Microsoft System Center Data Protection Manager Cookbook

5 (1 reviews total)
By Charbel Nemnom , Patrick Lownds
  • Instant online access to over 7,500+ books and videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. Installing and Upgrading DPM

About this book

System Center Data Protection Manager (SCDPM) is a robust enterprise backup and recovery system that contributes to your BCDR strategy by facilitating the backup and recovery of enterprise data. With an increase in data recovery and protection problems faced in organizations, it has become important to keep data safe and recoverable. This book contains recipes that will help you upgrade to SCDPM and it covers the advanced features and functionality of SCDPM.

This book starts by helping you install SCDPM and then moves on to post-installation and management tasks. You will come across a lot of useful recipes that will help you recover your VMware and Hyper-V VMs. It will also walk you through tips for monitoring SCDPM in different scenarios. Next, the book will also offer insights into protecting windows workloads followed by best practices on SCDPM. You will also learn to back up your Azure Stack Infrastructure using Azure Backup. You will also learn about recovering data from backup and implementing disaster recovery. Finally, the book will show you how to configure the protection groups to enable online protection and troubleshoot Microsoft Azure Backup Agent.

Publication date:
December 2018
Publisher
Packt
Pages
424
ISBN
9781787289284

 

Chapter 1. Installing and Upgrading DPM

In this chapter, we will cover the following recipes:

  • Planning your DPM deployment
  • Preparing your DPM deployment
  • Installing SQL Server for the DPM database
  • Enabling the Transport Layer Security 1.2 protocol for DPM
  • Installing DPM
  • Automating the installation of DPM
  • Upgrading to the latest release of DPM
  • Migrating legacy storage to Modern Backup Storage
  • Installing the DPM agents
  • Upgrading the DPM agents
 

Introduction


Data protection in today's world is becoming more critical than ever. With increasing amounts of data in this all-connected world comes more data that needs to be protected. As shown in the Enterprise Strategy Group (ESG) 2016 report, backup is one of the top five priorities that IT administrators continue to have in today's world:

System Center 2019's Data Protection Manager (DPM) is the latest release by Microsoft, and with it comes a lot of improvements and new features. DPM is well-recognized in the industry for protection of Microsoft workloads and VMware environments. With DPM 2019, you can back up the most common workloads that exist in any modern data center today. 

The following diagram provides an overview of the DPM backup functionality:

Typical malware attacks that happen today include ransomware, which is where target machines are forced to either re-encrypt their data or remove it permanently. If production data is impacted, then the backups that follow are impacted on too. Microsoft System Center DPM and Azure backup now provide security features that protect sensitive data. These security features ensure that you are able to secure your backups and recover your data if the production and backup servers are compromised. These features are built on three main principles—Prevention,Alerting, andRecovery—that help organizations to increase preparedness against attacks and equip them with a robust backup solution.

This chapter is designed to provide you with the necessary skills and techniques for dealing with installing and upgrading tasks for your Microsoft System Center DPM server. After reading this chapter, you will have the knowledge to carry out common DPM installation, migration, and planning activities, such as configuring the DPM firewall, calculating the storage requirements, preparing the SQL Server for the DPM database, installing and upgrading to the latest release of DPM, automating the installation of DPM, and much more.

 

Planning your DPM deployment


This recipe will cover the planning steps that you should consider before you start preparing to deploy your DPM servers.

Getting ready

Before you start planning your DPM server deployment, it's imperative that you start working on classifying the data sources that you would like to protect. A common strategy that I have observed that many companies still follow is to backup everything once a day. This is not a good approach.

There are, of course, several servers within your datacenter that need to be regularly backed up, but not all servers are the same. It is vital to adapt to your business continuity and disaster-recovery plan before you start any implementation. You can do this by identifying all of the services and working with all of the stakeholders in your company to develop more effective backup approaches, and then break down those services into smaller components to clearly see how or why they are of importance to your business.

How to do it...

From a more technical perspective, there are some considerations that need to be addressed during the planning phase, such as the following:

  • The total amount of data that should be protected
  • Firewall settings
  • Network consideration
  • Who can interact with DPM
  • Untrusted domains/workgroup
  • Backup repository 

To start provisioning resources for the DPM server that you want to deploy, you must first take into consideration the following:

  1. Starting with DPM 2016 onward, Microsoft removed the Logical Disk Manager (LDM) limits for protection groups. The absence of LDM limits allows the data sources to grow and shrink as many times as needed, without the need for manual intervention. DPM 2016 or later does not need to allocate storage to data sources beforehand compared to DPM 2012 R2. This will allow the backups to adjust dynamically as needed, thus achieving higher efficiency with less storage requirements. The snapshot limits do not apply to protection groups that have been created in DPM 2016, as DPM does not use disks anymore. Instead, it uses volumes. Please read Chapter 2, DPM Post-Installation and Management Tasks, for more information on this.
  2. Here are the suggested data limits according to Microsoft for a single DPM server:
    • DPM can protect up to 600 volumes. The limit for each DPM is 120 TB, 80 TB ReplicaPoint Volume, and 40 TB RecoveryPoint.
    • The total amount of SQL DBs that can be protected by one DPM server is 2,000 and the total size is 80 TB.
    • The total amount of clients that can be protected with one DPM server is 3,000 and the total size is 80 TB.
    • The total amount of virtual machines that can be protected with one DPM server is 800 and the total size is 80 TB.
  3. Firewall configuration for DPM deployment is required on the DPM server, on the machines that you want to protect, and on the SQL Server used for the DPM database (if you're hosting your DPM database on a remote SQL Server). If Windows Firewall is enabled when you install DPM, then DPM automatically configures the firewall settings on the DPM server.

Note

The firewall settings, including the port numbers, are documented in the following link: https://docs.microsoft.com/en-us/system-center/dpm/plan-dpm-deployment?view=sc-dpm-1711#BKMK_Firewall.

  1. The backup network for Hyper-V is not listed as a requirement by Microsoft. However, we strongly recommend isolating the backup traffic from the host Management OS by leveraging a converged network in Hyper-V where you combine multiple physical NICs with Switch-Embedded Teaming (SET) and Quality of Service (QoS) so that you can isolate all network traffic while maintaining resiliency. This implementation can be seen in following diagram:
  1. Before you begin with the deployment, you need to verify that the appropriate users have been granted the required privileges for performing various DPM tasks.

Note

The required permissions needed are documented at the following link: https://docs.microsoft.com/en-us/system-center/dpm/plan-dpm-deployment?view=sc-dpm-1711#BKMK_Users.

  1. If you want to protect multiple domains, you can create a two-way transitive trust between the domains. By doing this, the DPM server will work in both domains without any limitations. However, this approach comes with a security risk—please take into consideration that you need to create a two-way transitive trust between the untrusted domains.
  2. Starting with System Center 2012 R2 Data Protection Manager, Microsoft added support for the protection of computers in workgroups and untrusted domains using NTLM with local accounts. However, in scenarios where an organization does not allow for the creation of local accounts, this solution does not work.
  3. As an alternative, you can use certificate-based authentication for computers in workgroups or untrusted domains. Please refer to Chapter 8, Protecting Workgroups and Untrusted Domains, for more information.
  4. A major part of your DPM deployment will be figuring out how to store data that's been backed up by DPM. There are currently three different solutions:
    • Disk storage using volumes with Modern Backup Storage (MBS)
    • Tape storage, such as Physical or the Virtual Tape Library (VTL)
    • Online storage with Azure Backup (off-site)

You should not just consider one of these three as an option. Instead, you need to focus on the requirements of the backup strategy in your organization by discussing the Recovery Point Objective (RPO) and Recovery Time Objective (RTO) with all stakeholders.

