Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Microsoft System Center Data Protection Manager Cookbook
Microsoft System Center Data Protection Manager Cookbook

Microsoft System Center Data Protection Manager Cookbook: Maximize storage efficiency, performance, and security using System Center LTSC and SAC releases

Arrow left icon
Profile Icon Lownds Profile Icon Nemnom
Arrow right icon
Free Trial
Full star icon Full star icon Full star icon Full star icon Full star icon 5 (1 Ratings)
Paperback Dec 2018 424 pages 1st Edition
eBook
zł59.99 zł158.99
Paperback
zł197.99
Subscription
Free Trial
Arrow left icon
Profile Icon Lownds Profile Icon Nemnom
Arrow right icon
Free Trial
Full star icon Full star icon Full star icon Full star icon Full star icon 5 (1 Ratings)
Paperback Dec 2018 424 pages 1st Edition
eBook
zł59.99 zł158.99
Paperback
zł197.99
Subscription
Free Trial
eBook
zł59.99 zł158.99
Paperback
zł197.99
Subscription
Free Trial

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Microsoft System Center Data Protection Manager Cookbook

Installing and Upgrading DPM

In this chapter, we will cover the following recipes:

  • Planning your DPM deployment
  • Preparing your DPM deployment
  • Installing SQL Server for the DPM database
  • Enabling the Transport Layer Security 1.2 protocol for DPM
  • Installing DPM
  • Automating the installation of DPM
  • Upgrading to the latest release of DPM
  • Migrating legacy storage to Modern Backup Storage
  • Installing the DPM agents
  • Upgrading the DPM agents

Introduction

Data protection in today's world is becoming more critical than ever. With increasing amounts of data in this all-connected world comes more data that needs to be protected. As shown in the Enterprise Strategy Group (ESG) 2016 report, backup is one of the top five priorities that IT administrators continue to have in today's world:

System Center 2019's Data Protection Manager (DPM) is the latest release by Microsoft, and with it comes a lot of improvements and new features. DPM is well-recognized in the industry for protection of Microsoft workloads and VMware environments. With DPM 2019, you can back up the most common workloads that exist in any modern data center today. 

The following diagram provides an overview of the DPM backup functionality:

Typical malware attacks that happen today include ransomware, which is where target machines are forced to either re-encrypt their data or remove it permanently. If production data is impacted, then the backups that follow are impacted on too. Microsoft System Center DPM and Azure backup now provide security features that protect sensitive data. These security features ensure that you are able to secure your backups and recover your data if the production and backup servers are compromised. These features are built on three main principles—Prevention, Alertingand Recovery—that help organizations to increase preparedness against attacks and equip them with a robust backup solution.

This chapter is designed to provide you with the necessary skills and techniques for dealing with installing and upgrading tasks for your Microsoft System Center DPM server. After reading this chapter, you will have the knowledge to carry out common DPM installation, migration, and planning activities, such as configuring the DPM firewall, calculating the storage requirements, preparing the SQL Server for the DPM database, installing and upgrading to the latest release of DPM, automating the installation of DPM, and much more.

Planning your DPM deployment

This recipe will cover the planning steps that you should consider before you start preparing to deploy your DPM servers.

Getting ready

Before you start planning your DPM server deployment, it's imperative that you start working on classifying the data sources that you would like to protect. A common strategy that I have observed that many companies still follow is to backup everything once a day. This is not a good approach.

There are, of course, several servers within your datacenter that need to be regularly backed up, but not all servers are the same. It is vital to adapt to your business continuity and disaster-recovery plan before you start any implementation. You can do this by identifying all of the services and working with all of the stakeholders in your company to develop more effective backup approaches, and then break down those services into smaller components to clearly see how or why they are of importance to your business.

How to do it...

From a more technical perspective, there are some considerations that need to be addressed during the planning phase, such as the following:

  • The total amount of data that should be protected
  • Firewall settings
  • Network consideration
  • Who can interact with DPM
  • Untrusted domains/workgroup
  • Backup repository 

To start provisioning resources for the DPM server that you want to deploy, you must first take into consideration the following:

  1. Starting with DPM 2016 onward, Microsoft removed the Logical Disk Manager (LDM) limits for protection groups. The absence of LDM limits allows the data sources to grow and shrink as many times as needed, without the need for manual intervention. DPM 2016 or later does not need to allocate storage to data sources beforehand compared to DPM 2012 R2. This will allow the backups to adjust dynamically as needed, thus achieving higher efficiency with less storage requirements. The snapshot limits do not apply to protection groups that have been created in DPM 2016, as DPM does not use disks anymore. Instead, it uses volumes. Please read Chapter 2, DPM Post-Installation and Management Tasks, for more information on this.
  2. Here are the suggested data limits according to Microsoft for a single DPM server:
    • DPM can protect up to 600 volumes. The limit for each DPM is 120 TB, 80 TB ReplicaPoint Volume, and 40 TB RecoveryPoint.
    • The total amount of SQL DBs that can be protected by one DPM server is 2,000 and the total size is 80 TB.
    • The total amount of clients that can be protected with one DPM server is 3,000 and the total size is 80 TB.
    • The total amount of virtual machines that can be protected with one DPM server is 800 and the total size is 80 TB.
  3. Firewall configuration for DPM deployment is required on the DPM server, on the machines that you want to protect, and on the SQL Server used for the DPM database (if you're hosting your DPM database on a remote SQL Server). If Windows Firewall is enabled when you install DPM, then DPM automatically configures the firewall settings on the DPM server.
The firewall settings, including the port numbers, are documented in the following link: https://docs.microsoft.com/en-us/system-center/dpm/plan-dpm-deployment?view=sc-dpm-1711#BKMK_Firewall.
  1. The backup network for Hyper-V is not listed as a requirement by Microsoft. However, we strongly recommend isolating the backup traffic from the host Management OS by leveraging a converged network in Hyper-V where you combine multiple physical NICs with Switch-Embedded Teaming (SET) and Quality of Service (QoS) so that you can isolate all network traffic while maintaining resiliency. This implementation can be seen in following diagram:

  1. Before you begin with the deployment, you need to verify that the appropriate users have been granted the required privileges for performing various DPM tasks.
The required permissions needed are documented at the following link: https://docs.microsoft.com/en-us/system-center/dpm/plan-dpm-deployment?view=sc-dpm-1711#BKMK_Users.
  1. If you want to protect multiple domains, you can create a two-way transitive trust between the domains. By doing this, the DPM server will work in both domains without any limitations. However, this approach comes with a security risk—please take into consideration that you need to create a two-way transitive trust between the untrusted domains.
  2. Starting with System Center 2012 R2 Data Protection Manager, Microsoft added support for the protection of computers in workgroups and untrusted domains using NTLM with local accounts. However, in scenarios where an organization does not allow for the creation of local accounts, this solution does not work.
  3. As an alternative, you can use certificate-based authentication for computers in workgroups or untrusted domains. Please refer to Chapter 8, Protecting Workgroups and Untrusted Domains, for more information.
  4. A major part of your DPM deployment will be figuring out how to store data that's been backed up by DPM. There are currently three different solutions:
    • Disk storage using volumes with Modern Backup Storage (MBS)
    • Tape storage, such as Physical or the Virtual Tape Library (VTL)
    • Online storage with Azure Backup (off-site)

You should not just consider one of these three as an option. Instead, you need to focus on the requirements of the backup strategy in your organization by discussing the Recovery Point Objective (RPO) and Recovery Time Objective (RTO) with all stakeholders.

