Planning a System Center Data Protection Manager 2007 Deployment Microsoft Corporation Published: Sep 2007 Abstract This content explains how DPM works and provides guidance for planning a DPM deployment.
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only.
Contents Planning a DPM 2007 Deployment ................................................................................................. 9 In This Section.............................................................................................................................. 9 Introducing Data Protection Manager 2007..................................................................................... 9 In This Section.....................................................................................
Tape-Based Protection Process .................................................................................................... 22 See Also ..................................................................................................................................... 22 Recovery Process ......................................................................................................................... 22 See Also .................................................................................
See Also ..................................................................................................................................... 36 Recovery Goals for Disk-Based Protection ................................................................................... 37 Synchronization and Recovery Points for Files ......................................................................... 37 Retention Range for Files .........................................................................................
See Also ..................................................................................................................................... 53 Choosing a Replica Creation Method ............................................................................................ 53 Automatic Replica Creation........................................................................................................ 54 Manual Replica Creation .............................................................................
See Also ..................................................................................................................................... 66 Configuring Antivirus Software ...................................................................................................... 66 Configuring Real-Time Monitoring for Viruses ........................................................................... 66 Setting Options for Infected Files ......................................................................
Planning a DPM 2007 Deployment This content explains how DPM works and provides guidance for planning a DPM deployment.
If you use a second DPM server, you can restore data to protected computers directly from the secondary DPM server. The secondary DPM server can also protect computers until the primary DPM server is brought back online. • DPM provides protection of the following items: • File data from volumes, shares, and folders.
To determine which storage method to use, you must consider the relative importance of your organization's protection requirements. • How much data your organization can afford to lose. Realistically, not all data is equally valuable. Organizations must weigh the impact of loss against the costs of protection. • How quickly recovered data must be available. Recovery of data that is critical to ongoing operations is typically more urgent than routine data.
Disk-Based Protection and Recovery One advantage of disk-based data protection is the potential time savings. Disk-based data protection requires none of the preparation time that tape-based protection does—locating the specific tape required for a job, loading the tape, positioning the tape to the correct starting point. The ease of using a disk encourages sending incremental data more frequently, which reduces the impact on the computer being protected and on network resources.
Protection for Multiple Data Types The following table lists the types of data that DPM can protect and the level of data that you can recover by using DPM. Note For information about the specific software requirements for protected computers, see DPM System Requirements (http://go.microsoft.com/fwlink/?LinkId=66731).
Product Protectable Data Recoverable Data except Home (must be member of a domain) 1 Data for applications running in virtual machines must be protected and recovered as an application data source, not as a component of a protected virtual machine. For example, to protect and recover data for an instance of SQL Server running on a virtual machine, you install the DPM protection agent on the virtual machine and select the data source as a SQL Server database.
Management Tools To facilitate the performance of key management tasks, DPM 2007 provides the following tools and capabilities for IT administrators: • DPM Administrator Console • Reports and notifications • DPM Management Packs • Windows PowerShell integration • Remote administration • End-user recovery DPM Administrator Console DPM Administrator Console uses a task-based administration model that automates common tasks, enabling the administrator to get the job done with the fewest number of s
DPM notifications provide a convenient way to stay informed when critical, warning, or informational alerts are generated. You choose the severity of alert that you want to be notified about; for example, you can choose to receive only critical alerts. You can also choose to receive notifications of the status of recovery jobs, and you can have scheduled DPM reports delivered as e-mail attachments so that you can monitor data protection trends and analyze data protection statistics at your convenience.
• To customize the start time for library maintenance jobs, such as detailed inventory and cleaning • To specify the local area network (LAN) configuration to be used for a backup job Remote Administration You can establish a Remote Desktop connection to a DPM server to manage DPM operations remotely. DPM Management Shell can be installed on computers other than the DPM server, enabling you to administer multiple DPM servers remotely.
Disk-Based Protection Process To provide disk-based data protection, the DPM server creates and maintains a replica, or copy, of the data that is on protected servers. The replicas are stored in the storage pool which consists of a set of disks on the DPM server, or on a custom volume. The following illustration shows the basic relationship between a protected volume and its replica.
