It is a fact… From time to time, DPM won’t install the agent through the GUI. And yes, most of the time, then you need to install it manually. In the larger environments, we use different methods for our DPM agent deployments, but in the smaller ones, the infrastructure for doing that just isn’t there.
Hans De Leenheer, which is a colleague of mine does quite some DPM implementations with smaller companies as part of a larger projects. As he likes the words “a good admin is a lazy admin” (which is something I share with him :-)) he decided to create a small procedure to install the agents on servers remotely. Now he doesn’t need to RDP to each server.
The procedure can be found here:
http://hansdeleenheer.blogspot.com/2010/08/remote-install-of-dpm-2010-agents.html
Thanks Hans,
Enjoy
Mike
As promised in previous post, here is already an interesting topic.
Many people seem to be having issues with installing an agent on a domain controller (DC) or on a read-only domain controller (RODC). Whether it is through the automatic install or the manual install, sometimes it doesn’t work. This can be due to various reasons, one of them being the DC or RODC secured more properly.
Below you can find a method for deploying an agent on a DC or RODC when you encounter this. The method comes from Praveen D [MSFT]
1. Create and populate the following security groups on Primary domain controller: (Where $PSNAME is the name of RODC on which you are planning to install agent)
a. Create DPMRADCOMTRUSTEDMACHINES$PSNAME and add DPM server as a member
b. Create DPMRADMTRUSTEDMACHINES$PSNAME and add DPM server as a member
c. Add DPM server as a member of Builtin\Distributed com users group
2. Ensure that above changes are replicated on to RODC
3. Install agent on RODC
4. Grant launch and activate permissions for DPM server on DPM RA service by doing the following:
a. Run "dcomcnfg"
b. Expand Component Services -> Expand Computers -> Expand My Computer -> Expand DCOM Config
c. Right click DPM RA Service and select Properties
d. Under 'General', "Authentication Level - Default"
e. Under 'Location', only "Run application on this computer" should be checked
f. Under Security, verify that the "Launch and Activation Permissions" (select > "Edit") include the machine account for the DPM Server and Allow
j. Click OK
5. Copy setagentcfg.exe, traceprovider.dll and LKRhDPM.dll from "c:\Program Files\Microsoft DPM\DPM\setup" on DPM server and place them in "c:\Program Files\Microsoft DPM\DPM\setup" on RODC.
6. Run "setagentcfg.exe a DPMRA domain\DPMserver" on RODC using an elevated command prompt. (Run setagentcfg.exe from the location above i.e c:\Program Files\Microsoft DPM\DPM\setup)
7. If a firewall is enabled on RODC run the following commands:
a. netsh advfirewall firewall set rule group="@FirewallAPI.dll,-29502" new enable=yes
b. netsh advfirewall firewall set rule group="@FirewallAPI.dll,-34251" new enable=yes
c. netsh advfirewall firewall add rule name=dpmra dir=in program="%PROGRAMFILES%\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe" profile=Any action=allow
d. netsh advfirewall firewall add rule name=DPMRA_DCOM_135 dir=in action=allow protocol=TCP localport=135 profile=Any
8. Attach agent on DPM server, now you are ready to protect the RODC.
Cheers,
Mike
Last few months I’m spending quite some time on the Data Protection Manager forums. There are a few reasons why I like to spend some time over there.
- I like to assist people who have issues with their DPM environments. Why? I have no idea but I just like it. Maybe it is because I also get a lot of help from these forums for other products but it is just something I like. That, and probably the point system that brings out the competitor in me :-)
- Learning. I like to read posts made by others and the possible resolutions that are posted. When I have no clue about what can be the problem but the answer is still resolved, it can help me in the future when I should encounter the same problem. It will also allow me to help others when they encounter that problem now that I have a solution
- Approaches. Many users are posting questions about possible configurations they would like in their environment. Although many can be seen as “Why would you want to do that”, there are many others where I say “Hey, that’s a great idea”. And even those where I doubt, it still reminds me that every environment is unique and that business requirements sometimes can be hard to meet.
Now what about the support you get there. No, it is not always the best support you can imagine. Don’t forget that on these forums the helping people are volunteers and some Microsoft people. Also don’t forget that it is pretty hard to troubleshoot issues when you don’t have the entire information, network architecture, log files and so on with you. I remember a post that took on for days of troubleshooting while the actual issue was so stupid, that another pair of eyes on that server would have solved the issue within minutes. But still, the answer came after a while. If you however expect a resolution, and you need it fast, then you better contact your partner or place a Microsoft support call.
Who is who on these forums? And who is giving the responses.
Well, that could be about everybody who has a live-id (and who doesn’t). Firstly, you have a few MSFT people who moderate the forums and who help. People such as Praveen D [MSFT] and Mike J are really helpful over there and are doing a great job. I assume that this is something additional they do in their work and that it is not their main work so considering that, nice job.
Secondly, you have the “other” people. People like myself who are not Microsoft employees and who like to help others. For DPM, I’m thinking about Robert Hedblom, Alex Smits and Taylorbox. But I’m sure I’m forgetting a few others and the list of helping people has grown a lot lately, something I really like. (My apologies for those who I have forgotten)
Besides the Microsoft moderated forums, there are also others who like to share a forum themselves with the community. One of these guys is David Allen who hosts a forum on SCDPMOnline.org and does a great job over there in answering people’s issues. (And don’t forget the fact that he has one of the best DPM blogs)
So if you are having problems, make sure to stop by the DPM forums (http://social.technet.microsoft.com/Forums/en/category/dpm) or by SCDPMOnline.org
From time to time, I will be using the information found in the forums to write a post, such as the next one. Why? Basically because it is good information and I can find it myself again :-) and it might be easier for others to find a solution on blogs then on forums.
One final remark.
Users who ask a question on the forum, should always give feedback when they got a response. Now many questions remain “open” because they have never received feedback from the person with the problem. This helps others that have this issue. When they find the forum post, and see that it resolved the issue with the user that had it, they will be more certain to try the resolution in their environments.
It doesn’t take much time to answer, and you can always be notified when somebody responds.
Cheers,
Mike
A little bit unnoticed, but found it today, is the fact that there are 4 new documents for System Center Data Protection Manager 2010.
The documents can be found here:
Planning a DPM 2010 Deployment
Deploying System Center Data Protection Manager 2010
Data Protection Manager 2010 Operations Guide
Data Protection Manager 2010 Troubleshooting Guide
Enjoy
Cheers,
Mike
Hey All,
Just discovered (by accident) a new blog about DPM. The name of the blog is DPMCallBack and can be found here: http://blogs.technet.com/b/dpmcallback/
The first post is already a good one so I’m hoping for more :-)
The post describes the questions that you will get when you have issues with your DPM installation. Whenever you want to open a case for DPM, it is good to have these questions answered in advance, it will save you some time ;-)
Here is a copy of the questions:
• Is this a fresh installation of DPM using the RTM bits or was this an upgrade from a previous version or from Beta?
• When did the problem first start? You can select the Monitoring tab and review the Alerts/Jobs for details.
• Has it ever worked as expected?
• What changes (if any) were made just prior to the failures?
• Can you reproduce the problem? If so can you please provide the exact steps?
• Are other protected data sources experiencing the same problem?
• Is the error specific to one type of data source? Example, Exchange jobs fail but SQL and SharePoint are successful.
• What is the application version that is experiencing the problem? Example, SQL 2005, SQL 2008, Exchange 2007…etc.
• Is the protected data source running on a standalone server, domain controller or a cluster?
• Is the system that is experiencing the problem in the same domain as the DPM server?
• Do other protected data sources reside on the same machine? Are they also failing?
• Is the target machine for which you're experiencing the issue on the same LAN as the DPM server or over a WAN?
• What is the error message and ID in the Details pane? If possible, please copy/paste this or provide a screenshot.
Cheers
Mike
Hey All,
Just had my first week of vacation for this summer (I actually went cooking with a scouts group together with my wife and kids so it was also a bit working ;-)) and when I came back, my inbox, tweets and other stuff had some real interesting information. An overview:
System Center Data Protection Manager
Six! new posts on the Data Protection Manager technet blog:
Jason has also posted an update about his book, Data Protection for Virtual Data Centers.
You can find more information and the first chapter on http://dataprotectionbible.com/ and the post on http://blogs.technet.com/b/jbuff/archive/2010/07/05/it-s-almost-here.aspx
David Allen from SCDPMOnline has posted a great article about Centralised DPM Availability Reporting. Check it out here
System Center Essentials
The Essentials 2010 resource kit is launched. Find more information here and here
Dell has announced a partnership with Microsoft to deliver a solution around SCE 2010. Information can be found here and here
That’s it for now, still a lot of catching up to do for OpsMgr, Virtual Machine Manager and ConfigMgr, but at least I already read the SCE and DPM information :-)
Enjoy the holidays
cheers,
Mike
Hey All,
It is with great pleasure that I can announce that I have received the MVP Award for System Center Data Protection Manager.
As it goes with an award, it is custom to thank some people, and in my case they really have earned it.
Let’s start with my employer Ferranti Computer Systems and my colleagues (with special thanks to Arne Peleman, Mark Van Giel, Frederik Baert and Valérie Siroux) who allowed me to give presentations and spent some time on the System Center User Group. Also the continuous remarks on my blog posts and presentations are a real help to improve.
Also the members of the System Center User Group Belgium earn a big thank you. They gave me a place to blog and the possibility to give presentations. They also helped me on various ways within the user community when I lost directions :-). (And I probably will loose directions again with this MVP thing… :-)) Thanks Alexandre Verkinderen, Kenny Buntinx, Kim Oppalfens, Kurt Van Hoecke and Yves Janssens. Let’s continue to make the System Center community a fun place to be :-)
I can’t forget some people from Microsoft. Thank you Jason Buffington and Arlindo Alves for your feedback and support. It is a real pleasure working with you both in the community.
To all the readers, people who come to our presentations and commenter's. Thank you, it is always a pleasure learning to know you and seeing you on events, whether offline or online.
Last but not least, there is a special and BIG thanks to my wife and children, who keep accepting the fact that Daddy is playing on his laptop again. Without their patience and support, I probably would have stopped a long time ago.
Thanks all
Cheers,
Mike Resseler
Twitter: @MikeResseler
Hey all, yesterday I had the pleasure of giving a presentation on the Belgium Community Day (www.communityday.be). This event, organized by some members of the Belgian Community is getting more popular every year. It was the fourth edition and received a speaking slot for the first time here.
It is amazing that just a few people of the community succeed in organizing such an event (almost 500 people registered) and find the necessary sponsors, funding and helping hands to do this event, which was still free for everybody, as it is always been.
The big man behind the event is Gill Cleeren (www.snowball.be) and his team did a fantastic job at Utopolis in Mechelen, Belgium
So, for my session. The title was How to Manage your Sharepoint Environment With System Center and for the first time in my life I had to present in a cinema room.
I presume this should have made me nervous but instead I actually was quite excited
Here’s a picture from before the session when the audience wasn’t arrived yet. Still hope that there are pictures when I am actually doing the presentation so if anybody has one… let me know :-)
Although the majority of the attending people were developers, there was quite some people in the room considering that I am giving an IT pro session. So I was quite happy to start.
In the end, I was quite happy with my presentation except for one moment were my wireless connection to my demo environment dropped. Small ackward moment but for the rest everything went ok.
Unfortunately I only got one hour and in that presentation I had to discuss how to manage your environment (SCOM) and protect it (SCDPM).
Here are the highlights:
One of the first items I addressed was the growing pains of SharePoint. Because of the nature of SharePoint, it can be a pain in the **** for IT Pro administrators.
Through the years, SharePoint became more and more popular, which gave additional challenges to administrators.
- Mission Critical information is kept on SharePoint
- More utilization meant that the performance become worse, and because of the above situation, users started to complain because their data was on there
- Companies (read Management) started to ask about redundancy plans for this application
- The capabilities of SharePoint gave the possibility that different regions, different business units had different functions, but this also created headaches for admins
- Everybody knows by know that custom development is the key to success, but how are we going to keep track of this? Because of the great platform, developers loved it, creating additional applications and workflows.
- SharePoint became quite quickly the new datacenter application, so it needed to be managed as an datacenter application
- Another issue is the fact that SharePoint is everywhere. It is distributed by nature. Additional project sites, sites, document libraries and so on are created with ease.
- This also created additional load and admins needed to provide quickly additional resources which wasn’t always that easy.
- Luckily there was virtualization, but that also give another problem, the so-called server sprawl
My next slide was about what benefits can give you when you use it to manage SharePoint
- With SCOM you can easily do proactive monitoring and reporting. It even integrates with SharePoint’s native monitoring capabilities.
- With SCVMM you can manage the capacity and provide additional SharePoint resources as needed (and then I didn’t talk about Opalis who can automate this workflow based on SCOM’s performance data.)
- SCDPM can help you with rapid and reliable data backup and recovery
- SCOM will also validate your SharePoint environment through the use of prepackaged validated best practices. Hey, and if your environment has a good reason for not being setup according to the best practices, then you adapt the monitors to your own best practices
- Everybody who ever managed a SharePoint environment knows that patching it is a terrible work. By using SCCM you can automate parts of the entire process.
- With the new ServiceManager, you can describe your entire farm as a business service (most of it is automated if you are also using SCOM) and get the entire incident and change management process to the application, according to your ITIL or MOF workflows
- Through SCOM you can manage not only SharePoint, but also the OS, the hardware and even the network if you want, giving you an overview of the health of the entire datacenter for this application.
- And last but not least, a consistent user interface through the complete suite makes it easy for your IT admins to administer them all.
This was more a general slide, and then I started to talk about one of the two actual topics. First one: The SCOM Management Pack for Sharepoint.
The first slide on this topic discussed the improvements over the previous management pack.
- The architecture had changed so now it looked on a server level but also on logical components
- The new SPHA (SharePoint Health Analyzer) rules that are embedded in SharePoint are integrated in the new Management Pack
- There are only two management packs left, the SharePoint foundation and SharePoint Server management pack
Also the differences in rules, monitors etc were shown
And then it was time to just demo the Management Pack. It is pretty difficult to explain this Management Pack, you just have to see it for yourself to see the value. This was also the moment I lost my wireless and freezed my remote desktop. Luckily it returned shortly afterwards so I could continue the demonstration.
Finally, to close this topic, I explained the pitfalls when installing this Management Pack
- Make sure you have all the hotfixes necessary. They are all described in the manuals that come with the management packs. Another great example of Read The Fine Manual.
