What is System Center Data Protection Manager 2012 R2
The recipe will cover an introduction to what DPM 2012 R2 is and explain the product.
For many years, the focus for protecting a data center has always been backup. There are many vendors and third-party solutions still claiming in the market that they are the best and most suitable backup solutions for your data center. If your purpose in performing the backup operation is being able to perform a restore, then the majority of the third-party software and vendors out in the market will not be able to help you. The most challenging part of providing a restore plan or a restore scenario for a service is that the third-party software and vendors are focusing on providing you just a backup, not the ability to restore. This is where DPM 2012 R2 comes in. It all started with the release of the Windows Server 2003, and with that release came the possibility of providing online snapshots using a new feature called
Volume Shadow Copy Services (VSS). The APIs for the solutions were quickly adopted by third-party software and vendors but no one could, in the beginning, get it up and running in a fully optimal way. The idea regarding the VSS architecture was a great one and a big step forward regarding how to manage snapshots of different workloads like file, SQL, or Exchange in order to provide a consistent data snapshot.
Microsoft understood that if this architecture was to blossom in the way that they wanted it to, they needed to create backup and restore software themselves. In 2006, the first version of DPM was released with the focus only on protecting the file workload. A lot of companies tried it but few were adopting the new software since they still hosted and ran their data center with the traditional IT mindset.
During the past years Microsoft did not invest heavily in DPM, but under the new team that is driving the DPM solution from India, there have been a lot of investments, making DPM the primary choice for private cloud protection. Microsoft has invested in both developers and experts, pushing the product forward and making it a natural choice of the modern data center.
You may ask what is the thing that differentiates DPM from other backup software on the market. The answer is quite simple; restore based on supported and optimal scenarios with the power of easy integration building the BaaS, RaaS, and DRaaS for a modern data center. DPM knows the Microsoft stack architecture the best as it was written by Microsoft for the Microsoft technologies present in the data center. Combining DPM with the majority of the System Center family members and Azure technologies, you are able to provide an extremely high-end solution for your data center; it is all about design.
DPM only adapts to the current technology and solutions that Microsoft has developed for their workloads. DPM will never, for example, make any decisions on its own regarding SQL restore. The SQL team has clearly defined how a supported and optimal restore should occur and this is what DPM understands and adapts to; the same goes for all the Microsoft-branded workloads.
DPM always focuses on the restore scenario, since providing supported and optimal backup scenarios is not a challenge.
DPM 2012 R2 has the capability to back up production data sources to disk, tape, and Azure. For more detailed information regarding the DPM disk pool please read the Planning the DPM disk pool recipe. For more information regarding how DPM uses tapes, tape management, and Azure integration, please read Chapter 11, Azure Integration.
With DPM you are able to back up the most common workloads in a modern data center. The workloads that DPM will natively back up using the underlying VSS are:
- Exchange Server
- SQL Server
- SharePoint Server
- Microsoft Dynamics
- Windows Server
- Hyper-V
- System States and Active Directory
- Windows clients
The following figure shows the DPM back up process:
The primary DPM server is the first line of protection that you deploy for your production workloads. For systems that use transactional log systems (Exchange and SQL), you are able to replicate the production data from the protected data source to the primary DPM server every 15 minutes. This is also applicable to the file workloads.
Regarding the DPM disk pool, DPM has only one demand: the disk that should be used for the DPM disk pool must be presented in the operating system that has the DPM software installed as a local disk. DPM is able to operate with pass-through disks, Direct Attached Storage (DAS), Network Attached Storage (NAS), or Storage Area Network (SAN) storage. It is also possible to communicate directly with a storage using the iSCSI initiator within the operating system of the DPM server. Please note that this is not a good, optimal, or in any way decent approach to a DPM disk pool; never use iSCSI.
When DPM 2012 R2 starts protecting a workload, it creates an initial copy of the production data source that it has to protect. This is stored in the DPM disk pool in a dedicated volume that uses the same GUID ID as the protected data source. This volume is called the
replica volume. The replica volume will hold the only full back up that the DPM ever will do of the protected data source. All changes in data, also known as data churn, that occur after the replica has been created, will be synchronized to DPM disk pool. When creating a recovery point, the data is stored in the recovery point volume that also uses the GUID ID of the protected data source for identification.
The most important component of the DPM server architecture is the DPM database also known as the DPMDB. The DPMDB holds all the configurations made on the DPM server, protection groups, agents, backup schedules, and so on. It is of great importance that the DPMDB is protected via a secondary DPM server when you build the DPM-DPM-DR scenario, copied to file, or archived to tape.
DPM depends on its DPM agents that will perform a VSS request for the protected data sources and have that data replicated from the production environment to the DPM server.
For further information regarding DPM, there are numerous places you can visit online. There are both Microsoft websites and MVP blogs that provide you with good content and decent information:
What's new in the R2 release
This recipe will cover the news in the DPM 2012 R2 release.