When you are planning for data source protection, you can choose the backup target based on how frequently you need to access and restore the data. For example, if the data sources will be used for archiving and need to be accessed once per month, you can go with Azure Backup. If the protected data sources need an archiving solution but should also be able to restore quickly, you can go with Virtual Tape Library (VTL) or Azure Backup. If you need to restore the data sources as quickly as possible, you go with disk storage on-premises. Finally, if the workloads need an off-site secure solution, you can go with Azure Backup.

Note

More information about the difference between RPO and RTO can be found here: https://en.wikipedia.org/wiki/Recovery_point_objective.

 

How it works...

Having all of the information we have just discussed and presented in an organized manner, you can now start designing the structure of the Backup as a Service (BaaS). A piece of advice here—make sure that you spend enough time on the planning phase and take small steps toward your goal and never rush an implementation. You will probably bump into a challenge or two, so it is of key importance to work using a well-defined structure.

See also

 

Preparing your DPM deployment


This recipe will cover the preparation steps that you must consider before you install the DPM server.

Getting ready

It's important to configure DPM properly and provide enough resources, or you will end up with quite a bad installation that could be part of the services you would like to provision within your data center. In the end, the DPM server can never work faster than what the underlying dependent architecture or technology allows.

There are certain requirements and considerations that you want to keep in mind when you deploy System Center DPM. By properly preparing a decent design, you can ensure that your DPM is scalable for future scenarios.

 

 

How to do it...

  1. First things first, you want to decide how to deploy DPM server:
    • Virtual or physical deployment
    • Deduping DPM data
    • SQL Server consideration
    • DPM server requirement
    • Disks and storage consumption

A common question that we have heard a lot is, can we deploy DPM in a virtual or physical machine? The DPM server can be deployed either in a physical deployment or via a virtual machine. However, running DPM in a virtual machine has more benefits, such as the following:

    • It is easier to move the DPM server to new hardware if needed (portability).
    • Easier to recover (protected DPM virtual machine).
    • You can enable de-duplication on the VHDXs attached to the DPM server. The VHDXs files could reside on a Scale-Out File Server (SOFS), on a Storage Spaces Direct (S2D) cluster, or any other type of storage, such as NAS or SAN.
  1. Backup storage is one of the top consumers of storage infrastructure, so storage optimization techniques such as compression and de-duplication have always been priorities for backup IT administrators.
  2. De-duplication involves locating duplicate blocks of storage and replacing them with a reference and a single instance of the duplicate block. Depending on the workload that is being written to the storage and the block sizes used to perform the de-duplication, storage savings can range anywhere from 50 to 90 percent.
  3. With the introduction of S2D in Windows Server 2016 and Storage Spaces with SOFS in Windows Server 2012 R2, customers can create commodity storage that is built natively on a Windows-based server with local attached storage in S2D as well as Windows-based servers with JBODs, which can be a viable alternative to traditional SANs.

Note

In Windows Server 2016, Dedup is only supported on the NTFS filesystem and NOT on ReFS. However, in Windows Server 2019, Microsoft added Dedup support for ReFS volumes. Additionally, Dedup cannot be used for storing backups of volumes on physical DPM servers.

 

  1. For DPM deployments, you need to have the following:

    • An instance of SQL Server installed and running to host the DPM database. The instance can be collocated on the DPM server or remotely.
    • A disk to be used as a dedicated space for DPM backup storage.
    • A DPM protection agent installed on the computers and servers you want to protect.
  2. DPM uses SQL Server as a database to store backup information for the workloads, servers, and computers it protects. At the time of writing this book, the following SQL Server versions are supported with DPM Long-Term Servicing Channel (LTSC) and Semi-Annual Channel (SAC):
    • SQL Server 2017: Standard or Enterprise 64-bit (starting with DPM 2019 and DPM 1901 onward)
    • SQL Server 2017: Standard or Enterprise 64-bit (starting with DPM 1801 and DPM 1807 as upgrade only); you can upgrade SQL Server 2016 and SQL Server 2016 SP1/SP2, to SQL Server 2017
    • SQL Server 2016: Standard or Enterprise 64-bit (starting with DPM 2016 with Update Rollup 2 onward)
    • SQL Server 2014: Standard or Enterprise 64-bit with all service packs and updates
    • SQL Server 2012 SP2 onward: Standard or Enterprise 64-bit

Note

Please note that SQL Server 2016 SP1/SP2 or later is not a supported DPM database for DPM 2016.

  1. DPM server is designed to run on a dedicated, single-purpose server. The following applications and roles are not supported to run side-by-side with DPM:
    • Application server role
    • Operations Manager Management server
    • Exchange server
    • A server running on a cluster node
  1. The following Windows Server operating systems are supported with DPM 2016 or later:
    • Windows Server 2019, Datacenter and Standard editions
    • Windows Server 2016, Datacenter and Standard editions
    • Windows Server 2012 R2, Datacenter and Standard editions

Note

Please note that if you install DPM 2016 or later on Windows Server 2012 R2, you will lose the benefit of using MBS. MBS technology uses ReFS block-cloning technology that was introduced in Windows Server 2016 to store incremental backups. Installing DPM on Windows Server 2016 or Windows Server 2019 dramatically improves storage utilization and performance. 

  1. System Center Data Protection Manager (SC DPM) can use any type of disk that is presented as local attached storage. DPM can use any of the following:

    • Direct Attached Storage (DAS)
    • Fiber Channel Storage Area Network (FC SAN)
    • iSCSI Network Attached Storage (NAS)
    • Hyper-V Virtual Hard Disks (VHDX)

Note

A very important fact to be aware of is that the internet Small Computer System Interface (iSCSI) should not be considered as your primary choice for DPM backup storage due to some challenges that often occur when leveraging this technology. The most common challenge is that the initiation of the iSCSI target sometimes fails, and therefore the entire DPM disk volume fails.

iSCSI will work in smaller deployments with DPM, but if your main objective is to provide a more stable and performant solution, you should consider using Storage Spaces Direct (S2D). If your company does not provide S2D, you should use a Direct Attached Storage (DAS) solution and provision VHDX files to the virtual DPM servers. Microsoft recommendation moving forward is to create tiered volume using Storage Spaces with small SSD around 2 to 5% of total data disk to improve the ReFS cloning performance. As noted earlier, the recommendation is to deploy DPM as a virtual machine on top of Hyper-V.

 

As discussed earlier, DPM 2016 or later on Windows Server 2016 and Windows Server 2019 comes with MBS, which uses ReFS Block-Cloning technology for storing backup files. This leads to immense storage and performance savings. Furthermore, DPM uses incremental backups to store data. This means that it will transfer the complete data to be backed up initially. After that, it will transfer only the changed bits. Hence, the size of the data is determined by the initial size, the size of the changed bits (which depends on the churn percentage and the total size), the number of recovery points per day, and the retention period of the copies. Hence, small data, with a small churn, may take up more space if there are a large number of copies stored per day, and if they are retained for a long time.

Note

Please note that you must use volumes with MBS. A single DPM server can support up to 120 TB of storage.

How it works...

Calculating DPM storage is one of the biggest challenges, since we need to calculate the size of the disks for storage pools that are used for the protection of data sources. Microsoft recommends that you figure out the actual size of the DPM data storage by multiplying the total amount of protected data by 1.5. For instance, if you want to protect 10 TB of data, you need 15 TB of storage from a minimal perspective. However, from a maximum perspective, you need to multiply the total amount of protected data by 3.

