\_1f36ef3d83b5
      \\fi7d5cbb\_93c8\_43f0\_a664\_74f27e72bc83
       \\fi47cd7e\_64c4\_47be\_beb7\_1207c93c1270
<!--NeedCopy-->

Important:

The ShareFile recovery feature does not automatically back up your persistent storage location. You are responsible for choosing a backup utility and running it every 1 to 7 days.

To create a disaster recovery queue

This one-time setup is required. The following command examples use the default storage zones controller installation folder.

  1. On the storage zones controller, run PowerShell as an administrator.

  2. The PowerShell script used in this procedure is unsigned, so you might need to change your PowerShell execution policy.

    1. Determine if your PowerShell execution policy allows you to run local, unsigned scripts: PS C:\>Get-ExecutionPolicy

      For example, a policy of RemoteSigned, Unrestricted, or Bypass allows you to run unsigned scripts.

    2. To change your PowerShell execution policy: PS C:\>Set-ExecutionPolicy RemoteSigned

  3. To verify that PowerShell has the correct CLRVersion, type:

    $psversiontable

    The value for CLRVersion must be 4.0 or higher to enable PowerShell to load .NET assemblies in scripts. If it is not, change it for both Windows PowerShell 32-bit and 64-bit versions as follows:

    1. Run NotePad as an administrator.

    2. Create a file with the following content.

          <?xml version="1.0"?>
          <configuration>
              <startup useLegacyV2RuntimeActivationPolicy="true">
                  <supportedRuntime version="v4.0.30319"/>
                  <supportedRuntime version="v2.0.50727"/>
              </startup>
          </configuration>
      <!--NeedCopy-->
      
    3. Choose File > Save As, name the file powershell.exe.config, and save it to the following locations:

      C:\Windows\System32\WindowsPowerShell\v1.0

      C:\Windows\SysWOW64\WindowsPowerShell\v1.0

    4. Close the PowerShell window, open a new one as administrator, and type $psversiontable to verify that the CLRVersion is correct.

  4. Close the PowerShell window and launch PowerShell using PsExec.exe as follows:

    1. Open a Command Prompt window as administrator.

    2. Navigate to the location of PsExec.exe and enter:

      PsExec.exe -i -u “NT AUTHORITY\NetworkService” C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell

    3. Click Agree to accept the PsExec.exe license agreement.

  5. Navigate to the Disaster Recovery tools folder in the storage zones controller installation folder:

    cd ‘C:\inetpub\wwwroot\Citrix\StorageCenter\Tools\Disaster Recovery’

  6. Import the Recovery.psm1 module:

    Import-Module .\Recovery.psm1

  7. To create the recovery queue, enter: New-SCQueue -name recovery -operation recovery

    The output of that command includes the name of the queue created. For example: Queue 92736b5d-1cff-4760-92c8-d8b04dc92cb2 created

    To view the new folder, open a file browser and navigate to:

    \\server\(Your Primary Storage Location)\Queue. You will see the Queue folder, such as 92736b5d-1cff-4760-92c8-d8b04dc92cb2.

  8. Customize the recovery PowerShell script for your location, as described in the next section.

To customize the recovery PowerShell script for your location

The DoRecovery.ps1 PowerShell script is executed by the task scheduler to handle the recovery process. This file includes the file backup and storage locations which you must specify for your site.

  1. On the storage zones controller, navigate to the recovery PowerShell script:

    C:\inetpub\wwwroot\Citrix\StorageCenter\Tools\Disaster Recovery\DoRecovery.ps1

  2. Edit the script as follows:

    a. Set the $backupRoot parameter to point to the UNC path of your backup location. For example: $backupRoot = “\\10.10.10.11\(YourBackupLocation)\persistentstorage”

    b. Set the $storageRoot parameter to point to the UNC path of your storage zones controller persistent storage. For example: $storageRoot = “\\10.10.10.10\StorageLocation\persistentstorage”

To test the recovery process

  1. Create a test file and upload it to ShareFile.

  2. After a hour or so, verify that the file appears in persistent storage (in the path specified for $backupRoot).

  3. Delete the file from ShareFile: In the ShareFile administrator tool, click Recycle Bin, select the file, and then click Delete Permanently.

