내보내기(0) 인쇄
모두 확장
EN
이 콘텐츠는 한국어로 제공되지 않아 영어 버전으로 표시됩니다.

Ensure business continuity with backup and recovery

Updated: February 6, 2014

Applies To: Azure, System Center 2012

A technical strategy for business continuity helps to keep your internal and external applications, workloads, and services up and running during planned downtime and unplanned outages. It also ensures that business-critical data is backed up and stored, and that it can be recovered within a reasonable amount of time when an unexpected incident or disaster occurs. This guide focuses on the data backup and recovery piece of a business continuity strategy.

Who is this guide intended for? This solution guide is intended for information technology (IT) administrators who need to plan and deploy strategies and technologies for data backup and recovery in a medium-to-large business. Ensuring you have a solution in place avoids workload downtime, incomplete or unreliable data, financial costs, and user frustration.

How can this guide help you? You can use this solution guide to understand the high-level solution design and implementation steps that we recommend to address a challenging cross-technology problem. This solution guide describes an end-to-end backup and recovery solution. Ensuring that you have a solution in place can help avoid workload downtime, incomplete or unreliable data, financial costs, and user frustration. Use this guide to understand how Microsoft technologies fit together to provide a comprehensive solution for protecting your data by backing it up and returning to “business as usual” following data loss.

The following diagram illustrates the problem that this solution guide is addressing.

Business Continuity—Data Backup

Backup Architecture

In this solution guide:

This section describes the scenario, problem statement, and goals for an organization that are useful as an example for this guide. It provides a typical example of a backup and recovery scenario that this guide addresses, a problem statement to help you figure out how you might implement your backup strategy, and organizational goals that help you pin down your strategy.

Scenario

As an example, your organization is an expanding, medium-size organization with a number of Microsoft technologies deployed:

  • You have two Windows Server file servers that contain critical and important business data.

  • You have a Hyper-V host server that runs a couple of virtualized internal applications.

  • You’re running an Exchange server for email, a SharePoint server for information storage and sharing, and a SQL Server for application data.

  • Most of your employee desktop computers run Windows 7. Employees are supposed to save business critical files to your network file servers or to a SharePoint site for collaboration purposes, but business files are often left on their local desktop computers.

  • You have a storage area network (SAN)/unified storage device from a non-Microsoft vendor.

Problem statement

The overall problem you want to solve is:

As an IT administrator, how can you deploy a backup and recovery plan that ensures that business-critical data is backed up and stored, and that it can be recovered within a reasonable amount of time when an unexpected incident or disaster occurs?

Your problem has the following aspects:

  • Your backup strategy has grown piecemeal over the years.

  • Your current backup application didn’t perform well the last time there was an unexpected outage. Recovery was slow, and some critical data was lost.

  • You currently store data on your on-premises SAN disk only.

  • Your current solution has a number of limitations in terms of scheduling, management complexity, and the types of backups that can be performed.

  • In particular, your current solution isn’t optimized for backing up the Microsoft workloads around which your organization revolves.

There are a number of factors that make it obvious that your backup strategy needs an overhaul. The problems you want to address include the following:

  • You need to avoid another situation in which critical enterprise data is lost or can’t be recovered within a reasonable amount of time.

  • You need some type of off-site storage is case of an on-site disaster.

  • The amount of data you need to protect is growing rapidly. You currently have around 20 terabytes (TB) of data you need to protect, which is growing at around 20 percent per year.

  • You need an optimal way to back up your Microsoft workloads.

  • You need a simpler way to manage and monitor your data backups, and to run data recovery.

Organization goals

Based on the scenario and problem statements, you identify the following goals for your organization:

  • Data support—Deploy a solution that enables you to back up the different types of data across your organization, including workloads and file-based data. You want to be able to back up data at a high level of detail, including individual files and files-in-use, individual folders, network locations, drives, registry, Microsoft workloads, virtualized applications, and complete system backup (image backup).