The Difference Between File Data and Application Data The File Data Synchronization Process The File Data Synchronization Process In DPM 2007, for a file volume or share on a server, the protection agent uses a volume filter and the change journal to determine which files have changed and then performs a checksum procedure for these files to synchronize only the changed blocks.
The Application Data Synchronization Process For application data, after the replica is created by DPM, changes to volume blocks that belong to application files are tracked by the volume filter. How changes are transferred to the DPM server depends on the application and the type of synchronization. The operation that is labeled synchronization in DPM Administrator Console is analogous to an incremental backup, and it creates an accurate reflection of the application data when combined with the replica.
check on the replica. During a consistency check, DPM performs a block-by-block verification and repairs the replica to bring it back into consistency with the data sources. You can schedule a daily consistency check for protection groups or initiate a consistency check manually.
Tape-Based Protection Process When you use short-term disk-based protection and long-term tape-based protection, DPM can back up data from the replica volume to tape so that there is no impact on the protected computer. When you use tape-based protection only, DPM backs up the data directly from the protected computer to tape.
on a schedule that you configure. For application data, each synchronization and express full backup creates a recovery point. The following illustration shows how each protection group member is associated with its own replica volume and recovery point volume. Protection Group Members, Replicas, and Recovery Points Administrators recover data from available recovery points by using the Recovery Wizard in DPM Administrator Console.
Protection Policy DPM configures the protection policy, or schedule of jobs, for each protection group based on the recovery goals that you specify for that protection group. Examples of recovery goals are as follows: • “Lose no more than 1 hour of production data” • “Provide me with a retention range of 30 days” • “Make data available for recovery for 7 years” Your recovery goals quantify your organization's data protection requirements.
Auto discovery does not discover new and removed computers in other domains. To install a protection agent on a computer in another domain, you must identify the computer by using its fully qualified domain name.
addition to files. On a server cluster, DPM installs an agent on each node of the cluster. A license is used for each server node. The following table lists the license applied for each data type. DPM Licenses Used for Data Types Type of protected data License used Files only. Standard Files on a single node of a server cluster. Standard System state. Standard SQL Server.
When the type of data being protected changes, DPM automatically updates the license usage. For example, you are protecting an Exchange storage group and files on a single server, so you have used an enterprise license to protect that server. Later, you stop protection of the Exchange storage group. Because DPM is now protecting file data only on that server, your license use will change to a standard license.
What Do You Want to Protect? To begin planning for DPM deployment, you should first decide which data you want to protect.
Important Although volumes on file servers are typically formatted as NTFS, which is required for DPM protection, it is not uncommon for volumes on workstations to be formatted as FAT or FAT32. To protect these volumes, you must convert them to NTFS. For instructions, see How to Convert FAT Disks to NTFS (http://go.microsoft.com/fwlink/?LinkId=83022).
When you finish selecting the members for your protection group, you can view the excluded folders, as shown in the following illustration. View Excluded Folders You can also specify file name extensions to exclude from protection at the protection group level. For example, a file server might contain music files or personal files that the business does not want to use disk space or network bandwidth protecting. Exclusion by file name extension applies to all members of the protection group.
See Also Protecting Data in DFS Namespaces Unsupported Data Types Protecting Data in DFS Namespaces You can protect data that is part of a Distributed File System (DFS) Namespaces hierarchy. However, you cannot select shares for protection through the DFS Namespaces hierarchy. Instead, you can select shares for protection only by their target paths. If your namespace includes roots or links that have multiple targets with the same data, we recommend that you protect only one of the targets.
When end-user recovery is enabled for a protected target, users can access previous versions of files through the DFS Namespaces hierarchy. When end users attempt to access previous versions of files on a share that has multiple targets, DPM transparently directs them to the protected target.
• Paging files • System Volume Information folder Note The System Volume Information folder cannot be protected as a file data source. To protect system information for a computer, you must select the computer's system state as the protection group member in the Create New Protection Group Wizard. • Volumes that are not formatted with NTFS If a file contains hard links or symbolic links from Windows Vista, DPM cannot replicate or recover the files.
• • DPM does not support incremental backups for the following databases: • SQL Server 2000 and SQL Server 2005 master databases • SQL Server 2000 msdb database • SQL Server 2000 model database Windows SharePoint Services Data. DPM can protect server farms for servers running Windows SharePoint Services 3.0 or Office SharePoint Server 2007. • • You cannot exclude from protection any data in the selected farm. Virtual Server and Virtual Machines.