Note

The best way to calculate data storage for specific workloads is to use the DPM storage calculator. To download the DPM storage calculator, go to https://www.microsoft.com/en-us/download/details.aspx?id=54301.

The DPM team released this calculator to help you provision storage for DPM by using storage savings and efficiency. Based on inputs, the calculator suggests the amount of storage that will be needed to store the backups to disk (on-premises) and to Azure Backup. For more information about Azure Backup, please refer toChapter 10, Integrating DPM with Azure Backup.

 

 

You can plan the backup storage requirements by using the storage calculator in three simple steps, as follows:

  1. Gather information about the size, type, number, and churn of workloads that have to be backed up. The churn is the amount of new data every day (that is, written or appended to existing backup files).
  2. Calculate the number of DPM servers that would be required.
  3. Decide on the policy you want to use, depending on the needs and resources available. This calculator may help you understand the resource requirements. If you expect the data to grow over time, you need to enter the maximum size expected for the workload, instead of the current size. Similarly, the churn values given are the average values. Please change the values if the workloads are expected to churn more or less. If you wish to remove a workload, simply set the Total Size of workload to 0.

You could also calculate the storage, including the growth rate. Note that this may change a bit depending on what you have for specific data types. With DPM, you can always add more storage later as needed. For monthly and yearly storage, this would need to be sent to tape and/or to Azure Backup. DPM cannot do long-term storage to disk.

Note

Please note that the maximum daily recovery points to a disk cannot exceed 48. The maximum number of recovery points for the entire retention period is 512 for applications and 64 for files and folders. For Azure Backup, the maximum number of recovery points per day is 2. Hence, the maximum number of weekly, monthly, and yearly backups is 14, 62, and 732.

There's more...

Planning for decent hardware to host the DPM disk volume is very important. You don't need a premium disk solution for the DPM disk volume, but you can use decent hardware that can easily scale out. Adding DPM volumes can be done via the DPM console or via PowerShell. For more information on this topic, please read the Enabling Modern Backup Storage recipe in Chapter 2, DPM Post-Installation and Management Tasks.

It's important to know the limitations of a DPM server that has been upgraded from DPM 2012 R2 and used a legacy storage pool:

  • The disk that you want to add to the DPM storage pool must be dynamic in disk management.
  • DPM cannot be installed on the disk that's used for the storage pool.
  • You can attach or associate custom volumes with protected data sources. Custom volumes can be on basic or dynamic disks, but you can't manage the space on these volumes in the DPM Administrator Console.

See also

Follow this article to learn more on how to reduce DPM storage by enabling de-duplication on MBS: https://charbelnemnom.com/2016/10/how-to-reduce-dpm-2016-storage-consumption-by-enabling-deduplication-on-modern-backup-storage/.

 

Installing SQL Server for the DPM database


This recipe will cover the installation process in two scenarios:

  • Local SQL Server instance
  • Remote SQL Server instance

Getting ready

SQL Server is a core component and is required for the System Center Data Protection Manager database. It is of major importance that the installation and design of SQL Server is well-planned and implemented. If you have an undersized installation of SQL Server, it will provide you with a negative experience while operating the System Center Data Protection Manager.

Note

Starting with DPM 2012 R2 and later, SQL Server is no longer a part of the installation media for DPM, which is a good thing. The majority of users need to understand SQL more and also understand that if you have a poorly set-up SQL Server, you will have a bad experience with the product hosting its database on that SQL Server. Remember to set up your SQL Server using domain service accounts, use a dedicated disk for the DPM database, and keep monitoring SQL's performance with a proactive monitoring approach.

 

The following requirements are recommended for a SQL Server database:

  • RAM: 8 GB
  • Disk: 3 GB
  • Required features: Database Engine Services, Reporting Services
  • Collations: SQL_Latin1_General_CP1_CI_AS
  • AlwaysOn: Not Supported
  • Clustered SQL Server: Supported 

How to do it...

The following steps will cover the installation process of a local SQL Server that has been collocated with the DPM server on the same operating system.

Option 1 – local SQL Server instance

Make sure that your operating system is fully patched and that is has been rebooted before you start the installation of SQL Server 2016. Now, follow these steps:

  1. Insert the SQL Server 2016 media and start the SQL server's setup. In the SQL Server Installation Center, click on Installation and click on New SQL Server stand-alone installation…
  2. The Setup Support Rules will start and will identify any problems that might occur during the SQL server's installation. When the operation is complete, click on OK to continue.
  3. In the Product Key step, enter the product key that ships with SQL server license and click on Next to continue.
  4. The next step is the License Terms step, which is where you check the I accept the license terms checkbox if you agree with the license terms. Click on Next to continue.
  5. The SQL Server installation will verify whether there are any product updates available from the Microsoft Update service. Check the Use Microsoft Update to check for updates (recommended) checkbox and click on Next to continue.
  6. Select the Include SQL Server product updates checkbox and click on Next to continue:
  1. Next is the Install Setup Files step, which initializes the actual installation. When these tasks have finished, click on Install to continue.
  2. Verify that all of the rules have passed in the Install Rules step of the SQL Server installation process. Resolve any warnings or errors and click the Re-run button to run the verification again. If all of the rules have passed, click on Next to continue.
  3. In Feature Selection, choose the SQL Server features that you would like to install. System Center Data Protection Manager requires the following:
    • Database Engine Service
    • Full-Text and Semantic Extractions for Search
    • Reporting Services – Native
  1. Click on Next to continue:
  1. Verify the Installation Rules step, resolve any errors, and click on Next to continue.
  2. In the Instance Configuration step, select Named instance and type in a suitable name for your SQL Server instance. Click on Next to continue:
  1. In the Server Configuration step, type in the credentials for the dedicated service account you would like to use for this SQL Server. Switch the Startup Type to Automatic for the SQL Server Agent. When all of the credentials have been filled in, click on the Collation tab:
  1. In the Collation tab, make sure that SQL_Latin1_General_CP1_CI_AS is listed in the Database Engine Configuration. If not, then click on the Customize… button to choose the correct collation and then click on Next to continue.
  2. The next step is the Database Engine Configuration step. Enter the authentication security mode, administrators, and directories. In the Authentication Mode section, choose Windows Authentication mode. In the Specify SQL Server administrators section, click the Add... button and add the DPM Admins group into Active Directory:
  1. Click on the Data Directories tab as well as the TempDB tab to verify that all of your SQL Server configurations point to a dedicated disk. Click on Next to continue.
  2. In the Reporting Services Configuration step, under the Reporting Services Native Mode, choose Install and configure and click on Next to continue.
  3. Verify the configuration in the Ready to Install step and click on Install to start the installation.
  4. The Installation Progress step will show you the current status of the installation process. When the installation has completed, SQL Server 2016 Setup will show you a summary of the Complete step. That is the final step page of the SQL Server Server 2016 installation wizard.
  5. Click on the Close button to end SQL Server 2016 Setup.

Note

After installing SQL Server, please make sure that you install an important update for SQL Server 2016 RTM (KB3210111). Please note that, starting with SQL Server 2014 and later, SQL Server Management Studio (SSMS) is not part of the installation media and you need to download it separately. At the time of writing this book, SSMS version 17.8.1 is the latest generation of SQL Server Management Studio that supports SQL Server 2017. However, if you install SSMS version 17.X and later on the same OS, DPM installation will fail with the following error:An unexpected error occurred during the installation – ID: 4387. Alternatively, you can download SSMS version 16.5.3 from the following link, which will work side-by-side with DPM:http://go.microsoft.com/fwlink/?LinkID=840946.

