none
DPM as an Enterprise Solution RRS feed

  • Question

  • DPM as an Enterprise Solution

    Good Morning,

    We are considering using DPM as a backup solution. Here is our topology:

    1. Regions:
      1. Has SQL Server 2016+
      2. Has Server 2016 Enterprise
      3. Will have approximately 50 Remote Offices connecting back to the Region in some capacity.
      4. Will have multiple physical hosts with 3-4 VM’s on each host using Hyper-V.
      5. 2-3 Linux VM’s
      6. We will have additional servers available to fill to capacity with additional storage space.
      7. Will need to store approx 150 TB’s from Remote offices and its local data

    1. Remote Offices
      1. Has One Physical Host
      2. Server 2016
      3. 3-4 VM’s using Hyper-V
      4. One of the VM’s is Linux
      5. Has a (2) 10 TB RAID 1 Local Backup Disk Available
      6. Less than 5 TB’s of data
      7. Bandwidth and latency issues must be considered

    1. Requirements
      1. At the Remote Offices, we would like to backup locally & keep an offsite copy at the Region.
        1. One Weekly Full
        2. 6 Days of Incremental
      2. We would like to make local backups at the Region as well
      3. We will have multiple Regions. Ideally Region 1 replicates with Region 3, and Region 2 replicates with Region 4.
      4. Deduplication
      5. Encryption
      6. Compression

    Is using MS DPM remotely capable of this? I know there are 3<sup>rd</sup> party solutions, but they come with a significant price tag. Other than the cost of the DPM license, we have all of the other servers, equip, etc in our existing network.

    And yes, we are on a shoe string budget trying to accomplish this!!! 😊

    Any information would be greatly appreciated.

    Wednesday, October 2, 2019 1:56 PM

Answers

  • Hello!

    DPM can be used for backing up multiple regions, you need to take into account the latency though, if the latency is bad, you can simply install a DPM server in each offsite region (it can be physical/virtual).

    When deciding where to locate your DPM server, consider the network bandwidth between the DPM server and the protected computers. If you are protecting data over a wide area network (WAN), there is a minimum network bandwidth requirement of 512 kilobits per second (Kbps).

    DPM is capable of most if not all of your requirements, but there's one thing that I would like to mention:

    Data encryption for short term backup data at rest on the replica can only be accomplished in one or two ways:

    1. Use NTFS encryption on the protected data source on the protected server, DPM will then store the data as encrypted.

    2. Use a SAN that supports hardware data encryption, DPM will not be aware that the replica file data is encrypted.

    Newer DPM (2016 and newer) uses the Modern Backup Storage (MBS) feature, which can deliver 50% storage savings, 3X faster backups, and more efficient, workload-aware storage, this would be for your compression requirement.

    DPM supports data deduplication as well.

    ------------------------------------------------------------------------------------------------

    I have prepared some links for you that you can go through:

    For compression of data:
    Add Modern Backup Storage to DPM

    For data deduplication:
    Deduplicate DPM storage

    Where to deploy your DPM servers:
    Plan for DPM server deployment

    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    • Marked as answer by TW80CJ5 Monday, January 27, 2020 9:51 PM
    Wednesday, October 2, 2019 2:36 PM
  • The Idea is to have a physical DPM at each Region. It will be protecting approximately 50 offices. Depending on licenses, I can install a DPM VM at each office. Can I backup locally at the office to a volume using a schedule and then schedule the replication to the region??? Ideally, we would like to backup locally and to the Regions. Then have R1 backing up to R3, R4 to R2. Bandwidth between all Regions and Offices will be greater than 512 Kbps.

    >> Unfortunately DPM doesn't come with a "replication", but you can instead you can have another DPM server backing up the first one.

    There are three (3) ways of backing up the DPM server by another DPM server, by your description it looks like you're looking for the "DPM chaining" method.

    DPM chaining - A chain of DPM servers provide protection, and each server protects the next one in in the chain. For example: DPM1 is protected by DPM2 (DPM1 is the primary and DPM2 is the secondary). DPM2 is protected by DPM3 (DPM2 is the primary and DPM3 is the secondary) For instructions, see Set up chaining.

    I need some clarification...If I install DPM on a physical host or as a VM in the Region, do I have the DPM's as a VM at the remote offices? Or is it a DPM Agent at the ROBO's? Remember, I would like to have a local backup as well as sending to the Region.

    >> The DPM server can be either physical or virtual, it doesn't matter in this case.

    To "send" backups to another region, the only way would be to have another DPM server backing up the primary server.