  • Workload resilience—Deploy a solution that supports application and hypervisor awareness, so that your workloads can continue running during backup without disruption of normal operations.

  • Data volume—Deploy a backup solution that can handle large amounts of data to meet your growing needs.

  • Storage options—Deploy a backup solution that provides a range of storage options, and that works with your available storage hardware and budget.

  • RPO—Provide a storage option that takes into account different recovery point objective (RPO) requirements. Your RPO will define the maximum period for which it’s acceptable for data to be unavailable when an outage occurs. Your RPO will be different for different types of data, and you’ll need a backup solution that takes this into account.

  • Ease of management—Deploy a solution that can be initiated, managed, and monitored easily. Allow users in your organization to initiate backups themselves.

  • Backup flexibility—Deploy a solution with backup scheduling flexibility. You want the ability to schedule both on-demand and customized backups, so that you can back up what you want when you want.

  • Simple and fast recovery—Ensure that backed up data is easy to recover and restore. You need to be able to restore data automatically, including workloads and individual files and folders. You want to be able to restore file paths and hard drive images, and to restore to a separate location.

  • Cost—Deploy a solution with clear costing.

This section describes the solution design that addresses the problem described in the previous section and provides high-level planning considerations for this design.

Microsoft System Center 2012 R2 and Windows Azure provide technologies that meet your organizational goals and address the problem space.

The following diagram illustrates how Microsoft technologies, including System Center 2012 R2 Data Protection Manager (DPM) and Windows Azure Backup, map to these goals.

Business Continuity—Backup Solution Architecture

Backup Technologies

The following table lists the elements that are part of this solution design and describes the reason for the design choice.

 

Solution design element Why is it included in this solution?

System Center 2012 DPM

DPM provides a centralized backup system for Microsoft workloads, servers, and client computers. You can use DPM to back up multiple Microsoft workloads across your enterprise using a single point of management. You can back up data to disk, tape, and to the cloud using Windows Azure Backup.

Windows Azure Backup

Windows Azure Backup provides an off-premises backup to the Windows Azure cloud. You can back up data from Windows Server and from DPM.

Let’s look more closely at how the features of these products align to your organizational goals.

 

Meeting organizational goals System Center 2012 DPM Windows Azure Backup

What kind of data can be backed up?

Using DPM you can back up:

  • Microsoft workloads, including Windows File Server, Exchange. SQL Server, SharePoint, Windows, Hyper-V, System Center VMM.

  • Windows servers.

  • Clustered servers.

  • Windows client computers.

You can back up data at the following levels:

  • File data—full server (all volumes), volumes, shares, folders

  • Microsoft workload data

  • Server—System state

  • Server—full backup for bare-metal recovery

Using Windows Azure Backup, you can back up files and folders on servers running:

  • Windows Server 2012 R2 or Windows Server 2012

  • Windows Server 2012 Essentials

  • DPM

What kind of support is provided for backing up Microsoft workloads?

DPM hooks into Microsoft workloads to provided tailored protection, including:

  • SQL Server—database backup

  • Exchange server—stand-alone server, databases in a database availability group (DAG)

  • SharePoint—farm, SharePoint search, front-end Web server content

  • Hyper-V—Hyper-V computers, cluster-shared volumes (CSVs)

For more information, see Support Matrix for DPM Protection.

You can back up files and folders directly to Windows Azure Backup. Additionally, you can back up DPM data to Windows Azure Backup for SQL Server and Hyper-V workloads.

What volume of data can I back up?

DPM provides the following data volumes:

  • For 64-bit computers, you can back up approximately 600 volumes (300 replica volumes and 300 recovery volumes) with a DPM server.

  • Volume capacity within this limitation depends on DPM limitations, the data you’re protecting, and storage space.

Windows Azure Backup supports 850 gigabytes (GB) per volume per backup. You can work around this limitation by using multiple volumes.

What storage options do I have?