Option 2 – remote SQL Server instance

When you need to build a large hosted DPM solution within your modern datacenter, you may want to use a dedicated backend SQL Server that is either a standalone SQL Server or a clustered one, for high availability. This step will cover the procedure to prepare a remote SQL server for hosting the DPM database.

After installing your backend SQL Server, you must prepare it for hosting the DPM database. Now look at the following steps:

  1. Insert the DPM media on the SQL Server and run the setup. In the setup screen, click on the DPM Remote SQL Prep link:
  1. The next step is to go through the Microsoft Software License Terms, where you must check the I accept the license terms and conditions checkbox if you agree with the license terms. Click on OK to continue.
  2. The installation wizard will start and install the DPM Support Files; this is a very quick installation.
  3. When the installation has finished, a message box appears that informs you that the installation has finished and that the System Center DPM Support Fileshave been successfully installed:

Note

The support files for SQL Server will be installed on the backend SQL Server box and will be used when the DPM server connects and creates its database.

How it works...

SQL Server is a very important component for System Center Data Protection Manager. If the SQL Server is undersized or misconfigured in any way, it will reflect negatively on the performance of DPM.

It is crucial to plan, design, and measure the performance of SQL Server before you install the DPM server so that you know it will fit the scale you are planning for and the workloads that it should host.

 

Enabling the Transport Layer Security 1.2 protocol for DPM


This recipe will cover how to enable the Transport Layer Security (TLS) protocol version 1.2 for the DPM Management server.

Getting ready

TLS is a protocol that provides privacy and data integrity between two communicating applications. In this case, this is between DPM server and protected servers. TLS is the most widely deployed security protocol used today.

Several known vulnerabilities have been reported against SSL and earlier versions of TLS. Microsoft recommend that you upgrade to TLS 1.2 for secure communication.

To enable TLS protocol version 1.2 in your DPM environment, you need to perform the following steps:

  1. Install all of the required updates.
  2. Make sure that the DPM setup is functional as it was before applying the updates (for example, you can check if you are able to launch the DPM console).
  3. Change the configuration settings to enable TLS 1.2.
  1. Ensure that all required SQL Server services are up and running.
  2. Finally, validate the protection and recovery process.

How to do it...

To enable TLS protocol version 1.2, follow these steps:

  1. Make sure that you are running Windows Server 2012 R2, Windows Server 2016, or Windows Server 2019 and that it is up-to-date with the latest security fixes.  
  2. Make sure that .NET version 4.6 is installed on all of your machines (DPM server, protected servers) .NET version 4.7 is supported on Windows Server 2019. You can use the following PowerShell command to determine whether .NET has been installed: Get-WindowsFeature NET*:
  1. For the DPM database and for all SQL Servers that you intend to protect with DPM, you need to make sure that you are running a SQL Server that supports TLS 1.2. You can  follow the instructions described here to find out whether you need this update: https://support.microsoft.com/en-in/help/3135244/tls-1-2-support-for-microsoft-sql-server.
  2. You need to make sure that SQL Server 2012 Native client 11.0 is installed on the DPM Management Server. You can verify whether SQL Native client 11.0 is installed by running the following PowerShell command on SQL Server: Get-odbcdriver -name "SQL Server Native Client*". You can download Microsoft SQL Server 2012 Native client 11.0 from the following link: https://www.microsoft.com/en-us/download/details.aspx?id=50402.
  1. Make sure that you are running a DPM server that supports TLS 1.2. Starting with DPM 2012 R2 Update Rollup 14, DPM 2016 Update Rollup 4 including DPM 1801, DPM 1807, DPM 2019, and DPM 1901, the DPM team added TLS version 1.2 support.
  2. System Center components now generate both SHA1 and SHA2 self-signed certificates. This is a requirement for enabling TLS1.2. If case CA signed certificates are used for workgroup machines or untrusted domains, please ensure that they are either SHA1 or SHA2. In other words, TLS 1.2 supports only SHA1 and SHA2 certificates. Hence, all of the certificates must be updated to be SHA1 or SHA2.
  3. You need to implement these settings on all of the Windows machines in the environment on which System Center Data Protection agent is installed, including the DPM management server. Follow these steps to disable all of the SCHANNEL protocols except TLS 1.2 system-wide so that only TLS 1.2 protocol is used for communication. Making these registry changes does not affect the use of Kerberos or NTLM protocols:
    1. Open the registry on your server(s) by running regedit in the run window and navigate to the following location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
    2. Add the SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2 keys under Protocol.
    3. Now, create two keys called Client and Server under the SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2 keys.
  4. Now create two REG_DWORD values under the Server and Client keys if you want to enable the TLS 1.2 protocol: set the DisabledByDefault value to 0 and the Enabled value to 1. You will now have something that looks as follows:
  1. If you want to disable the protocol, you can set the DisabledByDefault value to 1 and the Enabled value to 0.
  2. After we have enabled the TLS 1.2 protocol on all systems, we need to set DPM to use only TLS 1.2. The following settings should be implemented on the DPM management server and all other servers on which DPM agents are installed, that is, Hyper-V hosts, File Server, SQL, Exchange, SharePoint, and so on. Follow these steps to create these settings:
    1. Open the registry on your server by running regedit in the run window and navigate to the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.3031.
    2. Now, create the REG_DWORD value under the registry: SchUseStrongCrypto [Value = 1].
    3. Navigate to the following registry location: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319.
    4. Now, create the same REG_DWORD value under the preceding registry as well: SchUseStrongCrypto [Value = 1].
  3. Finally, you need to restart the system (DPM server and the protected server).

 

How it works...

For all kinds of workloads backed up by DPM TLS 1.2 enabled (that is, SQL, SharePoint, Exchange, File Servers, Hyper-V hosts, Hyper-V VMs, VMWare VMs, Clients, System State, and BMR), you can do the following:

  1. Attach the Protected Server in the workgroup/untrusted domain to DPM.
  2. While Creating Protection Groups, all data sources on the protected server will be displayed.
  3. Protect different kinds of workloads to disk, to tape, and to the cloud.
  4. Recover the different kinds of workloads at the Original Location, Alternate Location, recover cloud recovery points, and use an External DPM server.

Note

Please note that VMware VM backup is not supported when DPM TLS 1.2 is enabled.

There's more...

There are two scenarios that are impacted when using TLS 1.2 with DPM:

Using certificate-based authentication to protect servers in a workgroup or untrusted domain

The DPM agent can be installed on the protected server either directly from the DPM server for the servers in the domain, or using certificate-based authentication for computers in a workgroup or untrusted domain. Please refer to Chapter 8, Protecting Workgroups and Untrusted Domains. DPM uses elements of the .NET Framework on the protected server to communicate if certificate-based authentication is used. TLS 1.2 needs .NET 4.5 or above. Since DPM is built with .NET 4.0—which does not support TLS 1.2 directly—when DPM tries to communicate with the protected servers, establishing the connection will fail.

 

Protecting workloads on the cloud using DPM

DPM requires a MARS agent to back up data to the cloud. The MARS agent also leverages the .NET Framework, and changes need to be made on the DPM server to ensure that the backups continue smoothly when TLS 1.2 is enabled. Check out https://support.microsoft.com/en-ie/help/4022913/how-to-resolve-azure-backup-agent-issues-when-disabling-tls-1-0-for-pc to resolve Azure Backup agent issues when enabling TLS 1.2.

For more information about Azure Backup, please checkChapter 10, IntegratingDPM with Azure Backup.