- Make sure that you also install the additional management packs such as the SQL management pack, the IIS management pack and ofcourse the OS management pack. And if you have a management pack for your hardware and/or network, use them too.
- When you install the Management Pack on an x64 system, there is a little problem that it installs them in the “%Program Files (x86)\System Center Management Packs” directory while it needs to be in the “%Program Files\System Center Management Packs” directory. Copy the files to there
- Don’t forget to create the Run As Account, this account needs to be Farm Administrator and have the correct rights on the SQL databases.
- Resize your event logs (the windows application log and sharepoint foundation\operational log) to at least 10 MB.
- Disable event log replication when your environment is running on windows clusters. Otherwise you will get alerts two times.
- And last but not least, but this is a best practice for every SCOM administrator, use an override management pack for your overrides. This is created by default when you run the config task.
Second part was protecting SharePoint. And here I wanted to discuss DPM of course, but I also discussed the built-in tools from SharePoint. The reason for that is quite simple. Yes you need a backup, yes you need to be able to recover but when a user deletes one document and calls the helpdesk, you don’t want to start recovering that one document because you will have a lot of work. Yes DPM can do that but you will use this when the user wants the document back but realized it way too late.
Anyway, here are the important takeaways when you are planning a SharePoint project and are thinking about Business Continuity and Disaster Recovery (which you should always do in the planning phase but hey, it doesn’t always go as it should right…)
- Understand what you need to protect. Get an overview of the install base (use SCOM for this), understand for what it will be used.
- Get clear goals with your management. I can’t afford to loose a document and it must be online all the time is only achievable if they want to spent a lot of money. If they don’t want that, then ask how much they want to loose, and how long it can take to bring everything up again. Based on that, decide what you need, get pricing and talk again to your management.
- Read about SharePoint, know what is already included with the product. Use it in your advantage.
- Make sure that when the product is online, that Business Continuity management in an ongoing process.
Another slide is showed is what is already inside the box.
Oke, the first point was merely explain what the difference is between Warm high availability and Cold availability.
But the other points are extremely useful.
- Recycle bin. Use it, train your users, and set it on a few days so that you have less work when a user deletes a document by accident.
- Use versioning, force it. This way, users can’t take an old version and overwrite the newer one. They can return whenever they want.
- There is the Read-Only Database option. This is nice. Take a content database with important information that doesn’t need to be changed again, make it read-only in SQL and SharePoint see this and handless to it.
- If you have custom development, let your developers package all solutions. If it is a real disaster, then you can reinstall that package easily.
- And finally, there is the possibility of an Unattached Content Database. You can take a snapshot in SQL or recover one through DPM and read it through SharePoint without the need of being attached to SharePoint.
After that, some slides on how DPM works, but since I already addressed this topic I’m not going to repeat myself.
After a demo of a document recovery, I finalized the session with the takeaways which are all described here.
After the session, I still got a lot of people coming up and ask me a lot of questions on DPM. Glad to hear that it finally is getting the buzz it needs in Belgium :-)
One last thing that I forgot to mention yesterday (shame on me) but I will mention it here:
All the things that I showed yesterday and described here can also be achieved with System Center Essentials 2010. Certainly now that Microsoft has released System Center Essentials Plus which gives you licensing for SCE and DPM.
Till next
Cheers,
Mike Resseler
PS: For those who are interested, my presentation can be found at this address: http://www.communityday.be/cd/tabid/130/Default.aspx
Session 1, room 9
Hey All,
Great post from Jason Buffington: DPM Licensing explained, make sure to check it out!
http://blogs.technet.com/b/jbuff/archive/2010/06/23/dpm-2010-licensing-info.aspx
Cheers,
Mike
Hey All,
On the DPM newsgroup (http://social.technet.microsoft.com/Forums/en-us/dataprotectionmanager) there was a very interesting thread the last few days. One of the users asked if it was possible to include all volumes into a Bare Metal Recovery
As you might know, Bare Metal Recovery only protects the critical volumes (boot + system + volumes hosting files of server roles), so if you have a volume with applications or user data or whatever, you need to protect it also. Now that is not a problem because you can choose BMR and also the additional volumes
Now the user said that this was not OK, because in a disaster, he wanted to recover as quickly as possible.
Luckily, Praveen D [MSFT] found out a good solution, one which I think can be very helpful in some cases, so here goes…
DPM uses windows backup to do the job. So in your DPM\bin folder, you will find a file called BmrBackup.cmd. Inside this cmd you will find the command that drives windows backup.
With BMR, you will see something like:
start /WAIT %SystemRoot%\system32\wbadmin.exe start backup -allcritical -quiet -backuptarget:%1
If you add the option –include:VolumeLetter:,VolumeLetter: then you add your volumes in the BMR. Don’t forget to increase the volumes for your replica and recovery point volumes.
Thanks Praveen
Cheers,
Mike Resseler
Hey All,
Many of my colleagues, friends online are asking me a lot about SCDPM, and certainly when they have problems. Because SCDPM has not (yet) the popularity of Operations Manager or Configuration Manager, it is more difficult to find good community resources or assistance. So I decided to list some of (in my opinion) important sites.
First, you have the Microsoft resources
The official site: http://www.microsoft.com/DPM
The official blog site: http://blogs.technet.com/DPM
Jason’s blog: http://blogs.technet.com/jbuff (product manager of SCE and DPM and a true DPM hero)
Newsgroup: http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.dataprotectionmanager
DPM 2010 Techcenter: http://technet.microsoft.com/en-gb/library/ff399192.aspx
DPM 2007 Techcenter: http://technet.microsoft.com/en-gb/library/bb795539.aspx
There are some other Microsoft employees that I like to follow also:
http://blogs.technet.com/sjimmie/default.aspx This guy blogs about SCDPM and Exchange
Now let’s talk about the non Microsoft resources.
Of course you have the Belgium System Center User Group community ;-) http://scug.be/blogs/scdpm
DPMReference: http://dpmreference.blogspot.com/
System Center Central: http://www.systemcentercentral.com/tabid/61/tag/Articles+Data_Protection_Mgr/Default.aspx
Matthijs Vreeken: http://scdpm.blogspot.com/ (Nice!)
David Allen: http://www.scdpmonline.org/ (Great!)
Now for the support, I would like to draw attention to the site of David Allen (MVP). Not only is he by far the biggest DPM Expert that I know, he also has a forum on his site where he responds on various questions. So if you have a DPM question or problem, make sure you check out his great forum because his response rate is extremely fast. Spread the word!
Cheers,
Mike
Hey All,
Now that MMS 2010 is a week behind us, and most of the information is shared (still have some work on that so stay tuned…) it is time to get some real work done. Just downloaded the evaluation version of DPM 2010 and I’m going to upgrade my RC system. So let’s see what the DPM Upgrade advisor (http://download.microsoft.com/download/F/F/3/FF3347F5-C076-400C-A77A-B6FFA0EA56A4/DPM%20Upgrade%20Advisor.xls) has to say:
So here is my situation
In total I have to do 6 steps. Doesn’t seem to be bad, let’s have a look
1. Close DPM administrator console and DPM management shell if opened.
Done, this was easy :-)
2. Launch DPM 2010 RTM Eval setup and proceed by clicking on Install DPM
I opened the Review System Requirements and found the first bug… It still goes to the DPM 2007 documentation :-)
That of course triggered my interest to look further but that seemed to be the only link that still contains old data.
Click Install Data Protection Manager
Accept the license
As always, the reminder that during the upgrade, protection groups won’t be able to run their jobs and so on…
My prerequisites are OK
I’m using the dedicated drive so I go Next
Give a strong password for the local user accounts
This happens when you don’t make it strong enough :-)
Select if you want to use Microsoft Update or not (which has never worked with DPM but one can only hope…)
Choose if you want to work with the customer experience improvement program (of course you do :-))
And of we go...
And the upgrade is done. The warning tab shows me that I need to upgrade my agents as soon as possible so that will be our next step.
3. Complete the installation wizard and restart the computer to complete the upgrade (if prompted).
Done, and no reboot necessary.
4. Upgrade agents on production servers
(and don’t forget the agents on the clients!)
Hey, new logo!
So after the console opens, we go to management and agents
Yep, my agents need upgrading so here we go
Press Yes to continue. The warning states that during the upgrade all jobs will fail
And done, the new version number is 3.0.7696.0
For your info, if you are running the DPM clients for workstation, then you will get the following information:
Whenever you are having a workstation that is disconnected, you will get the following information
5. Run consistency check for all the protected Datasources
Last job is run a consistency check on all protected Datasources
6. Uninstall DPM 2010 RC SQL instance (Optional) if there are no issues after upgrade.However, if you're looking for downgrade then DPM 2010 RC DPMDB is required.
And finally uninstall the DPM 2010 RC SQL instance. Since I’m going to use this instance for some testing, I’m going to leave it, but in a production environment, it is best to remove this one.
Cheers,
Mike
Hey All,
Here’s part 6, and the final part of our DPM 2010 launch week overview
For the full set:
DPM 2010 launch week @ MMS 2010: Part 1: Technical Introduction
DPM 2010 launch week @ MMS 2010: Part 2: Protection Applications
DPM 2010 launch week @ MMS 2010: Part 3: Protecting Windows Clients
DPM 2010 launch week @ MMS 2010: Part 4: Virtualization and Data Protection, better together
DPM 2010 launch week @ MMS 2010: Part 5: Disaster recovery and advanced scenarios
DPM 2010 launch week @ MMS 2010: Part 6: Partner announcements
In this part I will give an overview of the partner announcements made @ MMS.
As you all know Microsoft has partnered with some companies to provide protection to the cloud. But there are also partnerships around DPM on an appliance and on virtual tape library software.
1. Cristalink Firestreamer
Firestreamer is a utility that can create a virtual tape library and virtual tapes based on different kinds of storage such as internal and external hard disk drivers, flash memory, blu-ray, dvd’s, and so on.
Very cool solution if you use this in conjunction with DPM2DPM4DR.
For more information: http://www.cristalink.com/Default.aspx
2. i368
i368, a division from Seagate delivers their eVault software together with DPM to support non-windows environments support. Stuff such as Linux, VMWare, Sun Solaris, HP-UX, Oracle and so on will be protected by this, creating a solution with is fantastic for windows (DPM) and at the same time gives you the opportunity to protect other workloads.
The also offer their solution in an appliance, based on a rebranded dell server, with everything preinstalled on it.
http://www.i365.com/products/data-backup-software/microsoft-backup-recovery/index.html for more information
3. Iron Mountain
Iron Mountain delivers protection to the cloud. With this company, you can protect your data and sent it straight to the cloud from the DPM console. A very cool solution for off-site backup.
www.ironmountain.com
That’s it for DPM week 2010. In my humble opinion, the new version of DPM is a must have for every windows environment. It has improved a lot over the DPM 2007 SP1 solution which was already a good product. Now it just got better. And because Microsoft realizes that not everything is Microsoft in your environment, they build strong partnerships with other companies that leverages the product and allow you to do tape library sharing, so that you can protect your other apps with whatever you want…
To be continued
Cheers,
Mike
Hey All,
Here’s part 5 of our DPM 2010 launch week overview
For the full set:
DPM 2010 launch week @ MMS 2010: Part 1: Technical Introduction
DPM 2010 launch week @ MMS 2010: Part 2: Protection Applications
DPM 2010 launch week @ MMS 2010: Part 3: Protecting Windows Clients
DPM 2010 launch week @ MMS 2010: Part 4: Virtualization and Data Protection, better together
DPM 2010 launch week @ MMS 2010: Part 5: Disaster recovery and advanced scenarios
DPM 2010 launch week @ MMS 2010: Part 6: Partner announcements
This session was given on Friday morning and should have been normally a session from David Allen (System Center Operations Manager MVP – Deloitte) and Sergio De Chiara (DPM Architect - Microsoft Corporation)
Due to the ash cloud, both guys couldn’t make it to Las Vegas so that was quite a disappointment since I really wanted to see David in action. He owns the blog http://www.scdpmonline.org which is a great resource for all of you that need to work with DPM.
Luckily for me, the DPM team decided to throw in another session and the title sounded promising: Disaster Recovery and Advanced Scenarios.
So session 5 of DPM for me, on a Friday morning. And Jason, if you are reading this, don’t forget the promise you made to the guys that followed all of your sessions… I’m eagerly waiting for the book :-)
Anyway, session 5 with Jason Buffington and Vijay Sen.
On the agenda for today:
- End-User Backup and Recovery
- Bare Metal Recovery
- Disaster Recovery
- Misc
- Agent Deployment in the Enterprise
- Non-Domain Servers
- SCOM Management Pack
So the session starts with some figures about what it cost when disaster strikes for each hour that the environment is down. All nice figures but a little bit too much oriented on the American Business. I don’t think that I know a company that will loose 6.4 million dollar of income for each hour that they are out. But no matter how much it cost, when your business is down, it will cost money, a lot of money, not to mention the image loss or worse, the compliance issues that you will be facing. So in worst case, how are we going to recover, and how are we going to do this as fast as possible.
Definition of a disaster:
Process of recovering from any natural or man made disaster that results in loss of partial or complete loss of data center and infrastructure.
What I really liked is that this definition is more then a hurricane, a flood, 9-11 (hey, we were in Vegas…) but that it also includes a disk crash, a stolen laptop and so on. Basically, when data is lost, no matter in what form, it costs money. So we need to recover.
All right, first topic discussed is dpm2dpm4dr (read: DPM to DPM for Disaster Recovery)
This was already working in DPM 2007, so nothing new here.
However, they increased the possibilities with this:
- One-click DPM DR failover and failback
- Separate schedules per DPM server
- Chaining support
- Offsite tapes without courier services
- Restore servers directly from offsite DPM
Suppose your DPM main server falls out. By using the switch protection option you can change the recovery to the secondary server. Rebuild or fix the primary DPM server, and use the same switch to change the protection again to the primary server.
For each DPM server you can use a different schedule, so your primary will probably have a very tight schedule, but your secondary will be protecting much slower if there is a wan between them
Chaining support is also one of the new cool features. It basically allows you to do backup to backup to backup or protect multiple primary DPM servers with one secondary. You can also start to cross. Your primary server will be acting also as a secondary and visa versa.
Offsite tapes without courier services is how they see it when your secondary server is in an offsite location. Since the tapes are offsite, it is not necessary to give them with a courier anymore.
And last but not least… Still need to recover after a major failure? Recover straight from the secondary server.
