In October 2015, Microsoft released the first version of Microsoft Azure Backup Server MABS v1 (known as project VENUS), and on May 2017, Microsoft released the second version of Microsoft Azure Backup Server MABS v2.
The user’s voice was very active and many users including myself were requesting if MABS will be updated to support the latest features and enhancement introduced in SC DPM 2016 and 2019. Finally, MABS version 3 was released in November 2018 which add support for Windows Server 2019.
As I mentioned in one of my previous articles, Microsoft Azure Backup Server (MABS) inherits the same functionality of System Center Data Protection Manager (SC DPM) for workloads backup, if you are familiar with SC DPM, MABS looks very similar. However, MABS does not provide protection on tapes nor can integrate with any System Center component, so if you need System Center integration then you need the full SC DPM license for that. The good news is, MABS comes with a free SQL Server license that can only be used for the MABS database, and it is free to download. Did I say free? Yes, it’s FREE! I believe the vast majority of customers will choose Microsoft Azure Backup Server (MABS), and saving on System Center licensing cost.
With Microsoft Azure Backup Server v3, you can protect application workloads such as Hyper-V VMs, Microsoft SQL Server, SharePoint Server, Microsoft Exchange, VMware VMs, Windows Server (2012/R2, 2016, 2019), and Windows clients to:
- Disk (D2D), giving high Recovery Time Objectives (RTOs) for tier 1 workloads, short-term protection on-premises.
- Azure (D2D2C) for long-term online and off-site protection. (Backup to Tape is NOT supported).
I have been asked recently by many customers if they can upgrade from DPM to MABS, which can help on saving licensing cost on-premises and protect their data in Azure securely.
In this quick article, I will share with you what is the best approach to move or upgrade from System Center Data Protection Manager (SC DPM) to Microsoft Azure Backup Server (MABS).
Upgrade from DPM to MABS
If you have DPM in your environment, you can only upgrade to DPM 2019 from the following DPM versions:
- DPM 2016
- DPM 1801
- DPM 1807
If you want to upgrade from DPM 2016 to DPM 2019, make sure your installation has the following necessary updates:
- Upgrade the DPM server to DPM 2019.
- Update the agents on the protected servers.
- Upgrade the DPM Remote Administrator on all production servers.
- Backups continue without rebooting your production server.
To upgrade your DPM installation, please check the detailed document from Microsoft here.
As you can see in the list above, unfortunately, it is not possible to upgrade from DPM to MABS and Microsoft does not support this upgrade path either.
So what is the solution then if you are planning to move to MABS?
What you can do is the following:
- Connect/register your existing DPM 2016/2019 server to Azure Recovery Services Vault.
- Make sure to push and replicate all your data to Azure.
- Keep your existing DPM installation on-premises running with minimal storage footprint so you can manage the old backups.
- Install a new MABS server on a new VM and use the available storage from your existing DPM server to start taking new backups (Short-Term/Long-Term).
- Once the retention period is over which is defined by your Top Management or Business Unit, then you can demote your old DPM server on-premises.
It’s crucial to keep your exiting DPM server running on-premises for some period of time to take full control of your backup in Azure, because if you decommission your existing DPM server, you can connect the new MABS server to Azure using the Add External DPM option and restore only the data if needed but you cannot delete it. As of today, if you need to delete those backup and the original DPM/MABS server is not available, you have to contact the support team in Azure.
Hope this helps!
Microsoft Azure Backup Server extends on-premises data protection by using Azure as an off-site location while reducing backup infrastructure costs to maintain. Additionally, the integration between Azure Backup Server and Azure helps prevent your backups from being attacked by Ransomware and other malicious corruptions and deletions. So when the attacker is trying to delete backup data from your server on-premises, in that case, it will be actually prompted to enter a security PIN. Now the hacker might not have access to your server, but to get the security PIN, it needs to be able to access the Recovery Services Vault in Azure and then get the PIN to delete the Backup. Well, if a malicious user who had access to the Recovery Services Vault and deleted your backups, there’s no need to worry though, because Azure Backup actually retains these backups for up to 14 days so you can recover this data. This way you can actually protect your backups and always ensure you have multiple recovery points to recover from, in case your server is attacked by Ransomware or otherwise. Better safe than sorry!
Make sure to order my recent Microsoft System Center Data Protection Manager Cookbook for in-depth details about data protection and hybrid backup!
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.