When you are planning for data source protection, you can choose the backup target based on how frequently you need to access and restore the data. For example, if the data sources will be used for archiving and need to be accessed once per month, you can go with Azure Backup. If the protected data sources need an archiving solution but should also be able to restore quickly, you can go with Virtual Tape Library (VTL) or Azure Backup. If you need to restore the data sources as quickly as possible, you go with disk storage on-premises. Finally, if the workloads need an off-site secure solution, you can go with Azure Backup.

More information about the difference between RPO and RTO can be found here: https://en.wikipedia.org/wiki/Recovery_point_objective.

How it works...

Having all of the information we have just discussed and presented in an organized manner, you can now start designing the structure of the Backup as a Service (BaaS). A piece of advice here—make sure that you spend enough time on the planning phase and take small steps toward your goal and never rush an implementation. You will probably bump into a challenge or two, so it is of key importance to work using a well-defined structure.

See also

Preparing your DPM deployment

This recipe will cover the preparation steps that you must consider before you install the DPM server.

Getting ready

It's important to configure DPM properly and provide enough resources, or you will end up with quite a bad installation that could be part of the services you would like to provision within your data center. In the end, the DPM server can never work faster than what the underlying dependent architecture or technology allows.

There are certain requirements and considerations that you want to keep in mind when you deploy System Center DPM. By properly preparing a decent design, you can ensure that your DPM is scalable for future scenarios.

How to do it...

  1. First things first, you want to decide how to deploy DPM server:
    • Virtual or physical deployment
    • Deduping DPM data
    • SQL Server consideration
    • DPM server requirement
    • Disks and storage consumption

A common question that we have heard a lot is, can we deploy DPM in a virtual or physical machine? The DPM server can be deployed either in a physical deployment or via a virtual machine. However, running DPM in a virtual machine has more benefits, such as the following:

    • It is easier to move the DPM server to new hardware if needed (portability).
    • Easier to recover (protected DPM virtual machine).
    • You can enable de-duplication on the VHDXs attached to the DPM server. The VHDXs files could reside on a Scale-Out File Server (SOFS), on a Storage Spaces Direct (S2D) cluster, or any other type of storage, such as NAS or SAN.
  1. Backup storage is one of the top consumers of storage infrastructure, so storage optimization techniques such as compression and de-duplication have always been priorities for backup IT administrators.
  2. De-duplication involves locating duplicate blocks of storage and replacing them with a reference and a single instance of the duplicate block. Depending on the workload that is being written to the storage and the block sizes used to perform the de-duplication, storage savings can range anywhere from 50 to 90 percent.
  3. With the introduction of S2D in Windows Server 2016 and Storage Spaces with SOFS in Windows Server 2012 R2, customers can create commodity storage that is built natively on a Windows-based server with local attached storage in S2D as well as Windows-based servers with JBODs, which can be a viable alternative to traditional SANs.
In Windows Server 2016, Dedup is only supported on the NTFS filesystem and NOT on ReFS. However, in Windows Server 2019, Microsoft added Dedup support for ReFS volumes. Additionally, Dedup cannot be used for storing backups of volumes on physical DPM servers.

  1. For DPM deployments, you need to have the following:

    • An instance of SQL Server installed and running to host the DPM database. The instance can be collocated on the DPM server or remotely.
    • A disk to be used as a dedicated space for DPM backup storage.
    • A DPM protection agent installed on the computers and servers you want to protect.
  2. DPM uses SQL Server as a database to store backup information for the workloads, servers, and computers it protects. At the time of writing this book, the following SQL Server versions are supported with DPM Long-Term Servicing Channel (LTSC) and Semi-Annual Channel (SAC):
    • SQL Server 2017: Standard or Enterprise 64-bit (starting with DPM 2019 and DPM 1901 onward)
    • SQL Server 2017: Standard or Enterprise 64-bit (starting with DPM 1801 and DPM 1807 as upgrade only); you can upgrade SQL Server 2016 and SQL Server 2016 SP1/SP2, to SQL Server 2017
    • SQL Server 2016: Standard or Enterprise 64-bit (starting with DPM 2016 with Update Rollup 2 onward)
    • SQL Server 2014: Standard or Enterprise 64-bit with all service packs and updates
    • SQL Server 2012 SP2 onward: Standard or Enterprise 64-bit
Please note that SQL Server 2016 SP1/SP2 or later is not a supported DPM database for DPM 2016.
  1. DPM server is designed to run on a dedicated, single-purpose server. The following applications and roles are not supported to run side-by-side with DPM:
    • Application server role
    • Operations Manager Management server
    • Exchange server
    • A server running on a cluster node
  1. The following Windows Server operating systems are supported with DPM 2016 or later:
    • Windows Server 2019, Datacenter and Standard editions
    • Windows Server 2016, Datacenter and Standard editions
    • Windows Server 2012 R2, Datacenter and Standard editions
Please note that if you install DPM 2016 or later on Windows Server 2012 R2, you will lose the benefit of using MBS. MBS technology uses ReFS block-cloning technology that was introduced in Windows Server 2016 to store incremental backups. Installing DPM on Windows Server 2016 or Windows Server 2019 dramatically improves storage utilization and performance. 
  1. System Center Data Protection Manager (SC DPM) can use any type of disk that is presented as local attached storage. DPM can use any of the following:

    • Direct Attached Storage (DAS)
    • Fiber Channel Storage Area Network (FC SAN)
    • iSCSI Network Attached Storage (NAS)
    • Hyper-V Virtual Hard Disks (VHDX)

A very important fact to be aware of is that the internet Small Computer System Interface (iSCSI) should not be considered as your primary choice for DPM backup storage due to some challenges that often occur when leveraging this technology. The most common challenge is that the initiation of the iSCSI target sometimes fails, and therefore the entire DPM disk volume fails.

iSCSI will work in smaller deployments with DPM, but if your main objective is to provide a more stable and performant solution, you should consider using Storage Spaces Direct (S2D). If your company does not provide S2D, you should use a Direct Attached Storage (DAS) solution and provision VHDX files to the virtual DPM servers. Microsoft recommendation moving forward is to create tiered volume using Storage Spaces with small SSD around 2 to 5% of total data disk to improve the ReFS cloning performance. As noted earlier, the recommendation is to deploy DPM as a virtual machine on top of Hyper-V.

As discussed earlier, DPM 2016 or later on Windows Server 2016 and Windows Server 2019 comes with MBS, which uses ReFS Block-Cloning technology for storing backup files. This leads to immense storage and performance savings. Furthermore, DPM uses incremental backups to store data. This means that it will transfer the complete data to be backed up initially. After that, it will transfer only the changed bits. Hence, the size of the data is determined by the initial size, the size of the changed bits (which depends on the churn percentage and the total size), the number of recovery points per day, and the retention period of the copies. Hence, small data, with a small churn, may take up more space if there are a large number of copies stored per day, and if they are retained for a long time.

Please note that you must use volumes with MBS. A single DPM server can support up to 120 TB of storage.

How it works...

Calculating DPM storage is one of the biggest challenges, since we need to calculate the size of the disks for storage pools that are used for the protection of data sources. Microsoft recommends that you figure out the actual size of the DPM data storage by multiplying the total amount of protected data by 1.5. For instance, if you want to protect 10 TB of data, you need 15 TB of storage from a minimal perspective. However, from a maximum perspective, you need to multiply the total amount of protected data by 3.

The best way to calculate data storage for specific workloads is to use the DPM storage calculator. To download the DPM storage calculator, go to https://www.microsoft.com/en-us/download/details.aspx?id=54301.

The DPM team released this calculator to help you provision storage for DPM by using storage savings and efficiency. Based on inputs, the calculator suggests the amount of storage that will be needed to store the backups to disk (on-premises) and to Azure Backup. For more information about Azure Backup, please refer to Chapter 10, Integrating DPM with Azure Backup.

