Exchange Server 2013 offsite protection using DPM and Microsoft Azure (Part 1)

If you would like to read the other parts in this article series please go to:

One of the mandates of being an Exchange Administrator is the protection and recoverability of the mailbox data. There are several ways to protect Exchange server information, the most common are listed below, as follows:

  • Some companies prefer to use the built-in features of the product against disaster. I wrote a series of articles going over some scenarios when using this type of strategy, here is the first article of the series.
  • Some companies use Microsoft Office365 and then backup is not an issue since that is a service and the customer does not have access to a “server” per say, and the rules are clear when the topic is data managed in the Cloud. Microsoft will provide a redundant solution, and we can use some features like Litigation to keep the data around however it is not the traditional backup and restore that we have in the on-premises environment.
  • Another strategy is take advantage of the Single Item Recovery Feature (also discussed at the beginning of my series mentioned previously) to avoid having backup running on Exchange (this strategy requires High Availability and that implies at least a couple of servers just for Exchange).

However, I would like to focus on those environments that do use backup software to protect their environment including Exchange Server, and their protection will vary and they will have disk protection and most likely tape protection being retained for a certain time. Companies use this protection strategy for several reasons that may include but not limited to SOX, internal security, old school type of protection, and so forth.

My friend Rui Silva wrote a great series about DPM 2012 protecting Exchange Server 2013 here at where he explains in detail the entire deployment of the DPM and the process to protect and restore exchange data. Rui’s first article of his series can be found here.

The DPM has a new version now which is the DPM 2012 R2, and the process to configure Microsoft Azure is slightly different (a little bit simpler than before), and at that time Exchange was not supported in Microsoft Azure. Only a few days ago (February, 2015 which has been 1 year and a half after Rui’s article) did Microsoft start supporting Exchange, SQL, SharePoint, VMs, File Servers and Virtual Machines running on VMWare being protected in Microsoft Azure.

For more information about the new feature of the Cumulative Update 5, see this information from the product group.

A simple Scenario…

Those new capabilities were introduced in the Cumulative Update 5 of DPM 2012 R2, and that is going to be the scenario for this article series. We will start with a scenario where the environment has a single Exchange Server 2013 with DPM Server.

During this article series, we will be upgrading DPM to the Cumulative Update 5, then integrating it with Microsoft Azure and finally going over the features related to Exchange protection.

For the record, we are running DPM 2012 R2 version 4.2.1205.0 and in order to find your version, open DPM Console, and click on Monitoring item on inferior left corner, then click on About DPM icon on the toolbox and the current version, SQL and Reporting Services information will be displayed.

Installing Rollup Update 5 on the DPM Server…

The installation process seems old, but I can assure you that is the new thing. First of all, logged on to the DPM Server, go to this web page using Internet Explorer, and a Microsoft Update Catalog page will be displayed, click on Install for any add-on that may show up on your Internet Explorer browser.

A new page with the Update Rollup 5 for System Center 2012 R2 – Data Protection Manager will be listed (Figure 01), click on Add, and then click on View Basket (I told you that looks old!), and use the proper action to start downloading the Cumulative Update.

Figure 01

The download will be 4 (four) files, and in order to install the update click on Detectoid for System Center 2012 R2 – Data Protection Manager Server-all..<something> usually it is the first one and it has a generic icon associated to it.

That will start the installation wizard. In the welcome (Figure 02) page as in all other pages, just accept the default values and that will complete the installation process. A few notes, make sure that there is no protection jobs running at the time of the upgrade (if they are running they will be terminated as part of the upgrade process).

Figure 02

Configuring Microsoft Azure for DPM protection…

Microsoft Azure is dynamic and the process to configure Azure protection that was valid last year was replaced by this new simpler process, and it does not mean that is the final version, always check Azure portal and their documentation when deploying a new service into Azure.

The first step is to click on New, Recovery Services, Backup vault, Quick Create and then define a name for the new Backup Vault and a region. Click on Create Vault, as shown in Figure 03.

Figure 03

After the creation of the Backup Vault, click on it and the first page (Figure 04) will have the two steps that we need to perform on the Microsoft Azure site to integrate with DPM. The first step is to click on Download vault credentials and save that file on the DPM Server for later use.

The second step on the same page is to download the Azure Backup agent for DPM, and the option to do that is the For Windows Server or System Center Data Protection Manager or Windows Client link, the result will be a download as the file MARSAgentInstaller.exe (Microsoft Azure Recovery Services Agent).

Figure 04

These are the required steps on the Microsoft Azure side, the Microsoft Azure Team made a great job in the integration piece between Backup Vault and on-premises environments.

Finishing the integration on the DPM Server…

The first step is to install the MARSAgentInstaller.exeand on the first page, we need to define the installation folder for the service and in the second field, we have the most important configuration of this page, which is the location for cache (Figure 05). Microsoft recommends saving 5% of the data being protected, and common sense dictates that a separate disk should be used here. Click Next

Figure 05

In the Proxy Configuration page. Define your proxy settings for your environment, and click Next.

In the final page, a list of all required software will be listed with their status, and if the installation went well a message Microsoft Azure Recovery Services Agent installation has completed successfully will be shown (Figure 06).

Figure 06

As part of the process, a new service Microsoft Azure Recovery Services Agent was added to the list of the services in the server. If the DPM console is open, make sure to close it and then open again.


In this first article of our series, we covered the basics starting with the Backup Vault creation in Microsoft Azure and the required software required on the DPM Server, and those steps were the requirements before moving any data to Microsoft Azure.

If you would like to read the other parts in this article series please go to:

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top