Many other things were discussed during this session such as post and pre backup scripts
ScriptingConfig.xml
<?xml version="1.0" encoding="utf-8"?>
<ScriptConfiguration xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance” xmlns:xsd=http://www.w3.org/2001/XMLSchema xmlns="http://schemas.microsoft.com/2003/dls/ScriptingConfig.xsd">
<DatasourceScriptConfig DataSourceName="Data source">
<PreBackupScript>”Path\Script” </PreBackupScript>
<PreBackupCommandLine>parameters</PreBackupCommandLine>
<PostBackupScript>"Path\Script” </PostBackupScript >
<PostBackupCommandLine>parameters</PostBackupCommandLine>
<TimeOut>30</TimeOut>
</DatasourceScriptConfig>
</ScriptConfiguration>
We also saw a great demo of a BMR recovery. Just start your server with a windows cd (make sure that the network card and disk subsystem is recognized so use a wim file with injected drivers if necessary), choose recovery mode and connect to the location of the BMR files
The definition of a BMR backup is the following:
- Backup of all Critical Volumes
- Critical Volumes = Boot + System + Volumes hosting files of Server Roles
- E.g: Boot, System, Active Directory (for DC’s)
- Used for both System State Recovery and BMR Recovery
So important to remember is to have a different backup for other volumes that contain data!
Hereunder is a great overview screenshot of a BMR recovery
Till next,
Cheers,
Mike
Hey All,
Here’s part 4 of our DPM 2010 launch week overview
For the full set:
DPM 2010 launch week @ MMS 2010: Part 1: Technical Introduction
DPM 2010 launch week @ MMS 2010: Part 2: Protection Applications
DPM 2010 launch week @ MMS 2010: Part 3: Protecting Windows Clients
DPM 2010 launch week @ MMS 2010: Part 4: Virtualization and Data Protection, better together
DPM 2010 launch week @ MMS 2010: Part 5: Disaster recovery and advanced scenarios
DPM 2010 launch week @ MMS 2010: Part 6: Partner announcements
This was the last session of DPM Wednesday, and given by Asim Mitra and Vijay Sen, 2 program managers within Microsoft and responsible for the Virtualization protection within DPM.
On the agenda of this session:
- Protecting your hyper-v environment
- Hyper-V Recovery Options
- Recovering from a disaster
- Sample Customer Deployments
They started by outlining the top priorities for CIOs in 2010
If you look at the screenshot, you will see that Disaster Recovery / Business Continuance and Server Virtualization comes in 2nd and 3rd. First one is cost reduction, but I guess that will be so for the next x years :-)
I know that virtualization is more “sexy” then disaster recovery for an IT Pro, but it is of course pretty important to think about backup / disaster recovery whenever you deploy a new solution into your environment. So why not do this hand in hand? DPM is designed to protect hyper-v fully and if you have read one of my previous posts you know that it is also capable of backing up vmware virtual machines… if you tweak a bit :-)
So what are the features of DPM 2010 for protecting hyper-v?
- Host-level backup of Hyper-V on WS 2008 R2
- Cluster Shared Volumes (CSV) support
- Seamless protection of Live Migrating VMs
- Alternate Host Recovery
- Item Level Recovery
Sounds interesting? Let’s continue to have a look.
First, they started with a discussion on what to protect. Should we protect on the host and backup entire VM’s? Or should we protect inside the guests and take the data? Now this was the sign for many people in the room to shoot the profile of their environment at the two and ask what the solution would be for their specific case. Luckily these guys were smart enough (or well trained :-)) to leave all options open. Why? I think they share the same opinion as I have. You never can take this decision without first assessing an environment thoroughly. There are so many questions you need to ask first before you can decide on what strategy you are going to use. And even then, in many cases, you will be using both. I actually had a discussion that evening with a guy that could not believe that at a certain moment you would only choose for the host-level backup for a certain virtual machine. I actually do think there are cases when this can be done. Imagine a webserver that is running in production and where the configuration only changes once and a while. A daily backup of the guest should be enough. I think a lot of servers that are running and running and don’t contain user data or business data can be protected that way. I mean, who cares that you lose log files if you are not compliant to something? If you can recover the server quickly when he’s out, that’s more important then those log files right? And if they are important, I’m sure that the business then have a solution to archive these logs into an auditing system. But for the conclusion, this really should be looked at on an individual base and here under are some points that can be used to make that decision
- Host
- Protect or recover the whole machine
- “Bare Metal Recovery” & “Item Level Recovery” of every VM
- Protect non-Windows servers & LOB applications that don’t have VSS writers
- No granularity of backup
- Single DPM license on host, all guests protected
- Guest
- Protect or recover data specifically
- SQL database
- Exchange
- SharePoint
- Files
- No different than protecting the physical server
- DPML per Guest
Next topic, how does it work.
As always, you start with an initial replica. After that, this is never done again. What happens is the following:
- DPM initiates the backup process
- Using the VSS framework, an application consistent snapshot is created inside the guest virtual machine
- A snapshot of the VM is created on the Host (Important mark, use a hardware VSS writer is you are using a CSV)
- Then there is a checksum comparison of the VM snapshot with the DPM Replica
- Finally, only the changed blocks are replicated to the DPM Server
Seamless protection of Live Migrating VMs
Yep, you’ve read it correctly. The backup administrator (I would like to introduce a new title for this job, I would like to call him a Business Continuity and Protection Engineer or Officer… what do you think? :-)) doesn’t need to care where the actual virtual machine resides. With live migration, pro-tips in SCVMM and virtualization admins you can imagine that the placement of a virtual machine is never fixed. And you can also image that the virtualization admins won’t like to update the backup guy every time a machine has moved. With all the automation you can create these days (SCVMM, Opalis, SCOM…) they will probably don’t have a clue either. DPM will know where the virtual machines is, and protect it from there. If a machine is moved, then DPM will follow it to its new path.
What about Storage Migration? Will that work also? Yep, it will. Again, DPM will follow the path
All nice and well, you are protected. But issues happened, and you need to recover. What are your options?
- Restore VM back to original host or cluster
Probably the most expected option, system went down, recover to the same location and you’re up and running again.
- Restore VM to a different host or cluster
A little less expected. Restore the server to another cluster or individual host. Now this opens options. Take a backup of a production server, and restore it to another host for testing purposes. Just make sure that your test environment doesn’t have the capability to talk to your production environment. Not sure about the latest patches or service packs? Restore to another environment, deploy the patches and see if the server starts nicely again.
- Item Level Recovery (ILR) to file share
And this will become a very much used feature in the future. Mount the virtual machine, get inside the virtual machine or guest and get the items out of the disk. This can be extremely handy if you decommissioned a server but forgot to copy one or two files.
What they also discussed is disaster recovery and how to prepare for it, but this will be much more highlighted in the next part.
Finally they showed some real-life implementations. I’ll add the example of a mid-sized asian hoster in here
CSV Production Environment
This customer has multiple 3-5 node CSV clusters with 30+ VMs on each.
Each CSV has Fiber channel SAN – Dell EqualLogic with H/W provider
Maintained a ratio of 1 CSV per cluster node & VHDs for a VM are co-located in a CSV.
Backup Configuration:
The VM workload mix comprises of almost all Microsoft workloads (Complete Microsoft Shop).
The average size / VM is ~70 GB.
All VMs are backed up at the host level with DPM 2010 on a daily basis.
35% of servers which require which require granular backup and near continuous RPO continue to get backed at guest level using DPM 2010, just as earlier in a physical environment.
Typical DPM 2010 Server Configuration
Number of Processors on DPM Servers: Intel 2x4 cores
Amount of RAM on DPM Server: 8 GB RAM
DPM 2010 protects a fan in of 3 such CSV clusters
Till next post
Cheers,
Mike
Hey All,
Here’s part 3 of our DPM 2010 launch week overview
For the full set:
DPM 2010 launch week @ MMS 2010: Part 1: Technical Introduction
DPM 2010 launch week @ MMS 2010: Part 2: Protection Applications
DPM 2010 launch week @ MMS 2010: Part 3: Protecting Windows Clients
DPM 2010 launch week @ MMS 2010: Part 4: Virtualization and Data Protection, better together
DPM 2010 launch week @ MMS 2010: Part 5: Disaster recovery and advanced scenarios
DPM 2010 launch week @ MMS 2010: Part 6: Partner announcements
A session given by Tim Kremer and in backup, you guessed it, Jason Buffington :-)
This session was all about protecting your clients. First thing we started with was the reason why we wanted to protect clients. Many companies or IT pro’s will react that users should save their valuable data somewhere on the network or take a backup on their own. While this probably works with one or two percent of the companies, I’m sure it fails with the other 98 percent. The reason for that is simple. When people are travelling, they won’t be uploading their data to a network share, and even when they are in the office and need to copy their data on a Friday evening to the server… guess what will happen :-). If they need to backup their own data, then you will probably have users that have a 100 copies of their data on a expensive network share and others who never bother or backup to their local drive on their laptops. So if the laptop gets stolen or the disk is dead….
According to some research companies (something like forrester or gartner or so, forgot which one) about 60% of the intelligence of a company resides on local disk from the users. Now that’s a lot. So if we want to protect that knowledge, then we need to find a good way to do that without too much trouble and without disturbing the users or let them do it themselves. It just won’t happen. Period. (This process of letting the end users do the backup their selves is often called the “tax” for the end users)
When designing the solution, the architects @ Microsoft had the following challenges:
- Mobile workforce
- Different users with different needs
- Large scale (many many desktops / laptops)
So they created the following goals:
- Remove the end user tax
- Support roaming user backups
- Allow customizability for specific users
- Enforce admin defined restrictions
- Keep IT costs low
How did they solved those requirements.
With the same agent as the one for the servers you can start protecting your clients. By using your favorite deployment method (SCE, SCCM, AD, MDT…) you can get the agents out there. Remember, you don’t pay licenses for an agent if you don’t use it. So deploying it over your entire network is not going to give you a licensing issue. You start paying the moment you start to protect it. Period.
Second is that an IT Pro can create different policies. Let’s say that we want that a client will protect it’s my documents, a specific company directory and maybe some more folders that can be imported for the user such as favorites or something. But of course, we don’t want the My pictures or My music folder to be protected. The company is not interested in getting all the vacation pictures or mp3 library of their employees. (Ok, the IT Pro’s might be interested in the mp3 collection :-)). By defining a policy and including / excluding folders you can achieve this. And it get’s even better, you don’t need to know the exact location of the my documents folder. DPM will use the path variable to define where it is. And last but not least, you can actually deny certain extensions. No .mp3 files is a good example for this. Whether we like it or not, end-users are mostly smart enough to see that certain folders are excluded and will move their “valuable data” to a folder that is protected.
Now what if users want to be able to protect some specific folders? Folders that are not default in the company but still contain valuable information. By giving the end-users (or some of them) the rights they can choose their selves certain folders to be protected.
Now what about users on the road? How is this going to work? Here’s the answer.
1. They support backup over VPN and direct access. So whenever a client is connected to the main office over vpn or direct access it has the possibility of synchronizing with the office. Remember the block-level copy from part 2! So the data that is sent over is really not that much.
2. DPM provides you with two mechanisms. While performing a backup, it will send the data to the DPM server if it is reachable. At the same time, it will keep a local copy on the laptop. So users will be able to restore from their local cache if necessary. Will this protect you from hardware failure or from a stolen laptop? No, it won’t, but users will be able to go to a previous version of a document when it is necessary even if they are working on the road.
3. What about notifications. Everybody who has ever worked with DPM 2007 or with whatever backup solution for that matter will know that the system will start complaining whenever it can’t reach its clients. DPM will do that also but they built in a system where you can specify how long it takes before it starts to complain. Consider the fact that many people take 14 days vacation. Add the weekends with that and you get 18 days. So only after 18 days you let the DPM server complain that is missing a connection to a client. This way you will avoid a lot of false alarms and only those that take more then 2 weeks vacation or those that are travelling longer are going in alert.
What about the costs? You can imagine that all the users data will take a lot of disk space. First you know that you can use low-cost storage to do this and second, because the system is working pretty well you don’t have many human effort. Compare it with letting the users backing up their own data to a network share. This is mostly high-end storage which costs a lot, never cleaned by the users and you will probably have many files standing there 50 times. DPM does not need this because it only contains the changes. Second, think about the value of the data. Ask the business what it cost when a road warrior loses its laptop and the data that it contains. You can do the math quickly.
So how does the end-user sees this?
Below are a few screenshots of the end-user experience
End-user recovery
Agent in the notification area
Agent UI
Want more? How about this…
A user loses his or hers laptop. Or the machine just died. You have a backup of yesterday on your DPM server. The deployment team quickly prepares a new laptop with their favorite OSD tool. Agent is installed or sysprepped on it. You jump behind the DPM console and do a restore to another location. User gets the data back :-)
Even more?
The DPM agent allows the end-user to synchronize now. So suppose they made some important changes to a document they can synchronize it whenever they want to the DPM server if they have connection or to the local cache if they are not connected. So if the end-user really did some important work, then he or she can create a “backup” of their own before flying out or going on a vacation. With one simple click, the system will do the work.
Till next for part 4
Cheers,
Mike
Hey All,
Here’s part 2 of our DPM 2010 launch week overview
For the full set:
DPM 2010 launch week @ MMS 2010: Part 1: Technical Introduction
DPM 2010 launch week @ MMS 2010: Part 2: Protection Applications
DPM 2010 launch week @ MMS 2010: Part 3: Protecting Windows Clients
DPM 2010 launch week @ MMS 2010: Part 4: Virtualization and Data Protection, better together
DPM 2010 launch week @ MMS 2010: Part 5: Disaster recovery and advanced scenarios
DPM 2010 launch week @ MMS 2010: Part 6: Partner announcements
Let’s continue today with Session 2
Session 2: Protecting Application Servers with DPM 2010
Session two of an entire DPM day (first four sessions were all on the same day so for me it was like being a child in the candy store for the entire day! Not to mention that I had the change to have speak to Jason himself in the evening… :-))
Again this was presented by Jason Buffington. This session explained the entire VSS process and the differences when protecting exchange, sql or sharepoint. So here are my notes:
How does this VSS writer thingy works?
Here’s how:
To start, when you decide to protect a workload, DPM will create a replica. This means that it will make an exact copy of the original sources, whether this is sharepoint, sql databases or files. After that, DPM will never ever again make an entire copy of the data.
So what does it do? DPM works with Express Full backups which is block level based and synchronizations which is byte level based. The express full backup is the latest version. All previous versions are the so-called layers.