    Example:

    Region 1 - DPM1

    Region 2 - DPM2 (backs up DPM1)

    Since DPM requires SQL, does it use SQL to actually store the backup file or is it using it for mgmt and a type of queue? How would a storage solution fit into a Physical DPM Server, Physical SQL Server, and a storage array (Just a server with a ton of available storage!!!)

    >> DPM uses SQL Server to store it's jobs, queues, and all other configuration data, the backup data is stored on the disks that you've assigned to the DPM storage pool. However without the SQL Server DPM is nothing.

    The DPM database can be located either locally on the DPM server or remotely, if it's not that much to backup you can easily use a local DPM database.

    For the storage it's simple, DPM doesn't care much about the storage as long as the operating system sees it., you can use one of these options: 

    • Direct attached storage (DAS)
    • Fiber Channel storage area network (SAN)
    • iSCSI storage device
    • SAN

    Does DPM Store my Host as one machine and all of the VM’s on it as separate machine, or does it protect the Disk Volume and all of the data on it? For example, One Physical Host & 3 VM’s. 4 total machines to protect or 1 to protect.

    >> There are two ways of protecting VMs, either host-level or guest-level protection.
    On the host-level you protect the whole VMs and you have the DPM agents installed on the Hyper-V hosts. 

    Guest-level backups you have the DPM agent installed on the Hyper-V guest VMs.

    So when protecting you choose which VMs you want to protect, by default no virtual machine will be selected for backup, this is how it may look like:


    Blog: https://thesystemcenterblog.com LinkedIn:

    • Marked as answer by TW80CJ5 Monday, January 27, 2020 9:51 PM
    Thursday, October 3, 2019 7:58 PM
  • We need to be able to backup locally to a RAID1 volume at our remote offices. Can the DPM Agent perform the local backup and then send a copy of the backup data to the Region?

    >> Unfortunately the backups go to the DPM's storage pool and there isn't a way to copy the backup.

    Or should we install a VM at the remote office, backup locally, and set the remote office DPM Server's backup server to the Regions DPM Server? If thats the case, we may have a problem with not having a SQL instance at the remote office. There will be one in the Region. With us having potential latency issues, and MS recommends SQL to have a 200ms or less connection, installing a VM at an office may not work.

    >> Yes that's the only way of doing this I'm afraid, all of the System Center products include SQL Server technology. Microsoft's licensing terms for these products allow customer use of SQL Server technology only to support System Center components.


    Blog: https://thesystemcenterblog.com LinkedIn:

    • Marked as answer by TW80CJ5 Monday, January 27, 2020 9:51 PM
    Friday, October 4, 2019 7:41 PM
  • I am somewhat surprised by 5-1. So we can backup over VPN, just not recover to the original location?

    >> Yes, unfortunately it's like that.

    We will have a Disk Volume at the remote offices we can Recover to as an alternate location. And then recover from that to the affected server. Will that work? That disk volume will be the same location as the local / original backup location before it sends out to the Region...

    >> That will work.


    Blog: https://thesystemcenterblog.com LinkedIn:

    • Marked as answer by TW80CJ5 Monday, January 27, 2020 9:51 PM
    Friday, October 4, 2019 7:49 PM
  • Hi,

    1. Can the DPM Agent backup to individually specific disk pools? For example, can the Agent1 on Server1 backup to a diskpool for only server1 (on Server1), Agent2 backup to a diskpool only for Server2 (on Server2)...etc, OR do all of the agents for the DPM server point to the same diskpool for all of the agents to use.

    >> When creating a protection group for your workloads, only here can you choose to which target volume DPM will back up the workloads to.

    It is also possible to move this later on to another volume within the DPM storage pool:

    2. We will have a Primary and Secondary Server setup. The Primary DPM for each branch office will be the locally installed instance of DPM. The Secondary DPM server will exist at the Region to handle the offsite backups of the Primary DPM Servers at their respective offices.

    • This makes for a lot of individual Primary DPM Servers to manage. What options exist to manage each Primary Server?
    • If job schedules need updating, we would like to prevent from having to individually changing each one. Can changes to the backup (schedule, type of backup, etc.) be handled via a powershell script and pushing it out through GPO?

    >> You can install the Central Console that you can deploy to manage and monitor multiple System Center Data Protection Manager (DPM) servers from a single location.

    Read more here: Manage multiple DPM servers with Central Console

    DPM has its own PowerShell module, you can do pretty much anything that you can do in the GUI with PowerShell.

