What’s New in System Center 2019 Data Protection Manager #DPM #SCDPM

12 min read

Updated – 08/04/2019 – Microsoft officially is supporting backing up Windows Server 2012 and Windows Server 2012 R2 with DPM 2019.

Introduction

Microsoft announced the release of System Center 2019 under Long-Term Servicing Channel (LTSC). LTSC provides 5 years of standard and 5 years of extended support. Subsequent the release of System Center 2019, the suite will continue to accrue value through the Update Rollup releases every six months over the mainstream support window of 5 years. Microsoft has dropped Semi-Annual Channel (SAC) releases, but new features before the next Long-Term Servicing Channel (LTSC) release will be delivered through Update Rollups. You can read about the announcement on Windows Sever Blog. You can download the media from the Volume Licensing Service Center (VLSC), or you can download the evaluation bits from the following link.

There are a lot of improvements and new features were introduced in this release.

In System Center 2019 Data Protection Manager, Microsoft added several new features. In the previous blog post, I showed you how to install System Center 2019 Data Protection Manager on top of Windows Server 2019 and SQL Server 2017. In this post, I will dive into the new features and improvements.

Click on the title to forward in the article:

VMware backup to Tape

In System Center 2019 Data Protection Manager, Microsoft added tape support for VMware backup for long-term data retention on-premises. DPM 2019 supports both Original Location Recovery (OLR) and Alternate Location Recovery (ALR) for restoring the protected VM. DPM 2019 also supports Item-Level Recovery (ILR) for individual files and folders of Window Server VMs running on top of VMware. You can use either physical tape library or virtual tape library.

For more information about how to use Virtual Tape Library (VTL) with DPM, please check the following whitepaper.

Newer workloads backup support

With System Center 2019 Data Protection Manager, you can backup new versions of different workloads:

  • Hyper-V VMs running on top of Windows Server 2019.
  • Windows Server 2019.
  • SharePoint 2019.
  • Exchange 2019.
  • System Center 2019 Virtual Machine Manager.
  • VMware vSphere V6.7. VMware enabled TLS as communication protocol starting with version 6.7 onward. If you want to backup VMware 6.7 with DPM 2019, please follow the steps below.

Backup VMware 6.7

In order DPM 2019 to backup VMWare 6.7, there are 2 external registry entries that need to be set and this also depends on the OS where DPM server is running.

If you are running DPM 2019 on Windows Server 2016, then you need to Enable .NET to let the OS choose the SSL/TLS protocol, and you need to Enable TLS 1.2. However, if you are running DPM 2019 on Windows Server 2019, then you only need to Enable .NET because Windows Server 2019 has TLS 1.2 enabled by default.

Enable .NET (Windows Server 2016/Windows Server 2019)

The following PowerShell script will enable .NET in the registry to let the OS choose the SSL/TLS protocol.

# The following registry keys should be created on the DPM server to backup VMware 6.7
# Windows Server 2016 / Windows Server 2019
$NetRegistryPath = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727"
New-ItemProperty -Path $NetRegistryPath -Name "SystemDefaultTlsVersions" -Value "1" -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $NetRegistryPath -Name "SchUseStrongCrypto" -Value "1" -PropertyType DWORD -Force | Out-Null

$NetRegistryPath = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319"
New-ItemProperty -Path $NetRegistryPath -Name "SystemDefaultTlsVersions" -Value "1" -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $NetRegistryPath -Name "SchUseStrongCrypto" -Value "1" -PropertyType DWORD -Force | Out-Null

$NetRegistryPath = "HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727"
New-ItemProperty -Path $NetRegistryPath -Name "SystemDefaultTlsVersions" -Value "1" -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $NetRegistryPath -Name "SchUseStrongCrypto" -Value "1" -PropertyType DWORD -Force | Out-Null

$NetRegistryPath = "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319"
New-ItemProperty -Path $NetRegistryPath -Name "SystemDefaultTlsVersions" -Value "1" -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $NetRegistryPath -Name "SchUseStrongCrypto" -Value "1" -PropertyType DWORD -Force | Out-Null

Enable TLS 1.2 (Windows Server 2016)

The following PowerShell script will enable TLS 1.2 in the registry for Windows Server 2016.

<#
//-----------------------------------------------------------------------

//     Copyright (c) {charbelnemnom.com}. All rights reserved.

