Isolate DPM Backup Traffic in Hyper-V

4 min read

Hello folks,

As you know backup is very critical when it comes to virtualized environment.

In the traditional days, when you lose a server, you lose that particular server, however in server virtualization it’s not just another server, if you lose that host, you lose your entire infrastructure servers, and Hyper-V Cluster/Replica won’t protect you against data corrupting malware, unforced user errors, misbehaving applications, and updates that go awry…

My favorite backup component is System Center Data Protection Manager (DPM)…

Yes, it’s true there are many modern products out there for Hyper-V and VMware, and their preferred color is Green :) , but DPM protect all my physical and virtual workloads, including SQL, users files, Hyper-V Item-level recovery (ILR), etc… it’s awesome!

Let’s jump into the challenging piece on how to isolate DPM backup traffic and protect our Virtual Machines in Hyper-V.

The backup network for Hyper-V is not listed as requirement by Microsoft, but I strongly recommend to isolate the backup traffic from the host Management OS, and by leveraging the converged network in Hyper-V were combining multiple physical NICs with NIC teaming and QoS we can isolate each network traffic while maintaining resiliency as shown in below diagram: DPM-BNA00

Now how can we force DPM and Hyper-V to use that Backup vNIC from the Management OS?

Let’s jump to our DPM server and list the backup network address using PowerShell:

PS C:\Get-DPMBackupNetworkAddress


As you can see we don’t have any Backup Network set yet, by default DPM use the production network address.

Given the following scenario: server Backup Address = server Production Address = server Backup Address = server Production Address =

First, the prerequisites for backup network functionality are as the following:

DNS resolution on DPM server for the Protected Hyper-V Server should be able to resolve the backup IP (

DNS resolution on SQL Server for the DPM Server should be able to resolve the backup IP (

This will also work using the Host file since most likely the backup network will not have a DNS Server.

1- Add the FQDN and Backup NIC’s IP address of the DPM Server to the protected Hyper-V server under C:\Windows\System32\drivers\etc\hosts file. This forces the protected Hyper-V Server to communicate with the DPM server over the backup NIC (

2- Add the FQDN and Backup NIC’s IP address of the protected Hyper-V Server to the DPM server under C:\Windows\System32\drivers\etc\hosts file. This forces the DPM server to communicate with the protected Hyper-V Server using the backup NIC (

Second, now that we have the Backup NIC is set, the backup subnet address and mask should be configured on the DPM Server through Add-BackupNetworkAddress PowerShell cmdlet.

PS C:\Add-BackupNetworkAddress -DpmServername DPM -Address -SequenceNumber 1

PS C:\Add-BackupNetworkAddress -DpmServername DPM -Address -SequenceNumber 2


(Note that you also need to configure the production network as a 2nd backup network for a fallback plan and also for protected servers that are not configured with a backup network).

Last, DPM Agents (DPM and Protected Servers) should be restarted to ensure that the backup network settings are in effect. (Stop any active backup jobs, then run net stop DPMRA / net start DPMRA on both DPM and Protected Server).


Now run the backup jobs and notice the backup traffic flow now :)

Hyper-V Server: DPM-BNA05

DPM Server: DPM-BNA04

To list the configured backup networks use:

PS C:\Get-DPMBackupNetworkAddress -DpmServername <DPM> 

To Remove backup networks use:

Ps C:\Remove-DPMBackupNetworkAddress -DpmServername <DPM> -Address

For more information on how to Improve performance with backup network address Read this Microsoft Article.

Last but not least, by keeping the backup traffic off your production network allows you more bandwidth without having to wait for off working hours to get backups of your data, but this does not mean that you will not see potential performance issues as the servers are backed up, but the impact will be much less especially when you isolate the backup traffic as described above and throttle the network bandwidth of your servers.



Until next time… Enjoy your day!


About Charbel Nemnom 569 Articles
Charbel Nemnom is a Cloud Architect, Swiss Certified ICT Security Expert, Microsoft Most Valuable Professional (MVP), and Microsoft Certified Trainer (MCT), totally fan of the latest's IT platform solutions, accomplished hands-on technical professional with over 17 years of broad IT Infrastructure experience serving on and guiding technical teams to optimize the performance of mission-critical enterprise systems. Excellent communicator is adept at identifying business needs and bridging the gap between functional groups and technology to foster targeted and innovative IT project development. Well respected by peers through demonstrating passion for technology and performance improvement. Extensive practical knowledge of complex systems builds, network design, business continuity, and cloud security.


  1. What’s happened when I want to backup a failver cluster? The agent can’t installed and I supouse that agent can’t contact failover cluster resource name because it haven’t a IP address in backup network.

    • Hello Damian,

      Thank you for your feedback.
      You need to create the same steps mentioned above on all cluster nodes. Please make sure that the etc\hosts file is updated accordingly on all Nodes including the DPM Server.
      Then push the DPM agents on all cluster Nodes.

      Let me know how it works.


1 Trackback / Pingback

  1. How To Fix 0x800423f3 Dpm Hyper-v Errors - Windows Vista, Windows 7 & 8

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.