We have a small, relatively idle Windows Server 2008 R2 installation that does basic file sharing and hosts Exchange for about 10 not very active users.
When running a windows server backup, the daily incremental data is about 20GB. This is not coming from users shared files, nor from changes in their mailbox sizes. The total size of the installation is 249GB, which is mostly old files.
Where is all this data coming from, and how can I reduce it? Using online backup of the vhd file from the backup is taking a while because of this daily change.
Is there some way I can at least see what files are changing and contributing to this data ?
Options I can think of but am not sure about:
- pagefile churning – although the backup does not include the pagefile, perhaps the changed blocks left behind are included ?
- logs or something ? But the installation size stays the same every day
- should I zero free space using sdelete before backing up perhaps ?
Best Answer
Disable the LastAccessedTime NTFS file system setting and see if that fixes it.
You may want to review how you are doing backups.
In Windows 2008 R2, it is possible to perform a "full" backup every day to a dedicated local drive, and the block-level changes feature should only copy the new and changed data to the backup medium. Using this, I have literally hundreds of "full" backups on one 2 TB USB hard drive. (This strategy and feature does not work if the backup target is a network share).
This may seem counter-intuitive when compare to the traditional full-incremental strategy.
This feature is probably not documented as well as it could be. More information here:
https://blogs.technet.com/b/filecab/archive/2009/10/31/learn-more-about-system-image-backup.aspx
[...]
"Just as a brief recap, a system image is in essence a snapshot of an entire drive(s). The backup is done in block level (as opposed to file level) increments and includes all user and system files, configuration data and applications that are present on the drive, plus information regarding disk layout and boot entries. The image can be used to recover a working Windows if your hard disk ever fails, or if you simply want to reimage your OS to an earlier point in time.
"During the first backup, the backup engine scans the source drive and copies only blocks that contain data into a .vhd file stored on the target, creating a compact view of the source drive. The next time a system image is created, only new and changed data is written to the .vhd file, and old data on the same block is moved out of the VHD and into the shadow copy storage area. Volume Shadow Copy Service is used to compute the changed data between backups, as well as to handle the process of moving the old data out to the shadow copy area on the target. This approach makes the backup fast (since only changed blocks are backed up) and efficient (since data is stored in a compact manner). When restoring the image, blocks will be restored to their original locations on the source disk. If you want to restore from an older backup, the engine reads from the shadow copy area and restores the appropriate blocks."