As the market develops, Microsoft understands the new challenges that companies and organizations face and therefore constantly develops its product stack to be able to meet the new requirements.
Microsoft has made some improvements and added some more architectural functions to DPM 2012 R2 release. The following list presents and explains the enhancements made to the product:
- DPMDB cluster support: The database that stores all the configuration for DPM (DPMDB) can now be placed in a SQL cluster environment. This removes the standalone challenges that existed in the previous versions. With this enhancement comes reliability, consistency and most important, scalability.
- Backing up of virtual Linux servers: DPM 2012 R2 can now protect virtual Linux servers running on Hyper-V using the technique "Backup using child partition" or "online snapshot" in Hyper-V. Note that only file-level protection is supported,not application-based protection.
- Virtual deployment: It is now possible to deploy and manage DPM via System Center Virtual Machine Manager (SCVMM). You can install DPM on a virtual machine, and configure storage using
.vhdx
storage pool disks that are shared through the VMM library. - Optimization for online protection using Azure: Microsoft has optimized the express-full technology used when synchronizing the protected data from the DPM server on-premises to Azure via the Windows Azure Backup Agent.
- SQL server media: For any new DPM 2012 R2 installation, the SQL server now needs to be pre-installed locally or remotely.
The new releases in the R2 version of the DPM software will make it possible for companies to meet some of the new challenges they are facing.
With the constant releases of
Update Roll-ups (UR), Microsoft is meeting the new challenges that companies are struggling with.
The architecture of System Center Data Protection Manager 2012 R2
This recipe will cover the architecture of the DPM software and explain the local security groups like DCOM objects and others, to make your understanding of the product more clear.
There are some parts of DPM that are very important to have knowledge about. They are:
- Specific catalogs
- DCOM
- VSS interaction with mini drivers and the DPM filter
- Local security groups
The following are some catalogs under %systemdrive%\Microsoft System Center 2012 R2\DPM\DPM
that are important to the DPM server functionality:
- End User Recovery
- Protection Agents
- Temp
- VMMHelperService
- Volumes
- XSD
The End-User Recovery catalog contains the MS file for the active directory schema extension and configures the DPM server to enable the feature End-User Recovery.
Protection
Agents contains two catalogs, which are AC and RA. The AC catalog is used by the DPM agent coordinator when pushing new DPM agents to the server hosting the data sources that it needs protection for. The RA catalog holds the binaries for the DPM agent and can also be used as a remote repository when manually installing the DPM agent.
DPM provides a lot of logs that you can read to gain an understanding of what has happened and why. All logs that the DPM server software produces are stored in the Temp catalog.
For DPM to be able to continually provide data source protection, even if protected virtual machines are making an outer-cluster migration that also includes the migration of storage, DPM needs to integrate with SCVMM. The catalog VMMHelperService contains the binaries and DLL files for creating the integration between the DPM server and VMM server.
The catalog Volumes actually contains four catalogs, and three of them are important to know about. The DiffArea catalog contains shortcuts to the recovery point volumes in the DPM disk pool. The Replica catalog contains shortcuts to the replica volumes in the DPM disk pool. The ShadowCopy catalog contains the catalog Database Backups, which will hold the backed up DPMDB when you trigger a DB backup using the DPMBackup executable.
Last but not least is the XDS catalog, which contains all the XML schema files for the DPM software.
The DPM 2012 R2 software depends on both local security groups that are referred to when the DCOM
object that controls the DPMRA service is used to initiate a VSS Request for the protected data source. If there is a problem with rights in the DCOM
object, the DPMRA will not be able to provide a snapshot since the chain of configuration is broken.
Since the local security groups are critical, it is important that their purpose is explained. The local security groups are:
- Distributed COM Users
- DPMDRTrustedMachines
- DPMRADCOMTrustedMachines
- DPMRADmTrustedMachines
- DPMRATrustedDPMRAs
- DPMSCOM
- MSDPMTrustedMachines
- MSDPMTrustedUsers
The members of the Distributed COM Users group are the computer accounts that the current DPM server has access to. You will also find specific service accounts here regarding your SQL server hosting the DPMDB as well as user accounts.
DPMDRTrusedMachines members are the other DPM servers that provide a DPM-DPM-DR configuration and via the membership of this group, have access to listing the protected data sources on the primary DPM server and take usage of the DPM writer.
The group DPMRADCOMTrustedMachines contains the primary and the secondary DPM server computer accounts.
DPMRADmTrustedMachines contains the computer accounts that have an associated DPM agent with the DPM server.
The group DPMSCOM contains the computer account for the SCOM management server that is used for monitoring and management of the DPM server via SCOM and the Central Console feature.
MSDPMTrustedMachines contains the computer accounts that have an associated DPM agent for the DPM server.
The last group is MSDPMTrusedUsers and this group is used by the centralized management features.