Microsoft IT Deployment of System Center Data Protection Manager 2007

Technical Case Study

Published: November 29, 2007

Microsoft Corporation has operations in more than 80 countries worldwide. As more information is created through the collaborative software suites that Microsoft designs, the operations that support this global infrastructure face increasing demands. Microsoft IT supports this global infrastructure through three major data centers located in the United States, Ireland, and Singapore. These centralized data centers provide services such as document collaboration through Office SharePoint Server, Exchange Server, and numerous applications that SQL Server supports.

The Microsoft global infrastructure relies heavily on data systems. As a result, the solution for backing up these systems needs to meet the following key goals:

• Reduce the time needed to back up assets
• Reduce the Recovery Point Objectives (RPO) time for user-driven restores
• Reduce the complexity of backup systems

This case study describes Microsoft IT's deployment of Data Protection Manager 2007 to address its backup needs. This paper is intended for enterprise decision makers and chief information officers who are considering the deployment of a similar solution in their environments.

Situation

Tape-based backups have historically been the standard in the enterprise. Microsoft typically used tape media for backups of its large database-driven systems. Although tape-based backups are typically the ideal method for storing backups off-site, they consume resources and therefore need to be run outside normal business hours. As the databases grow, so do backup times and the resources that are needed to perform the backups. Additionally, tape-based recoveries are susceptible to tape hardware problems as well as recovering data at a much slower rate than the backup processes.

Although off-site storage is an essential part of a disaster recovery plan, numerous restores are provided each year for customers of Microsoft IT. These restores are typically for users who have accidentally deleted a file or for server administrators who need to recover from isolated hardware failure. Historically, Microsoft IT has relied on a time-consuming process for backing up and restoring files that are needed by the business units that the team supports.

Although Data Protection Manager 2006 successfully served Microsoft for backing up branch offices, the data stores for Exchange Server 2007, SharePoint Server 2007, and SQL Server 2005 were still using traditional backup methods with tape. Microsoft looked for a solution that would:

• Reduce service level agreements (SLAs) for backup and restore time.
• Support backup of very large information stores.
• Use technology that would enable backups to be performed during business hours.
• Reduce the backup windows—the time needed for backups to finish—for Exchange Server, SQL Server, and SharePoint Server.
• Handle disk-to-disk backups.
• Handle disk-to-disk-to-tape backups for off-site storage.
• Provide native support for Exchange Server 2007, SharePoint Server 2007, and SQL Server 2005.
• Bring the benefits of Data Protection Manager 2006 to database-driven Microsoft applications.

The Data Protection Manager 2007 solution includes the following features that Microsoft IT found to be important:

• Coexistence with previous products during the transition to the new product
• A simple and efficient and simple agent.
• Low CPU utilization
• Incremental and differential backup support
• Full support of the latest versions of SharePoint Server, Exchange Server, and SQL Server
• Self-service recovery for user files
• Directed recovery of SQL Server databases
• Item-level recovery for Exchange Server 2007 and SharePoint Server 2007

Solution

Microsoft IT has been an early adopter of Data Protection Manager 2007 worldwide since early in the beta release phases of the product. Microsoft IT has used Data Protection Manager 2007 to help protect servers in several locations and data centers worldwide. This use extends to file servers running Windows Server® 2003 and Windows Server 2008, Exchange Server 2007, SharePoint Server 2007, SQL Server 2005, and Microsoft Virtual Server 2005.

Windows Server 2003 and Windows Server 2008 Protection

Microsoft IT has file servers worldwide, and more than 600 of them were protected in the initial deployment of Data Protection Manager at Microsoft. These file servers and their users were able to take advantage of the built-in support of Data Protection Manager 2007 for Volume Shadow Copy Service (VSS), which enables backups of open files and for end-user restores. These backups resulted in faster recovery times for users of file servers.