You can plan the backup storage requirements by using the storage calculator in three simple steps, as follows:

  1. Gather information about the size, type, number, and churn of workloads that have to be backed up. The churn is the amount of new data every day (that is, written or appended to existing backup files).
  2. Calculate the number of DPM servers that would be required.
  3. Decide on the policy you want to use, depending on the needs and resources available. This calculator may help you understand the resource requirements. If you expect the data to grow over time, you need to enter the maximum size expected for the workload, instead of the current size. Similarly, the churn values given are the average values. Please change the values if the workloads are expected to churn more or less. If you wish to remove a workload, simply set the Total Size of workload to 0.

You could also calculate the storage, including the growth rate. Note that this may change a bit depending on what you have for specific data types. With DPM, you can always add more storage later as needed. For monthly and yearly storage, this would need to be sent to tape and/or to Azure Backup. DPM cannot do long-term storage to disk.

Please note that the maximum daily recovery points to a disk cannot exceed 48. The maximum number of recovery points for the entire retention period is 512 for applications and 64 for files and folders.
For Azure Backup, the maximum number of recovery points per day is 2. Hence, the maximum number of weekly, monthly, and yearly backups is 14, 62, and 732.

There's more...

Planning for decent hardware to host the DPM disk volume is very important. You don't need a premium disk solution for the DPM disk volume, but you can use decent hardware that can easily scale out. Adding DPM volumes can be done via the DPM console or via PowerShell. For more information on this topic, please read the Enabling Modern Backup Storage recipe in Chapter 2, DPM Post-Installation and Management Tasks.

It's important to know the limitations of a DPM server that has been upgraded from DPM 2012 R2 and used a legacy storage pool:

  • The disk that you want to add to the DPM storage pool must be dynamic in disk management.
  • DPM cannot be installed on the disk that's used for the storage pool.
  • You can attach or associate custom volumes with protected data sources. Custom volumes can be on basic or dynamic disks, but you can't manage the space on these volumes in the DPM Administrator Console.

See also

Installing SQL Server for the DPM database

This recipe will cover the installation process in two scenarios:

  • Local SQL Server instance
  • Remote SQL Server instance

Getting ready

SQL Server is a core component and is required for the System Center Data Protection Manager database. It is of major importance that the installation and design of SQL Server is well-planned and implemented. If you have an undersized installation of SQL Server, it will provide you with a negative experience while operating the System Center Data Protection Manager.

Starting with DPM 2012 R2 and later, SQL Server is no longer a part of the installation media for DPM, which is a good thing. The majority of users need to understand SQL more and also understand that if you have a poorly set-up SQL Server, you will have a bad experience with the product hosting its database on that SQL Server. Remember to set up your SQL Server using domain service accounts, use a dedicated disk for the DPM database, and keep monitoring SQL's performance with a proactive monitoring approach.

The following requirements are recommended for a SQL Server database:

  • RAM: 8 GB
  • Disk: 3 GB
  • Required features: Database Engine Services, Reporting Services
  • Collations: SQL_Latin1_General_CP1_CI_AS
  • AlwaysOn: Not Supported
  • Clustered SQL Server: Supported 

How to do it...

The following steps will cover the installation process of a local SQL Server that has been collocated with the DPM server on the same operating system.

Option 1 – local SQL Server instance

Make sure that your operating system is fully patched and that is has been rebooted before you start the installation of SQL Server 2016. Now, follow these steps:

  1. Insert the SQL Server 2016 media and start the SQL server's setup. In the SQL Server Installation Center, click on Installation and click on New SQL Server stand-alone installation…
  2. The Setup Support Rules will start and will identify any problems that might occur during the SQL server's installation. When the operation is complete, click on OK to continue.
  3. In the Product Key step, enter the product key that ships with SQL server license and click on Next to continue.
  4. The next step is the License Terms step, which is where you check the I accept the license terms checkbox if you agree with the license terms. Click on Next to continue.
  5. The SQL Server installation will verify whether there are any product updates available from the Microsoft Update service. Check the Use Microsoft Update to check for updates (recommended) checkbox and click on Next to continue.
  6. Select the Include SQL Server product updates checkbox and click on Next to continue:
  1. Next is the Install Setup Files step, which initializes the actual installation. When these tasks have finished, click on Install to continue.
  2. Verify that all of the rules have passed in the Install Rules step of the SQL Server installation process. Resolve any warnings or errors and click the Re-run button to run the verification again. If all of the rules have passed, click on Next to continue.
  3. In Feature Selection, choose the SQL Server features that you would like to install. System Center Data Protection Manager requires the following:
    • Database Engine Service
    • Full-Text and Semantic Extractions for Search
    • Reporting Services – Native
  1. Click on Next to continue:
  1. Verify the Installation Rules step, resolve any errors, and click on Next to continue.
  2. In the Instance Configuration step, select Named instance and type in a suitable name for your SQL Server instance. Click on Next to continue:
  1. In the Server Configuration step, type in the credentials for the dedicated service account you would like to use for this SQL Server. Switch the Startup Type to Automatic for the SQL Server Agent. When all of the credentials have been filled in, click on the Collation tab:
  1. In the Collation tab, make sure that SQL_Latin1_General_CP1_CI_AS is listed in the Database Engine Configuration. If not, then click on the Customize… button to choose the correct collation and then click on Next to continue.
  2. The next step is the Database Engine Configuration step. Enter the authentication security mode, administrators, and directories. In the Authentication Mode section, choose Windows Authentication mode. In the Specify SQL Server administrators section, click the Add... button and add the DPM Admins group into Active Directory:
  1. Click on the Data Directories tab as well as the TempDB tab to verify that all of your SQL Server configurations point to a dedicated disk. Click on Next to continue.
  2. In the Reporting Services Configuration step, under the Reporting Services Native Mode, choose Install and configure and click on Next to continue.
  3. Verify the configuration in the Ready to Install step and click on Install to start the installation.
  4. The Installation Progress step will show you the current status of the installation process. When the installation has completed, SQL Server 2016 Setup will show you a summary of the Complete step. That is the final step page of the SQL Server Server 2016 installation wizard.
  5. Click on the Close button to end SQL Server 2016 Setup.
After installing SQL Server, please make sure that you install an important update for SQL Server 2016 RTM (KB3210111). Please note that, starting with SQL Server 2014 and later, SQL Server Management Studio (SSMS) is not part of the installation media and you need to download it separately. 

At the time of writing this book, SSMS version 17.8.1 is the latest generation of SQL Server Management Studio that supports SQL Server 2017. However, if you install SSMS version 17.X and later on the same OS, DPM installation will fail with the following error: An unexpected error occurred during the installation ID: 4387. Alternatively, you can download SSMS version 16.5.3 from the following link, which will work side-by-side with DPM: http://go.microsoft.com/fwlink/?LinkID=840946.

Option 2 – remote SQL Server instance

When you need to build a large hosted DPM solution within your modern datacenter, you may want to use a dedicated backend SQL Server that is either a standalone SQL Server or a clustered one, for high availability. This step will cover the procedure to prepare a remote SQL server for hosting the DPM database.

After installing your backend SQL Server, you must prepare it for hosting the DPM database. Now look at the following steps:

  1. Insert the DPM media on the SQL Server and run the setup. In the setup screen, click on the DPM Remote SQL Prep link:
  1. The next step is to go through the Microsoft Software License Terms, where you must check the I accept the license terms and conditions checkbox if you agree with the license terms. Click on OK to continue.
  2. The installation wizard will start and install the DPM Support Files; this is a very quick installation.
  3. When the installation has finished, a message box appears that informs you that the installation has finished and that the System Center DPM Support Files have been successfully installed:
The support files for SQL Server will be installed on the backend SQL Server box and will be used when the DPM server connects and creates its database.