So after the replica, DPM will create a volume map of the data. Is it large? No, a 0 or 1 for each 120 kb so the footprint is small. Here’s an example of a volume map
So let’s say after one hour, an express full backup will be taken and this is how the volume map looks like
This is what happens:
1.VSS Snapshot taken on production volume to ensure consistent data
2.Cache of changed blocks is sent to DPM server
Important to know here is that the file IO continues, the VSS writer will only “freeze” the blocks that have changed so that the server can continue normal operation! So no more placing databases offline, bringing solutions in maintenance mode… If it has a vss writer, it is all online.
Finally, after the blocks are sent to the DPM server, the VSS writer will release the frozen blocks
In a nutshell, this is how the express full backups work.
But how does the synchronization works? Again, this was explained with an example so here goes:
We assume in our example that we are working with a database
Every xx minutes (depending on your settings) you synchronize the closed transaction logs
In the case that you need to recover, you return to the database express full backup from 0:00 and roll forward the transaction logs till the point in time that you want.
That’s it. So with DPM 2010 you can go to about any point back in time when you want.
Now how many points can you create?
If you perform the following schedule:
you want to be able to return 512 weeks times 7 days (one express full per day) times 24 times 4 (24 * 4 for 15 minutes synch) means 344.000 points in time. This is the maximum but would mean point in time recovery for the last 9 years!
Now here is the joke:
- MS doesn’t want you to recover a SQL 2005 database in 9 years
- It will cost a lot of disk
- It will cost A LOT of disk
(For your information, these are not my words :-))
If you want more information about this mechanism, make sure you check out http://edge.technet.com/Media/DPM-2007-SP1-How-does-DPM-really-work/ or one of our SCUG offline DPM events
You can imagine of course that there are some differences in protecting the different workloads. So here is an overview of the differences
Exchange 2007 LCR (Local Continuous Replication)
What is it? One exchange server with a redundant copy of the database. It can failover to the redundant copy in case of database corruption or when the drive is lost where the active database stands.
DPM will backup the database from the Active Database drive
Exchange 2007 CCR (Cluster Continuous Replication)
What is it? Redundant exchange servers and redundant databases. These can be geo-diverse and the database logs are replicated.
DPM can now backup the active or passive database which you prefer.
You can choose this on a role preferred base:
- Active – most current data
- Passive – least production impact
Or you can choose this on a node preferred base when you are working geo-diverse, then you choose the node closest to the DPM server.
Exchange 2007 SCR ( Standby Continuous Replication)
This is even more intelligent. Suppose you have a DPM server on your main site and exchange SCR. The first DPM server will protect from the passive node. SCR means that it will replicate to a standby node and if you see this picture this means that it need to replicate over the WAN. Suppose that you have a secondary DPM on that other site. Instead of replicating twice over the WAN, DPM is smart enough to do the second protection from the standby node, thus no additional bandwidth necessary.
Exchange 2010 DAG
And finally there is dag, where DPM works with a copy instead of a full backup. This lowers the resources necessary for protecting your exchange environment. See the screenshot
SQL Server Mirrored database
- Mirrors feature redundant SQL servers and redundant databases
- Databases logs are replicated
- Database Failover is automatically recovered
SQL Server Log Shipping
This features one SQL server with redundant databases.
- Each copy is treated as a unique drive by DPM
- Redundant backups require that both drives be protected
- Express Full’s only – no T-Logs
If you are wondering why there are no transaction log backups with this kind of solution, the reason is pretty simple… Never but never let a protection application work with the transaction logs when the system is doing it himself. It would be asking for trouble.
Sharepoint
Sharepoint uses a lookup to determine what kind of data is necessary to protect the sharepoint farm, including the content databases, web front end servers and so on.
For 2007 you still need a recovery farm if you want to do a item level recovery but with sharepoint 2010 you can actually do item-level recovery WITHOUT a recovery farm.
In the end, one final question…
Each time you deploy something… How are you going to back it up?
Till next,
Cheers,
Mike
Hey All,
Back to normal life so I found some time to blog about the most important thing that happened on MMS 2010. DPM 2010 has RTM-ed :-). Yes, you read it correctly, DPM has RTM-ed on monday 20th of april on MMS. Evaluation version is available at http://technet.microsoft.com/en-us/evalcenter/bb727240.aspx, EA and VL will be available in may and GA and MS Price list will be there on June the 1st.
For all those who love DPM, this was certainly something we were looking out for, and I certainly got spoiled over there. No less then 5 break-out sessions, 1 instructor led lab and 4 hands-on labs were there for the DPM fan.
Here’s the overview of what you have missed when you weren’t there:
Break-out sessions
- Technical Introduction to DPM 2010
- Protecting Applications with DPM 2010
- Protecting Windows Clients with DPM 2010
- Virtualization and Data Protection, Better Together
- Disaster Recovery and Advanced DPM 2010 Scenarios
Instructor Led Lab
- Technical Introduction to DPM 2010 – Instructor Led Lab
Hands-on labs
- Technical Introduction to DPM 2010
- How to protect SQL Server with DPM 2010
- How to protect SharePoint with DPM 2010
- How to protect Exchange Server with DPM 2010
In this series of posts I will cover the five break-out sessions and the partner announcements. Here is the overview:
DPM 2010 launch week @ MMS 2010: Part 1: Technical Introduction
DPM 2010 launch week @ MMS 2010: Part 2: Protection Applications
DPM 2010 launch week @ MMS 2010: Part 3: Protecting Windows Clients
DPM 2010 launch week @ MMS 2010: Part 4: Virtualization and Data Protection, better together
DPM 2010 launch week @ MMS 2010: Part 5: Disaster recovery and advanced scenarios
DPM 2010 launch week @ MMS 2010: Part 6: Partner announcements
Session 1: Technical Introduction to DPM 2010
The first session given by the backup guy himself Jason Buffington. The technical introduction started with the reason why MS decided to built a backup solution. Microsoft builds applications such as exchange, sql and sharepoint. Third-party vendors are building solutions to protect these environments. Microsoft found out that many companies waited to implement the new applications until the backup vendors are ready to protect the application. With the years passing by and the applications evolving, the backup vendors had more and more issues in protecting the workload. And that’s the reason why they decided to create their own solution.
Second important reason… When you are in disaster recovery mode, and you are trying to recover but something is failing, who do you turn to? The backup vendor? He or she will say it is an Microsoft issue. And Microsoft? They will say that the data isn’t written correctly on tape or on disk. So here is a gap. Now that Microsoft has its own backup solution it is much simpler. Something wrong? Microsoft support. Their applications, their backup solution. Fix it :-)
Here is an overview of what DPM is possible of protecting. This slide has been showed already many times and you will see it on many more occassions.
The statement about DPM couldn’t stay away either. Those who followed my DPM session @ Microsoft Belgium or watched it online through edge (link 1, link 2) will certainly remember this one:
System Center Data Protection Manager 2010 delivers unified data protection for Windows servers and clients as a best-of-breed backup & recovery solution from Microsoft, for Windows environments. DPM 2010 provides the best protection and most supportable restore scenarios from disk, tape and cloud -- in a scalable, reliable, manageable and cost-effective way.
Next up was an high-level overview of the capabilities of DPM 2010
These are the platforms supported with DPM 2010
- Windows Server® 2008 R2
- Windows Server® 2008
- Windows Storage Server 2008
- Windows Server® 2003 R2
- Windows Server® 2003 Service Pack 1
- Windows Storage Server 2003 R2
- Windows Unified Data Storage Server
- Windows® 7
- Windows Vista® Business or higher
- Windows® XP Professional - Service Pack 2
And these are the applications supported with DPM 2010
- Microsoft® SQL Server™ 2008
- Microsoft® SQL Server™ 2005
- Microsoft® SQL Server™ 2000 Service Pack 4
- SAP® running on Microsoft SQL Server
- Microsoft® Exchange Server 2010 – including DAG
- Microsoft® Exchange Server 2007 – including LCR, CCR , and SCR
- Microsoft® Exchange Server 2003 Service Pack 2
- Microsoft® Office SharePoint® Server 2010
- Microsoft® Office SharePoint® Server 2007
- Microsoft® Office SharePoint® Portal Server 2003
- Windows® SharePoint® Foundation Services 4.0
- Windows® SharePoint® Services version 3.0
- Windows® SharePoint® Services version 2.0
- Microsoft® Dynamics® AX 2009
- Windows® Essential Business Server 2008
- Windows® Small Business Server 2008
Also given was a short overview of what it can do with your application loads
File Services:
- Windows Server 2003 through 2008 R2
- Self-Service End-User Restore directly from Windows Explorer or Microsoft Office (yes, support from end-user recovery starting from Office 2003 or later)
SQL:
- SQL Server 2000 through 2008, including SAP®
- Protect entire SQL instance – auto-protection of new DB’s (Just select an instance and every new database within that instance is discovered and protected!)
- Ability to protect 1000’s of DB’s using a single DPM server
- Self-Service Restore Tool for Database Administrators (Let your SQL admins recover their databases their selves. No more backup administrator intervention!)
- Recover 2005 databases to 2008 servers (Great feature to test the compatibility of line of business applications onto the 2008 version of SQL)
Sharepoint:
- Office 14, MOSS 2007 and SPS 2003
- Auto-protection of new content databases within Farm
- Protect the Farm, Recover an Individual Document (Item-level recovery for sharepoint 2010 now without the need of a dedicated recovery farm!)
Exchange:
- Exchange 2003 through 2010
- Optimizations for SCC, CCR, SCR, DAG and ESE offloading
Hyper-V:
- Host-level backup of Hyper-V on WS 2008 R2
- Cluster Shared Volumes (CSV) support
- Seamless protection of Live Migrating VMs (VM moved to another host? DPM follows it to keep protecting it!)
- Alternate Host Recovery
- Item Level Recovery (Mount a vhd and restore only certain files out of the virtual machine!)
More information about the Client support
- Support for XP, Vista, and W7
- Backup over VPN and breaking news on MMS… Direct Access is supported in the RTM version!
- Scale to 1000 clients per DPM server
- “Unique user data” only
- Not the whole machine, so that the OS is not repeatedly backed up
- Integration with local Shadow Copies for Vista & W7
- Centrally configured from DPM admin UI
- End User enabled restore from local copies offline and online, as well as DPM copies
- Admin enabled restore from DPM copies
One of the most heard comments on DPM 2007 was that it wasn’t enterprise ready. The team worked hard in changing this and they succeed:
Scalability
- 100 Servers, 1000 Laptops, up to 2000 Database per Server
- Significantly increased fan-in of data sources per DPM server
- Up to 80 TB per DPM server
Reliability
- Automatic re-running of jobs and improved self-healing
- Automatic protection of new data sources for SQL & MOSS
- Decreased “Inconsistent Replicas” errors
- Reduced Alert volume
Licensing
Of course there had to be some explanation about the licensing. One of the cool features of DPM is that it only has one agent. Yes there are 2 versions of it, the 32 and 64 bit version, but in the end it is one agent. You want to protect workstations? 1 agent, you want to protect exchange? Same agent. System state? One agent.
Is it the same for the licensing? No, there are three different licenses for the agents as you can see in the screenshot:
- Client DPML
- 1 workstation protected means 1 client DPML.
- Standard DPML
- A server where you only protect files or system state will cost you 1 standard DPML
- Enterprise DPML
- A server where you protect application workloads such as exchange, sql, sharepoint, Bare Metal Recovery or DPM2DPM4DR (DPM to DPM for Disaster Recovery, more on that in part 5: Disaster recovery and advanced scenarios)
Do you need to calculate this for yourself? No, from the moment you start to protect something, DPM will calculate itself what kind of license you need. It is even getting better, you can deploy on every server or workstation a DPM agent with your favorite deployment tool. If it is not protected, you don’t pay anything and the agent will be sitting there, disabled, waiting to start working when YOU decide it.
Where does DPM situates?
The above screenshot shows the positioning of DPM. It is a part of the System Center suite and is both used with the “big brother” versions of system center and with “little sister” SCE. If you are still deciding on what to use as your management solution, make sure that you check out the SMSE and SMSD licenses for the suite.
That’s it for part 1, next parts will be more in depth of what has been told here.
Till then,
Cheers,
Mike
Hey Guys,
Fresh from the DPM blog: http://blogs.technet.com/dpm/archive/2010/04/14/new-dpm-solution-dpm-encountered-a-retryable-vss-error-when-trying-to-protect-a-hyper-v-vm-that-has-forefront-tmg-2010-installed.aspx
Whenever you have the following error:
Recovery point creation jobs for Microsoft Hyper-V \Backup Using Saved State\W2K8-R2 on protected_VM have been failing. The number of failed recovery point creation jobs = 1.
If the datasource protected is SharePoint, then click on the Error Details to view the list of databases for which recovery point creation failed. (ID 3114)
DPM encountered a retryable VSS error. (ID 30112 Details: VssError: The writer experienced a transient error. If the backup process is retried, the error may not reoccur.
(0x800423F3))
Then check out it out @ http://support.microsoft.com/?kbid=981948
Watch out, it is not a hotfix, but a workaround!
Cheers
Mike
Hey All,
A question that is asked a lot, so I thought I write about it. Can VMWare virtual machines be protected by DPM 2010 (and also with DPM 2007 by the way :-))? The answer is YES. How cool is that?
Here is a how-to:
To achieve this, we need VDR backup. In the current version (1.0.2) the backup repository must be in an ‘inactive’ state when it is copied to tape. When is it in an active state? When the following conditions are met:
Because of that, we need to make sure that the VDR is in an inactive state before copying the data to tape, or with other words, shut down the VDR application.
This guide also assumes that you have already configured your VDR appliance and that the backups are scheduled and running.
Before I get to that, I’ll first explain what the prerequisites are on the DPM protected server! What does this mean? It has to be done on the server that holds the backup disk for the virtual machines.
So far the prerequisites. Now it is time to create all the scripts to do the job.