Servers that Data Protection Manager 2007 backed up during the rollout consisted primarily of the servers supporting SQL Server 2007, Exchange Server 2007, and Office SharePoint Server 2007. By using VSS, Data Protection Manager 2007 can back up Windows Server 2003 and Windows Server 2008 servers for fast recovery. The backup includes system state and files that are shared via Windows Server 2003 File Services and enables users to recover their own lost or damaged files.

Exchange Server 2007 Protection

Microsoft not only produces the Exchange Server 2007 messaging platform, it also uses Exchange Server 2007 extensively as a customer. This means that at any time, thousands of mailboxes are in both production and testing. Traditional backups have presented the same challenges to Microsoft IT that many other organizations face today. Because of the amount of data stored in Exchange Server, only a single backup to tape each night is feasible. Tapes also become increasingly cumbersome on a large scale, with multiple VSS-based backup solutions that can be difficult to manage across multiple platforms.

Microsoft IT currently uses eight servers running Data Protection Manager 2007 to help protect three Exchange Server 2007 environments, including production and test environments. Production mailbox servers run cluster continuous replication (CCR) configurations. Data Protection Manager is not only cluster aware but also cluster competent, able to communicate and use the preferred node backup method. Data Protection Manager helps to protect more than 22,000 mailboxes equaling approximately 14 terabytes of mail data.

A growing environment with this much data can be challenging for nightly tape backups, but with Data Protection Manager 2007, each server is synchronized every 15 minutes. Each recovery point is kept online for 14 days, resulting in 1,344 recovery points available to restore from. Data Protection Manager helps to protect data based on an Initial Replication (IR) that captures the entire disk that is protected. After the initial replication, Data Protection Manager needs to capture only changes through the agent that runs on each server. These additional synchronizations are called Recovery Points (RP).

With this strategy, Data Protection Manager 2007 administrators can easily recover entire storage groups, mailbox databases, or even single mailboxes from any hour in a day. Administrators also have the ability to save critical backups for as long as necessary. One of the biggest benefits for Exchange Server administrators at Microsoft has been the significant reduction of the backup window. The backup window is now only as long as the time that is required to capture disk changes, even though a full restore is available at any time that a synchronization has finished.

Office SharePoint Server 2007 Protection

Microsoft relies on Office SharePoint Server 2007 in its Singapore and Redmond data centers. The servers hold large amounts of critical business documents, but have historically been more challenging to protect through traditional tape backups. Because of the amount of data that is stored in Office SharePoint Server, a single backup to tape took five hours each night. The backup process also used about 50 percent of the CPU resources on the servers, preventing the feasibility of backups during business hours.

Table 1 compares the traditional backup method with the current use of Data Protection Manager 2007 for the Singapore data center.

Table 1. Backup Methods for the Singapore Data Center

Facts and measurements	Traditional SQL Server backups	Data Protection Manager 2007
Data retention period	14 days	14 days
Backup job run time	20 hours	2 hours
Host CPU consumption (average)	50%	15%
Daily job size	961 gigabytes (GB)	6 GB

As shown in the preceding table, Data Protection Manager 2007 reduced the backup window for synchronization. This reduction resulted in more time for other maintenance tasks on the same servers and more time for user access to these systems. Because Data Protection Manager needs to capture only changes to the disks, each daily job decreased from 961 GB to 6 GB. This reduction represents a large savings in tape resources in just one week of backups and process time from using Data Protection Manager 2007. Additionally, the SharePoint Server 2007 Web farms that Data Protection Manager helped to protect were under heavy usage, which means that the protection solution needed to be fast, scalable, and non-intrusive to the applications.

Table 2 shows initial replication and recovery point metrics for two important Microsoft internal SharePoint 2007 based sites, MSWeb and InfoWeb.