    3. Can the Secondary DPM Servers at the Region update the backup job at the Primary DPM Servers at the branch offices...???

    >> Backup jobs are separate for each DPM server, secondary DPM servers cannot back up what is being backed up by the primary DPM server, if DPM1 backs up HypeCL1, that means no other DPM server can back up HyperCL1.


    Blog: https://thesystemcenterblog.com LinkedIn:

    • Marked as answer by TW80CJ5 Tuesday, January 28, 2020 4:05 PM
    Tuesday, January 28, 2020 7:16 AM

All replies

  • Hello!

    DPM can be used for backing up multiple regions, you need to take into account the latency though, if the latency is bad, you can simply install a DPM server in each offsite region (it can be physical/virtual).

    When deciding where to locate your DPM server, consider the network bandwidth between the DPM server and the protected computers. If you are protecting data over a wide area network (WAN), there is a minimum network bandwidth requirement of 512 kilobits per second (Kbps).

    DPM is capable of most if not all of your requirements, but there's one thing that I would like to mention:

    Data encryption for short term backup data at rest on the replica can only be accomplished in one or two ways:

    1. Use NTFS encryption on the protected data source on the protected server, DPM will then store the data as encrypted.

    2. Use a SAN that supports hardware data encryption, DPM will not be aware that the replica file data is encrypted.

    Newer DPM (2016 and newer) uses the Modern Backup Storage (MBS) feature, which can deliver 50% storage savings, 3X faster backups, and more efficient, workload-aware storage, this would be for your compression requirement.

    DPM supports data deduplication as well.

    ------------------------------------------------------------------------------------------------

    I have prepared some links for you that you can go through:

    For compression of data:
    Add Modern Backup Storage to DPM

    For data deduplication:
    Deduplicate DPM storage

    Where to deploy your DPM servers:
    Plan for DPM server deployment

    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    • Marked as answer by TW80CJ5 Monday, January 27, 2020 9:51 PM
    Wednesday, October 2, 2019 2:36 PM
  • L

    Thank you for the reply!!! Great information!! Just a few follow up questions:<o:p></o:p>

    The Idea is to have a physical DPM at each Region. It will be protecting approximately 50 offices. Depending on licenses, I can install a DPM VM at each office. Can I backup locally at the office to a volume using a schedule and then schedule the replication to the region??? Ideally, we would like to backup locally and to the Regions. Then have R1 backing up to R3, R4 to R2. Bandwidth between all Regions and Offices will be greater than 512 Kbps.<o:p></o:p>

    I need some clarification...If I install DPM on a physical host or as a VM in the Region, do I have the DPM's as a VM at the remote offices? Or is it a DPM Agent at the ROBO's? Remember, I would like to have a local backup as well as sending to the Region.<o:p></o:p>

    Since DPM requires SQL, does it use SQL to actually store the backup file or is it using it for mgmt and a type of queue? How would a storage solution fit into a Physical DPM Server, Physical SQL Server, and a storage array (Just a server with a ton of available storage!!!)<o:p></o:p>

    Does DPM Store my Host as one machine and all of the VM’s on it as separate machine, or does it protect the Disk Volume and all of the data on it? For example, One Physical Host & 3 VM’s. 4 total machines to protect or 1 to protect.<o:p></o:p>

    We are really exploring this as an option. So any ideas or guidance would be greatly appreciated. Thanks for the links!!!<o:p></o:p>


    Thursday, October 3, 2019 7:29 PM
  • The Idea is to have a physical DPM at each Region. It will be protecting approximately 50 offices. Depending on licenses, I can install a DPM VM at each office. Can I backup locally at the office to a volume using a schedule and then schedule the replication to the region??? Ideally, we would like to backup locally and to the Regions. Then have R1 backing up to R3, R4 to R2. Bandwidth between all Regions and Offices will be greater than 512 Kbps.

    >> Unfortunately DPM doesn't come with a "replication", but you can instead you can have another DPM server backing up the first one.

    There are three (3) ways of backing up the DPM server by another DPM server, by your description it looks like you're looking for the "DPM chaining" method.

    DPM chaining - A chain of DPM servers provide protection, and each server protects the next one in in the chain. For example: DPM1 is protected by DPM2 (DPM1 is the primary and DPM2 is the secondary). DPM2 is protected by DPM3 (DPM2 is the primary and DPM3 is the secondary) For instructions, see Set up chaining.