Number on:
Create a bat file called ShutdownVDR.bat (as example, the name is free to chose)
In this example, all scripts will be placed under c:\dpmscripts
Type the folliowing in the bat file (note! This must be on 1 line…)
%systemdirectory%\windowspowershell\v1.0\powershell.exe -PSConsoleFile “%programfiles%\VMware\Infrastructure\VSphere PowerCLI\vim.psc1” -Command <scriptname>
Or, in my example:
C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe -PSConsoleFile “C:\Program Files\VMware\Infrastructure\VSphere PowerCLI\vim.psc1” -Command C:\DPMScripts\ShutdownVDR.ps1
The thorough reader has already seen that there is a .ps1 script that needs to be created… Here it is:
Connect-VIServer -Server <vCenterIPAddress> -Protocol https -User <adminUsername> -Password <password> shutdown-vmguest <VDRApplianceName> -Confirm:$False Disconnect-VIServer -Confirm:$False
or again according to my example
Connect-VIServer -Server 192.168.1.15 -Protocol https -User svc_user -Password VerYDiffICultPasswd shutdown-vmguest MP-VDR01 -Confirm:$False Disconnect-VIServer -Confirm:$False
Enough? No, we now have our shutdown of VDR in place, now it is time to create the startup.
StartupVDR.bat
%systemdirectory%\windowspowershell\v1.0\powershell.exe -PSConsoleFile “%programfiles%\VMware\Infrastructure\VSphere PowerCLI\vim.psc1” -Command <scriptname>
StartupVDR.ps1
Connect-VIServer -Server <vCenterIPAddress> -Protocol https -User <adminUsername> -Password <password> Start-VM <VDRApplianceName> Disconnect-VIServer -Confirm:$False
Configure the protected server
Now you need to configure the protected server so that it will execute pre and post scripts when it needs to perform a backup.
You do this by editing the Scriptingconfig.xml file on that protected server. This can be found under the agent installation directory (%programfiles%\Microsoft Data Protection Manager\DPM\Scripting\)
<?xml version="1.0" encoding="utf-8"?>
<ScriptConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/2003/dls/ScriptingConfig.xsd">
<DatasourceScriptConfig DataSourceName="<DataSource>">
<PreBackupScript><path>\<Script></PreBackupScript>
<PostBackupScript><path>\<Script></PostBackupScript>
<TimeOut>15 </DatasourceScriptConfig>
</ScriptConfiguration>
Change the path\script to the correct values. In my case it is c:\dpmscripts\shutdownVDR.bat for prebackup and c:\dpmscripts\startupVDR.bat for postbackup
Now just create a protection group that protects the specific drive and off you go…
With a lot of thanks to my colleague Arne Peleman.
Enjoy
Cheers,
Mike
Hey All,
A new hotfix rollup package is out for DPM 2007.
You can find the details here: http://support.microsoft.com/kb/979970
And the download can be found here: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=775e1a23-825f-450a-9d71-6b8c951ea748
The hotfix resolves following issues:
You may experience a crash in the Data Protection Manager engine when you run a tape job from a protected server. When you use the Data Protection Manager Management Console to browse Microsoft SharePoint Server recovery points or when you back up a SharePoint point to tape from disk, you receive the following error message: PrmDatasetDatasourceMismatchForArchiveOfSC (=30132)
A SharePoint recovery point in a secondary Data Protection Manager has a different set of datasets than the corresponding recovery point in the primary Data Protection Manager. Alerts for standby continuous replication (SCR) servers are not displayed in Microsoft Operations Manager. Default disk allocations may grow unexpectedly for system state protection. When you restore a SharePoint site that contains a WEB host header to an alternate location, the site is restored to the default site. Shared Services Provider (SSP) database protection is blocked when one or more SSP names begin with the same SSP name. The server is slow, and time-out errors may occur, when you run a backup-to-tape job. Data Protection Manager-owned tapes are marked as unrecognized. Data Protection Manager cannot retrieve SharePoint catalog information. Therefore, item-level recovery is not possible for some content databases. Additionally, you may receive the following error code: 3103
You receive the following protection agent error code when bulk tape jobs cannot be completed successfully: 0x80990C27
You may experience a Data Protection Manager engine crash during backup to tape. The Data Protection Manager Management Console does not display recovery points before the year 2010 in some scenarios.
As usual, the hotfix contains all previous hotfix rollups.
Make sure you read the knowledgebase article well because after the hotfix, there could be an issue
Also make sure you have the correct prerequisites (SP1 and KB962975)
During the installation, make sure that you select Manually restart the selected servers because it is not necessary to restart the servers
Cheers,
Mike
Hey All,
Every DPM administrator will have sooner or later this problem. A server has been removed, decommissioned or went dead suddenly. But the agent was never installed through the UI so it remains there. DPM starts to throw errors at you because it’s not possible anymore to backup that server and you want to delete the agent from the console. And, of course, business requires that you retain the data for a specific period.
If that period is within the thresholds that have been set, then there is no problem as you will see later in this post. However, if you need to maintain the data longer, then you better “restore” the data to a tape, so you can store it away for a longer time.
But, for today, here is the procedure how to remove the ‘dead’ agent
In this screenshot you can see an agent that is not reachable anymore.
So I tried to remove the agent. I did right click and choose Uninstall
This is the error I’m getting. The server is still in one of my protection groups, so I can’t remove it until I first remove it from the protection group.
So I’m going to the protection group
Right-click and choose Stop Protection of Group.
Note: In case you want to remove a server out of a protection group, but don’t remove the protection group then you need to modify it. It will automatically create an Inactive protection for previously protected data in the UI
I choose to delete the protection group and retain the data
After the job, I have an inactive protection for this source
So back to my management, right-click on the dead server and Uninstall
I have to enter my credentials
The agent is being uninstalled
But as said, the server is dead, so this is not going to work. DPM now asks me if I want to remove the agent record from the database. I choose Yes
At the end, DPM still tells me that the job has failed, but since I told him to remove the record, it should have done the job after all. And indeed, the server will not be listed anymore in the UI.
When I go back to protection, I will see that I still have data for that source and still can restore if needed. Again, don’t forget to restore to somewhere if you need it longer, otherwise the data will be gone after it’s protection period is over
Cheers,
Mike
Hey All,
This is part 3 of our Sharepoint protection in DPM 2010 serie and also the last part.
You can find the other two parts here:
http://scug.be/blogs/scdpm/archive/2010/03/11/sharepoint-2010-protection-in-dpm-2010-part-1.aspx
http://scug.be/blogs/scdpm/archive/2010/03/12/sharepoint-2010-protection-in-dpm-2010-part-2.aspx
Item-level recovery
So what is Item-level recovery? Item-level recovery means that you can recover a single document, list, page or whatever. While it was already possible in Sharepoint 2007 and DPM 2007, you needed a sharepoint recovery farm to do this. And the recovery farm had to be at the exact level as the production farm. If you hadn’t had this farm, then you could only recover a complete farm or site collection.
With Sharepoint 2010 and DPM 2010, you can do item-level recovery without the need of a recovery farm.
Every 24 hours, DPM will create a catalogue of the Sharepoint environment in order to allow the item-level recovery. In case you need to do an item-level recovery before the 24 hour (such as demo-purposes :-)) you can run the following powershell commands to force this task
$pg = Get-ProtectionGroup <dpmservername>
$ds = Get-Datasource $pg[index1] (index1 points to the protection where
SharePoint is protected, to see all protection groups try $pg)
Start-CreateCatalog $ds[index2] (index2 points to the SharePoint datasource,
to see all datasources try $ds)
Example
In my demo environment, I have a sharepoint farm running which is the view you will get after a basic installation with one site configured
As you can see in the screenshot, I have modified the home page a bit. Now I’m going to modify it again
Of course, now I realize I made a mistake, don’t have a clue what it used to be before and I call IT to restore :-)
So IT will start from the DPM UI
As you can see, In the recovery pane, I can see the sharepoint farm and some items under there. I need to recover a page, so I need to be in the WSS Content
After some drilling down, I reached the page that need to be recovered. I select this page, also select the time from which I want to recover and start a recovery.
So here are my options.
- Recover to original site
- Recover to alternate site
- Export selected items into a network folder (not possible in this case)
- to tape
In our case, I’m going to recover to the original site
Now I get the option to do a recovery without or with a recovery farm. Since the purpose of today was to demonstrate it without the recovery farm…
Now you need to make some decisions. The first you need to decide is the SQL instance that you want to use to recover temporarily the content database where the item is located. You can use the same SQL instance as where the production farm is located, but this will give some additional load so if that is not an option, choose another SQL instance if possible.
The second choice you need to make is a location where the database can be temporarily copied to. This can be any volume or share that you want, but you need to have enough space free to copy the entire database to that location.
Next screen, you will need to give again a file location for the temporary location of the item that you want to recover. This has to be on a front-end web server so that the item can be inserted from there into the sharepoint farm.
Again some options in the next screen. the security that you want to apply, bandwidth throttling if necessary, SAN recovery if that is supported and a notification if you have configured email notification
Finally you will receive the summary.
And here the recovery is busy. You can close this window and follow the progress in the jobs pane.
And here you can see that the recovery is successful.
Now when I switch back to the sharepoint farm, you can see that my original page is restored
That’s it
Cheers,
Mike
Hey All,
This is the second part of the 3-part sharepoint 2010 protection series
In the first part we looked at the things that were necessary as prerequiste to protect a sharepoint farm. We also looked at some details about sharepoint protection.
Today, we gonna create a protection group for sharepoint.
Background information
This picture shows how DPM works for sharepoint protection.
So when we are protecting a sharepoint farm (as said in the previous post) with one click, then we are protecting all these items with their different writers.
Basically, when you want to protect a sharepoint farm, DPM 2010 will do everything for you in the back-end. That’s easy :-)
Don’t forget, whenever you create a new content database, and the auto-protect option is enabled, then it will be automatically protected within 24 hours.
You will however get a warning alert in the Console that there is a new content database.
The same will happen when the Sharepoint Administrators delete a content database. DPM 2010 will figure this out, give you a warning alert, and you just need to follow the information in that alert to reconfigure the protection group.
One other thing that can go wrong is that the Sharepoint administrators change the farm administrator password that you use to protect (see previous post). At that moment, you will get a warning alert but DPM will continue to backup everything he knows. However, he won’t be able to query the config database anymore, so he won’t know when there are (for example) new content databases. So if you are having this issue, perform the commands again from my previous post with the new password (or even new user and passwords) and you’re back ok.
Create the protection group
Ok, so let’s create a protection group for sharepoint.
Choose Servers to continue
When I open my sharepoint server, I will see a possibility of choosing a sharepoint farm. So I select it
Here I choose my short-term and long term protection. No tape library in my environment here so…
Time to choose the settings for the short-term protection. So here you can define how long you want to be able to recover and when he needs to take a full express backup. Note that this is the only possibility for sharepoint farm protection. Synchronizations are not possible. If you wander how many disk space this is going to eat, then you need to calculate your chunk that you have each day. But how do you calculate this chunk? Well, with DPM you can find out, so my suggestion would be to use the tool a few days to see the changes, and use the excel sheets that can do an estimate based on your input.
DPM will calculate itself the diskspace, but since it doesn’t know how many data changes there are on average a day, it will remain an estimate. You can however choose to let the auto-grow option on so that it will automatically grows the volume. (DPM admins, don’t forget to review the great disk utilization reports weekly :-))
Note that the co-location option is not selectable. This is because co-location is not supported for Sharepoint protection.
Choose when you want to create the initial replica. This is preferred to do outside the working hours if you are having a large farm that is used intensively.
Here you have the option to do an automatic consistency check when the replica isn’t consistent anymore or to do it on a daily base on a fixed hour. My advice, if possible, do it automatically whenever it is inconsistent but if the load is too heavy on your production sharepoint servers, then schedule it on a daily base after working hours or at the most convenient time.
Finally the summary
Ok. In our next post, we will show you how you can do an item-level recovery.
Cheers,
Mike
Hey All,
This post will the first of three about sharepoint protection.
Part 1 will be about the preparation to protect a sharepoint farm and some background information what DPM can do with your sharepoint farm.
Part 2 will be about creating a protection group for the sharepoint farm and some explanation on how it works
Part 3 will be an example of how you can do level-item restore and what is necessary to achieve this.
Background information
So what can we protect with DPM 2010? Here’s the list
- Microsoft Office SharePoint Portal Server 2003
- Microsoft Office SharePoint Server 2007
- Microsoft Office SharePoint Server 2010
- Windows SharePoint Foundation 2010
- Windows SharePoint Services version 3.0
- Windows SharePoint Services version 2.0
So what can we do? We can do a farm protection with one-click, there is the possibility of automatically protecting new content databases. We can do a recovery of an entire farm, an entier Database, a Site Collection, a Site and an Item.
Please note that this Site and Item level recovery only works with Sharepoint 2010 without a recovery farm.
Oke, sound all good, time to prepare my environment for Sharepoint protection.
Preparing the Sharepoint environment
First is first, in my labo environment, I only had one server running everything from sharepoint, the front-end IIS, the Sharepoint 2010 application and the SQL server. It ran on a windows server 2008 R2 and was the latest beta available on the connect site.
I started with deploying an agent to the sharepoint server. After that is done, you need to configure something extra on the sharepoint box. So here goes:
Open a command prompt as administrator and go to the DPM agent installation bin folder(default: %programfiles%\Microsoft Data Protection Manager\DPM\bin)
Run the command ConfigureSharepoint.exe –enableSharepointProtection
This will enable the protection of the sharepoint farm. It will enable the WSSCmdletsWrapper DCOM object and the WSS VSS writer. As you can see in the screenshot, it will ask you for a username and password. This needs to be the (or a) farm administrator account.
After that, we are going to run another command: ConfigureSharepoint.exe EnableSPSearchProtection
This will enable the protection of the Search provider. Again, you need to enter the username and password for a sharepoint administrator.
Oke, now let’s have a better look at the command.
Syntax:
ConfigureSharePoint.exe [-EnableSharePointProtection] | [-EnableSPSearchProtection] | [-ResolveAllSqlAliases] | [-SetTempPath <Path>]
Requirement:
This command should be run as a local administrator. For Windows 2008 onwards, ensure that this command is run from an elevated command prompt.
Parameters:
-EnableSharePointProtection
Enables the protection of SharePoint farm. It registers the WSSCmdletsWrapper DCOM object and enables the WSS VSS writer. When prompted to enter user name and password, enter the credentials of the SharePoint farm administrator.
-EnableSPSearchProtection
Enables the protection of WSS 3.0 Search and MOSS 2007 SSP. It registers the WSSCmdletsWrapper DCOM object. When prompted to enter user name and password, enter the credentials of the SharePoint farm administrator.
-ResolveAllSqlAliases
This option can be run only after running -EnableSharePointProtection or -EnableSPSearchProtection on the server. It provides information about all the SQL aliases reported by the WSS VSS writer and resolves them to the corresponding SQL Server instance names. If a SharePoint database is mirrored and configured with SQL alias then the corresponding mirror's SQL Server instance name is displayed as well. This option also reports all the SQL aliases that cannot be resolved to any SQL Server.