Table 2. Redmond Initial Replication and Recovery Point SharePoint Server 2007 Statistics

Protection facts per farm	MSWeb	InfoWeb
Initial replication time	17.5 minutes	5.9 hours
Initial replication data processed	13.3 GB	301.9 GB
Recovery point time	14.5 minutes	24.5 minutes
Recovery point data processed	1.1 GB	3.4 GB

As the preceding table shows, internal SharePoint Web sites are easily and quickly protected via Data Protection Manager 2007. After the initial replication has finished, very large stores can be backed up in a matter of minutes instead of hours. Recovery points take as little as 25 minutes for the same data set each time a backup is needed. Additionally, Data Protection Manager 2007 captures only the changes made to the disk, so each new backup is less than 4 GB.

These backup metrics capture not only the SQL databases for SharePoint Server, but also the farm, site, and document levels for recovery. This means each recovery point that Data Protection Manager creates represents the ability to recover any or all aspects of the SharePoint farm at increments as short as every 15 minutes. Data Protection Manager enables Microsoft IT to enjoy this increased level of protection with the following features:

• Data Protection Manager coexists with earlier backup products during the transition to a Data Protection Manager-only environment.
• Document restores can recover a single document without having to restore the entire content database.
• Data Protection Manager provides protection for SharePoint Server 2007-based servers and SQL Server 2005 content and configuration databases.
• Restores run at wire and system speeds, rather than at slower tape restore speeds.
• No dedicated backup network is necessary.

In summary, Data Protection Manager provides backup and protection features for SharePoint Server that reduce the maintenance windows and operational costs associated with helping to protect mission-critical servers.

SQL Server 2005 Protection

Data Protection Manager 2007 natively supports SQL Server 2005. Microsoft IT found that Data Protection Manager was extremely proficient at protecting SQL Server resources. As in many organizations, a large portion of the environment that Microsoft IT's initial deployment of Data Protection Manager 2007 helped to protect consisted of SQL Server-based servers that provided content and configuration storage to numerous SharePoint farms.

As part of the Data Protection Manager 2007 rollout, Microsoft IT deployed 72 SQL Server-based servers and clusters. Of these servers and clusters, Data Protection Manager helped to protect 42 terabytes of data on SQL Server 2005 and Microsoft SQL Server 2000-based servers. The protection of the production SQL Server 2005-based servers has not required a dedicated network, and is easily supported on the existing 100-megabit and 1-gigabit connections that the servers use for other tasks. The SQL Server administrators have enjoyed the following benefits:

• Block-level backups significantly reduce nightly backups over traditional disk-to-disk and tape-based methods. Block-level backups record changes to the physical disk instead of individual files.
• A Data Protection Manager-based client uses about 15 percent of the CPU on production servers, compared with 30 percent from traditional backups.
• Directed restores for customers is very simplified through the use of the DPM console.

In addition to being more efficient than traditional tape or flat file backups—and supporting clustering—Data Protection Manager 2007 provides seamless integration into active/passive clusters and log shipping scenarios.

Active/Passive Clusters

Microsoft uses several traditional SQL Server-based clusters in production, and used Data Protection Manager 2007 to backup key SharePoint 2007 farms in Redmond and Singapore. As shown in Figure 1, the Data Protection Manager agent connects to the cluster as a single unit and automatically detects the presence of the SQL Server-based cluster. Failover and failback are seamless and do not require any intervention or actions with Data Protection Manager.

Figure 1. Data Protection Manager and active/passive SQL Server clustering

Log Shipping

There are many instances in the enterprise in which SQL Server log shipping is required to help protect SQL Server-based servers. In a log shipping environment, SQL Server copies transaction logs to other SQL Server log shipping recipient servers. This technique enables the remote server or servers to replay transaction logs and to recover the SQL databases on a completely different server.

Figure 2 shows how Data Protection Manager integrates with SQL Server in a SQL Server log shipping scenario.