System State System State DPM can protect the system state for any computer on which a DPM protection agent can be installed, except computers running Windows Vista or Windows Server 2008.
Clustered Resources File Data on Servers and Workstations What Are Your Goals for Recovery? In planning for data protection, you must set realistic recovery goals for each data source that you will protect. Not all information or data maintained on your company's computers requires equal protection, nor does all of it merit the same investment in protection. Your deployment plan should establish recovery goals for each data source according to your business needs for protection of that data.
Recovery Goals for Disk-Based Protection Although all members of a protection group share the same synchronization frequency, the synchronization process and the resulting recovery point schedule differ based on the type of data being protected. For more information, see How DPM Works. Synchronization and Recovery Points for Files For a file volume or share, the protection agent on the protected computer tracks changed blocks in the change journal that is part of the operating system.
For example, if you select to synchronize before each recovery point and you schedule 6 recovery points daily, and you set a retention range of 10 days, recovery points for the files in that protection group never exceed 64. However, if you choose a combination of settings that exceeds the limit of 64 recovery points, DPM warns you during the configuration process so that you can modify your selections; you cannot configure a protection configuration for files that exceeds the limit of 64 recovery points.
Retention Range for Application Data You can select a retention range between 1 and 448 days for short-term disk-based protection, up to 12 weeks for short-term tape-based protection, and up to 99 years for long-term tape-based protection.
Long-Term Protection on Tape For long-term data protection, also known as tape archive, you can select a retention range between 1 week and 99 years. DPM provides management support of your tape archives through alerts and reports, and it uses the specified retention range to establish the expiration date for each tape.
Selecting a Data Protection Method Defining Recovery Goals Allocating Space for Protection Groups Specifying Tape and Library Details Choosing a Replica Creation Method See Also What Are Your Goals for Recovery? What Do You Want to Protect? Selecting Protection Group Members With Data Protection Manager (DPM) 2007, there are several approaches you can take to organize data sources into protection groups, including the following: • • By computer, with all data sources for a computer belonging to the same
• Verify that you do not have more than 100 protectable data sources on a single volume. If you do, distribute your data sources across more volumes if possible. • All protection group members of the same type (file or application data) will have the same recovery goals. However, within the same protection group, files can have different recovery goals than application data.
How Important Is the Protection Group Membership Decision? Protection group members cannot be moved between protection groups. If you decide later that a protection group member needs to be in a different protection group, you must remove the member from its protection group and then add it to a different protection group. If you determine that the members of a protection group no longer require protection, you can stop protection of the protection group.
Method Tape-based protection only Advantages • Less manual intervention, such as changing tapes. • Can be stored offsite for security and as a contingency for disaster recovery. • Both disk-based and tape-based protection Disadvantages When to use • Slower and more cumbersome recovery process. • When data loss tolerance is more generous. • Prone to errors. • When recovery time objective is generous. • For data that does not change frequently and does not require backup as frequently.
The recovery goals are defined by the configuration of retention range, synchronization frequency, and recovery point schedule. DPM provides default settings for the recovery goals; however, you can modify each or all of the settings. At least one synchronization must be scheduled to occur between scheduled recovery points. For example, you specify a synchronization frequency of every 45 minutes. You cannot then configure recovery points to be created at 1:00 P.M. and 1:30 P.M.
Protection method Retention range Synchronization Recovery points frequency or backup schedule • Recovery points for application data are created after each synchronization. When Just before a recovery point is selected, recovery points for all protection group members are created according to the schedule you configure.
Protection method Retention range Synchronization Recovery points frequency or backup schedule • Quarterly • Half-yearly • Yearly See Also Defining Recovery Goals Recovery Point Schedules for Long-Term Protection The following table lists the DPM recovery point schedule for the different long-term protection combinations.