See also

Check out the following article to learn more about how to automate and enable TLS 1.2 in System Center Data Protection Manager: https://charbelnemnom.com/2018/08/how-to-enable-tls-1-2-protocol-in-system-center-data-protection-manager-dpm-scdpm-tls1-2.

 

Installing DPM


This recipe will cover two installation scenarios:

  •  Installing DPM using a local SQL Server
  •  Installing DPM using a remote SQL Server

Getting ready

Before you start installing System Center Data Protection Manager, it is recommended that you read the Planning your DPM deployment and Preparing your DPM deployment recipes in this chapter.

How to do it...

This step will cover the installation process of DPM using a local SQL Server on the same operating system as DPM.

Option 1 – installing DPM using a local SQL Server

Make sure that your operating system is fully patched and rebooted before you start the installation. Now follow these steps:

  1. Insert the DPM media and start the setup for System Center Data Protection Manager. When the installation list is presented, click on Data Protection Manager to start the installation:
  1. The installation wizard will start and prompt you with the Microsoft Software License Terms. Accept the license terms by checking the I accept the license terms and conditions checkbox, which will continue the installation.
  2. Please wait while the setup starts copying the temporary files.
  1. The installation wizard will now prompt you with eight different installation steps. Currently, you are on the Welcome step. To continue with the installation, click on Next.
  2. The next step is the Prerequisites Check, where you can choose to install the DPM database by using a standalone or a clustered SQL Server.

Note

Please read the Installing DPM using a remote SQL Server scenario in this recipe.

  1. In the Instance of SQL Server box, type in your server name and the instance name that should host your DPM database. In this example, the server name and SQL instance is WS16-SQL16-01\DPMDB:

Note

Please note that when you install DPM and use a local SQL Server installation, the setup will use the current user's credentials for the SQL Server instance. If the domain account that is logged on and performing the installation is not a member of the DPM Admin group in the Active Directory, the installation will fail.

  1. Click on the Check and Install button to run a verification that all of the prerequisites have been met before the installation can continue.
  2. In this step, there are some prerequisites that will be installed as part of the required Windows components by DPM. The Hyper-V role and Hyper-V PowerShell module will be installed as well during this step. You will be required to restart afterward.

Note

The Hyper-V role needs to be installed on the DPM server for Item-Level Recovery (ILR) support. Please read Chapter 3, Protecting Hyper-V VMs, for more information on this.

  1. Simply restart the DPM server and start the installation wizard one more time. When you run the prerequisites checker in the Prerequisites Check step, it will be successful. Click on Next > to continue.
  2. In the Product Registration step, enter the User name, Company, and Product key and click on Next > to continue.
  3. The next step of the installation wizard brings up the Installation Settings, which is where you specify the location of the DPM files and read the summary of the Space requirements. If you want to place the DPM files in a specific location, then click on the Change… button and specify the new destination. We recommend that you store the DPM Files on a separate drive. To continue to the next step, click on Next >:
  1. You can specify in the Microsoft Update Opt-In box whether the local Windows Update should be redirected so that you can use Microsoft Updates instead.
  2. Choose the most appropriate option for your implementation and click on Next > to continue.
  3. In the Summary of settings section, you can verify your installation's configuration. If everything looks good, click on the Install button to start the installation.
  1. The last step is the Installation. Here, you can keep a watch on the installation progress in real time. When the installation has finished, click on the Close button.

Note

Finally, you need to install and update DPM server to the latest Update Rollup (UR) if you are using the Long-Term Servicing Channel (LTSC). At the time of writing this book, DPM 2016 Update Rollup 6 has been released and is available for download. You can download it at https://www.catalog.update.microsoft.com/Search.aspx?q=4456327. If you are using the Semi-Annual Channel (SAC) for DPM (that is, DPM 1801, 1807, 1901, and so on), then the Semi-Annual Channel, with its more frequent release cycle, will not receive update releases.

Option 2 – installing DPM using a remote SQL Server

This step will cover and explain the configuration needed to complete a DPM installation when you are using a backend, dedicated, standalone server or a SQL cluster for achieving a high-availability scenario.

Note

Please note that SQL Server Always-On is not supported to host the DPM database.

Before you can start your DPM sever installation, you need to prepare SQL Server so that you can host the DPM database. Please read the Installing SQL Server for DPM Database recipe in this chapter, since it is a prerequisite.

The only difference in the installation wizard when you install the DPM server on a separate machine or on the same server with SQL Server is the Prerequisites Check step. Now, follow these steps:

  1. Insert the DPM media on a separate machine and start the setup for System Center Data Protection Manager. When the installation list is presented, click on Data Protection Manager to start the installation.
  2. In the Prerequisites Check step of the installation wizard, you have the option to choose whether you would like to place the DPM database on a remote standalone SQL Server or a SQL cluster.
  1. For a standalone backend remote SQL Server hosting your DPM database, enter SQLSERVER\INSTANCE in the Instance of SQL Server field:
  1. Enter the User Name, Password, and Domain for the account that has the appropriate rights for the SQL configuration. Click on the Check and Install button to verify these prerequisites.

Note

The account that's used for this configuration must be a member of the DPM Admin group in the Active Directory.

  1. In the case of a SQL clustered environment, you must specify both the SQL Server Instance for the DPM database and also where the Instance of SQL Server Reporting Service is located, since the SQL Server Reporting Service does not support being clustered:
  1. Enter the Instance of SQL Server for the DPMDB and also provide information for the Instance of SQL Server Reporting Service that will host the reporting for the DPM server.
  2. Provide the credentials that have rights in the SQL Server configuration; the accounts should be members of the DPM Admin group in the Active Directory. Click on the Check button to check the prerequisites.
  3. Click on Next > to continue with the installation wizard.

 

 

How it works...

The installation media for System Center Data Protection Manager will provide you with the installation bits for the DPM software. Since the 2012 R2 release of DPM, the SQL media is no longer included on the DPM media, so you need to consider how you design and install the SQL Server that will host the DPM server software.

The DPM server installation wizard will provide you with the right configuration that's needed regarding the SQL Server Reporting Services (SSRS) configuration for the DPM reports. The SSRS does not support being clustered.

When System Center Data Protection Manager's installation has completed successfully, DPM's setup will create the following firewall exceptions for you:

  • Exception for DCOM communication on port 135 (TCP and UDP) in all profiles
  • Exception for Msdpm.exe in all profiles
  • Exception for DPMRA.exe in all profiles
  • Exception for AMSvcHost.exe in all profiles
  • Exception for DPMAM Service communication on port 6075 (TCP and UDP) in all profiles

There's more...

When System Center Data Protection Manager has been installed, you need to perform a number of post-installation tasks before your DPM servers are able to start protecting your production environment.

 

Automating the installation of DPM


This recipe will cover how to automate the installation of DPM Server.

Getting ready

In the Installing DPM recipe in this chapter, we showed you how to install DPM using a local SQL Server and using a remote SQL Server. However, this was a manual installation. 

 

Automating the installation of DPM consists of two steps:

  1. Installing the SQL Server instance
  2. Installing the DPM server

You can disregard the first step if you already have SQL Server deployed locally or on a remote server in your environment.

In this recipe, we will cover the installation of SQL Server and DPM in an automated fashion. 

How to do it...

Make sure that your operating system is fully patched and rebooted before you start the installation. Now follow these steps:

  1. Install the SQL Server instance:
    1. Mount the SQL Server 2016 media and then open the Command Prompt (cmd).
    2. Browse to the drive letter where SQL Server is mounted.
    3. Type in the following command to automate the installation of SQL Server and add all of the required features:

Note

Please make sure to update the domain name and SQL Service accounts in the following command so that they match your environment.