Figure 2. Data Protection Manager and SQL Server log shipping scenario

Data Protection Manager fully supports the log shipping feature with the following requirements:

• The solution features one SQL Server-based server with redundant databases.
• Data Protection Manager treats each copy as a unique drive.
• Redundant backups require both drives to have protection.

Key Features of Data Protection Manager 2007

Microsoft IT used Data Protection Manager 2007 to take advantage of several key features that provide for simple, centralized management of backups and associated resources, as well as fast and efficient backups of Windows Server 2003, Exchange Server 2007, SharePoint Server 2007, SQL Server 2005, and Virtual Server 2005. Native support for these technologies results in a backup infrastructure that is stable, fast, and efficient for backups and restores alike.

Fast RPO

Data Protection Manager supports point-in-time recoveries without the need for constant replication or synchronization. RPO time is reduced because Data Protection Manager can seamlessly integrate a point-in-time restore by integrating logs and existing backups.

Native Support for Server Products

With native support for Exchange Server 2007, SharePoint Server 2007, SQL Server 2005, and Virtual Server 2005, administrators can take advantage of fast backups and recoveries with a simple interface and an efficient agent.

Self-Service Restores

By using the VSS of servers running Windows Server 2003 and Windows Server 2008, users can recover files from Data Protection Manager backups without seeking support. This results in a significantly faster response time and reduces the load on administrative staff.

Seamless Support for Backup Media

Tape libraries and drives are connected to centralized Data Protection Manager servers, eliminating the need for tape devices to be attached to individual application servers. The result is a consolidated tape infrastructure that is transparent to the systems and applications that are being backed up.

Small and Efficient Backup Agent

The Data Protection Manager agent uses very little system CPU, memory, or disk space during the capture of recovery points. Because the capture of recovery points uses so little CPU and disk space, backups can be captured during business hours with little or no impact on the production system. Typical CPU load of the agent was less than 15 percent. The agent is also very easy to deploy via the Data Protection Manager console or via a packaged application through the use of Microsoft System Center Configuration Manager 2007. Microsoft IT deployed to more than 600 hosts with a success rate higher than 97 percent.

Initial Replication

The first step after the installation of the Data Protection Manager agent to a server that needs protection is the initial replication. This process captures a block-level image of the entire set of protected disks. This process takes approximately as much time and as many resources as a traditional full disk-to-disk backup. Initial replication needs to occur only once per server.

Recovery Points

After the initial replication has finished, each new backup needs to capture only block-level changes to the disks. The generation of this new backup is called a recovery point. Recovery points take little time because they need to capture only the changes from the previous recovery point at the disk level. They require very little disk space, CPU resources, or network resources. Based on these minimal needs, Microsoft IT can protect servers on 1-gigabit and 100-megabit networks without the need for dedicated backup networks.

Disk-to-Disk Backups

Initial replications and recovery points are stored initially on inexpensive disk arrays. These arrays enable multiple revisions to be stored locally on the server running Data Protection Manager to provide extremely fast access for the recovery of data.

Disk-to-Disk-to-Tape Backups

The initial replication and recovery point information that is stored on the Data Protection Manager disk arrays can be easily scheduled and copied to disk, tape drives, and libraries. This feature allows for tapes to be sent off-site for disaster recovery and compliance. Because backups have been abstracted from the clients, tape schedules can occur during normal business hours independent of client backups.

Native Exchange Server 2007 Support

Data Protection Manager helps protect Exchange Server 2007 and is not only cluster aware but also cluster competent, meaning that Data Protection Manager can detect cluster configurations and can back up accordingly. Data Protection Manager therefore supports single copy cluster (SCC), local continuous replication (LCR), CCR, and standby continuous replication (SCR with Exchange Server 2007 Service Pack 1) cluster configurations. Data Protection Manager helps protect Exchange Server by storage group, but can easily restore a single storage group, mail database, or mailbox.