How it works...

SQL Server is a very important component for System Center Data Protection Manager. If the SQL Server is undersized or misconfigured in any way, it will reflect negatively on the performance of DPM.

It is crucial to plan, design, and measure the performance of SQL Server before you install the DPM server so that you know it will fit the scale you are planning for and the workloads that it should host.

Enabling the Transport Layer Security 1.2 protocol for DPM

This recipe will cover how to enable the Transport Layer Security (TLS) protocol version 1.2 for the DPM Management server.

Getting ready

TLS is a protocol that provides privacy and data integrity between two communicating applications. In this case, this is between DPM server and protected servers. TLS is the most widely deployed security protocol used today.

Several known vulnerabilities have been reported against SSL and earlier versions of TLS. Microsoft recommend that you upgrade to TLS 1.2 for secure communication.

To enable TLS protocol version 1.2 in your DPM environment, you need to perform the following steps:

  1. Install all of the required updates.
  2. Make sure that the DPM setup is functional as it was before applying the updates (for example, you can check if you are able to launch the DPM console).
  3. Change the configuration settings to enable TLS 1.2.
  1. Ensure that all required SQL Server services are up and running.
  2. Finally, validate the protection and recovery process.

How to do it...

To enable TLS protocol version 1.2, follow these steps:

  1. Make sure that you are running Windows Server 2012 R2, Windows Server 2016, or Windows Server 2019 and that it is up-to-date with the latest security fixes.  
  2. Make sure that .NET version 4.6 is installed on all of your machines (DPM server, protected servers) .NET version 4.7 is supported on Windows Server 2019. You can use the following PowerShell command to determine whether .NET has been installed: Get-WindowsFeature NET*:
  1. For the DPM database and for all SQL Servers that you intend to protect with DPM, you need to make sure that you are running a SQL Server that supports TLS 1.2. You can  follow the instructions described here to find out whether you need this update: https://support.microsoft.com/en-in/help/3135244/tls-1-2-support-for-microsoft-sql-server.
  2. You need to make sure that SQL Server 2012 Native client 11.0 is installed on the DPM Management Server. You can verify whether SQL Native client 11.0 is installed by running the following PowerShell command on SQL Server: Get-odbcdriver -name "SQL Server Native Client*". You can download Microsoft SQL Server 2012 Native client 11.0 from the following link: https://www.microsoft.com/en-us/download/details.aspx?id=50402.
  1. Make sure that you are running a DPM server that supports TLS 1.2. Starting with DPM 2012 R2 Update Rollup 14, DPM 2016 Update Rollup 4 including DPM 1801, DPM 1807, DPM 2019, and DPM 1901, the DPM team added TLS version 1.2 support.
  2. System Center components now generate both SHA1 and SHA2 self-signed certificates. This is a requirement for enabling TLS1.2. If case CA signed certificates are used for workgroup machines or untrusted domains, please ensure that they are either SHA1 or SHA2. In other words, TLS 1.2 supports only SHA1 and SHA2 certificates. Hence, all of the certificates must be updated to be SHA1 or SHA2.
  3. You need to implement these settings on all of the Windows machines in the environment on which System Center Data Protection agent is installed, including the DPM management server. Follow these steps to disable all of the SCHANNEL protocols except TLS 1.2 system-wide so that only TLS 1.2 protocol is used for communication. Making these registry changes does not affect the use of Kerberos or NTLM protocols:
    1. Open the registry on your server(s) by running regedit in the run window and navigate to the following location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
    2. Add the SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2 keys under Protocol.
    3. Now, create two keys called Client and Server under the SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2 keys.
  4. Now create two REG_DWORD values under the Server and Client keys if you want to enable the TLS 1.2 protocol: set the DisabledByDefault value to 0 and the Enabled value to 1. You will now have something that looks as follows:

  1. If you want to disable the protocol, you can set the DisabledByDefault value to 1 and the Enabled value to 0.
  2. After we have enabled the TLS 1.2 protocol on all systems, we need to set DPM to use only TLS 1.2. The following settings should be implemented on the DPM management server and all other servers on which DPM agents are installed, that is, Hyper-V hosts, File Server, SQL, Exchange, SharePoint, and so on. Follow these steps to create these settings:
    1. Open the registry on your server by running regedit in the run window and navigate to the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.3031.
    2. Now, create the REG_DWORD value under the registry: SchUseStrongCrypto [Value = 1].
    3. Navigate to the following registry location: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319.
    4. Now, create the same REG_DWORD value under the preceding registry as well: SchUseStrongCrypto [Value = 1].
  3. Finally, you need to restart the system (DPM server and the protected server).

How it works...

For all kinds of workloads backed up by DPM TLS 1.2 enabled (that is, SQL, SharePoint, Exchange, File Servers, Hyper-V hosts, Hyper-V VMs, VMWare VMs, Clients, System State, and BMR), you can do the following:

  1. Attach the Protected Server in the workgroup/untrusted domain to DPM.
  2. While Creating Protection Groups, all data sources on the protected server will be displayed.
  3. Protect different kinds of workloads to disk, to tape, and to the cloud.
  4. Recover the different kinds of workloads at the Original Location, Alternate Location, recover cloud recovery points, and use an External DPM server.
Please note that VMware VM backup is not supported when DPM TLS 1.2 is enabled.

There's more...

There are two scenarios that are impacted when using TLS 1.2 with DPM:

Using certificate-based authentication to protect servers in a workgroup or untrusted domain

The DPM agent can be installed on the protected server either directly from the DPM server for the servers in the domain, or using certificate-based authentication for computers in a workgroup or untrusted domain. Please refer to Chapter 8, Protecting Workgroups and Untrusted Domains. DPM uses elements of the .NET Framework on the protected server to communicate if certificate-based authentication is used. TLS 1.2 needs .NET 4.5 or above. Since DPM is built with .NET 4.0—which does not support TLS 1.2 directly—when DPM tries to communicate with the protected servers, establishing the connection will fail.

Protecting workloads on the cloud using DPM

DPM requires a MARS agent to back up data to the cloud. The MARS agent also leverages the .NET Framework, and changes need to be made on the DPM server to ensure that the backups continue smoothly when TLS 1.2 is enabled. Check out https://support.microsoft.com/en-ie/help/4022913/how-to-resolve-azure-backup-agent-issues-when-disabling-tls-1-0-for-pc to resolve Azure Backup agent issues when enabling TLS 1.2.

For more information about Azure Backup, please check Chapter 10, Integrating DPM with Azure Backup.

See also

Installing DPM

This recipe will cover two installation scenarios:

  •  Installing DPM using a local SQL Server
  •  Installing DPM using a remote SQL Server

Getting ready

Before you start installing System Center Data Protection Manager, it is recommended that you read the Planning your DPM deployment and Preparing your DPM deployment recipes in this chapter.

How to do it...

This step will cover the installation process of DPM using a local SQL Server on the same operating system as DPM.

Option 1 – installing DPM using a local SQL Server

Make sure that your operating system is fully patched and rebooted before you start the installation. Now follow these steps:

  1. Insert the DPM media and start the setup for System Center Data Protection Manager. When the installation list is presented, click on Data Protection Manager to start the installation:
  1. The installation wizard will start and prompt you with the Microsoft Software License Terms. Accept the license terms by checking the I accept the license terms and conditions checkbox, which will continue the installation.
  2. Please wait while the setup starts copying the temporary files.
  1. The installation wizard will now prompt you with eight different installation steps. Currently, you are on the Welcome step. To continue with the installation, click on Next.
  2. The next step is the Prerequisites Check, where you can choose to install the DPM database by using a standalone or a clustered SQL Server.
Please read the Installing DPM using a remote SQL Server scenario in this recipe.
  1. In the Instance of SQL Server box, type in your server name and the instance name that should host your DPM database. In this example, the server name and SQL instance is WS16-SQL16-01\DPMDB:
Please note that when you install DPM and use a local SQL Server installation, the setup will use the current user's credentials for the SQL Server instance. If the domain account that is logged on and performing the installation is not a member of the DPM Admin group in the Active Directory, the installation will fail.
  1. Click on the Check and Install button to run a verification that all of the prerequisites have been met before the installation can continue.
  2. In this step, there are some prerequisites that will be installed as part of the required Windows components by DPM. The Hyper-V role and Hyper-V PowerShell module will be installed as well during this step. You will be required to restart afterward.
The Hyper-V role needs to be installed on the DPM server for Item-Level Recovery (ILR) support. Please read Chapter 3, Protecting Hyper-V VMs, for more information on this.
  1. Simply restart the DPM server and start the installation wizard one more time. When you run the prerequisites checker in the Prerequisites Check step, it will be successful. Click on Next > to continue.
  2. In the Product Registration step, enter the User name, Company, and Product key and click on Next > to continue.
  3. The next step of the installation wizard brings up the Installation Settings, which is where you specify the location of the DPM files and read the summary of the Space requirements. If you want to place the DPM files in a specific location, then click on the Change… button and specify the new destination. We recommend that you store the DPM Files on a separate drive. To continue to the next step, click on Next >:
  1. You can specify in the Microsoft Update Opt-In box whether the local Windows Update should be redirected so that you can use Microsoft Updates instead.
  2. Choose the most appropriate option for your implementation and click on Next > to continue.
  3. In the Summary of settings section, you can verify your installation's configuration. If everything looks good, click on the Install button to start the installation.
  1. The last step is the Installation. Here, you can keep a watch on the installation progress in real time. When the installation has finished, click on the Close button.
Finally, you need to install and update DPM server to the latest Update Rollup (UR) if you are using the Long-Term Servicing Channel (LTSC). At the time of writing this book, DPM 2016 Update Rollup 6 has been released and is available for download. You can download it at https://www.catalog.update.microsoft.com/Search.aspx?q=4456327.
If you are using the Semi-Annual Channel (SAC) for DPM (that is, DPM 1801, 1807, 1901, and so on), then the Semi-Annual Channel, with its more frequent release cycle, will not receive update releases.

Option 2 – installing DPM using a remote SQL Server

This step will cover and explain the configuration needed to complete a DPM installation when you are using a backend, dedicated, standalone server or a SQL cluster for achieving a high-availability scenario.

Please note that SQL Server Always-On is not supported to host the DPM database.

Before you can start your DPM sever installation, you need to prepare SQL Server so that you can host the DPM database. Please read the Installing SQL Server for DPM Database recipe in this chapter, since it is a prerequisite.

The only difference in the installation wizard when you install the DPM server on a separate machine or on the same server with SQL Server is the Prerequisites Check step. Now, follow these steps:

  1. Insert the DPM media on a separate machine and start the setup for System Center Data Protection Manager. When the installation list is presented, click on Data Protection Manager to start the installation.
  2. In the Prerequisites Check step of the installation wizard, you have the option to choose whether you would like to place the DPM database on a remote standalone SQL Server or a SQL cluster.
  1. For a standalone backend remote SQL Server hosting your DPM database, enter SQLSERVER\INSTANCE in the Instance of SQL Server field:
  1. Enter the User Name, Password, and Domain for the account that has the appropriate rights for the SQL configuration. Click on the Check and Install button to verify these prerequisites.
The account that's used for this configuration must be a member of the DPM Admin group in the Active Directory.
  1. In the case of a SQL clustered environment, you must specify both the SQL Server Instance for the DPM database and also where the Instance of SQL Server Reporting Service is located, since the SQL Server Reporting Service does not support being clustered:
  1. Enter the Instance of SQL Server for the DPMDB and also provide information for the Instance of SQL Server Reporting Service that will host the reporting for the DPM server.
  2. Provide the credentials that have rights in the SQL Server configuration; the accounts should be members of the DPM Admin group in the Active Directory. Click on the Check button to check the prerequisites.
  3. Click on Next > to continue with the installation wizard.

How it works...

The installation media for System Center Data Protection Manager will provide you with the installation bits for the DPM software. Since the 2012 R2 release of DPM, the SQL media is no longer included on the DPM media, so you need to consider how you design and install the SQL Server that will host the DPM server software.

The DPM server installation wizard will provide you with the right configuration that's needed regarding the SQL Server Reporting Services (SSRS) configuration for the DPM reports. The SSRS does not support being clustered.

When System Center Data Protection Manager's installation has completed successfully, DPM's setup will create the following firewall exceptions for you:

  • Exception for DCOM communication on port 135 (TCP and UDP) in all profiles
  • Exception for Msdpm.exe in all profiles
  • Exception for DPMRA.exe in all profiles
  • Exception for AMSvcHost.exe in all profiles
  • Exception for DPMAM Service communication on port 6075 (TCP and UDP) in all profiles

There's more...

When System Center Data Protection Manager has been installed, you need to perform a number of post-installation tasks before your DPM servers are able to start protecting your production environment.

Automating the installation of DPM

This recipe will cover how to automate the installation of DPM Server.

Getting ready

In the Installing DPM recipe in this chapter, we showed you how to install DPM using a local SQL Server and using a remote SQL Server. However, this was a manual installation. 

Automating the installation of DPM consists of two steps:

  1. Installing the SQL Server instance
  2. Installing the DPM server

You can disregard the first step if you already have SQL Server deployed locally or on a remote server in your environment.

In this recipe, we will cover the installation of SQL Server and DPM in an automated fashion. 

How to do it...

Make sure that your operating system is fully patched and rebooted before you start the installation. Now follow these steps:

  1. Install the SQL Server instance:
    1. Mount the SQL Server 2016 media and then open the Command Prompt (cmd).
    2. Browse to the drive letter where SQL Server is mounted.
    3. Type in the following command to automate the installation of SQL Server and add all of the required features:
Please make sure to update the domain name and SQL Service accounts in the following command so that they match your environment.
Setup.exe /Q /ACTION=install /IACCEPTSQLSERVERLICENSETERMS /FEATURES=SQLEngine,RS /INSTANCENAME=DPMINSTANCE /INSTANCEDIR="D:\Program Files\Microsoft SQL Server" /INSTALLSHAREDWOWDIR="D:\Program Files (x86)\Microsoft SQL Server" /INSTALLSHAREDDIR="D:\Program Files\Microsoft SQL Server" /SQLSVCACCOUNT=”VIRT\sqldpm” /SQLSYSADMINACCOUNTS=”VIRT\sqldpm” /SQLSVCPASSWORD="dpm2016+1" /RSSVCACCOUNT=”VIRT\sqldpm” /RSSVCPASSWORD="dpm2016+1" /AGTSVCACCOUNT=”VIRT\sqldpm” /AGTSVCPASSWORD="dpm2016+1" /SECURITYMODE=SQL /SAPWD=”dpm2016+1” /SQLTEMPDBDIR=”D:\Program Files\Microsoft SQL Server\TempDB\\” /SQLUSERDBDIR=”D:\Program Files\Microsoft SQL Server\SQLData\\” /SQLUSERDBLOGDIR=”D:\Program Files\Microsoft SQL Server\SQLLog\\”

Please refer to the following screenshot for its output:

    1. Make sure that you have downloaded SQL Server Management Studio (SSMS) version 16.5.3 and that you have copied it to the server: http://go.microsoft.com/fwlink/?LinkID=840946.
    2. Open the cmd.exe window and type in the following command:
SSMS-Setup-ENU.exe /install /quiet /norestart
Please note that the SSMS installation may take some time to finish.
  1. Install the DPM server:
    1. Open a command-line prompt in elevated mode and type in the following command:
dism.exe /Online /Enable-feature /All /FeatureName:Microsoft-Hyper-V /FeatureName:Microsoft-Hyper-V-Management-PowerShell /quiet /norestart
DPM supports Item-Level Recovery (ILR), which allows you to perform a granular recovery of files, folders, volumes, and virtual hard disks (VHDXs) from a host-level backup of Hyper-V virtual machines. The Hyper-V Role and PowerShell Management Tools features are required by the DPM server. Please read Chapter 3, Protecting Hyper-V VMs, for more information.
    1. Once the Hyper-V role is installed, you need to restart the DPM server before you move on to the next step.
    1. Once the DPM server has been restarted, open Notepad, copy the following scripts into it, and then save the file as DPMSetup.ini:
Please note that you can use the same script that follows, regardless of whether the SQL Server instance has been installed on the DPM server or on a remote SQL Server.
[OPTIONS]
UserName=<Domain-name\Username>
CompanyName=<Ur-Company>
ProductKey=XXXX-XXXX-XXXX-XXXX-XXXX
SqlAccountPassword=<The password for the SQL sa account>
ProgramFiles = <Location path where you want to install DPM>
DatabaseFiles = <Location path where you want to install DPMDB>
IntegratedInstallSource = <Location path where the DPM media is extracted>
SQLMachineName=<Name of the SQL Server Computer> OR <SQL Cluster Name>
SQLInstanceName=<Name of the SQL Server instance>
SQLMachineUserName=<Domain-name\Username> SQLMachinePassword=<Password for the user name Setup must use>
SQLMachineDomainName=<Domain name to which the SQL Server computer is attached to>
ReportingMachineName=<Name of the SQL Server Computer> OR <SQL Cluster Name>
ReportingInstanceName=<Name of the SQL Server instance>
ReportingMachineUserName=<Domain-name\Username>
ReportingMachinePassword=<Password for the user name Setup must use>
ReportingMachineDomainName=<Domain name to which the SQL Server computer is attached to>
    1. The following screenshot shows you what the DPMSetup.ini file will look like:
    1. After saving the DPMSetup.ini file, in an elevated command prompt on the DPM server, type in the following command and press Enter:
start /wait D:\SCDPM2016\setup.exe /i /f D:\DPMSetup.ini /l D:\dpmlog.txt
The D:\SCDPM2016\ path indicates the media in the DPM location where you'll run setup.exeD:\DPMSetup.ini is the location path where you saved the DPMSetup.ini file.
    1. In just a few minutes, DPM will be installed automatically, as shown in the following screenshot:
Finally, you need to install and update the DPM server to the latest Update Rollup (UR) if you are using the Long-Term Servicing Channel (LTSC). At the time of writing this book, DPM 2016 Update Rollup 6 has been released, and you can download it from the following link: https://www.catalog.update.microsoft.com/Search.aspx?q=4456327.
If you are using the Semi-Annual Channel (SAC) for DPM (that is, DPM 1801, 1807, 1901, and so on), then the Semi-Annual Channel, with its more frequent release cycle, does not receive update releases.

How it works...

The final result of an automated installation will be better than a manual implementation. Thus, this will ensure that you have a consistent deployment across your environment.

See also

Upgrading to the latest release of DPM

This recipe will cover the supported upgrade scenarios from the previous version of DPM to the latest release of DPM.

Getting ready

Before you get started with the upgrade, make sure that your existing installation has the necessary updates by following the upgrade path:

  • As a minimum requirement, upgrade your existing DPM 2012 R2 to DPM 2012 R2 Update Rollup 10. At the time of writing this book, Update Rollup 14 is also available for DPM 2012 R2. You can download UR 10 from the following link: http://www.catalog.update.microsoft.com/Search.aspx?q=4043315.
  • Upgrade DPM 2012 R2 with Update Rollup 10 or Update Rollup 14 to the latest DPM version.
  • Update the DPM agents on the protected servers.
  • Upgrade Windows Server 2012 R2 to Windows Server 2016 or Windows Server 2019.
Please note that it is possible to upgrade DPM 2016 or later from DPM 2012 R2, which is running on Windows Server 2012 R2. However, if you want to use the latest features that come with DPM 2016 or later, such as MBS, Microsoft recommends installing DPM 2016 or later on a new installation of Windows Server 2016 or Windows Server 2019. Please check the Installing DPM recipe in this chapter for more information.

How to do it...

The following steps will illustrate the upgrade process:

  1. Mount the latest DPM media on the DPM 2012 R2 server and double-click Setup.exe to open the System Center Wizard.
  2. Under Install, click Data Protection Manager. This starts the setup. Select I accept the license terms and conditions and follow the setup wizard.
  3. The last step in the wizard is the Installation process. Here, you can keep an eye on the upgrade progress in real time. When the upgrade has finished, click on the Close button:
Finally, you need to install and update DPM server to the latest UR if you are using the LTSC. At the time of writing this book, DPM 2016 Update Rollup 6 has been released. You can download it from the following link: http://www.catalog.update.microsoft.com/Search.aspx?q=4456327.
If you are using the Semi-Annual Channel (SAC) for DPM (that is, DPM 1801, 1807, 1901, and so on), then the Semi-Annual Channel, with its more frequent release cycle, does not receive update releases.
  1. Update the DPM agents on the protected servers. Please check out the Installation of DPM Agents recipe in this chapter for more information on this.
  2. The last step is to upgrade Windows Server 2012 R2 to Windows Server 2016. Mount the Windows Server 2016 media on the DPM server and double-click Setup.exe to open the Windows Server 2016 Setup Wizard.
  3. Select Download and install updates (recommended) and click on Next to continue.
  4. Select the image you want to install. If your exiting DPM server is installed on Windows Server 2012 R2 Datacenter, and then select Windows Server 2016 Datacenter (Desktop Experience). Click on Next to continue.
  5. Accept the Applicable notices and license terms. Click Accept to continue.
  6. Select Keep personal files and apps and click on Next to continue.
  7. Please wait until Windows finishes checking updates, and then click on Next to continue.
  1. Click Confirm next to the information note:

  1. In the last step in the installation wizard, click Install:
  1. DPM server will restart several times during the Windows upgrade. This might take a while.
  2. When the upgrade has completed, click on Accept for the license terms.
  3. The final step is to make sure that you run and install the latest Windows Update.

How it works...

Upgrading DPM 2012 R2 to the latest DPM release is a straightforward process. In this example, we are running SQL Server 2012 with SP3 as a local instance on the same OS.

As a part of your upgrade, you may also want to move the DPM database if you ever encounter the following scenarios:

  • You are merging instances of SQL Server.
  • You are moving to a remote SQL Server that's more powerful than SQL Server.
  • You want to add fault tolerance by using a SQL Server cluster.
  • You want to move from a remote SQL Server to a local SQL server or vice versa.

The DPM setup allows you to migrate the DPM database to different SQL Servers during the upgrade process. 

There's more...

