You dont have javascript enabled! Please enable it!

Isolate DPM Backup Traffic in Hyper-V

3 Min. Read

In this article, I will share with you how to isolate DPM backup traffic in Hyper-V.


Hello folks,

As you know backup is very critical when it comes to virtualized environments.

In the traditional days, when you lose a server, you lose that particular server, however in server virtualization it’s not just another server, if you lose that host, you lose your entire infrastructure servers, and Hyper-V Cluster/Replica won’t protect you against data corrupting malware, unforced user errors, misbehaving applications, and updates that go awry…

My favorite backup component is System Center Data Protection Manager (DPM)…

Yes, it’s true there are many modern products out there for Hyper-V and VMware, and their preferred color is Green :), but DPM protects all my physical and virtual workloads, including SQL, users files, Hyper-V Item-level recovery (ILR), etc… it’s awesome!

Let’s jump into the challenging piece on how to isolate DPM backup traffic and protect our Virtual Machines in Hyper-V.

Converged network in Hyper-V
Converged network in Hyper-V

The backup network for Hyper-V is not listed as a requirement by Microsoft, but I strongly recommend isolating the backup traffic from the host Management OS, and by leveraging the converged network in Hyper-V were combining multiple physical NICs with NIC teaming and QoS we can isolate each network traffic while maintaining resiliency as shown in below diagram:

Now how can we force DPM and Hyper-V to use that Backup vNIC from the Management OS?

Let’s jump to our DPM server and list the backup network address using PowerShell:



As you can see we don’t have any Backup Network set yet, by default DPM use the production network address.

Given the following scenario: server Backup Address = server Production Address = server Backup Address = server Production Address =


The prerequisites for backup network functionality are as the following:

DNS resolution on the DPM server for the Protected Hyper-V Server should be able to resolve the backup IP (

DNS resolution on SQL Server for the DPM Server should be able to resolve the backup IP (

This will also work using the Host file since most likely the backup network will not have a DNS Server.

1- Add the FQDN and Backup NIC’s IP address of the DPM Server to the protected Hyper-V server under C:\Windows\System32\drivers\etc\hosts file. This forces the protected Hyper-V Server to communicate with the DPM server over the backup NIC (

2- Add the FQDN and Backup NIC’s IP address of the protected Hyper-V Server to the DPM server under C:\Windows\System32\drivers\etc\hosts file. This forces the DPM server to communicate with the protected Hyper-V Server using the backup NIC (

Isolate DPM Backup Traffic

Now that we have the Backup NIC is set, the backup subnet address and mask should be configured on the DPM Server through the Add-BackupNetworkAddress PowerShell cmdlet.

Add-BackupNetworkAddress -DpmServername DPM -Address -SequenceNumber 1

Add-BackupNetworkAddress -DpmServername DPM -Address -SequenceNumber 2


(Note that you also need to configure the production network as a 2nd backup network for a fallback plan and also for protected servers that are not configured with a backup network).

Last, DPM Agents (DPM and Protected Servers) should be restarted to ensure that the backup network settings are in effect. (Stop any active backup jobs, then run net stop DPMRA / net start DPMRA on both DPM and Protected Server).


Now run the backup jobs and notice the backup traffic flow now :)

Hyper-V Server:


DPM Server:


To list the configured backup networks use:

Get-DPMBackupNetworkAddress -DpmServername <DPM>

To Remove backup networks use:

Remove-DPMBackupNetworkAddress -DpmServername <DPM> -Address

For more information on how to improve performance with a backup network address Read this Microsoft Article.

Last but not least, keeping the backup traffic off your production network allows you more bandwidth without having to wait for off working hours to get backups of your data, but this does not mean that you will not see potential performance issues as the servers are backed up, but the impact will be much less especially when you isolate the backup traffic as described above and throttle the network bandwidth of your servers.



Until next time… Enjoy your day!


Photo of author
About the Author
Charbel Nemnom
Charbel Nemnom is a Senior Cloud Architect, Swiss Certified ICT Security Expert, Certified Cloud Security Professional (CCSP), Certified Information Security Manager (CISM), Microsoft Most Valuable Professional (MVP), and Microsoft Certified Trainer (MCT). He has over 20 years of broad IT experience serving on and guiding technical teams to optimize the performance of mission-critical enterprise systems with extensive practical knowledge of complex systems build, network design, business continuity, and cloud security.

Related Posts


TechEd 2014: Hyper-V Sessions!

Create a Logical Network in Virtual Machine Manager 2012 R2


3 thoughts on “Isolate DPM Backup Traffic in Hyper-V”

Leave a comment...

  1. What’s happened when I want to backup a failver cluster? The agent can’t installed and I supouse that agent can’t contact failover cluster resource name because it haven’t a IP address in backup network.

  2. Hello Damian,

    Thank you for your feedback.
    You need to create the same steps mentioned above on all cluster nodes. Please make sure that the etc\hosts file is updated accordingly on all Nodes including the DPM Server.
    Then push the DPM agents on all cluster Nodes.

    Let me know how it works.


Let me know what you think, or ask a question...

error: Alert: The content of this website is copyrighted from being plagiarized! You can copy from the 'Code Blocks' in 'Black' by selecting the Code. Thank You!