-SetTempPath <Path>
Sets the environment variable TEMP and TMP to the specified path
The good observer ;-) has seen that you can run the parameters all at once so that you don’t need to give the username and password twice.
One important note… The farm administrator account doesn’t need to be local administrator on the Web Front End. This was a requirement for DPM 2007. From the moment you do perform the command, DPM 2010 will give the following permissions to the sharepoint farm administrator:
- Read and Execute to all DPM directories.
- Read, Execute and Write (all) access on Temp directory in the DPM directory.
- Read permissions to the DPM hive in the registry.
That’s it for now, next post will be the creation of a protection group
Cheers,
Mike
Hey All,
I’m receiving sometimes the question about manual installation of DPM agents. Sometimes this is because off using deployment tools, other times it is because of firewall restrictions on the server.
The DPM agent installer from the console works great but when it needs to be done manual, it just needs to be done manual.
So for this, here is a small example on how to achieve this.
In this example, I will install the agent manually on the server, but it is perfectly possible to do this with SCCM or SCE or MDT.
First we need to find the agent installer sources
Depending on which version you need, choose it. In this case it was a 64-bit server.
When the agent installation is complete, we need to run following command
The command is: SetDpmServer.exe –dpmServerName <name server>
Note that when the DPM server is in another domain, use the FQDN
As you can see, the DPM command is now configuring a few items
After that, you need to go to the console and choose to install agents
But instead of choosing the option Install Agents you need to choose Attach Agents and then depending on your situation: Computers on Active Directory Domain or Computers in Workgroup or Untrusted Domain
In my case, it is Computers on Active Directory Domain
In this window you need to choose your servers. This can be one server but multiple at the same time is also possible.
Give the correct credentials
A review, press Attach to start the task
And quickly after, you will get the notification that it is a success.
That’s it.
But what if you want to do the command part on the server to be protected automatically?
This can be achieved by using parameters in your installation package for SCCM, MDT or SCE
USAGE:
DpmAgentInstaller.exe [/q] [<DPM server name>]
[<DPM server name>]
The name of the DPM server to be used for protecting this computer. Specify this parameter if the DPM server is known. If you are installing the DPM protection agent as a part of an image, skip this parameter. You can set the DPM server later using the SetDpmServer.exe tool.
[/q]
Performs a silent install.
So using the following command in your package should solve your problem here: DpmAgentInstaller.exe /q <DPMServerName>
So is this something you would want to use or not? In my opinion, every windows server that you deploy should receive an agent. Why? Because you never know when you need to backup that server. With DPM it is very easy to set the agent for a server as disabled. It won’t use any license so that won’t cause a problem.
Just my 2 cents
Cheers,
Mike
Hey All,
Microsoft just released an excel document called the SCDPM Upgrade Advisor
http://blogs.technet.com/dpm/archive/2010/02/26/upgrade-advisor-for-dpm-2010-now-available.aspx
This document will give you guidelines in how to upgrade SCDPM 2007 installations to DPM 2010 installations, even if your DPM 2007 is running on 32-bit OS.
Looks great and with a lot of options to choose, even when you have a secondary DPM server you can choose this option.
Cheers,
Mike
Hey All,
Last post, I’ve installed remotely a client agent to a workstation in another domain and over VPN. Now it is time to create a protection group with a policy and do the first synchronization. Again I want to see how it will react when I do this when the workstation is under a heavy load. I figured that I might need to do this when a user is working at home or in a hotel and so I need to know if the synchronization will work.
During the first synchronization, I worked on the laptop and I was doing the following tasks:
* VPN open
* Outlook open
* MSN and Office Messenger Open
* Tweetdeck open
* Listening at an internet radio
* Downloading large files from the Microsoft Connect site
* Many programs open and about 30 internet pages open
But first is first, let’s create a protection group
![clip_image001[4]](http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/scdpm/clip_5F00_image0014_5F00_thumb_5F00_702C5DC1.png "clip_image001[4]")
On the second screen, I choose for Clients instead of servers
![Devil]( "clip_image001<img src=")
" border="0" alt="clip_image001
" src="http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/scdpm/clip_5F00_image0016_5F00_thumb_5F00_75D7519A.png" width="244" height="184" />
On the next screen, I can select my clients. The good part here is that if you select clients that don’t have an agent yet, you can install them now, and those who have an agent but aren’t connected yet to the DPM server will be attached. In my case, the client already has an agent and is attached, so I just select my client. Because I installed the agent, it is now visible in the list, although it is in another domain.
![Music]( "clip_image001<img src=")
" border="0" alt="clip_image001
" src="http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/scdpm/clip_5F00_image0018_5F00_thumb_5F00_45142422.png" width="244" height="184" />
Here it becomes very interesting. I can start on this screen by creating inclusions and exclusions for my clients.
![clip_image001[10]](http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/scdpm/clip_5F00_image00110_5F00_thumb_5F00_380A1E44.png "clip_image001[10]")
Here you can see that I have included My Documents but excluded music and temporary internet files
You can add your own directories to it but you already receive a nice list of possibilities
Also, on that screen is an option where you can allow your users to add directories themselves that need to be protected. But if you have excluded a folder and they still want to protect it, they will get a notification that it is not possible (see later in this post)
![clip_image001[12]](http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/scdpm/clip_5F00_image00112_5F00_thumb_5F00_2D894A24.png "clip_image001[12]")
And you also have the possibility to exclude certain file types
I have to choose for Short term protection since I don’t have a tape drive in my test environment
Now this will be one were a lot of discussion will be. How many times a day do you want to synchronize, what will be the retention range, how long before a disconnected client needs to start alerting?
For the tests I kept it at a minimum but these settings will need to be thought through very good in a real-life situation.
![clip_image001[14]](http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/scdpm/clip_5F00_image00114_5F00_thumb_5F00_1BD913BF.png "clip_image001[14]")
This is the alerting option, as said, it will need some serious thinking what the setting will be here. Is 14 days (the default) enough? When you are away for 2 weeks on holiday, then the 14 days is not enough because you are then away from the office for about 18 days (first and last weekend included), so every company will need to think this through.
Now I need to chose my storage. For this test I will not co-locate my data because I don’t have enough disk space for this in my test environment. What I have read about it is that you choose co-location from the moment you have 10 clients. If you are below, you better split-up so that you don’t lose too much storage.
I also let the Automatically grow the volume option on. This is a very handy new feature and many DPM administrators that are now using DPM 2007 will be very happy with it. Of course this is a risk as your volumes can keep growing until you are out of disk space, but a good backup admin (I actually prefer Protection and DR admin for this product :-) will check the reports on a regular base so that should not cause any problems.
The summary, which includes the link to Optimize Performance which I will probably discussing later on
![clip_image001[16]](http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/scdpm/clip_5F00_image00116_5F00_thumb_5F00_74124BFA.png "clip_image001[16]")
And finally the success.
So I finally started the synchronization and waited, waited, waited for a very long time.
Some other screenshots:
![clip_image001[18]](http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/scdpm/clip_5F00_image00118_5F00_thumb_5F00_13B0FFF6.png "clip_image001[18]")
Trying to add the music folder to the protected items
![clip_image001[20]](http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/scdpm/clip_5F00_image00120_5F00_thumb_5F00_70345B90.png "clip_image001[20]")
DPM Synchronizing
Final Conclusion and lessons learnt
The process seems to be working great. Although I took it through a heavy test-drive everything worked flawlessly.
The only minor point was the initial synchronization. It took about half an hour to synchronize 170 MB. But then again, I was pushing the limits. But I needed to know how DPM would react because you might need to do this once, and 170 MB of changes will occur on client workstation.
Cheers,
Mike
Hey All,
One of the exiting features of DPM 2010 is the improved client protection of workstations. In this post, I’ll give some more information about it. To make it a bit tricky, I decided to try to install the agent on a workstation
(windows 7, 32-bit) that resides
a. In a different domain (but a fully trusted domain)
b. Is not in the office but connected through a VPN, sitting at home
Since I assume that client protection will be getting more and more attention from companies, I decided to test it out thoroughly. Both for the installation and the first synchronization I decided not to follow the guidelines but really try to do the worst scenario.
1. The installation
Installing the client is the same as installing a server. Manuals from the beta (before the RC) mentioned that I should install it manually (or through solutions such as SCCM or SCE) but I thought that it also would be possible to do this through the UI.
I start by taking the "install agent” option since I didn’t installed it yet. Note also the attach agents that can be used when an agent is installed manually.
Now I need to select the workstation. He will only list the workstations and servers from the domain that the DPM server resides in, so to connect to my workstation on another domain, I had to type in the FQDN name in the box
Here I can give in the credentials for a user that has administrative rights on the workstation in that domain
I decided here not to restart the workstation automatically, instead, I wanted to test if it really is necessary to restart which could be a killer in very large environments.
Finally, the summary and ready to install. Now one little note drew my attention: The computer may momentarily lose network connectivity during installation.
Since the workstation is on a client vpn, this could be tricky :-)
Also, before you can actually do this, you need to make sure that your firewall is configured correctly. I failed the first time because my firewall was wrong configured.
And then the screen of success came. Now I didn’t see the client lose network connectivity, and if it did, then it had to be very short because my VPN tunnel didn’t drop so that seems to be working.
Now let’s look a bit at the changes on the client.
First, I found two new services
Second, here’s how the Client UI looks:
This client already has a policy, but how that works I will explain in next post.
Lessons learnt:
* It is possible to install the agent on a workstation through the GUI from DPM itself.
* You can do it over a VPN connection
* Windows 7 doesn’t need to reboot afterwards
* The DPM client UI will demonstrate a small icon in the notification area after the reboot, but you can start it by starting manually the DPM UI without rebooting
* In windows 7, when you want to see this icon, you need to change the notification settings
![clip_image001[4]](http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/scdpm/clip_5F00_image0014_5F00_thumb_5F00_65DBDFBF.png "clip_image001[4]")
And this is the icon, and more information when you right-click on it
![Devil]( "clip_image001<img src=")
" border="0" alt="clip_image001" src="http://scug.be/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/scdpm/clip_5F00_image0016_5F00_thumb_5F00_41F30865.png" width="230" height="244" />
Last picture is from a client that is disconnect from the server
Allright, next post: Create a protection group and do the first synchronization, over the VPN of course :-)
Cheers,
Mike
Hey All,
Microsoft released a hotfix for potential problems with Windows Server 2008 systems.
Could be an important one if you are experiencing issues with dynamic disks, which is what DPM uses.
Hotfix: http://support.microsoft.com/kb/962975
Information: http://blogs.technet.com/dpm/archive/2010/02/18/dynamic-disk-hotfix.aspx
Cheers,
Mike
What's new in DPM 2010
Microsoft released the public beta for Microsoft System Center Data Protection Manager (DPM) 2010. Attend this webcast to learn about Data Protection Manager 2010 and the product features that are causing excitement in the IT community! We will walk you through most of the new features in DPM 2010 and the enhancements that were made to the Data Protection Manager 2007 Service Pack 1 (SP1) solution, which is protecting Windows-based application servers and file servers today.
Speaker: Mike Resseler
I'm an Implementation Consultant working for Ferranti Computer Systems NV. I am happily married and have two lovely daughters. I like all the system center products because I believe they can be an added value for managing an infrastructure.
My Blog http://scug.be/blogs/mike/
Agenda Wednesday, March 3, 2010
- 18:00 Registration and lunch
- 18:45 Welcome
- 19:00 What's new in DPM 2010
- 21:00 Q&A and drink
More info can be found on http://scug.be/content/Events.aspx
Hey All,
Just to let you know…
Since I did an upgrade yesterday from the beta to RC, I now have two instances of SQL
MSDPMV3BETA1EVAL and MSDPM2010RCEVAL
After searching through the newsgroups, it got confirmed that you can throw away the BETA instance
Cheers,
Mike
Hey All,
Download of the DPM 2010 RC is finished, uploaded to my test server so here goes:
Documentation?
First thing noticed, there is no documentation with it so I will have to do it with the older documentation from the beta. Not so good since there are additional features in the RC and I was hoping on reading about it.
So I figured I just start and see where I get :-)
Installation
Ah, maybe here is some information… So let’s try it out. I’ve looked at Review System Requirements,View Release Notes and Read Setup Help but they all pointed to DPM 2007 information. So let’s go for the Install Data Protection Manager link then.
First error, so let’s fix this first. Apparently I was still working with the CTP version of Windows Powershell 2.0 so I had to remove it first.
Second try.
Since I uninstalled Powershell, the intstallation wizard is enabling it now. This takes a long time… but finally
Of course, protection jobs cannot run during the upgrade and you need to upgrade your agents immediately afterwards but this you get each time you do an upgrade with DPM. Press Next to continue
So the prerequisite checker is running, and I seem to be not passed
So here are my prerequisites missing:
KB 962975: Dynamic Disks are marked as “Invalid” on a computer that is running Windows Server 2008 or Windows Vista when you bring the disks online, take the disks offline, or restart the computer if Data Protection Manager is installed.
KB 975759: An application or service that uses a file system filter driver may experience function failure on a computer that is running Windows Vista, Windows Server 2003, or Windows Server 2008
and finally Windows Management Framework Core package (Windows PowerShell 2.0 and WinRM 2.0)
A reboot is needed, so we will have to start from scratch again. Lessons learnt, take these hotfixes with you when you need to install DPM 2010
So I ran back through my setup and came back to the prerequisites screen
Now everything is ok so let’s continue
Since I am upgrading, and the installation used to had a dedicated SQL instance, I will reuse it
Give the password for the local accounts that will be used.
Choose whether you want to use the Microsoft Update or not
Customer improvement experience can’t be changed during the RC, this will be possible in the RTM version of course
Upgrade has been successfully… but I have a warning tab, so let’s read
Seems logical :-)
Allright, let’s start the console and go to management.
I need to update an agent
The same warning that you always receive when upgrading something. Any running jobs will fail, and you need to do a consistency check afterwards
A big difference between 2007 is that I didn’t had to run through a wizard. I just clicked OK on the warning and the upgrade starts.
This is the error that you get when you have an agent with a previous version
The upgrade however failed
According to the newsgroups, I wasn’t the only one with this problem. After a while (the second time) it worked.
New Agent Version
The new agent version is now 3.0.7558.0
Cheers,
Mike
Hey All,
A very interesting day today and yesterday as I have seen many interesting information passing by. Instead of creating a post for each of them, I will put them all together here.