  4. Delete the file from the persistent storage.

    This step recreates the action that ShareFile would perform 45 days after the file is deleted.

  5. In the ShareFile administrator tool, go to Admin > Storage zones, click the zone and then click Recover Files.

  6. Click in the Recovery Date text box and select a date and time before the file was deleted and after it was uploaded.

    The file list for the storage zone on the specified date and time appears.

  7. Select the check box for the file.

  8. Select the folder to contain the restored files and then click Restore.

    The file is added to the recover queue and is ready to be restored. When the file is recovered successfully, the screen changes to show the folder that now contains the recovered file.

  9. To recover the file:

    a. Open a Command Prompt window as administrator.

    b. Navigate to the location of PsExec.exe and then type:

    ```
    PsExec.exe -i -u "NT AUTHORITY\NetworkService" C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell
    <!--NeedCopy--> ```
    

    c. In the PowerShell window, navigate to:

    cd C:\inetpub\wwwroot\Citrix\StorageCenter\Tools\Disaster Recovery

    d. Run the recovery script:

    .\DoRecovery.ps1

    The PowerShell window will include the message “Item recovered”. The file is added to the persistent storage location.

  10. Download the restored file from the ShareFile web site.

The following PowerShell commands support disaster recovery.

  • Get-RecoveryPendingFileIDs

    Gets the list of file IDs needed for recovery. For syntax and parameters, use this command:

    Get-Help Get-RecoveryPendingFileIDs -full

  • Set-RecoveryQueueItemsStatus

    Sets a status for all or specified items in the recovery queue. This overwrites the existing recovery status in the queue. For syntax and parameters, use this command:

    Get-Help Set-RecoveryQueueItemsStatus -full

To create and schedule a task for recovery

In the event a scheduled recovery task is needed, follow the steps below.

  1. Start Windows Task Scheduler and in the Actions pane click Create Task.
  2. On the General tab:

    a. Type a meaningful name for the task.

    b. Under Security options, click Change User or Group, and specify the user to run the task, either Network Service or a named user that has write permissions to the storage location.

    c. From the Configure for menu, select the operating system of the server where the task will be run.

  3. To create a trigger, on the Triggers tab, click New.
  4. For Begin the task, choose On a schedule and then specify a schedule.
  5. To create an action, on the Actions tab, click New.

    a. For Action, choose Start a program and specify the full path to the program. For example: C:\Windows\System32\cmd.exe.

    b. For Add arguments, type: /c “c:\windows\syswow64\WindowsPowerShell\v1.0\PowerShell.exe -File .\DoRecovery.ps1” >> .\recovery.log 2>>.\recoveryerror.log

    c. For Start in, specify the Disaster Recovery folder in the storage zones controller installation location. For example: c:\inetpub\wwwroot\Citrix\StorageCenter\Tools\Disaster Recovery

Delete Service Default Period

As of StorageZone Controller 4.0, the Delete Service timer will be set to 45 days. The 45 day default period will overwrite any previous settings. To modify the default period, edit FileDeleteService.exe.config at C:\inetpub\wwwroot\Citrix\StorageCenter\SCFileCleanSvc

<!--No. of days to keep data blob in active storage after deletion-->

<add key="Period" value="45"/>

Modify Delete Service Default Period After Upgrade

In some upgrade scenarios, the DeletePeriod value will be set to null in the “FileDeleteService.exe.config”. When set to null, the Delete Period will default to 45 days, the default number of days before a file that has been deleted from ShareFile is removed from physical storage.

To modify the DeletePeriod on the storage zones controller, edit the FileDeleteService.exe.config file at the following location: C:\inetpub\wwwroot\Citrix\StorageCenter\SCFileCleanSvc\FileDeleteService.exe.config

Upon a clean installation of the storage zones controller, the Delete Service will run every 8 hours to clean up temporary files and folders. To modify the timer, edit the FileDeleteService.exe.config file at the following location: C:\inetpub\wwwroot\Citrix\StorageCenter\SCFileCleanSvc\FileDeleteService.exe.config

Prepare storage zones controller for file recovery