The following article will cover a basic install of Data Protection Manager 2012 R2. A dedicated DPM server, and shared SQL server will be deployed. This is to be used as a template only, for a customer to implement as their own pilot or POC, or customized deployment guide. It is intended to be general in nature and will require the customer to modify it to suit their specific data and processes.
This is not an architecture guide or intended to be a design guide in any way. This is provided “AS IS” with no warranties, and confers no rights. Use is subject to the terms specified in the Terms of Use.
Server Names\Roles:
- DB01 SQL Database Services, Reporting Services
- SCDPM01 Management Server, Web Console server
Windows Server 2012 R2 will be installed as the base OS for all platforms. All servers will be a member of the AD domain.
SQL 2012 with SP1 will be the base standard for all database and SQL reporting services.
High Level Deployment Process:
1. In AD, create the following accounts and groups, according to your naming convention:
- DOMAIN\DPMAdmins DPM Administrators group
- DOMAIN\SQLSVC SQL service account
2. Add the domain user accounts for yourself and your team to the “DPMAdmins” group.
3. Install Windows Server 2012 R2 to all server role servers.
4. Install Prerequisites and SQL 2012 with SP1.
5. Install the DPM Server
6. Install the DPM Central Console
6. Deploy Agents
7. Configure the Central Console
Prerequisites:
1. Install Windows Server 2012 R2 to all Servers
2. Join all servers to domain.
3. Install all available Windows Updates.
5. Add the “DPMAdmins” domain global group to the Local Administrators group on each server.
6. On the DPM server, .Net 3.5SP1 is required. Setup will not be able to add this feature on Windows Server 2012. Open an elevated PowerShell session (run as an Administrator) and execute the following:
Add-WindowsFeature NET-Framework-Core
***Note – .NET 3.5 source files are removed from the WS2012 R2 operating system. You might require supplying a source path to the installation media for Windows Server 2012 R2, such as: Add-WindowsFeature NET-Framework-Core –source D:\sources\sxs
7. On the SQL server, install the SQL Remote prep. http://technet.microsoft.com/en-us/library/hh758058.aspx Run the DPM Setup.exe, then from the screen choose “DPM Remote SQL Prep”.
8. On the DPM server, install SQL Management studio. This is located on the media at \SCDPM\SQLSVR2012SP1\SQLManagementStudio_x64_ENU.exe. Execute this and walk through the wizard, Installation, New SQL installation, and accept defaults.
9. Install SQL 2012 with SP1 to the DB server role
- Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
- Run setup, choose Installation > New Installation…
- When prompted for feature selection, install ALL of the following:
- Database Engine Services
- Full-Text and Semantic Extractions for Search
- Reporting Services – Native
- Optionally – consider adding the following to ease administration:
- Management Tools – Basic and Complete (for running queries and configuring SQL services)
- On the Instance configuration, choose a default instance, or a named instance. Default instances are fine for testing and labs. Production clustered instances of SQL will generally be a named instance. For the purposes of the POC, choose default instance to keep things simple.
- On the Server configuration screen, set SQL Server Agent to Automatic. You can accept the defaults for the service accounts, but I recommend using a Domain account for the service account. Input the DOMAIN\sqlsvc account and password for Agent, Engine, and Reporting.
- On the Collation Tab – you can use the default which is SQL_Latin1_General_CP1_CI_AS or choose another supported collation.
- On the Account provisioning tab – add your personal domain user account or a group you already have set up for SQL admins. Alternatively, you can use the DPMAdmins global group here. This will grant more rights than is required to all DPMAdmin accounts, but is fine for testing purposes of the POC.
- On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
- On the Reporting Services Configuration – choose to Install and Configure. This will install and configure SRS to be active on this server, and use the default DBengine present to house the reporting server databases. This is the simplest configuration. If you install Reporting Services on a stand-alone (no DBEngine) server, you will need to configure this manually.
- Setup will complete.
- You will need to disable Windows Firewall on the SQL server, or make the necessary modifications to the firewall to allow all SQL traffic. See http://msdn.microsoft.com/en-us/library/ms175043.aspx
Step by step deployment guide:
1. Install the DPM Server role on SCDPM01. You can also refer to: http://technet.microsoft.com/en-us/library/hh758153.aspx
- Log on using your personal domain user account that is a member of the DPMAdmins group. This use must have rights to the DPM server and the SQL server, as well as SA rights to the SQL instance.