//-----------------------------------------------------------------------

.NOTES
File Name : Enable-TLS1.2.ps1
Author    : Charbel Nemnom
Version   : 2.0
Date      : 01-March-2019
Requires  : PowerShell Version 5.0 or above
OS        : Windows Server 2016

.LINK
To provide feedback or for further assistance please visit:
https://charbelnemnom.com
#>

[CmdletBinding()]
Param (
$Protocol           = "TLS 1.2",
$ProtocolSubKeyList = @("Client", "Server"),
$DisabledByDefault = "DisabledByDefault",
$Enabled = "Enabled",
$registryPath = "HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\"
)

foreach($key in $ProtocolSubKeyList)
   	{	 
    $currentRegPath = $registryPath + $Protocol + "\" + $key
    Write-Verbose "Registry Path $currentRegPath"
		if(!(Test-Path $currentRegPath))
		{
		    Write-Verbose "Creating the registry..."
			New-Item -Path $currentRegPath -Force | out-Null			
		}
				
Write-Verbose "Enable Protocol $Protocol for the $Key"
New-ItemProperty -Path $currentRegPath -Name $DisabledByDefault -Value "0" -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $currentRegPath -Name $Enabled -Value "1" -PropertyType DWORD -Force | Out-Null
		
}

Faster Backup using SSD Tiered Storage

Starting with DPM 2016, Microsoft introduced a major new feature called Modern Backup Storage (MBS) that allows you to backup dynamic data sources with ease, achieve faster backups and reduced storage consumption. This is achieved by leveraging ReFS Block Cloning technology introduced in Windows Server 2016 and so DPM 2016, DPM 2019 (LTSC) including DPM 1801, and DPM 1807 (SAC) should be running on Windows Server 2016 or Windows Server 2019 to leverage Modern Backup Storage (MBS).

Moving forward, Microsoft recommends using a small percentage of SSD storage (~2% to 5%) as a minimum for tiered volume in combination with DPM HDD storage to improve ReFS cloning performance, thus results in better backup with Modern Backup Storage. The same recommendation applies to DPM 2016 and DPM 2019.

To create a Tiered storage volume using Storage Spaces, please follow the steps below assuming you already have some HDDs and SSDs in your system. In this example, I have (2 * 100GB SSDs) and (4 * 300GB HDDs).

First, we need to create a Storage Pool by running the following PowerShell command. Please note that it’s very important to specify the default logical sector size as 4K (4096) when creating the Storage Pool, because to maintain compatibility with older server applications, Storage Spaces uses 512 byte sectors for virtual disks, thus will affect the backup performance since DPM leverages ReFS with 4K sectors. In other words, the 4K sectors size should be across all your physical disks, logical disks and virtual disks.

# Variables
$Pool1 = "DPM-Pool-01"
$vd1   = "DPM-TieredVolume-01"

New-StoragePool –FriendlyName $Pool1 –StorageSubsystemFriendlyName "Windows Storage*" -PhysicalDisks (Get-PhysicalDisk -CanPool $True) -LogicalSectorSizeDefault 4096  

Get-StoragePool $Pool1 | Get-PhysicalDisk | Where {$_.MediaType -eq "Unspecified" -and $_.Size -eq "100GB"}  | Set-PhysicalDisk -MediaType SSD
Get-StoragePool $Pool1 | Get-PhysicalDisk | Where {$_.MediaType -eq "Unspecified" -and $_.Size -eq "300GB"}  | Set-PhysicalDisk -MediaType HDD
Get-StoragePool $Pool1 | Get-PhysicalDisk | Sort Size | FT FriendlyName, Size, MediaType, HealthStatus, OperationalStatus -AutoSize

Here is the output in Server Manager:

Next, we need to create a simple tier virtual disk and volume, then we need to disable write-back cache. Storage Spaces by design maintains write-back to cache the hot data (by default it’s 1GB), but since these are external cache it results in huge I/O amplification.  For example, for every ReFS write, it would go first to Storage Spaces write-back cache followed by actual location so it results in writing the same data twice to the underlying storage. Therefore, it’s recommended to disable write-back cache and set it to 0.