Setup.exe /Q /ACTION=install /IACCEPTSQLSERVERLICENSETERMS /FEATURES=SQLEngine,RS /INSTANCENAME=DPMINSTANCE /INSTANCEDIR="D:\Program Files\Microsoft SQL Server" /INSTALLSHAREDWOWDIR="D:\Program Files (x86)\Microsoft SQL Server" /INSTALLSHAREDDIR="D:\Program Files\Microsoft SQL Server" /SQLSVCACCOUNT=”VIRT\sqldpm” /SQLSYSADMINACCOUNTS=”VIRT\sqldpm” /SQLSVCPASSWORD="dpm2016+1" /RSSVCACCOUNT=”VIRT\sqldpm” /RSSVCPASSWORD="dpm2016+1" /AGTSVCACCOUNT=”VIRT\sqldpm” /AGTSVCPASSWORD="dpm2016+1" /SECURITYMODE=SQL /SAPWD=”dpm2016+1” /SQLTEMPDBDIR=”D:\Program Files\Microsoft SQL Server\TempDB\\” /SQLUSERDBDIR=”D:\Program Files\Microsoft SQL Server\SQLData\\” /SQLUSERDBLOGDIR=”D:\Program Files\Microsoft SQL Server\SQLLog\\”

Please refer to the following screenshot for its output:

    1. Make sure that you have downloaded SQL Server Management Studio (SSMS) version 16.5.3 and that you have copied it to the server: http://go.microsoft.com/fwlink/?LinkID=840946.
    2. Open the cmd.exe window and type in the following command:
SSMS-Setup-ENU.exe /install /quiet /norestart

Note

Please note that the SSMS installation may take some time to finish.

  1. Install the DPM server:
    1. Open a command-line prompt in elevated mode and type in the following command:
dism.exe /Online /Enable-feature /All /FeatureName:Microsoft-Hyper-V /FeatureName:Microsoft-Hyper-V-Management-PowerShell /quiet /norestart

Note

DPM supports Item-Level Recovery (ILR), which allows you to perform a granular recovery of files, folders, volumes, and virtual hard disks (VHDXs) from a host-level backup of Hyper-V virtual machines. The Hyper-V Role and PowerShell Management Tools features are required by the DPM server. Please read Chapter 3, Protecting Hyper-V VMs, for more information.

    1. Once the Hyper-V role is installed, you need to restart the DPM server before you move on to the next step.
    1. Once the DPM server has been restarted, open Notepad, copy the following scripts into it, and then save the file as DPMSetup.ini:

Note

Please note that you can use the same script that follows, regardless of whether the SQL Server instance has been installed on the DPM server or on a remote SQL Server.

[OPTIONS]
 UserName=<Domain-name\Username>
 CompanyName=<Ur-Company>
 ProductKey=XXXX-XXXX-XXXX-XXXX-XXXX
 SqlAccountPassword=<The password for the SQL sa account>
 ProgramFiles = <Location path where you want to install DPM>
 DatabaseFiles = <Location path where you want to install DPMDB>
 IntegratedInstallSource = <Location path where the DPM media is extracted>
 SQLMachineName=<Name of the SQL Server Computer> OR <SQL Cluster Name>
 SQLInstanceName=<Name of the SQL Server instance>
 SQLMachineUserName=<Domain-name\Username> SQLMachinePassword=<Password for the user name Setup must use>
 SQLMachineDomainName=<Domain name to which the SQL Server computer is attached to>
 ReportingMachineName=<Name of the SQL Server Computer> OR <SQL Cluster Name>
 ReportingInstanceName=<Name of the SQL Server instance>
 ReportingMachineUserName=<Domain-name\Username>
 ReportingMachinePassword=<Password for the user name Setup must use>
 ReportingMachineDomainName=<Domain name to which the SQL Server computer is attached to>
    1. The following screenshot shows you what the DPMSetup.ini file will look like:
    1. After saving the DPMSetup.ini file, in an elevated command prompt on the DPM server, type in the following command and press Enter:
start /wait D:\SCDPM2016\setup.exe /i /f D:\DPMSetup.ini /l D:\dpmlog.txt

Note

The D:\SCDPM2016\ path indicates the media in the DPM location where you'll run setup.exe. D:\DPMSetup.ini is the location path where you saved the DPMSetup.ini file.

    1. In just a few minutes, DPM will be installed automatically, as shown in the following screenshot:

Note

Finally, you need to install and update the DPM server to the latest Update Rollup (UR) if you are using the Long-Term Servicing Channel (LTSC). At the time of writing this book, DPM 2016 Update Rollup 6 has been released, and you can download it from the following link: https://www.catalog.update.microsoft.com/Search.aspx?q=4456327. If you are using the Semi-Annual Channel (SAC) for DPM (that is, DPM 1801, 1807, 1901, and so on), then the Semi-Annual Channel, with its more frequent release cycle, does not receive update releases.

How it works...

The final result of an automated installation will be better than a manual implementation. Thus, this will ensure that you have a consistent deployment across your environment.

 

 

See also

Check out the following blog post to learn more about how to automate the installation of DPM using System Center Virtual Machine Manager: https://charbelnemnom.com/2017/01/how-to-deploy-dpm-2016-using-vmm-2016-on-ws2016-scdpm-scvmm-sysctr-hyperv-ws2016/.

 

Upgrading to the latest release of DPM


This recipe will cover the supported upgrade scenarios from the previous version of DPM to the latest release of DPM.

Getting ready

Before you get started with the upgrade, make sure that your existing installation has the necessary updates by following the upgrade path:

  • As a minimum requirement, upgrade your existing DPM 2012 R2 to DPM 2012 R2 Update Rollup 10. At the time of writing this book, Update Rollup 14 is also available for DPM 2012 R2. You can download UR 10 from the following link: http://www.catalog.update.microsoft.com/Search.aspx?q=4043315.
  • Upgrade DPM 2012 R2 with Update Rollup 10 or Update Rollup 14 to the latest DPM version.
  • Update the DPM agents on the protected servers.
  • Upgrade Windows Server 2012 R2 to Windows Server 2016 or Windows Server 2019.

Note

Please note that it is possible to upgrade DPM 2016 or later from DPM 2012 R2, which is running on Windows Server 2012 R2. However, if you want to use the latest features that come with DPM 2016 or later, such as MBS, Microsoft recommends installing DPM 2016 or later on a new installation of Windows Server 2016 or Windows Server 2019. Please check the Installing DPM recipe in this chapter for more information.

How to do it...

The following steps will illustrate the upgrade process:

  1. Mount the latest DPM media on the DPM 2012 R2 server and double-click Setup.exe to open the System Center Wizard.
  2. Under Install, click Data Protection Manager. This starts the setup. Select I accept the license terms and conditions and follow the setup wizard.
  3. The last step in the wizard is the Installation process. Here, you can keep an eye on the upgrade progress in real time. When the upgrade has finished, click on the Close button:

Note

Finally, you need to install and update DPM server to the latest UR if you are using the LTSC. At the time of writing this book, DPM 2016 Update Rollup 6 has been released. You can download it from the following link: http://www.catalog.update.microsoft.com/Search.aspx?q=4456327. If you are using the Semi-Annual Channel (SAC) for DPM (that is, DPM 1801, 1807, 1901, and so on), then the Semi-Annual Channel, with its more frequent release cycle, does not receive update releases.

