by July 1, 2005 0 comments

Microsoft has finally gotten into the act of providing data protection software, called ‘System Center DPM’ for Windows servers. The software is currently in public beta and has been touted to dramatically reduce recovery times and speeding up back-up times. It has three main software requirements, which could slow its rate of adoption among companies. One, it needs a Windows Server 2003 OS that is not the Small Business edition with which it simply won’t install. Two, it needs an Active Directory domain and three, it requires an SQL Server 2000 database. Had the software been compatible with the Small Business Server, which bundles SQL Server anyway, it would have seen adoption among that market segment as well.

What you can protect
Microsoft SCDPM (System Center DPM) can protect only standalone file severs. It does not support clustered file servers-file servers configured in a failover cluster-in this edition. But these systems can be a NAS, DAS a Fibre Channel SAN or an iSCSI SAN. DPM can protect all manners of files, excluding links (soft or hard), encrypted files, recycle bin and files with a lot of ACL entries. The definition of ‘large ACL’ has been left undefined at this point. DPM does support mounted volumes.

Deployment requirements


Applies to: Win 2003 administrators

Native protection of a Windows file server without requiring a
third-party software

Primary Link: 

data protection manager site:

Installing DPM on your network requires a minimum of two servers, both running either version of Windows Server 2003 Standard or Enterprise. One of the servers, let’s call this the ‘domain controller’ is configured the default way. This server may or may not be the file server itself. The second server will be our DPM Server. This should be configured as a member server in the same Active Directory domain as the first server. SQL Server 2000 (with SP3a) is automatically installed on this box. Hardware-wise, our second server needs a minimum of two hard disks, other than any SAN/NAS setups you might already have. After the OS, ADS and SQL Server have been installed, update both boxes with SP 1 for Windows Server 2003. We can begin installing the DPM software. You should be logged on as a member of the Enterprise Administrators group for the whole operation.

Storage capacity
Anything that appears as a ‘disk’ in the Windows Disk Management Console can be used by DPM. You can take shadow copies, snapshots and regular backups of files, folders and volumes with DPM (consider a ‘volume’ as a ‘disk drive’ for simplicity). This is limited to taking 64 shadow copies per volume and eight shadow copies per day (across volumes), regardless of the size of the storage pool. You can also create something called ‘protection groups’ and configure a common schedule for this group, as discussed later.

Initial data is drawn from the protection target by a replica creation process, using a lot of bandwidth. Schedule this for off-peak hours

Storage capacity considerations are also typically more complex with DPM than with other incremental back-up software. Typical back-up systems would incrementally save changes at the file level between each such backup. DPM, on the other hand, stores changes at the byte level and because of its tighter integration with the Windows file server system, each of these changes is stored. The worst-case scenario is, if a large portion of the files being protected are MS Office files of which, several hundred TMP files are created when open as each of these files would be backed up by DPM. In comparision, other back-up software would store the file you save. Just like with databases, ‘transaction logs’ are saved as well. This increases the amount of space required. According to a formula on DPM’s documentation, you would estimate total capacity as:

Storage capacity requirement = Size of protected data + Size of transfer log + (Daily shadow copy size × Number of days’ worth of shadow copies to be stored)
As a ready reckoner, they estimate a requirement of 328 GB to protect 100 GB of files for 20 days (100 GB + 28 GB + (10 GB × 20) = 328 GB). Typically, one DPM server can protect 30 file servers, addressing some 6 TB of data in total.

Deploying DPM server
The SC DPM comes on four CDs. Run the set-up application from the first CD on the box designated as the DPM Server. Installation will not start if any of the requirements mentioned earlier have not been met. After that, reboot and run the DPM Console. DPM will then proceed to discover all servers on that ADS domain. In our case, we will get both our servers installed above. You’ll be prompted to install DPM agents on each of the servers. With that the deployment is done.

Data protection groups
Volumes can be grouped according to what kind of data they hold and what your tolerance to loss of that data is. For instance, two classes of your data would be critical-concurrent and long-term backup. You cannot tolerate a minor loss in the critical-concurrent data as it would affect your current state and lead to loss of many man hours and money. However, a lot of data from long-term backups can be lost before you would treat it as a major event-simply because you can spend more time and efforts to recreate that data from other sources. A DPM protection group is composed of a set of volumes, and policies that govern its synchronization and shadow copy schedules. Although Microsoft states that a group can have shares on volumes on servers scattered all over, a caveat here is that a single volume can be assigned to only one group. So, if you have two shares on a volume and one is assigned to a particular group, the other must also be assigned to the same group! Therefore, great care must be taken with planning data-storage strategies if you want to use MS DPM to protect it.

How it works
DPM creates a one-time replica per protection group on first run. This replica is a set of data at the time of this run. After the replica is created, further runs of DPM’s backup only transfers the incremental changes, at the byte level. The replica can be created either automatically or manually. Automatic creation will consume a lot of network bandwidth and should ideally be scheduled for after-office hours. 

Affected services

The following Microsoft/Windows services are used by MS DPM and are needed for its effective working

  • Background Intelligent Transfer Service

  • Distributed File System

  • Distributed Transaction Coordinator

  • DNS Server (needed by Active Directory)

  • Dynamic Link Tracking

  • File Replication Service

  • Indexing Service

  • Microsoft Software Shadow Copy Provider

  • MS SQL Server

  • Server Appliance (installed by SP1)

  • Volume Shadow Copy Service

Manual replica creation is a rather strange process. And you need to use your last taped backup of the data and full-restore it on the DPM system. DPM will then synchronize this with the replica and then download the incremental updates to this replica. This consumes far less network bandwidth since the bulk of data is transferred directly on-site (using the tape).

End user recovery
End users can install and use the DPM client called ‘DPM Client for Shadow Copies’. This can be distributed using MS Systems Management Server or accessed via file-share. This is a different software from the regular ‘Windows Client for Shadow Copies’ and provides different functionality as well. When they use the DPM Client, first local shadow copies are checked and then copies on the DPM server are accessed. With the Windows client, only the local file-server shadow copies are scanned. Only the last installed copy of the two clients can reside on the PC and this will overwrite the other one.

Security, reporting and notifications
DPM doesn’t attempt to guarantee security using local groups and this is why it mandates the deployment of ADS. You must use enterprise security accounts/groups while assigning ACLs to your data. The same security groups must be created and accessible on the DPM server (locally) as well. Once these restrictions are met, DPM will guarantee the same access specifications. 

SQL Server Reporting Services (CD 4) is used by DPM for its reporting purposes. However, Microsoft recommends that we do not install SSRS’s Reporting Manager as this conflicts with DPM. Notifications are sent by DPM to the pre-configured e-mail addresses. You will need to configure the SMTP server settings to use this. 

Sujay V Sarma

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.