Native Office SharePoint Server 2007 Support

Data Protection Manager supports Office SharePoint Server 2007 as well, which helps protect the application at the SQL database, SharePoint farm, Web site, and document level. Although SharePoint Server has a built-in Recycle Bin for deleted items, Data Protection Manager can help protect every component of the farm. Documents can be restored to the original path or to an alternate path, if necessary.

Native SQL Server 2005 Support

Database servers running SQL Server 2005 are critical to enterprise applications. With Data Protection Manager, the servers backed up. Data Protection Manager synchronizes changes to the disk, so recoveries are fast and easy. This technique means that SQL Server can be backed up during business hours without lengthy tape backups.

Challenges in Deployment

As with any enterprise IT environment, the presence of multiple server platforms can create numerous challenges for data protection. Differing backup media formats, servers in different countries and time zones, and different maintenance windows for different products and locations all contribute to a challenging deployment of any product.

Working inside a corporate IT environment requires working within clearly defined maintenance windows. Global deployments can also present a challenge to businesses, adding an additional layer of complexity to infrastructure support. By using the Data Protection Manager 2007 console for management and System Center Configuration Manager 2007 to deploy the Data Protection Manager agent, Microsoft IT was able to deploy over 600 agents worldwide quickly.

Microsoft IT deployed numerous servers of varying types for the solution. The types included file servers, SQL Server-based servers, and SharePoint Farms. Figure 3 shows the number of each type of server that Microsoft IT deployed.

Figure 3. The number of each type of server in the Microsoft IT deployment

Microsoft IT supports numerous systems and a large amount of data on a global scale every day. For the initial deployment, Microsoft deployed Data Protection Manager 2007 with the following statistics:

• 646 total servers
• 16 Exchange Server 2007 mailbox servers
• 72 SQL Server 2005 and SQL Server 2000-based servers
• 3 SharePoint Server 2007 farms
• More than 100 terabytes of protected data

As shown in Figure 4, the automated deployment success rate for the Data Protection Manager agent was higher than 97 percent. Microsoft IT achieved this number through an automated deployment process via Microsoft Systems Management Server and a packaged installation file for the Data Protection Manager agent. Microsoft IT needed to install very few clients through the Data Protection Manager console. This deployment includes servers of varying configurations and connectivity worldwide. Packaging the Data Protection Manager 2007 agent has proved to be an effective process.

Figure 4. Automatic and manual deployment metrics for the Data Protection Manager 2007 agent

Real-World Recovery Scenario

Microsoft IT realized a key benefit through the real-world usage of Data Protection Manager. For example, 344 GB of SQL Server 2005 and SharePoint Server 2007 data was lost on a server farm. With the help of Data Protection Manager, administrators recovered the entire set of 344-GB files in 2 hours and 46 minutes. Data of this size on tape would have meant a lengthy restore from one or more tapes. Additionally, Microsoft IT performed this recovery over the shared application network without the need for a dedicated backup network. Using the shared application network enabled Data Protection Manager administrators to achieve a faster recovery time and to realize lower maintenance costs.

Conclusion

Data Protection Manager 2007 offers key functionality to organizations of many sizes through efficient use of server, disk, and tape resources. This efficiency is achieved through a small and efficient agent that needs to synchronize only block-level changes to a disk andData Protection Manage capitalizes on those changes to present application-aware restore options.

This implementation has enabled Microsoft IT to simplify the backup and restore infrastructure for many large and heavily used applications and databases, while reducing the costs that are associated with maintenance windows and application server load, and costs related to deployment and management.

As a result, the backups of many large enterprise collaboration and communication server platforms finish in a manner of minutes each day. This is a marked improvement over the time and resources required for traditional disk-to-disk and disk-to-tape methods. Data Protection Manager is a key part of support and protection at Microsoft.

For More Information

For more information about Microsoft products or services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada information Centre at (800) 563-9048. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information via the World Wide Web, go to:

http://www.microsoft.com/dpm/

http://www.microsoft.com/technet/itshowcase