# Create Two Tiers Fast (SSD) and Standard (HDD)
$FastTier     = New-StorageTier -FriendlyName Fast     -MediaType SSD -StoragePoolFriendlyName $Pool1 -ResiliencySettingName Simple  
$StandardTier = New-StorageTier -FriendlyName Standard -MediaType HDD -StoragePoolFriendlyName $Pool1 -ResiliencySettingName Simple

# Create Simple Tiered Storage Space virtual disk (volume)
# The size of the SSD Tier should be minimum 5% the total size of HDD Tier
# For example, If the total requirement for the backup storage is 1TB, then 974GB on HDD and 50GB on SSD
# Disable Write-Back cache for ReFS
New-Volume -StoragePoolFriendlyName $Pool1 -FriendlyName $vd1 -StorageTierFriendlyNames $FastTier.FriendlyName, $StandardTier.FriendlyName `
-StorageTierSizes 50GB, 974GB -FileSystem ReFS -AccessPath "F:" -ProvisioningType Fixed -ResiliencySettingName Simple -NumberOfColumns 1 -WriteCacheSize 0

Then, we need to disable write auto-tiering at file system (volume) level by running the fsutil command. This command will disable write auto-tiering and make sure that ReFS metadata remains always on the faster (SSD) tier and won’t move to the standard (HDD) tier, thus will ensure consistent backup performance. On the other hand, when write auto-tiering is enabled, ReFS won’t differentiate between actual data and metadata and would work on normal caching heuristics. Now, if you have SSD storage with more than 10% of the total HDD tier, then I would recommend keeping write auto-tiering enabled. As otherwise, it would result in a waste of storage. Please note that write auto-tiering can be dynamically enabled or disabled at any given time by using the following command (1 = Disable, 0 = Enable).

# Disable Write Auto Tiering at file system (volume) level
$DriveLetter = (Get-Volume | Where-Object {$_.FileSystemLabel -eq $vd1} | Select-Object DriveLetter).DriveLetter
fsutil behavior set disableWriteAutoTiering "$($DriveLetter):" 1

Finally, we need to add the volume to DPM by running the following command:

# Add the volume to DPM
$volumes = Get-DPMDiskStorage -Volumes -All | Where-Object {$_.Tag -eq "NotOwnedByDPM"}
Add-DPMDiskStorage -Volumes $volumes
Update-DPMDiskStorage -Volume $volumes -DatasourceType All -FriendlyName $vd1

Here is the output in DPM Administrator Console:

If you need to add additional Backup Storage to DPM in the future, you can simply add additional HDDs to your system, and then leverage the remaining capacity from the SSDs as ReFS tiered volume.

VMware parallel backups

With earlier versions of DPM, VMware parallel backups were performed only across protection groups. With DPM 2019, VMware delta replication jobs run in parallel which leads to faster VM backups.

By default jobs to run in parallel is set to 8, you can modify the number using registry key as below. Please note that the key is not present by default, you need to add it.

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\Configuration\MaxParallelIncrementalJobs

If you set the value to 1, this will run the replication jobs serially. However, when increasing the number to a higher value, VMware performance needs to be taken into consideration. Considering the amount of resources in use and additional usage required on VMware vSphere server should be the criteria for determining the number of delta replication jobs to run in parallel.

Monitoring DPM in Azure

Monitoring is crucial when you are protecting a large amount of data. Starting with DPM 2019 and Azure Backup Server Version 3, you can leverage the Log Analytics monitoring solution provided by Azure Backup to monitor both on-premises and cloud backups. You can start monitoring daily backups and restore for all protected workloads. With this solution, you can even monitor log backups for your SQL Databases whether they are running within Azure IaaS VMs or being run locally on-premises and being protected by DPM 2019 or MABS V3 server.

All you need is an active Azure subscription. With a subscription, you can sign in to the Azure Portal and create a storage account for reports, then turn on diagnostics, and finally add the Log Analytics workspace to monitor your backups. The good news is, you do not need to set up a reporting server, a database, or any other infrastructure since everything is completely managed by the Azure Backup service.

To monitor your DPM server in Azure, please follow the steps below assuming your DPM server is already registered and connected to Microsoft Azure.

Log in to the Azure Portal, and on the left-hand side choose All services. Then scroll down to Recovery Services Vault, and then select a vault you used to register the DPM server.

From the list of items that appears under the vault, select Diagnostic Settings under Monitoring section. Click on Turn on diagnostics to collect the following data.