    I need some clarification...If I install DPM on a physical host or as a VM in the Region, do I have the DPM's as a VM at the remote offices? Or is it a DPM Agent at the ROBO's? Remember, I would like to have a local backup as well as sending to the Region.

    >> The DPM server can be either physical or virtual, it doesn't matter in this case.

    To "send" backups to another region, the only way would be to have another DPM server backing up the primary server.

    Example:

    Region 1 - DPM1

    Region 2 - DPM2 (backs up DPM1)

    Since DPM requires SQL, does it use SQL to actually store the backup file or is it using it for mgmt and a type of queue? How would a storage solution fit into a Physical DPM Server, Physical SQL Server, and a storage array (Just a server with a ton of available storage!!!)

    >> DPM uses SQL Server to store it's jobs, queues, and all other configuration data, the backup data is stored on the disks that you've assigned to the DPM storage pool. However without the SQL Server DPM is nothing.

    The DPM database can be located either locally on the DPM server or remotely, if it's not that much to backup you can easily use a local DPM database.

    For the storage it's simple, DPM doesn't care much about the storage as long as the operating system sees it., you can use one of these options: 

    • Direct attached storage (DAS)
    • Fiber Channel storage area network (SAN)
    • iSCSI storage device
    • SAN

    Does DPM Store my Host as one machine and all of the VM’s on it as separate machine, or does it protect the Disk Volume and all of the data on it? For example, One Physical Host & 3 VM’s. 4 total machines to protect or 1 to protect.

    >> There are two ways of protecting VMs, either host-level or guest-level protection.
    On the host-level you protect the whole VMs and you have the DPM agents installed on the Hyper-V hosts. 

    Guest-level backups you have the DPM agent installed on the Hyper-V guest VMs.

    So when protecting you choose which VMs you want to protect, by default no virtual machine will be selected for backup, this is how it may look like:


    Blog: https://thesystemcenterblog.com LinkedIn:

    • Marked as answer by TW80CJ5 Monday, January 27, 2020 9:51 PM
    Thursday, October 3, 2019 7:58 PM
  • Leon,

    Thank you very much. Your are certainly a wealth of information on DPM.

    I think I am getting my hands around it...

    So, just kind of thinking out loud...

    We need to be able to backup locally to a RAID1 volume at our remote offices. Can the DPM Agent perform the local backup and then send a copy of the backup data to the Region?

    Or should we install a VM at the remote office, backup locally, and set the remote office DPM Server's backup server to the Regions DPM Server? If thats the case, we may have a problem with not having a SQL instance at the remote office. There will be one in the Region. With us having potential latency issues, and MS recommends SQL to have a 200ms or less connection, installing a VM at an office may not work.

    I think we can massage this into a working solution...

    Thanks again for all of your help.

    Friday, October 4, 2019 2:05 PM
  • Just a follow up on restoring data:

    Recover data

    Recover data from the DPM console as follows:

    1. In DPM console click Recovery on the navigation bar. and browse for the data you want to recover. In the results pane, select the data.
    2. Available recovery points are indicated in bold on the calendar in the recovery points section. Select the bold date for the recovery point you want to recover.
    3. In the Recoverable item pane, click to select the recoverable item you want to recover.
    4. In the Actions pane, click Recover. DPM starts the Recovery Wizard.
    5. You can recover data as follows:
      1. Recover to the original locationNote that this doesn't work if the client computer is connected over VPN. In this case use an alternate location and then copy data from that location.
      2. Recover to an alternate location.
      3. Copy to tape. This option copies the volume that contains the selected data to a tape in a DPM library. You can also choose to compress or encrypt the data on tape.

    I am somewhat surprised by 5-1. So we can backup over VPN, just not recover to the original location?

    Original location of???

    We will have a Disk Volume at the remote offices we can Recover to as an alternate location. And then recover from that to the affected server. Will that work? That disk volume will be the same location as the local / original backup location before it sends out to the Region...


    Thoughts?

    Friday, October 4, 2019 5:49 PM
  • We need to be able to backup locally to a RAID1 volume at our remote offices. Can the DPM Agent perform the local backup and then send a copy of the backup data to the Region?

    >> Unfortunately the backups go to the DPM's storage pool and there isn't a way to copy the backup.

    Or should we install a VM at the remote office, backup locally, and set the remote office DPM Server's backup server to the Regions DPM Server? If thats the case, we may have a problem with not having a SQL instance at the remote office. There will be one in the Region. With us having potential latency issues, and MS recommends SQL to have a 200ms or less connection, installing a VM at an office may not work.

