Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Microsoft System Center Data Protection Manager Cookbook

You're reading from   Microsoft System Center Data Protection Manager Cookbook Maximize storage efficiency, performance, and security using System Center LTSC and SAC releases

Arrow left icon
Product type Paperback
Published in Dec 2018
Publisher
ISBN-13 9781787289284
Length 424 pages
Edition 1st Edition
Languages
Arrow right icon
Authors (2):
Arrow left icon
Patrick Lownds Patrick Lownds
Author Profile Icon Patrick Lownds
Patrick Lownds
Charbel Nemnom Charbel Nemnom
Author Profile Icon Charbel Nemnom
Charbel Nemnom
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. Installing and Upgrading DPM FREE CHAPTER 2. DPM Post-Installation and Management Tasks 3. Protecting Hyper-V VMs 4. Monitoring DPM and Configuring Role-Based Access 5. Protecting Microsoft Workloads with DPM 6. Securing Windows Client with DPM 7. Protecting Microsoft Azure Stack with DPM 8. Protecting Workgroups and Untrusted Domains 9. Recovering Data from Backup 10. Integrating DPM with Azure Backup 11. Other Books You May Enjoy

Planning your DPM deployment

This recipe will cover the planning steps that you should consider before you start preparing to deploy your DPM servers.

Getting ready

Before you start planning your DPM server deployment, it's imperative that you start working on classifying the data sources that you would like to protect. A common strategy that I have observed that many companies still follow is to backup everything once a day. This is not a good approach.

There are, of course, several servers within your datacenter that need to be regularly backed up, but not all servers are the same. It is vital to adapt to your business continuity and disaster-recovery plan before you start any implementation. You can do this by identifying all of the services and working with all of the stakeholders in your company to develop more effective backup approaches, and then break down those services into smaller components to clearly see how or why they are of importance to your business.

How to do it...

From a more technical perspective, there are some considerations that need to be addressed during the planning phase, such as the following:

  • The total amount of data that should be protected
  • Firewall settings
  • Network consideration
  • Who can interact with DPM
  • Untrusted domains/workgroup
  • Backup repository 

To start provisioning resources for the DPM server that you want to deploy, you must first take into consideration the following:

  1. Starting with DPM 2016 onward, Microsoft removed the Logical Disk Manager (LDM) limits for protection groups. The absence of LDM limits allows the data sources to grow and shrink as many times as needed, without the need for manual intervention. DPM 2016 or later does not need to allocate storage to data sources beforehand compared to DPM 2012 R2. This will allow the backups to adjust dynamically as needed, thus achieving higher efficiency with less storage requirements. The snapshot limits do not apply to protection groups that have been created in DPM 2016, as DPM does not use disks anymore. Instead, it uses volumes. Please read Chapter 2, DPM Post-Installation and Management Tasks, for more information on this.
  2. Here are the suggested data limits according to Microsoft for a single DPM server:
    • DPM can protect up to 600 volumes. The limit for each DPM is 120 TB, 80 TB ReplicaPoint Volume, and 40 TB RecoveryPoint.
    • The total amount of SQL DBs that can be protected by one DPM server is 2,000 and the total size is 80 TB.
    • The total amount of clients that can be protected with one DPM server is 3,000 and the total size is 80 TB.
    • The total amount of virtual machines that can be protected with one DPM server is 800 and the total size is 80 TB.
  3. Firewall configuration for DPM deployment is required on the DPM server, on the machines that you want to protect, and on the SQL Server used for the DPM database (if you're hosting your DPM database on a remote SQL Server). If Windows Firewall is enabled when you install DPM, then DPM automatically configures the firewall settings on the DPM server.
The firewall settings, including the port numbers, are documented in the following link: https://docs.microsoft.com/en-us/system-center/dpm/plan-dpm-deployment?view=sc-dpm-1711#BKMK_Firewall.
  1. The backup network for Hyper-V is not listed as a requirement by Microsoft. However, we strongly recommend isolating the backup traffic from the host Management OS by leveraging a converged network in Hyper-V where you combine multiple physical NICs with Switch-Embedded Teaming (SET) and Quality of Service (QoS) so that you can isolate all network traffic while maintaining resiliency. This implementation can be seen in following diagram:

  1. Before you begin with the deployment, you need to verify that the appropriate users have been granted the required privileges for performing various DPM tasks.
The required permissions needed are documented at the following link: https://docs.microsoft.com/en-us/system-center/dpm/plan-dpm-deployment?view=sc-dpm-1711#BKMK_Users.
  1. If you want to protect multiple domains, you can create a two-way transitive trust between the domains. By doing this, the DPM server will work in both domains without any limitations. However, this approach comes with a security risk—please take into consideration that you need to create a two-way transitive trust between the untrusted domains.
  2. Starting with System Center 2012 R2 Data Protection Manager, Microsoft added support for the protection of computers in workgroups and untrusted domains using NTLM with local accounts. However, in scenarios where an organization does not allow for the creation of local accounts, this solution does not work.
  3. As an alternative, you can use certificate-based authentication for computers in workgroups or untrusted domains. Please refer to Chapter 8, Protecting Workgroups and Untrusted Domains, for more information.
  4. A major part of your DPM deployment will be figuring out how to store data that's been backed up by DPM. There are currently three different solutions:
    • Disk storage using volumes with Modern Backup Storage (MBS)
    • Tape storage, such as Physical or the Virtual Tape Library (VTL)
    • Online storage with Azure Backup (off-site)

You should not just consider one of these three as an option. Instead, you need to focus on the requirements of the backup strategy in your organization by discussing the Recovery Point Objective (RPO) and Recovery Time Objective (RTO) with all stakeholders.

When you are planning for data source protection, you can choose the backup target based on how frequently you need to access and restore the data. For example, if the data sources will be used for archiving and need to be accessed once per month, you can go with Azure Backup. If the protected data sources need an archiving solution but should also be able to restore quickly, you can go with Virtual Tape Library (VTL) or Azure Backup. If you need to restore the data sources as quickly as possible, you go with disk storage on-premises. Finally, if the workloads need an off-site secure solution, you can go with Azure Backup.

More information about the difference between RPO and RTO can be found here: https://en.wikipedia.org/wiki/Recovery_point_objective.

How it works...

Having all of the information we have just discussed and presented in an organized manner, you can now start designing the structure of the Backup as a Service (BaaS). A piece of advice here—make sure that you spend enough time on the planning phase and take small steps toward your goal and never rush an implementation. You will probably bump into a challenge or two, so it is of key importance to work using a well-defined structure.

See also

You have been reading a chapter from
Microsoft System Center Data Protection Manager Cookbook
Published in: Dec 2018
Publisher:
ISBN-13: 9781787289284
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image