Continuous Backup for Exchange Server 2013 with DPM 2012 (Part 4)
If you would like to read the other parts of this article series please go to:
Backup to Windows Azure
With System Center 2012 SP1, DPM can backup data from the DPM server to an offsite storage that is managed by the Windows Azure Recovery Services (currently in Preview).
To benefit from this functionality you must first register for the trial. Then, you’ll need to download and install the Windows Azure Online Backup agent on the DPM server, which will be used to transfer the data between the DPM server(s) and Windows Azure Online Backup service.
Figure 1: Windows Azure Online Backup
This is a list of the main benefits of the new online backup capabilities in DPM:
- Reduced TCO: The Windows Azure Online Backup service can help to reduce the total cost of ownership (TCO) by providing scalability, elasticity, and simplified storage management.
- Peace of mind: The Windows Azure Online Backup service provides a reliable, secure, and a robust offsite backup and restore solution that is highly available.
- Simplicity: The Windows Azure Online Backup workflows are seamlessly integrated into the existing DPM backup, recovery and monitoring workflows.
The following scenarios are supported when protecting data using Windows Azure Online Backup.
- Protection for file system
- Protection for virtual machines
- Protection for SQL Server databases
- DPM server must be on Windows Server 2012.
- Install the Update Rollup 2 for System Center Data Protection Manager SP1 before installing the Windows Azure Backup Agent.
As you can see from the prerequisites, Update Rollup 2 for System Center Data Protection Manager SP1 is needed to enable the Online Backup features. This rollup can be downloaded by following the KB article instructions, or obtained through the Microsoft Update process, as depicted in Figure 2.
Figure 2: Microsoft Update
After installing Update Rollup 2 and updating the DPM Agents, it’s now time to follow the process to configure Windows Azure Recovery Services integration with DPM.
- Activate the Windows Azure Recovery Services in your Windows Azure subscription, by going to this link (Figure 3).
- Sign in to your Windows Azure subscription and navigate to RECOVERY SERVICES (Figure 4). Click CREATE A NEW VAULT.
- Select BACKUP VAULT > QUICK CREATE, select a REGION and then insert a unique NAME for your vault (Figure 5). After the creation of the vault you’ll be presented with the information depicted in Figure 6.
Figure 3: Preview Features
Figure 4: Recovery Services
Figure 5: Create a new vault
Figure 6: Backup vault created
- To successfully register a server you must have an X.509 v3 certificate to register your servers with Recovery Services vaults. The certificate must have a key length of at least 2048 bits and should reside in the Personal certificate store of your Local Computer. To use your own self-signed certificate, download Certificate Creation Tool (makecert.exe), open Command Prompt with Administrator privileges and run the following command (Figure 7):
makecert.exe -r -pe -n CN=<CertificateName> -ss my -sr localmachine -eku 126.96.36.199.188.8.131.52.2 -e <endofvalidityperiod mm/dd/yyyy > -len 2048 "<CertificateName>.cer"
- On the Windows Azure Management Portal, click RECOVERY SERVICES, then click the name of backup vault that will be identified by the certificate and then click MANAGE CERTIFICATE. From the Manage Certificate dialog box, browse your computer and locate the public certificate you want to upload. Select the check mark to start the upload process (Figure 8).
- Next, click Download Agent. You will be presented with a dialog where you can choose which agent to download (Figure 9). Select the appropriate agent.
- Agent for Windows Server 2012 and System Center 2012 SP1 - Data Protection Manager
- Agent for Windows Server 2012 Essentials
Figure 7: Generating a self-signed certificate
Figure 8: Manage certificate
Figure 9: Download agent
- To install the Windows Azure Backup Agent, run the installer, WABInstaller.exe. The Supplemental Notice for the Service is displayed (Figure 10). Click I accept the service agreement terms and conditions, and then click OK to continue the installation.
- On the Installation Settings page (Figure 11), you choose the Installation Folder and Cache Location for Windows Azure Backup. Click Install.
- The Installation page is displayed. When the installation is complete, you will receive a message that the Windows Azure Backup Agent was installed successfully (Figure 12). Click Finish.
Figure 10: Supplemental Notice
Figure 11: Installation Settings
Figure 12: Installation Summary
- To register a server with Windows Azure Backup, on the DPM Management Console, in the Management pane, click Register Server (Figure 13) to open the Register Server Wizard.
- Select the Certificate that you are going to use and the Windows Azure Backup Vault previously configured (Figure 14). Click Next to continue.
- In the Proxy Configuration page (Figure 15), if you want Windows Azure Backup Agent to use a unique proxy server to connect to the Internet, click Use a proxy server for Windows Azure Backup, and then configure the necessary fields. Click Next to continue.
Figure 13: Register Server
Figure 14: Backup Vault
Figure 15: Proxy Configuration
- On the Throttling Setting page (Figure 16) 5, select Enable internet bandwidth usage throttling for backup operations to configure how the Windows Azure Backup Agent uses the network bandwidth when backing up or restoring information. Click Next.
- On the Recovery Folder Settings page (Figure 17), enter a folder location for temporary staging location of the information being recovered and click Next.
- On the Encryption Setting page (Figure 18), type a 16 character or greater passphrase to encrypt the backups from the server. To have a random passphrase created, click Generate passphrase. Click Register to begin the server registration process. If successful, a registration confirmation message is displayed (Figure 19) and you can close the wizard.