In the upgrade scenario where you have a primary and a secondary DPM server, the preceding recommended strategies apply. However, it is recommended that you always start the upgrade process with your secondary DPM server and then upgrade your primary DPM server; this is to avoid any unnecessary disturbance.

If you are going to upgrade from DPM 2012 R2 or DPM 2016 (LTSC), to DPM 1801 or DPM 1807 (SAC), then make sure to follow this path:

  • If you are upgrading from DPM 2012 R2, then first upgrade to DPM 2012 R2 Update Rollup 14.
  • If you are upgrading from DPM 2016, then first upgrade to DPM 2016 Update Rollup 4.
  • Upgrade to DPM 1801, and then apply DPM 1807 update. You can download 1807 update from the following link: http://catalog.update.microsoft.com/v7/site/Search.aspx?q=4339950.
  • Update the agents on the protected servers.
  • Upgrade the DPM Remote Administrator on all production servers.
  • Backups continue without rebooting your production server.

See also

Migrating legacy storage to Modern Backup Storage

This recipe will cover how to migrate legacy storage to MBS. 

Getting ready

After upgrading DPM 2012 R2 to DPM 2016 and the operating system to Windows Server 2016, as described in the Upgrading to the latest release of DPM recipe in this chapter, you can update your existing protection groups to the new DPM features. By default, the protection groups haven't been changed, and continue to function as they were configured in DPM 2012 R2.

After upgrading to Windows Server 2016 and DPM 2016 or later, you can no longer create new protection groups using legacy storage. All newly created protection groups will leverage MBS. We strongly recommend moving existing protection groups to MBS to take advantage of the new storage space-saving improvements.

You also need to make sure that you have added a new volume to DPM by using Modern Backup Storage technology. Please refer to the Enabling Modern Backup Storage (MBS) recipe in Chapter 2, DPM Post-Installation and Management Tasks:

How to do it...

To update the protection group, you need to stop the protection of all data sources with Retain Data, and then add the data sources to a new protection group. DPM will begin protecting these data sources using MBS:

  1. Open the Administrator Console, select the Protection feature, and in the Protection Group Member list, right-click the member and select Stop protection of member...:
  1. In the Stop Protection dialog, review the used Disk space and the Current free disk space in the DPM storage pool. The default is to Retain protected data, leave the recovery points on the disk, and allow them to expire per their associated retention policy. Click Stop Protection:
If you want to immediately return the used disk space to the free storage pool, select Delete protected data. This will delete the backup data (and recovery points) associated with that member.
  1. In the last step, you need to create a new protection group that uses MBS, and include the same unprotected data sources.

How it works...

The end result is that you will have a single new protection group that uses MBS. The previous protection group that was created in DPM 2012 R2 will be removed. The old recovery points will be maintained since we did not delete the protected data:

You might need to perform a Consistency Check (CC) after the initial replica is created for the new protection group so that the protection status will be in a healthy state.

Installing the DPM agents

This recipe will cover the installation of a DPM agent from the DPM console as well as a manual-based installation.

Getting ready

Before you can start protecting a workload within your datacenter, you must install a DPM agent on the server hosting the workload that you would like to protect (that is, Hyper-V, SQL Server, Exchange, and so on).

You can install the DPM agent via the DPM Administrator Console in push mode; however, there are some scenarios where you will not able to perform a push installation of the DPM agent to the server hosting the workload that you would like to protect. On the DPM server, you can find two executables for the DPM agent that you can share or download to a removable media. Then, you can install the agent manually. The DPM agent is also available on the DPM installation media. There are two different executables here:

  • DpmAgentInstaller_x86.exe is for 32-bit operating systems
  • DpmAgentInstaller_x64.exe is for 64-bit operating systems

Both are applicable for Windows server and Windows client operating systems.

How to do it...

The following steps will illustrate the process of installing DPM agent in two different ways.

Option 1 – installing the agent from the DPM console

  1. Open the DPM Administrator Console and click ManagementAgents. Click Install on the tool ribbon to open the Protection Agent Installation Wizard.
  2. On the Select Agent Deployment Method page, click Install agents | Next.
  3. On the Select Computers page, DPM will display a list of available computers that are in the same domain as the DPM server. Add the required computer.
  1. The Advanced button page is enabled only when there is more than one version of a protection agent available for installation on the computers. You can use this option to install a previous version of the protection agent that was installed before you upgraded DPM server to a more recent version. However, it's recommended that you always keep the protection agent updated.
  2. Click Next > to continue.
  3. On the Enter Credentials page, type the username and password for a domain account that is a member of the local administrators group on the selected computer(s).
  4. If you select a node in a cluster, DPM detects all of the additional nodes in the cluster and displays the Select Cluster Nodes page. On the Select Cluster Nodes page, select an option that you want DPM to use for installing agents on additional nodes in the cluster. Then, click Next.
  5. In the Choose Restart Method step, select the method that you want to use to restart the selected computers after the protection agent has been installed.
For greenfield agent installation, the computer must be restarted before you can start protecting data. A restart is necessary to load the volume filter that DPM uses to track and transfer block-level changes between the DPM server and the protected computers.
  1. If any of the computers that you have selected are members of a cluster, an additional Choose Restart Method page will appear that you can use so that you can select the method to restart the clustered computers.
Please note that you need to install a protection agent on all of the nodes in a cluster to successfully protect the clustered data.
  1. Choose an appropriate option and click on Next > to continue.
  2. In the Summary page, you can verify the information you have chosen and then click on Install to initialize the installation and configuration process of the DPM agent.
  3. After a short period of time, the Agent will appear in the DPM console and report back with status OK.

Option 2 – installing the agent manually

You can perform a manual installation in two different ways:

  • By providing the FQDN of the DPM server when running the DpmAgentInstaller executable
  • By providing the NetBIOS name of the DPM server using setdpmserver.exe if the DPM agent is already installed but not configured

Now follow these steps:

  1. On the computer that you want to protect, open an elevated command window, and then run net use Z: \\<DPMServerName>\d$, where Z is the local drive letter that you want to assign and <DPMServerName> is the name of the DPM server that will protect the computer. d$ is where DPM software is installed.
  2. For a 64-bit computer, type the following:
cd /d <assigned drive letter>:\Program Files\Microsoft System Center 2019\DPM\DPM\ProtectionAgents\RA\5.0.<build number>.0\amd64 

Here, <assigned drive letter> is the drive letter that you assigned in the previous step and <build number> is the latest DPM build number. For example: 

cd /d "Z:\Program Files\Microsoft System Center 2019\DPM\DPM\ProtectionAgents\RA\5.0.158.0\amd64"
  1. For a 32-bit computer, type the following:

cd /d <assigned drive letter>:\Program Files\Microsoft System Center 2019\DPM\DPM\ProtectionAgents\RA\5.0.<build number>.0\i386 

Here, <assigned drive letter> is the drive that you mapped in the previous step and <build number> is the latest DPM build number.

  1. To install the protection agent for a 64-bit computer, run the following command:

DPMAgentInstaller_x64.exe <DPMServerName> 

Here, <DPMServerName> is the fully qualified domain name (FQDN) of the DPM server.

  1. To install the protection agent for a 32-bit computer, run the following command:
DPMAgentInstaller_x86.exe <DPMServerName> 

Here, <DPMServerName> is the FQDN of the DPM server.