In the Diagnostic settings blade, give a valid name, then select Send to Log Analytics, select the relevant log analytics workspace or create a new one, select the relevant log, AzureBackupReport, and click Save.

Note: Please choose the same Log Analytics workspace for all the Recovery Services vaults to get a centralized view in the workspace. After configuration, please allow 24 hours for initial data push to complete.

Finally, you need to deploy the solution template from the following location: https://azure.microsoft.com/resources/templates/101-backup-oms-monitoring/

You need to deploy the monitoring solution template to the workspace that you configured above. Make sure you give the same Resource group, Workspace name, and Workspace location to properly identify the workspace and then install this template on it as shown in the next screenshot, and then click Purchase.

Once deployed, you can go the relevant Log Analytics workspace > General > Workspace summary or you can select Azure Monitor > Insights > More and then select the relevant Log Analytics workspace. If you click on the Azure Backup Monitoring Solution tile, it will take you to the solution dashboard which provides you with all the backup information as shown below:

Please make sure to select the desired time range for monitoring by choosing the proper start and end dates.

Last but not least, you can also create custom alerts to monitor the DPM and MABS servers and send you a notification when something goes wrong. This solution is key for any organization to keep an eye over their backups and ensure that all actions are taken for successful backups and restore. For more information on how to create custom alerts, please check the following article.

DPM disaster recovery: Backup DPM DB

A disaster can occur at any time. You can rebuild your DPM server with the same database as long as you are backing up the DPM database to Azure Backup or to a secondary location. Starting with DPM 2019, Microsoft enhanced the disaster recovery for DPM, you can now backup the DPM DB to local disks, and in case of a disaster, you can rebuild the functionality of your DPM server by using a recent backup of the database from the local disk.

This only works in case your DPM server crashes or becomes non-operational, and you still have your storage pool intact containing your backups. In this scenario, you can build a new DPM 2019 server and reconfigure it with the same DPM DB.

To backup and recover your DPM database, please follow the steps below:

First, you need to create a protection group and protect the DPM database using short-term protection on disks.

After the initial replica of the DPM database is completed, open SQL Server Management Studio (SSMS) and run the following SQL script:

select AG.NetbiosName, DS.DatasourceName, V.AccessPath, LR.PhysicalReplicaId from
tbl_IM_DataSource DS
join tbl_PRM_LogicalReplica as LR
on DS.DataSourceId = LR.DataSourceId join tbl_AM_Server as AG
on DS.ServerId=AG.ServerId
join tbl_PRM_ReplicaVolume RV
on RV.ReplicaId = LR.PhysicalReplicaId join tbl_STM_Volume V
on RV.StorageId = V.StorageId
where datasourcename like N'%dpmdb%' and ds.ProtectedGroupId is not null and LR.Validity in (1,2)
and AG.ServerName like N'%DPM2019%' -- Put the Netbios name of your server hosting DPMDB

Please note down the AccessPath and PhysicalReplicaId from the SQL script output below, because you need to use it in the recovery step later. In my example, the Access Path is F:\ and the Physical Replica Id is 2238503E-325F-4719-ADCC-0281FBB0158F.

Next, you need to download the PsExec tool from Microsoft, and then open an administrative command prompt and run the following command to start a PowerShell window in SYSTEM context:

.\PsExec.exe -i -s -accepteula -nobanner PowerShell.exe

To restore the DPM database from the last backup, run the following PowerShell script (make sure to replace AccessPath and PhysicalReplicaId with appropriate values).

# Function dismount virtual disk
Function Dismount-DPMDisk {
    Param([string]$DriveLetter,
          [string]$replicaPath)
Get-Volume -Drive $DriveLetter | Get-Partition | Remove-PartitionAccessPath -accesspath "$DriveLetter`:\"
Dismount-VHD -Path $replicaPath       
}

# Variables
$ReFSDPMPath = 'F:\' # Replace AccessPath
$PhysicalReplicaId = '2238503E-325F-4719-ADCC-0281FBB0158F' # Replace PhysicalReplicaId
$DriveLetter = 'X'

$ds = Get-ChildItem -Path $ReFSDPMPath -Directory
$replicaPath = $ReFSDPMPath + $ds.Name + "\" + $PhysicalReplicaId + "\" + $PhysicalReplicaId + "\disk0.vhdx"
Write-Verbose "Mount VHD $replicaPath" -Verbose
Mount-VHD -Path $replicaPath -PassThru | Get-Disk | Get-Partition | Set-Partition -NewDriveLetter $DriveLetter
 