    >> Yes that's the only way of doing this I'm afraid, all of the System Center products include SQL Server technology. Microsoft's licensing terms for these products allow customer use of SQL Server technology only to support System Center components.


    Blog: https://thesystemcenterblog.com LinkedIn:

    • Marked as answer by TW80CJ5 Monday, January 27, 2020 9:51 PM
    Friday, October 4, 2019 7:41 PM
  • I am somewhat surprised by 5-1. So we can backup over VPN, just not recover to the original location?

    >> Yes, unfortunately it's like that.

    We will have a Disk Volume at the remote offices we can Recover to as an alternate location. And then recover from that to the affected server. Will that work? That disk volume will be the same location as the local / original backup location before it sends out to the Region...

    >> That will work.


    Blog: https://thesystemcenterblog.com LinkedIn:

    • Marked as answer by TW80CJ5 Monday, January 27, 2020 9:51 PM
    Friday, October 4, 2019 7:49 PM
  • Just checking to see if the information provided was helpful, if you found it helpful could you please mark the replies that were helpful as answer? Thank you!


    Blog: https://thesystemcenterblog.com LinkedIn:

    Monday, October 7, 2019 5:26 PM
  • Hi,

    Just checking to see if you have any update on your issue?

    If your issue was resolved, may I ask you to mark all the answers that helped you? This way it will also help others in the future who face the same challenge. Many thanks in advance!


    Best regards,
    Leon

    Blog: https://thesystemcenterblog.com LinkedIn:

    Wednesday, December 11, 2019 9:43 PM
  • Good Evening Leon,

    I wanted to follow up with you as we are getting closer to actually purchasing and implementing DPM as a solution.

    A couple of questions:

    1. Can the DPM Agent backup to individually specific disk pools? For example, can the Agent1 on Server1 backup to a diskpool for only server1 (on Server1), Agent2 backup to a diskpool only for Server2 (on Server2)...etc, OR do all of the agents for the DPM server point to the same diskpool for all of the agents to use.

    2. We will have a Primary and Secondary Server setup. The Primary DPM for each branch office will be the locally installed instance of DPM. The Secondary DPM server will exist at the Region to handle the offsite backups of the Primary DPM Servers at their respective offices.

    • This makes for a lot of individual Primary DPM Servers to manage. What options exist to manage each Primary Server?
    • If job schedules need updating, we would like to prevent from having to individually changing each one. Can changes to the backup (schedule, type of backup, etc.) be handled via a powershell script and pushing it out through GPO?

    3. Can the Secondary DPM Servers at the Region update the backup job at the Primary DPM Servers at the branch offices...???


    Thanks again for all of the help!

    Tuesday, January 28, 2020 12:16 AM
  • Hi,

    1. Can the DPM Agent backup to individually specific disk pools? For example, can the Agent1 on Server1 backup to a diskpool for only server1 (on Server1), Agent2 backup to a diskpool only for Server2 (on Server2)...etc, OR do all of the agents for the DPM server point to the same diskpool for all of the agents to use.

    >> When creating a protection group for your workloads, only here can you choose to which target volume DPM will back up the workloads to.

    It is also possible to move this later on to another volume within the DPM storage pool:

    2. We will have a Primary and Secondary Server setup. The Primary DPM for each branch office will be the locally installed instance of DPM. The Secondary DPM server will exist at the Region to handle the offsite backups of the Primary DPM Servers at their respective offices.

    • This makes for a lot of individual Primary DPM Servers to manage. What options exist to manage each Primary Server?
    • If job schedules need updating, we would like to prevent from having to individually changing each one. Can changes to the backup (schedule, type of backup, etc.) be handled via a powershell script and pushing it out through GPO?

    >> You can install the Central Console that you can deploy to manage and monitor multiple System Center Data Protection Manager (DPM) servers from a single location.

    Read more here: Manage multiple DPM servers with Central Console

    DPM has its own PowerShell module, you can do pretty much anything that you can do in the GUI with PowerShell.

    3. Can the Secondary DPM Servers at the Region update the backup job at the Primary DPM Servers at the branch offices...???

    >> Backup jobs are separate for each DPM server, secondary DPM servers cannot back up what is being backed up by the primary DPM server, if DPM1 backs up HypeCL1, that means no other DPM server can back up HyperCL1.


    Blog: https://thesystemcenterblog.com LinkedIn:

    • Marked as answer by TW80CJ5 Tuesday, January 28, 2020 4:05 PM
    Tuesday, January 28, 2020 7:16 AM