Reboot, restore, resume

PROBABLY ONE OF the most annoying recurring tasks for the help desk is restoring a PC with damaged software to pristine condition. A virus is one of the most common threats, and often new pathologies can slip through corporate defense lines. In addition, users unknowingly can cause the damage by tampering with configuration files, for example, or by installing faulty software that damages the original setup to a point of no return.

Formatting the hard drive and reinstalling the OS is a surefire but expensive and time-consuming cure for those microdisasters. Therefore, help desks have a collection of alternatives to handle these kinds of tickets that essentially boil down to restoring a trusted copy of OS and configuration settings for that machine. The remedy is a headache for technicians as well as for users, who are forced into idleness while the PC is being brought back to life.

Wouldn't it be great to be able to quickly restore a damaged PC to a working state with the flip of a switch and few key strokes? Infrastructure Development, a startup company in San Diego, has developed CoreRestore, hardware for ATA drives that does exactly that: If the OS or the configuration becomes damaged, simply rebooting and changing a password-protected CMOS setting will bring the hard drive and its software back to a known, working state. Future versions of the card will offer hardware-driven encryption to protect data from prying eyes.

CoreRestore is a half-size PCI card that installs in just about any computer and is software-independent. In fact, in our tests, it worked well on Linux, Windows, and even humble and forgotten DOS. Setting up the configuration, however, takes work and requires starting from a scratch disk. Therefore, before installing CoreRestore, you should back up your disk drive.

The card has two ATA connectors that hook up the motherboard and the drive. An onboard chip can be programmed, using the embedded CMOS, to carve two areas from a disk drive, a persistent area and a volatile area. The two areas must be the same size because CoreRestore will use them as mirror images. Interestingly the OS will see a single volume, not two separate areas. Any remaining space can be used as an additional volume but won't be protected by CoreRestore.

An additional CMOS setting defines how the drive is accessed. In Install mode -- used to load the OS and configure the PC -- the CoreRestore controller will direct-write operations to the persistent area, ignoring the volatile area. Nothing out of the ordinary so far.

The interesting part of CoreRestore Live Disk mode, which an administrator uses to configure CoreRestore before assigning the PC to a user. In this mode, CoreRestore directs all write operations to the volatile area, leaving the persistent area unchanged. At the same time, CoreRestore accurately maps which sectors on the volatile area have been changed, so that read operations always will return the most recently updated sector.

With that in mind, understanding how CoreRestore can revert a damaged volume to a working state is intuitive: Reboot, select Restore from the CMOS menu, and in the blink of an eye, the volume will "forget" what was written to the volatile area and bring the PC back to working condition. This is clearly the most important feature of CoreRestore, and this speedy recovery is payback for a laborious and somewhat unforgiving setup.