You can back up DPM as follows:

  • Tape—Back up data directly to tape (supported for all data and workloads). Used for long-term storage.

  • Disk—Back up data to disk (supported for all data and workloads). Used for short-term storage. Doesn’t provide a complete solution for long-term or offsite storage.

  • Windows Azure Backup—Back up data to Windows Azure for short-term storage. Used in addition to disk backup.

  • You can also use a combination; for example, disk-to-disk-to-tape for short-term storage to disk and long-term storage to tape.

For more information about storage options and combinations, see Data Storage.

Windows Azure Backup provides storage as follows:

  • Cloud storage in Windows Azure

  • No tape export

  • Maximum retention period of 30 days for file data backed up from Windows Server or Windows Essentials

  • Maximum retention period for DPM data is 120 days when you synchronize once per day, or 60 days at two synchronizations per day.

How can I ensure data recovery meets my organizational RPO?

DPM restores data as follows:

  • Data backed up to DPM can be restored directly from disk, tape, or Windows Azure Backup. Tape recovery aligns to a generous RPO, and disk or online backup is useful when your RPO is limited.

  • DPM organizes workloads into protection groups. These can be prioritized for recovery in accordance with your RPO requirements.

Windows Azure provides built-in business continuity features for Windows Azure services, including Windows Azure Backup, to ensure that your data is always available for recovery.

Can I centrally manage my backup and recovery for different data sources?

You can centrally back up and recover data protected by DPM using the DPM console.

You can manage and recover data backed up by Windows Azure Backup in the Windows Azure console.

Can users back up and restore their own data from client computers?

DPM provides self-service support as follows:

Windows Azure Backup doesn’t provide any self-service options.

Can I schedule backups and perform them on demand?

  • You can schedule some options in DPM:

    • Synchronization frequency—You can set a synchronization schedule for a protection group. In accordance with the schedule, the DPM server checks the protected data source against its replica to verify whether changes have occurred. Then, it synchronizes any changes to keep the replica up to date. You can set a synchronization schedule from 15 minutes (default setting) to 24 hours.

    • Consistency check schedule—You can specify that during synchronization a consistency check should run. In addition to data replication, this check performs a block-by-block verification to ensure that all the data on the replica is consistent with the source data.

    • Recovery point schedule—You can create a schedule to specify how often recovery points are created. Recovery points are point-in-time replicas that can be used to recover data. For files, recovery points are based on the recovery point schedule. For application data, recovery points are created after each synchronization. By default, DPM creates a recovery schedule of three daily recovery points. However, you can customize this setting.

    • Backup frequency schedule—For long-term backup, you can specify a schedule for backup frequency. If your data retention setting is between 1 and 11 months, your backup frequency can be daily, weekly, bi-weekly, or monthly. If you’ve specified a data retention setting between 1 and 99 years, you can specify a frequency of daily, weekly, bi-weekly, monthly, quarterly, half-yearly, or annually.

You can schedule backups to Windows Azure Backup as follows:

  • For Windows Server backups, you can schedule every day up to three times per day. The maximum retention period is 30 days.

  • For DPM, you can schedule a maximum of twice a day. The maximum retention period is 120 days at once a day. If you schedule two backups a day, the maximum retention period is 60 days.

Can data be recovered easily?

DPM provides a Recovery Wizard to recover data from recovery points. You can recover the following types of data:

  • Servers/client computers—Recover file data at volume, share, folder, or file level. On protected client computers with end-user recovery enabled, users can recover their own files.

  • Exchange—mailboxes and mailboxes under a DAG

  • SharePoint—farm, database, Web application, file or list item, SharePoint search, SharePoint Front-End Web server

  • SQL Server—database

  • Hyper-V—item-level recovery of files, folders, volumes, and virtual hard drives

You can recover data from Windows Azure Backup as follows:

  • If you’ve backed up file data directly from Windows Server, you can recover data onto any server that’s connected to the Internet. This is useful for disaster recovery situations in which you are not able to get physical access or network access to your corporate network.