$temp = Get-ChildItem -File -Path "$DriveLetter`:\" -Recurse -Filter "*DPMDB*"
If($temp.count -gt 0) {
  Write-Verbose ("Found DPM DB files in replica: {0}, files found: {1} " -f $replicaPath, ($temp.FullName -join ", ")) -Verbose
  $Path = Read-Host "`n Specify the folder where DPM DB will be exported"
  # Create the folder if doesn't exist
  Try {
       Resolve-Path -Path $Path -ErrorAction Stop | Out-Null
      }
  Catch {
        Try {
             New-Item -Path $Path -ItemType Directory -ErrorAction Stop | Out-Null
             }
        Catch {
             Write-Error "Can't create the folder $($Path): $($Error[0].Exception.Message). Exiting."
             Dismount-DPMDisk -DriveLetter $DriveLetter -replicaPath $replicaPath 
             Break
               }
        }
Write-Verbose "Copying DPM DB files, $temp to $Path" -Verbose
Copy-Item -Path ($temp.FullName) -Destination $Path -Force
Write-Verbose "Dismount Drive $DriveLetter" -Verbose
Dismount-DPMDisk -DriveLetter $DriveLetter -replicaPath $replicaPath
}

After reinstalling a new DPM server, you can use the restored DPM DB and attach it to the DPM server by running dpmsync -restoredb as shown in the example below:

dpmsync -restoredb -dbloc D:\StagingArea\MSDPM2012$DPMDB_DPM2019.mdf -instancename (local) -dpmdbname DPMDB_DPM2019

Once dpmsync -restoredb command is completed, you need to run dpmsync -sync command to synchronize DPM.

Please note that the same recovery steps described above applies to System Center 2016 Data Protection Manager (SCDPM 2016) with Modern Backup Storage (MBS).

Windows Server 2019 support

As mentioned in my previous article, DPM 2019 can be installed on Windows Server 2019 and Windows Server 2016.

With DPM 2019, you can protect the following workloads:

  • System Center Virtual Machine Manager: 2016 and 2019.
  • Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019.
  • SQL Server 2017, SQL Server 2016, and SQL Server 2014.
  • Exchange Server 2016 (latest Service Pack) and Exchange Server 2019.
  • SharePoint 2016 (latest Service Pack) and SharePoint 2019.
  • Windows Server 2016 Hyper-V and Windows Server 2019 Hyper-V.
  • Windows 10 (64-bit) only.
  • Linux running as Hyper-V guest on Windows Server 2016 Hyper-V or Windows Server 2019 Hyper-V.
  • VMware VMs running on VMware vSphere 6.0, 6.5, and 6.7.

SQL Server 2017 as DPM database

As mentioned in my previous article, you can install System Center 2019 Data Protection Manager with SQL Server 2017 as its database. DPM 2019 support SQL Server 2016 and SQL Server 2017 as its database.

You can install SQL Server 2017 on a remote server, or locally on the DPM server. Please note that SQL Server 2017 must be installed and running before you install DPM 2019. You can either use SQL Server 2017 Standard or Enterprise Edition (64-bit).

Learn more

Do you want to learn more about System Center Data Protection Manager and how to create a hybrid-cloud backup solution? Make sure to check my recently published book: Microsoft System Center Data Protection Manager Cookbook.

With this book (over 450 pages) on your side, you will master the world of backup with System Center Data Protection Manager and Microsoft Azure Backup Server deployment and management by learning tips, tricks, and best practices, especially when it comes to advanced-level tasks.

__
Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Advertisements
About Charbel Nemnom 475 Articles
Charbel Nemnom is a Cloud Architect and Microsoft Most Valuable Professional (MVP), totally fan of the latest's IT platform solutions, accomplished hands-on technical professional with over 17 years of broad IT Infrastructure experience serving on and guiding technical teams to optimize performance of mission-critical enterprise systems. Excellent communicator adept at identifying business needs and bridging the gap between functional groups and technology to foster targeted and innovative IT project development. Well respected by peers through demonstrating passion for technology and performance improvement. Extensive practical knowledge of complex systems builds, network design and virtualization.

Be the first to comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.