- Run Setup.exe
- In the Install list, click Data Protection Manager.
- Accept the license and click OK.
- On the Welcome page, click Next
- Choose to use stand alone SQL server, and input server name. Input your credentials that has rights to this server and the SQL server and instance, and choose “Check and Install”.
- Resolve any prerequisite issues. Click Next.
- Input the Product key, and click Next.
- Choose an install path, click Next.
- Chose to use Windows Update or not, click Next.
- Choose to join the CEIP or not, Next.
- Click Install.
- Setup Completes. Click Close.
2. Install the Central Console.
- Installing the Central Console assumes you have already deployed SCOM, as DPM will use SCOM for the centralized management of multiple DPM servers.
- First – deploy a SCOM agent to the SCDPM server.
- On your SCOM server, run Setup.exe from the DPM media. You might need some prerequisite software to run the install. Correct any issues. I needed to install the Visual C++ Redistributable from the media at \SCDPM\Redist\vcredist\vcredist2008_x64.exe
- Install the “DPM Central Console” from the setup screen.
- Accept the license, OK.
- Click Next on the Welcome screen
- Choose server-side and client-side.
- Fix any prerequisites and click Next.
- Choose a path, Next
- Choose to use Windows Update or not, click Install.
- Click OK, Close.
- Install the client components anywhere you run the SCOM console and need to administer DPM servers.
- Import the SCOM management packs for DPM 2012 R2. They are located on the media at \SCDPM\ManagementPacks
- Wait enough time for discovery to occur, and ensure that your DPM servers are discovered in the DPM Servers State View:
3. Add DPM storage.
- Add a disk to your VM or physical DPM server for the purposes of containing the replicas and recovery points. This disk should not have any volumes defined.
- Open the DPM Console, Management, Disks.
- Click “Add” and add any disks available that you want in the backup storage pool.
4. Install protection agents
- In the Console, Management, Agents. Click “Install”
- Select Install Agents, and select computers in your domain from the search box or list. I select some SQL servers, my Domain Controllers, and my Hyper-V Hosts.
- Provide credentials that has local admin rights to install the agent on each computer you chose.
- Choose No, don’t let DPM restart computers.
- Start the agent install. The “Task” results view will show you progress. There “Errors” tab will display details about any that failed. One of mine failed due to a firewall issue. See the product documentation about ports necessary for firewalls.
5. Create a Protection Group
- Console > Protection. Click “New”
- Choose Servers
- Select objects to protect on your servers. DPM automatically detects specific roles, such as SQL, Hyper-V, Exchange, SharePoint.
- Here I have selected my domain controllers:
- Give the Protection group a name. Choose protection to Disk. Click Next.
- Set retention time, synchronization, and backup times.
- Review the Disk Allocation and ensure you have enough storage available for the protection.
- Start the protection of computers by kicking off the replica now.
- For a system state/bare metal backup of domain controllers, you will need to ensure the Windows Server Backup feature is installed.
6. Protect SQL Server
- The most common SQL server back routines call the VSS wirter in SQL to perform an online backup of the entire database. This flushes the transaction logs and ensures the database is consistent and restorable for that point in time. Then, another process would backup the uncommitted transactions on a much more frequent basis. DPM works in a very similar fashion.
- Create a new protection group. Choose “Servers” Click “Next”
- Select a SQL server that has a DPM agent, and expand it in the list. Select a SQL Database(s). Click Next.
- Give the protection group a name, and choose disk. Click Next.
- Choose a retention period that works with your backup strategy, choose the synchronization frequency (transaction log backups) and select a recovery point time for the express full backup.
- Review the disk allocation. Click Next.
- Select to create the initial replica now. Next. Choose defaults for the consistency check.
- Review the summary and create the protection group.
7. Protect Hyper-V Virtual Machines
- Create a New Protection group. Choose Servers
- Expand a Hyper-V server or Cluster in the list.
- Check the box next to virtual machines that you would like to protect. When you see “Online” this means the backup will be performed with zero interruption to the VM. Offline means the backup will pause the VM, take a checkpoint (snapshot) of the VM, and then backup that checkpoint.
- Give the protection group a name, and choose disk. Click Next.
- Choose a retention period that works with your backup strategy, choose the synchronization frequency (transaction log backups) and select a recovery point time for the express full backup.
- Review the disk allocation. Click Next.
8. Protect SharePoint
- Ensure you have installed a protection agent on at least one Front End server in the farm, and all SQL servers that hosts databases for the SharePoint Farm.
- On the SharePoint Web Front End server, once you have installed the DPM protection agent, you must run ConfigureSharepoint.exe –EnableSharePointProtection from an elevated powershell. Provide a sharepoint service account that has full access to sharepoint. This will configure permissions and the VSS writer for DPM.
- Create a protection group. Servers. Expand your SharePoint Front End server, expand SharePoint, and select your Farm config database.
- Give your Protection group a name, such as “SharePoint Protection Group”. Choose Disk protection
- Select a retention range and a recovery point schedule. The default is one recovery point per day. You can select multiple recovery points as frequent as every 30 minutes.
- Configure disk allocation if needed, choose the create the Replica now, and accept defaults to run consistency checks when inconsistent. Create the protection group.
- The search catalog for individual items is a job that runs once per day. You will need to wait up to 24 hours after your first replica before this catalog will be available to search individual items in the DPM console.
9. Backup DPM with Windows Azure
- This is covered at http://technet.microsoft.com/library/jj728752.aspx
- You will want to create a new self-signed certificate using MakeCert.exe. Details on making the cert are located here: http://technet.microsoft.com/en-US/library/hh831761.aspx
- In your Windows Azure account, create a New > Data Services > Recovery Services > Backup Vault
- Upload your .CER certificate to the vault, so registered servers with the same certs private key can authenticate to this vault.
- Download and install the Windows Azure Backup agent on the DPM server.
- Open the DPM console AFTER the WAB agent is installed, select Management, Online. In the ribbon, choose Register.
- Browse for your locally installed certificate that you created with MakeCert and imported on the DPM server from a PFX file.
- Now you will automatically connect and browse Windows Azure valuts that correspond to this certificate. Select the vault you recently created from the drop down.
- Choose a Proxy Server if necessary.
- Set up throttling for your internet traffic.
- Create a local folder on a volume that has enough space for a staging area for any recoveries.
- Create an encryption passphrase, and copy this to a safe location.
- Click Register.
Validate your protection is working. Look at protection groups, and view the monitoring jobs and alerts in the console.
After enough time has passed, you will see new data in the Central (SCOM) Console. Such as discovered disks, Protection groups, Protected servers, etc.
10. Enable End User Self Service Recovery
- A Schema Extension is required in the Domain in order to use Self Service Recovery. There is an issue with the Schema Extension tool that ships with DPM 2012 R2, it crashes when trying to run this on my Windows Server 2012 R2 domain controllers. The workaround is to go get the same tool from the SP1 installation, and use that. The file is located at C:\Program Files\Microsoft System Center 2012 R2\DPM\DPM\End User Recovery\DPMADSchemaExtension.exe. You need to deploy a DPM 2012 SP1 server, and get the file from there. The schema extensions have not changed. Copy this file to a domain controller and log in with an account that is a Schema Admin with rights to update the AD schema. Execute the file.
**Note – if you have already updated your schema previously for DPM in the past, you don’t need to do this step again.
- Enter in the DPM server name (NetBIOS name only not FQDN)
- Next enter in the domain name of the DPM server
- Leave the third window blank, we will assume we are only using a single domain here. Just click OK.
- The update will start when you click OK on the next screen, and will notify you when complete.
- Now on your DPM server, close, and reopen the console.
- In the ribbon at the top – click Options.
- Select the End-user Recovery tab.
- Now you have the option to enable End User Recovery:
- Enabling this will cause this popup:
- Next – we need to configure a Self Service Recovery Role. http://technet.microsoft.com/en-us/library/jj674322.aspx
- In the DPM console, select Protection. In the ribbon – select “Self Service Recovery”
- Click “Create Role” and fill out the details:
- Input the Database Server name and instance names. For a default instance just use Servername. You must use FQDN:
- Configure SSR to recover to alternate locations or not.
- Complete the role creation:
- Now – you can install the Self-Service recovery tool. http://technet.microsoft.com/en-us/library/jj674341.aspx
- Run Setup.exe from the 2012 R2 media, and choose to install the SS Recovery Tool
- Once installed, run the tool, and connect to your DPM server
- Select “New Recovery Job”
- The wizard will allow you to see the instances and the databases that you have rights to recover:
- You can then select a Date and Time that you want to recover from, and specify location, etc.
Done!