  1. Update the DPM agents on the protected servers. Please check out the Installation of DPM Agents recipe in this chapter for more information on this.
  2. The last step is to upgrade Windows Server 2012 R2 to Windows Server 2016. Mount the Windows Server 2016 media on the DPM server and double-click Setup.exe to open the Windows Server 2016 Setup Wizard.
  3. Select Download and install updates (recommended) and click on Next to continue.
  4. Select the image you want to install. If your exiting DPM server is installed on Windows Server 2012 R2 Datacenter, and then select Windows Server 2016 Datacenter (Desktop Experience). Click on Next to continue.
  5. Accept the Applicable notices and license terms. Click Accept to continue.
  6. Select Keep personal files and apps and click on Next to continue.
  7. Please wait until Windows finishes checking updates, and then click on Next to continue.
  1. Click Confirm next to the information note:

 

 

  1. In the last step in the installation wizard, click Install:
  1. DPM server will restart several times during the Windows upgrade. This might take a while.
  2. When the upgrade has completed, click on Accept for the license terms.
  3. The final step is to make sure that you run and install the latest Windows Update.

How it works...

Upgrading DPM 2012 R2 to the latest DPM release is a straightforward process. In this example, we are running SQL Server 2012 with SP3 as a local instance on the same OS.

As a part of your upgrade, you may also want to move the DPM database if you ever encounter the following scenarios:

  • You are merging instances of SQL Server.
  • You are moving to a remote SQL Server that's more powerful than SQL Server.
  • You want to add fault tolerance by using a SQL Server cluster.
  • You want to move from a remote SQL Server to a local SQL server or vice versa.

The DPM setup allows you to migrate the DPM database to different SQL Servers during the upgrade process. 

There's more...

In the upgrade scenario where you have a primary and a secondary DPM server, the preceding recommended strategies apply. However, it is recommended that you always start the upgrade process with your secondary DPM server and then upgrade your primary DPM server; this is to avoid any unnecessary disturbance.

If you are going to upgrade from DPM 2012 R2 or DPM 2016 (LTSC), to DPM 1801 or DPM 1807 (SAC), then make sure to follow this path:

  • If you are upgrading from DPM 2012 R2, then first upgrade to DPM 2012 R2 Update Rollup 14.
  • If you are upgrading from DPM 2016, then first upgrade to DPM 2016 Update Rollup 4.
  • Upgrade to DPM 1801, and then apply DPM 1807 update. You can download 1807 update from the following link: http://catalog.update.microsoft.com/v7/site/Search.aspx?q=4339950.
  • Update the agents on the protected servers.
  • Upgrade the DPM Remote Administrator on all production servers.
  • Backups continue without rebooting your production server.

See also

For more information about the supported upgrade scenarios, please check the following article:

https://docs.microsoft.com/en-us/system-center/dpm/upgrade-dpm?view=sc-dpm-1801

 

Migrating legacy storage to Modern Backup Storage


This recipe will cover how to migrate legacy storage to MBS. 

Getting ready

After upgrading DPM 2012 R2 to DPM 2016 and the operating system to Windows Server 2016, as described in the Upgrading to the latest release of DPM recipe in this chapter, you can update your existing protection groups to the new DPM features. By default, the protection groups haven't been changed, and continue to function as they were configured in DPM 2012 R2.

Note

After upgrading to Windows Server 2016 and DPM 2016 or later, you can no longer create new protection groups using legacy storage. All newly created protection groups will leverage MBS. We strongly recommend moving existing protection groups to MBS to take advantage of the new storage space-saving improvements.

You also need to make sure that you have added a new volume to DPM by using Modern Backup Storage technology. Please refer to the Enabling Modern Backup Storage (MBS) recipe in Chapter 2, DPM Post-Installation and Management Tasks:

How to do it...

To update the protection group, you need to stop the protection of all data sources with Retain Data, and then add the data sources to a new protection group. DPM will begin protecting these data sources using MBS:

  1. Open the Administrator Console, select the Protection feature, and in the Protection Group Member list, right-click the member and select Stop protection of member...:
  1. In the Stop Protection dialog, review the used Disk space and the Current free disk space in the DPM storage pool. The default is to Retain protected data, leave the recovery points on the disk, and allow them to expire per their associated retention policy. Click Stop Protection:

Note

If you want to immediately return the used disk space to the free storage pool, select Delete protected data. This will delete the backup data (and recovery points) associated with that member.

  1. In the last step, you need to create a new protection group that uses MBS, and include the sameunprotected data sources.

How it works...

The end result is that you will have a single new protection group that uses MBS. The previous protection group that was created in DPM 2012 R2 will be removed. The old recovery points will be maintained since we did not delete the protected data:

Note

You might need to perform a Consistency Check (CC) after the initial replica is created for the new protection group so that the protection status will be in a healthy state.

 

 

Installing the DPM agents


This recipe will cover the installation of a DPM agent from the DPM console as well as a manual-based installation.

Getting ready

Before you can start protecting a workload within your datacenter, you must install a DPM agent on the server hosting the workload that you would like to protect (that is, Hyper-V, SQL Server, Exchange, and so on).

You can install the DPM agent via the DPM Administrator Console in push mode; however, there are some scenarios where you will not able to perform a push installation of the DPM agent to the server hosting the workload that you would like to protect. On the DPM server, you can find two executables for the DPM agent that you can share or download to a removable media. Then, you can install the agent manually. The DPM agent is also available on the DPM installation media. There are two different executables here:

  • DpmAgentInstaller_x86.exe is for 32-bit operating systems
  • DpmAgentInstaller_x64.exe is for 64-bit operating systems

Both are applicable for Windows server and Windows client operating systems.

How to do it...

The following steps will illustrate the process of installing DPM agent in two different ways.

Option 1 – installing the agent from the DPM console

  1. Open the DPM Administrator Console and click Management | Agents. Click Install on the tool ribbon to open the Protection Agent Installation Wizard.
  2. On the Select Agent Deployment Method page, click Install agents | Next.
  3. On the Select Computers page, DPM will display a list of available computers that are in the same domain as the DPM server. Add the required computer.
  1. The Advanced button page is enabled only when there is more than one version of a protection agent available for installation on the computers. You can use this option to install a previous version of the protection agent that was installed before you upgraded DPM server to a more recent version. However, it's recommended that you always keep the protection agent updated.
  2. Click Next > to continue.
  3. On the Enter Credentials page, type the username and password for a domain account that is a member of the local administrators group on the selected computer(s).
  4. If you select a node in a cluster, DPM detects all of the additional nodes in the cluster and displays the Select Cluster Nodes page. On the Select Cluster Nodes page, select an option that you want DPM to use for installing agents on additional nodes in the cluster. Then, click Next.
  5. In the Choose Restart Method step, select the method that you want to use to restart the selected computers after the protection agent has been installed.

Note

For greenfield agent installation, the computer must be restarted before you can start protecting data. A restart is necessary to load the volume filter that DPM uses to track and transfer block-level changes between the DPM server and the protected computers.

  1. If any of the computers that you have selected are members of a cluster, an additional Choose Restart Method page will appear that you can use so that you can select the method to restart the clustered computers.

Note

Please note that you need to install a protection agent on all of the nodes in a cluster to successfully protect the clustered data.

  1. Choose an appropriate option and click on Next > to continue.
  2. In the Summary page, you can verify the information you have chosen and then click on Install to initialize the installation and configuration process of the DPM agent.
  3. After a short period of time, the Agent will appear in the DPM console and report back with statusOK.