Backup frequency and retention range Recovery point schedule 1 full backup each year after the initial 11 months Bi-weekly, 1–11 months 1 full backup every 2 weeks for 4 weeks 1 full backup each month after the initial 4 weeks Bi-weekly, 1–99 years 1 full backup every 2 weeks for 4 weeks 1 full backup each month after the initial 4 weeks, until the 12th month 1 full backup each year after the initial 11 months Monthly, 1–11 months Full backup monthly Monthly, 1–99 years 1 full backup each month, un
For this backup frequency Depending on retention range, you can configure Daily • Time for daily backup • Specific day or day of week and time for monthly backup • Specific day or date and time for yearly backup • Time and day of week for weekly backup • Specific day or day of week and time for monthly backup • Specific day or date and time for yearly backup • Time and day of week for biweekly backup • Specific day or day of week and time for monthly backup • Specific day or date and tim
Customizing Recovery Goals for Long-Term Protection When you specify a retention range and backup frequency, DPM generates a schedule of backup jobs. (For more information, see Recovery Point Schedules for Long-Term Protection.) You can also customize the schedule of backup jobs for your recovery goals, to replace the default schedule. When you customize the schedule of backup jobs for a protection group, you specify a recovery goal for each backup interval.
Component Default Allocation Location Replica volume For files: DPM storage pool or custom volume • (Data source size x 3) / 2 For Exchange data: • Data source size x (1 + log change) / (alert threshold .05) For SQL Server data: • Data source size x (1 + log change) / (alert threshold .05) For Windows SharePoint Services data: • Total size of all databases/ (alert threshold - .05) For Virtual Server data: • Data source size x 1.
Component Default Allocation • Location (Data source size x retention range in days x 0.02) + 1600 MB For system state: • Change journal (for file protection only) (Data source size x retention range in days x 2) / 100 + 1600 MB 300 MB Protected volume on the file server or workstation The values used in the preceding table are defined as follows: • Alert%—Threshold for the alert associated with replica growth; typically 90%.
To help you estimate your storage space needs, download the DPM storage calculator (http://go.microsoft.com/fwlink/?LinkId=104370). See Also Planning Protection Configurations Specifying Tape and Library Details If you select protection using tape, you must specify the number of copies of each tape that DPM should create and the configuration options for the backup tapes.
easier, but, depending on the size of the protected data and the speed of the network, manual replica creation can be faster. To help you choose a replica creation method, the followingtable provides estimates for how long DPM takes to create a replica automatically over the network given different protected data sizes and network speeds. The estimates assume that the network is running at full speed and that other workloads are not competing for bandwidth. Times are shown in hours.
See Also Planning Protection Configurations Planning for DPM Deployment When you create your deployment plan for Microsoft System Center Data Protection Manager (DPM) 2007, you should plan your protection groups first because the needs of the protection groups—size, rate of data change, location, recovery goals—will inform your decisions for creating and locating DPM servers and tape libraries.
If you plan to protect a large Windows SharePoint Services farm, you should install DPM on a volume that has sufficient disk space for the DPM database. The DPM database requires about 1 GB for every million items that exist in the farm. For example, if you protect a farm with 5 million items, you would plan about 5 GB storage in the DPM database to hold the catalog for such a farm.
For example, while most backup software records data changes at the file level, DPM records changes at the byte level. Depending on the type of data that you want to protect, this can translate to a data change rate that is lower than the incremental backup might suggest. The following table lists the data source limits that a DPM server that meets the minimum hardware requirements can protect and the recommended disk space required per DPM server.
Protection policy Snapshots Exchange storage group: daily express full 5 backup and 15-minute incremental synchronization with a retention range of 5 days Volume on a file server: 3 daily recovery points with a retention range of 21 days 63 SQL database: 2 express full backups daily with a retention range of 14 days 28 Total: 96 See Also Planning the DPM Server Configurations Locating the DPM Servers DPM requires a Windows Server 2003 Active Directory Domain Services directory services structure to
Selecting the Instance of SQL Server A typical DPM installation includes an instance of SQL Server that is installed by DPM Setup. The instance of SQL Server that is installed by DPM Setup is included in the DPM software and does not require a separate SQL Server license. However, when you install DPM 2007, you can specify a remote instance of SQL Server to be used by DPM instead of the default instance of SQL Server that is included with DPM.
You can also substitute custom volumes that you define in Disk Management for volumes in the storage pool.