  1. Select I accept the license terms and conditions for the Microsoft Software License Terms, and click OK.
  2. The installation will start and you will receive a confirmation message that states Agent installation completed successfully. The DPM agent has now been configured and the appropriate firewall exceptions have been made in the domain profile of the Windows Firewall. Press Enter key to close the window.
To perform a silent installation and to accept the EULA license in a silent installation , you can use the /q and /IAcceptEULA options after the command. For example: DPMAgentInstaller_x64.exe /q <DPMServerName> /IAcceptEULA.
  1. If the DPM agent is already installed, you should run the setdpmserver.exe executable with the –dpmservername switch to configure the DPM server that the DPM agent should report to as follows:
Setdpmserver –dpmservername DPM2019
When using the SetDpmServer executable, you only need the NetBIOS name of the DPM server.

After installing the agent manually, you must attach the DPM agent to the DPM server. You can do this via the DPM Administrator console or via the DPM PowerShell cmdlet.

  1. Open the DPM console and go to Management. Click on Production Servers and, at the top-left corner of the console, click on the Add button to start the Production Server Addition Wizard.
  1. Under the Select Agent Deployment Method page, click Attach agents, followed by Computer on trusted domain. Click the Next > button to continue:
If you want to attach a DPM agent in a workgroup or untrusted domain, please refer to Chapter 8, Protecting Workgroups and Untrusted Domains, for more information.
  1. In the Select Computers page, choose the server that you would like to attach to the DPM server and click on Next > to continue.

You can also provide a list of servers that you would like to have attached. The list should have all of the FQDN of every server per row in a simple text file. Click on the Add From File... button to import the files' data.
  1. In the Enter Credentials page, enter the credentials that should be used to execute this process. Keep in mind that the credentials you provide must have administrative rights on the server that you are trying to attach. Provide the credentials and click on Next > to continue.
  2. In the Summary page, verify the configuration and click on Attach to start.
  3. Verify that the Attach protected computer task has been successful. Click Close to close the Protection Agent Installation Wizard.
  4. The Agent will appear in the DPM console and report back with status OK.

How it works...

The DPM agent is the core component for the DPM so that it's able to provide restore capabilities for your data. The DPM relies on the DCOM object of the protected server which is mapped to the DPMRA service so that the SQL job on the DPM server starts. System Center Data Protection Manager stores all protection group configurations as SQL Jobs, and the SQL Server Agent initializes the DPM agent to start creating snapshots by using the underlying architecture of the Volume Shadow Copy Service (also known as Volume Snapshot Service or VSS) within the operating system.

The setdpmserver.exe executable command has the ability to configure the DPM agent to set which DPM server the DPM agent reports to. It also provides the configuration needed for the local Windows Firewall so that the DPM agent can start reporting to the DPM server.

There's more...

System Center Data Protection Manager manages data replication and provides management of the DPM agents using two different TCP ports:

  • 5718
  • 5719

TCP port 5718 is used for data replication and TCP port 5719 is used by the DPM agent coordinator. The coordinator is the function within the DPM agent architecture that manages the installation, uninstallation, and updates of the DPM agent. For more information regarding firewall ports and configuration, please read the Planning your DPM deployment recipe in this chapter.

Upgrading the DPM agents

This recipe covers how you can upgrade DPM agents from the DPM console and also provides information about other scenarios.

Getting ready

Microsoft keeps releasing updates that are critical to apply, since they contain new enhancements that will provide you with optimization of the DPM software. They also enable new restore capability features for your workload.

How to do it...

After you have upgraded DPM 2012 R2 to the latest DPM release, you must upgrade all of the DPM agents that are attached to the DPM server before protection can continue. This is something you need to do manually:

  1. Open the DPM console, select Management and, on the left-hand side of the console, click on Agents. In the display pane, you will see DPM agents reporting Update Available.
  2. Right-click the agents that you want to update and choose Update from the drop-down list.
Starting with DPM 2016 or later, once the agent has been updated, no reboot is required. DPM will continue to protect your workloads. However, we have seen some servers reboot automatically, even if the option to automatically reboot is not checked, so make sure to upgrade the agent during a maintenance window.

How it works...

The DPM agent coordinator is the function within the DPM agent architecture that provides you with the ability to upgrade your DPM agents via the DPM console.

Some Update Rollups require a restart if the file filter drivers, or any DLL in the change-tracking process, has been updated. It is recommended that you read the release notes for the update before applying it to the production environment.

There's more...

You can also apply the updates manually via Microsoft Update, local Windows Server Update Services (WSUS), or System Center Configuration Manager (SCCM).

Left arrow icon Right arrow icon

Key benefits

  • Adapt to the modern data center design challenges and improve storage efficiency
  • Effective recipes to help you create your own robust architectural designs
  • Solve data protection and recovery problems in your organization

Description

System Center Data Protection Manager (SCDPM) is a robust enterprise backup and recovery system that contributes to your BCDR strategy by facilitating the backup and recovery of enterprise data. With an increase in data recovery and protection problems faced in organizations, it has become important to keep data safe and recoverable. This book contains recipes that will help you upgrade to SCDPM and it covers the advanced features and functionality of SCDPM. This book starts by helping you install SCDPM and then moves on to post-installation and management tasks. You will come across a lot of useful recipes that will help you recover your VMware and Hyper-V VMs. It will also walk you through tips for monitoring SCDPM in different scenarios. Next, the book will also offer insights into protecting windows workloads followed by best practices on SCDPM. You will also learn to back up your Azure Stack Infrastructure using Azure Backup. You will also learn about recovering data from backup and implementing disaster recovery. Finally, the book will show you how to configure the protection groups to enable online protection and troubleshoot Microsoft Azure Backup Agent.

Who is this book for?

If you are an SCDPM administrator, this book will help you verify your knowledge and provide you with everything you need to know about the new release of System Center Data Protection Manager.

What you will learn

  • Install and prepare SQL Server for the SCDPM database
  • Reduce backup storage with SCDPM and data deduplication
  • Learn about the prerequisites for supported Hyper-V Server protection
  • Integrate SCDPM with other System Center products to build optimal services
  • Protect and restore the SCDPM database
  • Protect your data center by integrating SCDPM with Azure Backup
  • Manually create online recovery points and recover production data from Azure
  • Protect and learn about the requirements to recover Azure Stack with SCDPM

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Dec 26, 2018
Length: 424 pages
Edition : 1st
Language : English
ISBN-13 : 9781787289284
Vendor :
Microsoft
Category :
Languages :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Dec 26, 2018
Length: 424 pages
Edition : 1st
Language : English
ISBN-13 : 9781787289284
Vendor :
Microsoft
Category :
Languages :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just zł20 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just zł20 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 642.97
Microsoft System Center Data Protection Manager Cookbook
zł197.99
Microsoft System Center 2016 Orchestrator Cookbook
zł266.99
Mastering Windows Group Policy
zł177.99
Total 642.97 Stars icon
Banner background image

Table of Contents

11 Chapters
Installing and Upgrading DPM Chevron down icon Chevron up icon
DPM Post-Installation and Management Tasks Chevron down icon Chevron up icon
Protecting Hyper-V VMs Chevron down icon Chevron up icon
Monitoring DPM and Configuring Role-Based Access Chevron down icon Chevron up icon
Protecting Microsoft Workloads with DPM Chevron down icon Chevron up icon
Securing Windows Client with DPM Chevron down icon Chevron up icon
Protecting Microsoft Azure Stack with DPM Chevron down icon Chevron up icon
Protecting Workgroups and Untrusted Domains Chevron down icon Chevron up icon
Recovering Data from Backup Chevron down icon Chevron up icon
Integrating DPM with Azure Backup Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Full star icon 5
(1 Ratings)
5 star 100%
4 star 0%
3 star 0%
2 star 0%
1 star 0%
Marie E. Holcomb Oct 17, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I use this book everyday. DPM can be difficult to setup and understand. The information I got from this book has helped me setup my backup plans and the development for my network.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.