 

 

 

Option 2 – installing the agent manually

You can perform a manual installation in two different ways:

  • By providing the FQDN of the DPM server when running the DpmAgentInstaller executable
  • By providing the NetBIOS name of the DPM server using setdpmserver.exe if the DPM agent is already installed but not configured

Now follow these steps:

  1. On the computer that you want to protect, open an elevated command window, and then run net use Z: \\<DPMServerName>\d$, where Z is the local drive letter that you want to assign and<DPMServerName>is the name of the DPM server that will protect the computer. d$ is where DPM software is installed.
  2. For a 64-bit computer, type the following:
cd /d <assigned drive letter>:\Program Files\Microsoft System Center 2019\DPM\DPM\ProtectionAgents\RA\5.0.<build number>.0\amd64 

Here, <assigned drive letter> is the drive letter that you assigned in the previous step and <build number> is the latest DPM build number. For example: 

cd /d "Z:\Program Files\Microsoft System Center 2019\DPM\DPM\ProtectionAgents\RA\5.0.158.0\amd64"
  1. For a 32-bit computer, type the following:

cd /d <assigned drive letter>:\Program Files\Microsoft System Center 2019\DPM\DPM\ProtectionAgents\RA\5.0.<build number>.0\i386 

Here, <assigned drive letter> is the drive that you mapped in the previous step and <build number> is the latest DPM build number.

  1. To install the protection agent for a 64-bit computer, run the following command:

DPMAgentInstaller_x64.exe <DPMServerName> 

Here, <DPMServerName> is the fully qualified domain name (FQDN) of the DPM server.

  1. To install the protection agent for a 32-bit computer, run the following command:
DPMAgentInstaller_x86.exe <DPMServerName> 

Here, <DPMServerName> is the FQDN of the DPM server.

  1. Select I accept the license terms and conditions for the Microsoft Software License Terms, and click OK.
  2. The installation will start and you will receive a confirmation message that states Agent installation completed successfully. The DPM agent has now been configured and the appropriate firewall exceptions have been made in the domain profile of the Windows Firewall. Press Enter key to close the window.

Note

To perform a silent installation and to accept the EULA license in a silent installation , you can use the /q and /IAcceptEULA options after the command. For example: DPMAgentInstaller_x64.exe /q <DPMServerName> /IAcceptEULA.

  1. If the DPM agent is already installed, you should run the setdpmserver.exe executable with the –dpmservername switch to configure the DPM server that the DPM agent should report to as follows:
Setdpmserver –dpmservername DPM2019

Note

When using the SetDpmServer executable, you only need the NetBIOS name of the DPM server.

After installing the agent manually, you must attach the DPM agent to the DPM server. You can do this via the DPM Administrator console or via the DPM PowerShell cmdlet.

  1. Open the DPM console and go to Management. Click on Production Servers and, at the top-left corner of the console, click on the Add button to start the Production Server Addition Wizard.
  1. Under the Select Agent Deployment Method page, click Attach agents, followed by Computer on trusted domain. Click the Next > button to continue:

Note

If you want to attach a DPM agent in a workgroup or untrusted domain, please refer to Chapter 8, Protecting Workgroups and Untrusted Domains, for more information.

  1. In the Select Computers page, choose the server that you would like to attach to the DPM server and click on Next > to continue.

 

Note

You can also provide a list of servers that you would like to have attached. The list should have all of the FQDN of every server per row in a simple text file. Click on the Add From File... button to import the files' data.

  1. In the Enter Credentials page, enter the credentials that should be used to execute this process. Keep in mind that the credentials you provide must have administrative rights on the server that you are trying to attach. Provide the credentials and click on Next > to continue.
  2. In the Summary page, verify the configuration and click on Attach to start.
  3. Verify that the Attach protected computer task has been successful. Click Close to close the Protection Agent Installation Wizard.
  4. The Agent will appear in the DPM console and report back with status OK.

How it works...

The DPM agent is the core component for the DPM so that it's able to provide restore capabilities for your data. The DPM relies on the DCOM object of the protected server which is mapped to the DPMRA service so that the SQL job on the DPM server starts. System Center Data Protection Manager stores all protection group configurations as SQL Jobs, and the SQL Server Agent initializes the DPM agent to start creating snapshots by using the underlying architecture of the Volume Shadow Copy Service (also known as Volume Snapshot Service or VSS) within the operating system.

The setdpmserver.exe executable command has the ability to configure the DPM agent to set which DPM server the DPM agent reports to. It also provides the configuration needed for the local Windows Firewall so that the DPM agent can start reporting to the DPM server.

There's more...

System Center Data Protection Manager manages data replication and provides management of the DPM agents using two different TCP ports:

  • 5718
  • 5719

 

TCP port 5718 is used for data replication and TCP port 5719 is used by the DPM agent coordinator. The coordinator is the function within the DPM agent architecture that manages the installation, uninstallation, and updates of the DPM agent. For more information regarding firewall ports and configuration, please read the Planning your DPM deployment recipe in this chapter.

 

Upgrading the DPM agents


This recipe covers how you can upgrade DPM agents from the DPM console and also provides information about other scenarios.

Getting ready

Microsoft keeps releasing updates that are critical to apply, since they contain new enhancements that will provide you with optimization of the DPM software. They also enable new restore capability features for your workload.

How to do it...

After you have upgraded DPM 2012 R2 to the latest DPM release, you must upgrade all of the DPM agents that are attached to the DPM server before protection can continue. This is something you need to do manually:

  1. Open the DPM console, select Management and, on the left-hand side of the console, click on Agents. In the display pane, you will see DPM agents reporting Update Available.
  2. Right-click the agents that you want to update and choose Update from the drop-down list.

Note

Starting with DPM 2016 or later, once the agent has been updated, no reboot is required. DPM will continue to protect your workloads. However, we have seen some servers reboot automatically, even if the option to automatically reboot is not checked, so make sure to upgrade the agent during a maintenance window.

 

 

How it works...

The DPM agent coordinator is the function within the DPM agent architecture that provides you with the ability to upgrade your DPM agents via the DPM console.

Note

Some Update Rollups require a restart if the file filter drivers, or any DLL in the change-tracking process, has been updated. It is recommended that you read the release notes for the update before applying it to the production environment.

There's more...

You can also apply the updates manually via Microsoft Update, local Windows Server Update Services (WSUS), or System Center Configuration Manager (SCCM).

About the Authors

  • Charbel Nemnom

    Charbel Nemnom is a Cloud Solutions Architect for itnetX (Switzerland) AG and a Microsoft Most Valuable Professional (MVP) for cloud and datacenter management. He has over 17 years of professional experience in IT. He works predominantly with the most recent versions of Windows Server, System Center, Microsoft Azure, and Azure Stack.

    Charbel has previously contributed to several books, all of which were published by Packt. He is Microsoft-, Cisco-, and PMI- certified and holds the following credentials: MCP, MCSA, MCTS, MCITP, MCS, MCSE, CCNP, ITIL®, and PMP®. You can follow him on Twitter at @CharbelNemnom.

    Browse publications by this author
  • Patrick Lownds

    Patrick Lownds is a master-level solution architect working for Pointnext Advisory & Professional Services, in the Hybrid IT COE, for Hewlett Packard Enterprise (HPE), and is based in London, UK.

    He currently works with the most recent versions of Windows Server and System Center and has participated in the Windows Server, System Center, and Microsoft Azure Stack Early Adoption Program.

    He is a community blogger for HPE and tweets in his spare time. He can be found on Twitter as @patricklownds.

    Browse publications by this author

Latest Reviews

(1 reviews total)
sehr gutes Buch, kompetent und aktuell
Book Title
Access this book, plus 7,500 other titles for FREE
Access now