  • If you’ve backed up data from DPM to Windows Azure Backup, you can recover data from the DPM console. You can recover to the same location or to an alternate location.

What costs are involved?

DPM costs are in accordance with System Center licensing. For more information, see System Center 2012 R2.

Using Windows Azure Backup, you pay for data stored, not data transferred to computer resources. The first 5 GB per month is free. For more information, see Backup Pricing Details.

You can use the steps in this section to implement the solution. Make sure to verify the correct deployment of each step before proceeding to the next step.

Using these technologies you can put together a backup strategy that involves deploying DPM to back up your Microsoft workloads (Exchange, SharePoint, SQL Server, Hyper-V) and file data (file servers and client computers). As part of the DPM deployment you’ll gather your workloads into DPM protection groups and specify the backup storage you want to use for each protection group. This solution uses a mixture of disk backup and Windows Azure Backup for short-term storage, and tape backup for long-term storage.

The high-level steps to implement this solution are as follows:

  1. Download System Center 2012 R2

    You can download a trial version of DPM before you acquire the full version. For more information, see Download the Evaluation: System Center 2012 R2 from the TechNet Evaluation Center.

  2. Learn about DPM

    Before you set up DPM, read about system requirements, supported deployments, and DPM features. For more information, see Get started with System Center 2012 DPM in the TechNet library.

  3. Install DPM

    After ensuring that all prerequisites are in place, install DPM. For more information, see Install DPM in the TechNet library.

  4. Set up the DPM server

    You’ll need to configure storage, deploy the DPM agent, and set up protection groups. For more information, see Set up the DPM server.

  5. Verify backups

    After configuring backups, check that initial replication has started and that backup jobs are working as expected. For more information, see Verify backups.

  6. Enable user recovery

    You can configure end-user recovery so that users on client computers and servers can recover file data. You can also configure self-service recovery so that users with specified permissions can recover SQL Server databases. For more information, see Enable user recovery.

Deploy the DPM agent, configure DPM storage, and set up protection groups.

A general walkthrough for setting up client protection is available on Kevin Holman’s System Center Blog.

Deploy the DPM agent on each computer or server you want to protect.

Set up DPM storage as follows:

  1. Set up storage options for protection groups—Set up storage options in accordance with the recommendations in the following table.

  2. Configure disk storage—You’ll need to add a disk to the DPM backup storage pool to store replicas and recovery points. This disk shouldn’t have any volumes defined. For instructions, see Configure disk storage.

  3. Set up Windows Azure Backup—For instructions, see the following topics: Prerequisite for Windows Azure Backup, Configuring Backup Vaults for Windows Azure Backup, and Registering DPM servers.

  4. Set up tape storage—You’ll need to physically attach a tape library or stand-alone tape drive to the DPM server, and add it to the DPM library. For instructions, see Set up tape storage.

The following table summarizes the available storage options, and it specifies which options should be used for this solution.

 

Backup medium Description Characteristic Scenario recommendation

Disk-to-tape backup (D2T)

Back up data directly to tape, which is stored offsite

Backing up data directly to tapes offsite, without short-term disk backup offsite, mitigates data loss. It’s useful for:

  • Data that must be kept in order to fulfill statutory obligations.

  • Critical data with no loss tolerance.

  • Ensuring that the data is safe if disaster occurs onsite.

  • Data with a high RPO that doesn’t require you to access and recover it within a short critical period.

Not used in this scenario

Disk-to-disk-to-tape backup (D2D2T)

Backup data to disk in the short term and tape in the long term

Backing up data to disk for short-term storage and tape for long-term storage provides more flexibility than disk-to-tape backup only, because in the short term you’ll back up your data to disk and in the long term to tape. It’s useful for:

  • Critical and important data with some loss tolerance. Using this method, there is a time period in which data is stored on disk and probably onsite. If disaster occurs before your data is moved to tapes offsite, data loss can occur.