Figure 16: Throttling Setting
Figure 17: Recovery Folder Settings
Figure 18: Encryption Setting
Figure 19: Azure Backup Registration
Figure 20: Windows Azure Backup status
- With the server now properly registered (Figure 20), we can finally modify the protection groups to include online backup. Right click a protection group that includes file protection and select Add online protection (Figure 21).
- On the Specify Online Protection Data page (Figure 22), select the files and folders to protect and click Next.
- On the Specify Online Protection Goals page (Figure 23), configure the Retention range in days and the Synchronization Schedule. Click Next.
- On the Summary page (Figure 24) click Update Group and wait for the success results on the Status page (Figure 25). Click Close.
Figure 21: Add online protection
Figure 22: Specify Online Protection Data
Figure 23: Specify Online Protection Goals
Figure 24: Summary
Figure 25: Status
- To immediately start online protection, right click a protected folder and select Create recovery point (Figure 26)
- Select Create recovery point for Online protection and click OK (Figure 27). The results for the operation will be presented on the status page (Figure 28). Click Close. If we now go to the Recovery pane and select one of the previously protected folders, we are now presented with the Recover from: Online option (Figure 29).
Figure 26: Create recovery point
Figure 27: Create online recovery point
Figure 28: Create recovery point status
Figure 29: Recovery from Online protection
When using DPM protection of your Exchange 2013 servers, you should be aware of the following additional considerations:
- Adding mailbox databases to the server. If you create or add new mailbox databases to a protected storage group on an Exchange Server computer, these databases will be automatically added to the DPM replication and protection. Incremental backups will fail until a full backup is completed
- Changing mailbox database file paths. If a protected database or log files are moved to a volume that contains data that is protected by DPM, protection continues. If a protected database or log files are moved to a volume that is not protected by DPM, an alert is displayed and protection jobs will fail. To resolve the alert, in the alert details, click the Modify protection job link and then run a consistency check.
- Dismounting mailbox databases. If you dismount a protected mailbox database, that protection job for that particular database will fail. The replica will be marked inconsistent when the next express full backup is run by DPM.
- Renaming mailbox databases. If you need to change the name of the mailbox database, stop protection and reprotect the database. Until you reprotect the database the backups will continue to work but mailbox enumeration will fail.
- Protecting DAG nodes. It’s possible to protect Exchange Server 2013 DAG nodes from different DPM servers. However, one node can be protected by only one DPM server. For example, assume that CONTOSO-DAG-01 has nodes N1, N2 and N3. One DPM server can protect N1 and N3, and another DPM server can protect nodes N2.
- DPM storage. Windows Server must recognize a storage device as locally attached before DPM can use it for storage. DPM can use direct-attached storage (DAS) or SAN devices attached through iSCSI or Fibre Channel to store protected data. DPM cannot store protected data on removable disk media like USB or IEEE 1394 hard disk drives because these devices are not always attached and do not support VSS unless these devices are part of a VTL solution that appears as a tape device to DPM. Any volumes that are used must be dedicated to DPM.
- Storage configuration. Microsoft recommends the use of RAID5 for DPM as this provides the necessary data integrity and storage reliability. When performing this task, design the RAID5 configuration, take the IOPS requirement into consideration and then balance the number of overall LUNs used to meet the IOPS. You must also pay attention to the number of LUNs allocated for the RAID parity bits as this affects the IOPS as well
- DPM limits. With DPM, the maximum amount of data that you can protect with a single DPM server is 80 TB. Therefore you can protect DAG’s that have up to 20 nodes with a single server or up to 10,000 mailboxes with a DPM server
DPM reporting offers six standard reports that you can generate, review, and analyze. The following table lists the reports and their definitions.
Summary of Contents
The Status report provides the status of all recovery points for a specified time period, lists recovery jobs, and shows the total number of successes and failures for recovery points and disk-based and tape-based recovery point creations. This report shows trends in the frequency of errors that occur and lists the number of alerts.
The Tape Management report provides details for tape rotation and decommissioning, and it verifies that the free media threshold is not exceeded.
Use this report to manage tape circulation between the library and your offsite location.
The Tape Utilization report provides trending of resource (disk/tape) usage over time to assist capacity planning.
Use this report to make decisions about tape allocations and purchases.
The Protection report provides the commonly used metrics for backup success rolled up over long periods of time to track how backups are doing.
Use this report to identify which computers or protection groups have been backed up successfully.
The Recovery report provides the commonly used metrics for recovery success rolled up over long periods of time to track how recoveries are doing.
Use this report to identify how well you performed against your service level agreements for recovery time objectives and recovery success guarantees.
Summarizes disk capacity, disk allocation, and disk usage in the DPM storage pool.
Use this report to do the following:
- Identify trends in disk usage
- Make decisions about modifying space allocations for protection groups and adding disks to the storage pool
- Identifying how much disk resource each computer is using on DPM
Table 1: DPM Report Types
What can you do in the Reporting task area (Figure 30)?
- Generate and view reports on DPM operations.
- Schedule automatic report generation.
- Manage Reporting Services settings.
Figure 31 shows an example of a Disk Utilization report.
Figure 30: Reporting pane
Figure 31: Disk Utilization report
The next and final part of this article will be dedicated to the recovery process, the most important feature of any backup solution.
If you would like to read the other parts of this article series please go to: