Microsoft Data Protection Manager 2007 (referred to as DPM) is part of the System Center collection of products from Microsoft.
DPM is agent based, and monitors changes on servers and keeps a copy of those changes available for a restore in the case of a disaster or deleted data.
It utilises Volume Shadow Services (VSS) and you have the option of storing the snapshots to disk (on the DPM server) or to a tape library.
I’m going to be talking specifically about the disk-based backups in this article, rather than tape backups. It is important to note that a seperate dynamic disk is required for DPM, which I’ll talk more about a bit later on.
Firstly you’ll need to get a server up and running for installing DPM on – I’ve installed mine on a Windows Server 2008, but Windows Server 2003 is obviously support also.
There are a few prerequisites for installing DPM, which the installer will let you know of if your system doesn’t comply. You can read up on these prerequisites here, if you’d prefer to before starting the installation.
Installing the DPM Server software is pretty straight forward – If there are any issues, they’re usually pretty clear on what needs to be done to finish the install successfully (such as missing prerequisites, etc.), although there are two things you’ll want to do after the installation…
- If you’ve installed DPM on Windows Server 2008, you’ll probably have issues viewing the reporting tab, because of an “IIS connectivity issue” – I did a little bit of research and found that there is a bug with x64 (as far as I can tell, it doesn’t affect x86, but this could just be a lack of information out there) where the Reporting Services virtual directory in IIS doesn’t have script permissions, so you’ll need to set that (you can see the blog where I found this, here);
- After DPM has been installed, you should install the DPM 2007 rollup update KB949779 which contains the latest features, and updated agent versions with greater feature support
Once you have the server software installed, you’ll need to add your disk, and you’ll need to deploy your agents to the machines you want to protect.
- To add your disk, click on the Management button across the top ribbon, and then click on the Disks tab;
- In the action menu on the right hand side, click on Add…
- The available disks are on the right hand side – If there are no disks in this list, then you don’t have a disk which is supported (if you’re looking to trial DPM in a non-production environment, I have a workaround you might like to try which I discuss at the end of this article);
- Add the disk you’d like and click OK – You’ll likely get a prompt that the disk needs to be converted to a dynamic disk in order for it to be utilised by DPM (unless it was already dynamic);
- When your settings are saved, you should see that the disk is available.
Now you need to deploy the agents out to the machines you want to protect.
- Click on the Agents tab (still under the Management button);
- In the action menu on the right hand side, click on Install…
- Select the machines and volumes you’d like to protect and follow the deployment wizard – Note: You should only select ONE domain controller the first time you deploy a DPM agent, as it will create DPM groups in Active Directory (in the absense of local groups). If you add more than one domain controller, you’ll likely get duplicate groups created and all sorts of issues;
- When you deploy agents, a few prerequisites are checked to make sure that the agent can be installed successfully. If any hotfixes or components are missing, they generally have to be installed manually before you can go back and try to deploy the agent again;
- Once the agents are deployed, they’ll need a reboot. You can do this as part of the deployment, or you can do it manually, but they will not appear as “OK” until this happens;
- You will also need to install Microsoft Hotfix KB940349 for DPM to be able to use VSS in the way required on each of the protect machines (not required for Windows Vista or Windows Server 2008);
- For Windows Server 2008 server, you need to install the Windows Server Backup feature to be able to back up the system state and you’ll need to install KB949779 on the DPM servers – You can install Windows Server Backup from the command line easily by running start /w ocsetup WindowsServerBackup (it’s case sensitive!);
- When all of the machines are rebooted, they should appear in DPM as “OK” under Agent Status and you should then be able to add them to a Protection Group.
If you’re deploying to Domain Controllers, you may run in to some issues with deploying them remotely. The issue I had was that it reported I didn’t have access to the ADMIN$ share on the Domain Controller I tried to deploy to, which I did. This can be caused if the time is not synchronised, but I ruled that out almost immediately. Some other issues you may have is with the replication of the groups, as some groups are created by DPM for managing access to the remote servers, and if these are created on more than one DC simultaneously, the objects will conflict on next replication cycle and you’ll have a whole bunch of duplicated groups.
The steps I followed were…
- In Active Directory, open the “Distributed COM Users” group under the “Builtin” container;
- Add the DPM server’s computer account to this group;
- Under the “Users” container, create two domain local security groups called “DPMRADCOMTrustedMachines” and “DPMRADmTrustedMachines”;
- Again, add the DPM server’s computer account to these groups;
- Run repadmin /syncall from the DC where you created the above groups (repadmin.exe is part of the Windows 2003 Support Tools) to force AD replication between it’s partners;
- On the DC, map a drive to the DPM server (such as X:);
- Open up the command prompt, and navigate to X:\Program Files\Microsoft DPM\DPM\Agents\RA\<version>\<arch> (where version is the agent version (just do a dir to see what’s available) and where “arch” is the architecture your system is running, such as x86, x64 etc.);
- Run DPMAgentServer.exe <DPMServer.Domain>;
- This will manually install the DPM agent on the DC;
- Back on the DPM server, try deploying the agent to the DC where you just manually installed the agent – It should see that an agent is already installed, and configure it correctly to bring it in to your managed agents. If you get an error, try restarting the DC before trying again;
- If you are successful, you’ll see the DC added as an agent, and it will say that a reboot is required;
- Reboot the DC and then refresh the agent info when it comes back.
You only have to perform these steps on the first DC you deploy the agent to – The remaining DCs you should be able to deploy to from the DPM console, but if you have trouble with a particular DC, you can try running through steps 6 – 12 on that particular DC.
When you have your agents deployed to the servers you want to protect, you can create a “Protection Group” which is available under the Protection button in the DPM console.
When you click on this button, you can select “Create protection group” from the right hand action menu and then just follow the wizard to create your protection group. The wizard is pretty self explanatory. I’m not going in to the details of protection groups in this article, so you’re out of luck if this is why you were reading, sorry.
I mentioned earlier that DPM requires a seperate dynamic disk for storing the snapshot data on. This is because it creates multiple logical volumes to organise the data. If you don’t have a supported disk, there is a low performance way around it, which is really only suitable for evaluation rather than a production solution.
The steps are…
- Create a blank VHD (Virtual Hard Disk) file using a Microsoft virtual product such as Hyper-V, Virtual Server, Virtual PC or a third party tool;
- Copy this VHD to a location on the disk you want to use with DPM;
- If you are using Windows Server 2003, you can use the VHDMount tool to mount the VHD file, and it will appear as a physical disk in Computer Management, which you can format and convert to a dynamic disk. If you are using Windows Server 2008, you can use a script which you can find here.
You can even do this on a USB or Firewire disk if you wanted to, which you normally wouldn’t be able to convert to a dynamic disk. You should also be aware that on restart, the VHD will be unmounted.
EDIT: As per Bill Ives’ comments on this topic (below), it appears that at least in some circumstances when running Windows Server 2003 and using the VHDMount utility, the disk will try to initialise every time it is unmounted, and then re-mounted, causing data loss. You should ensure that you test this in your environment to determine the behaviour of your VHD, before relying on it for restore. I’ll also re-iterate that using a VHD file should not be a method that you use in a production environment.