First, as said in a previous post, DPM 2010 RC is out and I’m already starting to play with it.
Second, the DPM team has released a list of the Tested hardware VSS provider that are tested and found compatible with DPM for protecting virtual machines deployed on Clustered Shared Volumes.
See http://blogs.technet.com/dpm/archive/2010/02/05/tested-hardware-vss-provider-table.aspx for more information.
Another post is written on Hyper-V and protecting it with DPM 2010 beta. Some great powershell scripts are posted there for auto protecting your new virtual machines also on the Secondary DPM if you have a situation like that.
See http://blogs.technet.com/dpm/archive/2010/02/08/hyper-v-protection-with-dpm-2010-beta-how-to-automatically-protect-new-virtual-machines-on-a-secondary-dpm.aspx
Finally, there is a webcast about Reducing IT Costs in the Datacenter with System Center which I’m going to try to view as soon as possible because this sounds very interesting.
Check http://blogs.technet.com/systemcenter/archive/2010/02/09/reducing-it-costs-in-the-datacenter-with-system-center.aspx for the webcast
Till next, which will be about doing an upgrade from the DPM 2010 beta to RC
Cheers,
Mike
Hey All,
Just saw a nice video about troubleshooting Sharepoint Recoveries with system center data protection manager 2007.
The video is created by Shane Brasher who is a Senior DPM Support Escalation Engineer.
You can find the video @ http://blogs.technet.com/dpm/archive/2010/02/03/troubleshooting-sharepoint-recoveries-for-dpm.aspx
In the Video, Shane demonstrates two common failures and how to find information about them.
One of these errors is not enough disk space for the recovery. It is indeed a fact that to recover something from sharepoint you need to recover the entire site. And this is sometimes overlooked by administrators. Both on the recovery farm as the production farm you need to have enough space to recover.
The error you will receive is ID 2035 and can be found in the DPM UI, eventviewer and the MSDPMCurr.errlog
And finally, it is also found back in the trace logs when you need to make them for Microsoft Support.
The other error he explained is a little more difficult to understand. What he did was recover a site but to an alternate site.
The error shown now was ID 32005: The system cannot find the file specified.
Again, this error is visible in the DPM UI, eventviewer and the MSDPMCurr.errorlog but just shows this cryptic notification.
The log you need here is the WSSCmdLetsWrapperCurr.errlog where there is a much better answer about this error.
It states that you are trying to restore a site to another location which has the wrong template so be aware.
Anyway, a must seen video for all you DPM admins out there.
Cheers,
Mike
Hey All,
Just attended a live meeting on System Center and Sharepoint 2010 and as usual, it was looking very promising again.
Although this is the blog about Data Protection Manager I will briefly tell also about Operations Manager and Virtualization but my main focus will be on DPM.
Sharepoint is a collaboration product that is used in many companies. Many IT administrators will acknowledge that the product has become an essential asset in a business environment, but they will also acknowledge that it is a hell of a product to maintain. This is basically because of the nature of the product. Many team sites are created, project sites, document libraries and so on and for each type there is security and so on… To keep track on this, is very difficult for an IT admin. It even becomes more difficult when a user has deleted a document, site or whatever and you are in charge of recovering it.
Another big issue with Sharepoint is managing the different farms. When you only have one farm, you have one site where you can manage it, but when you have multiple, it’s getting more difficult to maintain it.
System Center should be the answer to that, beginning with Operations Manager 2007 and the new Management Pack for Sharepoint 2010.
Operations Manager
This management pack has some great advantages. To start with, the product team really has listened to the customers and the feedback that they got. In the meeting, they explained that the new Management Pack was designed specifically to manage your entire sharepoint infrastructure (which can be multiple farms) from one console. And this is great, even fantastic. And they went further. The new management pack will be able to monitor the logical entity of your infrastructure. This means that you will now have the possibility to monitor your SLA’s about sharepoint. When one server is down, but another one is up that does the same thing, your sharepoint infrastructure will be healthy for your SLA. And that is exactly what we want.
Check out the next pictures
And there’s more. They have reduced the alerting noise in the management pack. All common component monitoring such as SQL and IIS are disabled by default. Why? Because you will probably have IIS management pack and SQL management pack in your environment anyway. And if not, you still can enable these monitors. Important here is that you still will see that the sharepoint infrastructure is down, but not 5 times anymore when the problem is SQL oriented. I’m not sure if this is correct, but I think the makers of this management pack listened very carefully to the Exchange Management Pack programmers :-)
Also, they have added all features of sharepoint (search, project server, Office web apps…) into 1 management pack and into one view. So for all you OpsMgr admins out there… it will become easier to “deploy” a view to your sharepoint admins. Again, cool stuff.
Now what are the changes between 2007 and 2010
As you can see in the picture… A lot. A lot more monitors, less rules, more classes. All great news, but what more? Less reports… Huh? Less reports? This is not good. However, the team promised us that they kept only the reports that mattered. All the other reports are SQL data, IIS data and those reports are in the other management packs.
A new feature is the SPHA rules. SPHA stands for SharePoint Health Analyzer and are standard in the Sharepoint product. The good thing here is that you can create your own rules in Sharepoint (by a Sharepoint admin for example) and that Operations Manager automatically will add this to its management pack. Again, a very nice feature and one that Sharepoint admins will love to have.
Virtualization
The last topic off the day was Virtualization but was only touched lightly. Nevertheless I’m gonna give you the slide here before I start with my favorite topic ;-) SCDPM
Data Protection Manager
And this was presented by Jason Buffington (yep, him again :-)). And Jason demonstrated (this guy really loves demo’s, even with all the risks :-)) in short what we can expect for Sharepoint 2010 protection with DPM 2010.
Following screenshots demonstrate the difference between DPM 2007 (w. Sharepoint 2007) and DPM 2010 (w. Sharepoint 2010)
To make a long story short… While you need a recovery farm today, you will be recovering single documents straight to the production infrastructure tomorrow. And you will have all the possibilities for Disaster Recovery and so on too (see my previous post for more explanation on this).
As always, DPM 2010 for sharepoint proves to be another great backup solution, but not only a backup solution, it will be much more then that. The workload will be perfectly protected through DPM with quick recoveries, automatic consistency checks and SLA’s that will be easily met.
And it’s getting better. If you have a management solution that automatically deploys a DPM agent onto a new server (think Dynamic Data Center) and you deploy a new server that is part of the Sharepoint infrastructure, DPM will automatically recognize this and add it to the protection group. No more “forgetting” about the new server…
You really got to see it in action… Jason, if you read this, try convincing your boss to come over to Belgium for a meeting with the Belgium System Center User Group ;-)
My conclusion
The different teams really have listened to the remarks of the customers, influencers and MVP’s. And that’s a fantastic thing. Managing your Sharepoint infrastructure will become easier, more straightforward and better protected then ever. In the next months, when Sharepoint 2010 will go live in many companies, a lot of admins will need to discuss the System Center products to their peers also, because implementing a solution is one thing, maintaining it is different.
Will this be perfect? Probably not, but since the system center products are more “frameworks”, you can easily adapt it to your own needs, and don’t forget, the product teams actually listen to the feedback, so contact them if necessary.
Till next time.
Cheers,
Mike
Hey All,
Last Thursday was an exiting day for all the DPM fans out there. Jason Buffington was presenting a webcast about the new features and improvements in DPM 2010, that will go RC in a couple of weeks. Jason mentioned it will probably the first full week of February.
That said, I was unable to attend the webcast. Had an appointment and couldn’t get out of it so I had to wait last weekend until it got available offline. And it is, so here are the highlights.
First, and certainly not last, Jason was rocking again ;-), he knows how to get you enthusiastic about a “backup” solution. Great work Jason.
Second, and probably more important, what was in the webcast…
It all started with an overview picture of the differences between DPM 2007 and 2010. And although there are a few differences in the workloads that can be protected, such as Exchange 2010, Sharepoint 2010, Dynamics natively, Hyper-V R2 on CSV etc…, that really aren’t the most exiting things about the new release. In fact, that is what everybody expected in the first place when the new version arrived. No, as the webcast continued, many great features and enhancements came in sight, causing this to become a truly, full-blown, protection application. Yes, you have read it correctly, not a backup system, but a protection system because in my opinion, it is more then just a backup solution. With features of backup up to other protection servers, in other geographical locations, end-user recovery for files AND for SQL administrators, with more and more applications from Microsoft where you can have single-item restore, this will be an application that every windows administrator need to have a look at.
Jason continued the session with a statement:
System Center Data Protection Manager 2010 delivers unified data protection for Windows servers and clients as a best-of-breed backup & recovery solution from Microsoft, for Windows environments. DPM 2010 provides the best protection and most supportable restore scenarios from disk, tape and cloud – in a scalable, reliable, manageable and cost-effective way.
Now here is a hard statement :-). But in fact, if you will read further on, you will notice that the team behind DPM 2010 really has pushed the limit for making this version an enterprise-ready solution, that can back-up everything you want, including desktops and laptops, servers, server loads and so on, with one agent. DPM 2007 was already a great solution, but the problem was that there were some issues that needed to be resolved. And not only that, some functionality was missing too. But here we are, 2010 almost live and it seems that they have listened to the customers. Just keep reading :-)
All right, what are the exact workloads on Windows Platforms?
DPM 2010 will support:
- Windows Server 2008 R2
- Windows Server 2008
- Windows Storage Server 2008
- Windows Storage Server 2003 R2
- Windows Storage Server 2003 SP1
- Windows Storage Server 2003 R2
- Windows Unified Data Storage Server
- Windows 7
- Windows Vista (business or higher)
- Windows XP Pro SP2
And here is the list of workloads:
- SQL Server 2008
- SQL Server 2005
- SQL Server 2000 SP4
- SAP running on SQL Server (Although this is not a “known” workload in the GUI, you still can protect it, search for the white paper on how to do that)
- Exchange 2010, including DAG
- Exchange 2007, including LCR, CCR and SCR
- Exchange 2003 SP2
- Sharepoint Server 2010
- Sharepoint Server 2007
- Sharepoint portal server 2003
- Sharepoint Foundation 2010
- Sharepoint Services version 3.0
- Sharepoint Services version 2.0
- Dynamics AX 2009
- Essentials Business Server 2008
- Small Business Server 2008
After that, they gave us some more information about the features of these products:
Not much has changed here, from Windows Server 2003 till 2008 R2 with the possibility for End-Users to restore directly from Windows Explorer or Microsoft Office
Here are already some nice new things, such as the possibility to protect entire SQL instances, with the protection of new databases. Also the amount of databases that you can protect is much higher as before. It will be now possible to protect a 1000 databases per protection server. Last but not least, and something a lot of SQL administrators will like a lot, is the possibility to have a self-service restore tool.
Oh, maybe one more, DPM will have the possibility to recover 2005 databases to 2008 servers.
Here we have the protection of sharepoint 2010, 2007 and 2003, with the possibility of auto-protection for new content databases within the farm. For sharepoint 2010, it will be possible to do an item-level restore without the need of a recovery farm. Yep, I already hear the sharepoint admins doing a little dance :-)
While DPM 2010 will support Exchange 2010, 2007 and 2003, it will have now optimizations for SCC, CCR, SCR and DAG. And what’s also important, it will do the ESE workload away from your exchange server and pull it to the DPM server. This will save you some resources for the actual mail servers.
Bare Metal Recovery, which will be centrally managed, and locally executed.
Host-level backup of hyper-V R2, CSV support, Seamless protection of Live Migrating VMs (Yes, you have read this correct!), Alternate Host Recovery and Item Level Recovery. Writing up a DR plan with this kind of tools will become a pleasure ;-)
Next on Topic… Client Protection.
Now here’s something exiting. While backup people such as myself always shout to end-users that they need to place their files on fileservers, take backups of their locally data and so on, to prevent data loss, this has come to an end. DPM 2010 really enhances the backup experience for clients. Some may wonder why it is necessary. Users should place all of their files on the fileserver. Well, that’s true, but be honest, with that many laptops and road warriors out there (such as myself) it has become almost impossible for end-users to do this.
With DPM 2010, you will be able to backup a 1000 clients per server, and you will be only backing up user data. You will have the possibility, based on templates (or rules, call it whatever you want :-)) to choose which folders you want to backup. At first sight, there are quite a lot of rules to choose from, and of course, the wanted “don’t backup any MP3’s” exist. Also, and this is getting very interessting, you will have the possibility to let the user choose some folders himself.
And it’s getting better. DPM 2007, who already could backup clients would start to nag if a client doesn’t report within the requested timeframe, causing your DPM GUI to have a lot of red crosses. And that’s something that you don’t want. With 2010, you will be able to say that everything is ok, as long as the last succeeded backup is within a specified timeframe, 2 weeks for example. At the same time, travelers will still have offline local copies with them so that they can restore whenever they want. And the moment they connect to the network through VPN, a new backup is taken online. One minor though, DirectAccess is not yet supported, so here’s something we will need to wait until SP1 (at least I hope)
Another great new feature, and one which is requested a lot during the lifecycle of DPM 2007 is workgroup protection. I already mentioned it on one of my previous posts, but now it is official. In the RC and RTM version of DPM 2010, you will have the possibility to protect workgroup based computers or for that matter, servers from non-trusted domains. How will it work? First you install manually the agent (or use SCCM or SCE to do it for you). Use the SETDPMServer command with a new parameter called IsNONDomainServer. This will generate a local user on your server (don’t worry, not an administrator :-))
Back on the DPM server, you can use the GUI to attach this server, together with the account to the DPM. That’s it. Just make sure that the firewall(s) allow DCOM (135) and WinSock (5718/5719)
You want more… Here goes.
During the demo’s, Justin showed some great additional enhancements to the core product. If you are already using DPM 2007, you will recognize these, and yes, you will love the new enhancements…
The product team has invested a lot of time in resolving the false positives. They learned from their big brothers from the Operations Team and reduced the alert noise a lot. But not only that, there is now also the option for collocation of data. Now you won’t need a volume for each protected part in your environment. This will speed up things nicely. They have also built-in the possibility to allow your volume to grow automatically. This means no more changing the size of the volume each time you’re without. Now you just need to read your reports more often :-)
And last but not least, there is now a function that will automatically do a consistency check, if DPM thinks that there’s an issue. This will lower the workload on many DPM admins out there.
Disaster Recovery
Many DPM users will tell you that they really like the Secondary Protection DPM server. If it is geographically on another location, you can do your tape-based backups on that one, leaving the tapes in the tapeloader as it is on another location. In 2010, they go further.