DPM can store a maximum of 64 recovery points for each volume included in a protection group, and it can create a maximum of 8 scheduled recovery points for each protection group each day. Note The limit of 64 recovery points for files is a result of the limitations of the Volume Shadow Copy Service (VSS), which is necessary for the end-user recovery functionality of DPM. The recovery point limit does not apply to application data.
See Also Defining Custom Volumes Planning the Disk Configuration Planning the DPM Server Configurations Planning the Disk Configuration If you are using direct-attached storage for the DPM storage pool, you can use any hardwarebased configuration of redundant array of independent disks (RAID), or you can use a "just a bunch of disks" (JBOD) configuration. Do not create a software-based RAID configuration on disks that you will add to the storage pool.
See Also Calculating Capacity Requirements Defining Custom Volumes Planning the DPM Server Configurations Defining Custom Volumes In DPM 2007, you can assign a custom volume to a protection group member, in place of the DPM storage pool. A custom volume is a volume that is not in the DPM storage pool and is specified to store the replica and recovery points for a protection group member.
Note The term tape libraries refers to both multi-drive tape hardware and stand-alone tape drives. Consider the number of tape backup jobs and the size of the protected data when planning the capacity of your tape library. You must also consider the hardware features: a tape library without an autoloader requires manual tape rotations when jobs are being performed. To plan for the number of tapes you will need for each protection group, multiply the backup frequency by the retention range.
2. Creating a container 3. Granting the DPM server permissions to change the contents of the container 4. Adding mappings between source shares and shares on the replicas The schema is extended only once; however, you must configure the Active Directory schema extension for each DPM server. When you enable end-user recovery for additional DPM servers in the domain, the process performs steps 3 and 4 for each additional server. DPM will update the share mapping (step 4) after each synchronization, if needed.
To maintain the DPM security architecture: • Accept all default security settings. • Do not install unnecessary software on the DPM server. • Do not change security settings after DPM is deployed. In particular, do not change SQL Server 2005 settings, Internet Information Services (IIS) settings, DCOM settings, or settings for the local users and groups that DPM creates during product installation. • A remote instance of SQL Server should not run as Local System.
time monitoring of the csc.exe process can degrade performance because it causes the antivirus software to scan files that the csc.exe process emits when generating XML messages. For instructions for configuring real-time monitoring for individual processes, see your antivirus product documentation.
Protocol Port Details calls on the DPM server. TCP port 135 is the DCE endpoint resolution point used by DCOM. By default, DCOM assigns ports dynamically from the TCP port range of 1024 through 65535. However, you can configure this range by using Component Services. For more information, see Using Distributed COM with Firewalls (http://go.microsoft.com/fwlink/?LinkId=46088). TCP 5718/TCP 5719/TCP The DPM data channel is based on TCP.
firewall manually to permit communication between the DPM server and protected computers. Configure Windows Firewall on a DPM server by opening port 135 to TCP traffic and specifying the DPM service (Microsoft Data Protection Manager/DPM/bin/MsDPM.exe) and the protection agent (Microsoft Data Protection Manager/DPM/bin/Dpmra.exe) as exceptions to the Windows Firewall policy. For instructions for configuring Windows Firewall, search on "Windows Firewall" in Windows Help and Support for Windows Server 2003.
Task Required Privileges Installing DPM Administrator account on the DPM server Installing the DPM protection agent on a computer Domain account that is a member of the local administrators group on the computer Opening DPM Administrator Console Administrator account on the DPM server Extending the Active Directory Domain Services schema to enable end-user recovery Schema administrator privileges in the domain Creating an Active Directory Domain Services container to enable end-user recovery Doma
Task Reference Microsoft SQL Server, Microsoft Windows SharePoint Services, Microsoft Virtual Server, system state) • Data source size • Any folders or file name extensions to be excluded from protection • Fully qualified domain name (FQDN) of computer • Cluster name (if applicable) Identify one of the following methods for each protection group: • Short-term disk-based protection • Short-term tape-based protection • Long-term tape-based protection • Short-term disk-based protection and lon
Task • Backup schedule and scheduling options • Number of backup copies • Tape labeling scheme Reference Organize the data sources into protection groups. Selecting Protection Group Members Determine your storage needs, based on your information about the protected data sources and recovery goals. Allocating Space for Protection Groups If you are using tape-based protection, decide if Specifying Tape and Library Details you want to compress or encrypt the data on tapes.