Now it will be possible to protect some workloads with Server A and do the secondary protection with Server B. At the same time, you can protect some workloads with Server B and do the secondary protection with Server A. Not enough? No problem, you will be able to add Server C in this scenario. I’m thinking Disaster Recovery Plan and I’m thinking this is a no-brainer :-)
Final Topic, some Figures
DPM 2010 is called enterprise ready, and here’s why.
- DPM 2010 will be able to protect 100 servers, 1000 Laptops and up to 2000 databases per server.
- It is tested with sharepoint farms of 25 TB and over 1 million items
- There is a significantly increased fan-in of data sources per DPM server
- It can handle 80 TB per DPM server
- Automatic rerunning of jobs and improved self-healing is implemented
- Automatic protection of new data sources for SQL and MOSS
- Decreased Inconsistent Replicas errors
- Reduced Alert Noise
- Optimized tape logic for tape reservations and usage
- Library Sharing more resilient
- Better resilience to physical errors in drives and changers
- Task controller for tape jobs for higher throughput
- More flexibility in scheduling short- and long-term tape
Conclusion:
Is this a product to look out for? Yes, certainly. DPM 2007 already changed a lot in the backup world, and 2010 is an improvement over 2007. I’m glad to see that (Although there are a few) Microsoft has taken the time to listen and that they have done some major improvements in the engine and not only presented new features. Are the new features worth the upgrade? Yep, certainly if you will need to protect the additional workloads, but also for your tape support, less daily work as a backup admin…
Do we need to wait until SP1? A good question, and for the moment I would say no, as it will be possible to upgrade from Beta to RC to RTM. The Beta, which I’m currently running is already a great product, but since some additional changes have been made to the RC, I will need to check that out if its as stable as the Beta.
That’s it for today, a (short :-)) overview of the new features and enhancements, all taken from the webcast by Jason Buffington. Make sure to view that webcast if I got your attention through this post ;-)
Till next post,
Cheers,
Mike
Hey All,
Microsoft has released a sample powershell script for enabling DPM 2010 auto-protection of Hyper-V
http://www.microsoft.com/downloads/details.aspx?FamilyID=46d51b5a-5827-43f6-84f5-ce33f4a8e6c3&displaylang=en
From the Microsoft Site
Overview
In any virtualized environment, adding new VMs is a frequent operation. While backup administrators can protect an entire Hyper-V host using the DPM Management Console, the protection group had to be modified manually to include the new virtual machines that have come up on the Hyper-V host. These scripts are expected to work with DPM 2010 Beta. By using them, you should be able to quickly put together a script that can enable the auto protection of your hyper-v hosts. Note: These scripts work on an existing protection group and do not create a fresh protection group. The attached scripts automate the task of adding any new virtual machines recognized in the Hyper-V hosts protected by the DPM server into existing protection groups. There are different scripts for Hyper-V clusters (AddNewClusteredVM.ps1) and standalone Hyper-V hosts (AddNewStandAloneVM.ps1). You would still use the script for standalone servers to automatically protect the non-clustered virtual machines of any Hyper-V host that is part of a cluster.
The problem is that I couldn’t find the AddNewClusteredVM.ps1 script. Luckily there is a link that’s available from the Ctrl P blog which also explains in depth the scripts.
http://blogs.technet.com/dpm/archive/2009/12/03/hyper-v-protection-with-dpm-2010-beta-how-to-automatically-protect-new-virtual-machines.aspx
Enjoy
Cheers,
Mike
Hey All,
I’ve seen a number of cases where the backup of hyper-v guests is failing and also where the backup is extremely slow. Almost every time, some small adjustments need to be made to fix them, but if you are not the network administrator or hardware administrator, this can cause a lot of discussions.
Suppose you have a DPM server with all the latest patches till date, a hyper-v host and some virtual machines. You are of course also backing up other stuff from other servers. You notice that your hyper-v guests are failing (the consistency check is running but never ends, file backups take a lot of time and so on…)
For the hyper-v guests backup, make sure that you check the TCP Chimney Offloading in windows. When this is enabled on the host drive, it doesn’t always work. I don’t know why but when I disabled it (both on the DPM server and on the hyper-v host) the backup ran without any problems.
The command to do that is netsh int tcp set global chimney=disabled
Now that the backups are running, the speed isn’t still optimal. I read somewhere (but I can’t remember where and can’t find it back) that you sometimes need to enable bandwidth throttling. I did that, gave it a huge number (it was off after all…) and after that we saw a huge increase in backup speed.
One doesn’t always have to do with the other but when you are experiencing failed backups or slow backups, it is certainly worth the try by disabling the TCP Chimney Offloading and enable the bandwidth throttling. It might save your day :-)
Cheers,
Mike
PS: If you want more information on TCP Chimney, visit http://support.microsoft.com/kb/951037
Hey All,
One of my colleagues is managing a rather large environment on a daily base. He has to manage two backup solutions (HP Data Protector and SCDPM) that share one tape library. From time to time, he need to set a tape not free in that library (Otherwise SCDPM will use that tape while it is needed for the HP solution). To do his work faster, he created a small powershell script where he has to give the name of the slot in order to mark that tape as not free.
So here it is:
$LIB = Get-DPMLibrary -DPMServerName "<servernaam>"
$TP1 = Get-Tape -DPMLibrary $LIB
$TapeLocationList = Read-Host "Tape location (Slot-x) "
foreach ($media in $TP1)
{
if ($TapeLocationList -contains $media.Location)
{
Set-Tape -Tape $media -NotFree
Echo "Tape in $($media.Location) marked as NOT FREE."
}
else
{
Echo "Tape in location $($media.Location) is not in requested slot."
}
}
Enjoy
Cheers,
Mike
PS: Thanks to Steven Van der Taelen for writing this script
Hey All,
Microsoft has updated its whitepaper Bare Metal Recovery of Windows Server 2008 with System Center Data Protection Manager 2007 SP1
It can be found at http://download.microsoft.com/download/2/A/B/2AB50D28-D892-4BF3-B823-C62CA02E4CF8/DPM%202007%20SP1%20Bare%20Metal%20Recovery%20of%20Windows%20Server%202008.doc
Important to know is that the DPM SRT (System Recovery Tool) that is used for recovering windows 2003 and windows XP has been completely replaced by the built-in backup utility of Windows server 2008, the WSB (Windows Server Backup) utility.
In the white-paper, they give a step-by-step instruction on how to enable bare metal recovery of a windows server 2008
Except for the fact that you need to do some additional work, this procedure certainly has some possibilities for the BMR of a physical windows server 2008.
Still, I believe more in the procedure of working with the offline P2V which was discussed two weeks ago. Since Matthijs Vreeken has responded on my questions I’m gonna keep working on this procedure and test it out.
Cheers,
Mike
Hey All,
While reading up on the different blogs I follow, I found this interesting post from Anders Bengtsson, Microsoft MVP.
It’s all about SQL End-user Recovery. In DPM 2010, it is possible to give SQL Administrators the rights to recover their databases without the need for a backup administrator.
See the article for the technical specifications (http://contoso.se/blog/?p=1130)
The end-user recovery drew my attention for the following reasons:
- End-user recovery makes the live of a backup administrator more easy. In 2007, when we implement the end-user recovery for files for users, we notice every time again, that the backup administrators are having less work
- Doing this for SQL administrators gives you an additional advantage. Imagine that you have a test environment at your site. This test environment is a virtualized “copy” of your production environment. The programmers team is doing different things there and testing new features and so on. They need a refresh of the database very often. Now the SQL team can do this instead of the backup administrator. How cool is that. You as a backup administrator have less work, the programmers team will be helped more quickly, it’s a win win situation :-)
Now I am wondering if Microsoft would pull this further? What if we could delegate end-user recovery tasks for exchange, sharepoint and so on…
For the moment this is not possible, or at least I don’t have no documentation about this yet, but when I see the power of the SQL end-user recovery, I’m quite sure that this will be a much requested feature for the future
Cheers,
Mike
Hey All,
One of our engineers was having a big issue with the protection of a sharepoint farm. In DPM, he could not resolve the following error:
The replica of SSPComponent_SSP Intranet on servername is inconsistent with the protected data source. All protection activities for data source will fail until the replica is synchronized with consistency check.
He has searched a lot on the problem but finally found that the problem was not with the DPM program but with the Sharepoint configuration.
The problem was that some service accounts tried to do a remote log-on to the server. These service accounts are used for the timer / search server functions and had the appropriate rights locally but did not had the rights to do this remotely.
After adding the service account the rights to “logon as a batch” and “logon as a service” it suddenly started to work again.
Cheers,
Mike
Hey All,
During one of the implementations of DPM, one of my colleagues got into problems with the recognition of a tape library. Although the tape library worked during the staging phase, when it got into production, it stopped working. There were 20 tapes in the library, but DPM didn’t recognize them, and after you ran a fast recovery, you got the following error:
Connection to the DPM service has been lost.
DPM service could be running in recovery mode, which was initiated by the DpmSync tool. If DpmSync is not running and the DPM service is still in recovery mode, then run DpmSync again.
After having multiple steps with the Microsoft support team, they finally found a solution. Because I thought the process of troubleshooting was interesting, I thought I posted it here.
1) Try the obvious
- Make sure that you have run the DPMDriveMappingTool.exe
2) If you want to log a call with MS Support:
- Run a DPM MPS report, the tool can be downloaded @ http://www.microsoft.com/downloads/details.aspx?FamilyID=14392186-6707-45a5-8987-29665abbd6f5&displaylang=en
Out of the reports that we have sent to them, they saw that “More than one mediapool reported for same media”.
Apparently, this can happen each time the DPM database has incorrect information about the tape drives, which can be caused when OEM drivers are updated when the vendorID’s and productID’s change.
Now to solve this one, you need to run a query that will reset the tables. They gave us two procedures for that, depending on whether the tape library is shared or not.
Here they are:
PROCEDURE-1) STANDALONE (non-shared) TAPE LIBRARY CONFIGURATION REPAIR STEPS
===============================================================================
1) Close DPM UI
2) Backup the DPMDB by running dpmbackup -db from command prompt.
3) Open sql server management studio in context of DPMDB database instance. Make
sure you are admin on the machine
4) Select DPMDB. Right click -> New Query
5) Open the Query.txt file and copy paste its content in the query window
6) Execute the query.
7) Make sure query has succeeded.
8) Close SQL management studio
9) Open DPM UI
10) Go to library management tab
11) Do rescan
12) Let this rescan succeed. This rescan will detect libraries and will run Fast
inventory on the library.
PROCEDURE-2) SHARED LIBRARY CONFIGURATION REPAIR STEPS
===========================================================
(step i) On Library DPM server :
1) Close DPM UI
2) Backup the DPMDB by running dpmbackup -db from command prompt.
3) Open sql server management studio in context of DPMDB database instance. Make
sure you are admin on the machine
4) Select DPMDB. Right click -> New Query
5) Open the Query.txt file and copy paste its content in the query window
6) Execute the query.
7) Make sure query has succeeded.
8) Close SQL management studio
(step ii) On Client DPM server :
1) Close DPMUI
2) Backup the DPMDB by running dpmbackup -db from command prompt.
3) Open sql server management studio in context of DPMDB database instance. Make
sure you are admin on the machine
4) Select DPMDB. Right click -> New Query
5) Open Query.txt file and copy paste its content in the query window
6) Execute the query.
7) Make sure query has succeeded.
8) Close SQL management studio
9) Now run SetSharedDPMDatabase tool with parameter as the library server instance
name (if this does not succeed then reboot the machine and again retry running the
tool)
IE: SetSharedDPMdatabase -Instancename
<dpmservername-hosting-Global-SQL-Server>\MS$DPM2007$
(step iii) on Library DPM server
1) Open DPM UI and then on Client DPM Server.
2) Go to library management tab
3) Do rescan
4) Let this rescan succeed. This rescan will detect libraries and will run Fast
inventory on the library. Let this finish before going to next step
(step iv) on Client DPM server
1) Open DPM UI and then on Client DPM Server.
2) Go to library management tab
3) Do rescan
And finally, of course, you need the query. Because it is way too long to upload the text here, I’ll ask the site owners to upload the query to the media library on scug.be
// Update, just found out that you can attach something to a post. So here it is... query.txt :-)
Cheers,
Mike
Hey All,
One of the most difficult things there is with backup solutions is Disaster Recovery. Certainly when you want to do a bare-metal recovery of an old physical machine that has died on you. Although you can have many possibilities to recover from such a failure, most of them will cause tricks, workarounds, hoping that you can find a server with the same (or almost the same) hardware configuration and lots of time. Matthijs Vreeken (SCDPM.Blogspot.com) has written an interesting post about this (http://scdpm.blogspot.com/2009/11/disaster-recover-using-p2v-and-dpm.html)
Here’s the theory.
You do a P2V of an existing physical server but leave it off afterwards (Assuming Hyper-V here, so that DPM can take a full backup of the VHD and config files). Every day, you take a backup of the system state and daily data of the physical machine.
At the moment the physical server dies on you, you start the virtual server, restore data and you’re back up and running.
Pitfalls
He also mentions some possible issues that you can have during the start of the virtual machine. (Read at his post for more information)
Although this sounds great in theory (I was already on my way to my boss to discuss this ;-)) I still have a few questions about this.
1) What will happen if the physical server has a different patch level? Will it be necessary to patch both servers @ the same time?
2) You need to keep the system state of the physical server in case you want to go back to the physical server. But if you already have resetted the password for the computer account of the virtual machine, what will happen then?
3) How will an exchange or SQL server will handle this? After all, this will be an online restore.
4) How will the DPM agent react on the virtual machine? What are you going to do when the DPM agent has been upgraded in the meantime.
…
The idea sounds really great, and I don’t want to throw it away although I still have a few questions about it. So if you have idea’s remarks or solutions for the questions, don’t hesitate to reply :-). I’m going to continue to think about it because if we can find a rock-solid solution or process for this, it could become a very popular solution for a disaster recovery plan. Share your ideas….
Cheers,
Mike
Hey All,
Ever needed to get data from a tape that is already expired? In DPM, you won’t have the option anymore to recatalog the tape when it is expired.
Santhosh Sivarajan from Houston has found a simple workaround:
* Select the tape and mark the tape as free
* Select the tape again and unmark the tape as free
* Now you can choose Recatalog imported tape
The original post can be found here:
http://blogcastrepository.com/blogs/santhosh/archive/2009/10/29/recatalog-an-expired-tape.aspx
Cheers,
Mike
More Posts
Next page »