  • Data that has a short RPO in the short term and a longer RPO as time goes on. For example, you might be working on a particular project, and file data for that project is critical, with a short RPO for the next three months. However, after that period the RPO for that data gets longer.

Use to back up:

  • Exchange servers

  • SharePoint servers

  • For these scenarios, only disk is available for short-term storage. Windows Azure Backup isn’t supported.

You’ll need to purchase a tape library or stand-alone tape drive that must be physically attached to the DPM server. The tape library can be direct SCSI-attached or SAN.

Disk-to-tape backup (D2T) + Windows Azure Backup

Back up data to disk and Windows Azure in the short term and to tape in the long term

Backing up to both disk and Windows Azure for short-term storage works around some of the disadvantages of the disk-to-disk-to-tape method alone. It’s useful for:

  • Business-critical data that has a low loss tolerance in the short term and needs to be stored off premises.

  • Short-term data is available both on disk and in the cloud.

Use to back up:

  • SQL Server data

  • Hyper-V data

  • Server and client computer file data

Disk-to-disk backup (D2D)

Disk-to-disk backup (D2D) + Windows Azure Backup

Back up data to disk, or to disk and Windows Azure, for short-term storage only. No long-term storage.

Backing up data for the short-term only might be useful for:

  • Non-critical business data with high loss tolerance.

  • Non-critical business data that has a low RPO and therefore needs to be recovered quickly.

Not used in this scenario

Note that as an alternative you could decide to back up servers running Windows Server (Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 with SP1) directly, using Windows Azure Backup, and skip using DPM. For more information on this scenario, see Windows Azure Backup Overview.

You’ll set up a protection group for each type of data you want to protect. When you configure a protection group, you specify the data you want to protect, the short-term and long-term storage you want to use, a retention period for the data, how often data should be synchronized, and a recovery point time. You’ll review the recommended disk allocation for the protection group, specify how initial replication will be performed to create the data replica, and whether you want a consistency check to run during synchronization. Set up specific protection groups as follows:

  • Client computers and File servers—When you set up protection groups for client computers and file servers, you’ll select the computers or server and the file data you want to protect. You can also specify whether you want to allow users to specify other files to back up and recover. The users won’t be able to select any files you explicitly exclude. You’ll select disk and Windows Azure for short-term storage, and tape for long-term storage.

  • SQL Server—When you set up a protection group you’ll select the server running SQL Server that has the DPM agent installed, and you’ll specify which SQL Server databases on that server should be protected. You’ll select the options to perform short-term protection with disk and Windows Azure Backup, and long-term protection with tape.

  • Exchange—Before protecting Exchange, you’ll need to copy the ese and eseutil files (usually located at C:\Program Files\Microsoft\Exchange Server\V14\Bin) to the DPM server. The versions of these files must be the same on the server you’re protecting, and on the DPM server. When you configure the protection group, you’ll select the Exchange mailbox databases you want to protect. You’ll configure short-term protection with disk only, and long-term protection with tape. Then, the wizard runs an integrity check for the Exchange databases. This offloads backup consistency checking from the Exchange server to the DPM server, eliminating the impact of running eseutil on the Exchange server during backup. There’s a useful full walkthrough of this deployment at MSExchange.org.

  • SharePoint—Before you configure a protection group, be sure the DPM protection agent is running on at least one Front End server in the farm, and on all SQL servers that host databases for the SharePoint Farm. In addition, you’ll need to run ConfigureSharepoint.exe –EnableSharepointProtection from an elevated Windows PowerShell command line with an account that has full access to SharePoint. This configures SharePoint permissions and VSS writer for DPM. When you configure the protection group, you’ll select a farm database from the SharePoint Front End server. When you configure the protection group, you’ll select the options to perform short-term protection with disk only, and long-term protection with tape.

  • Hyper-V—When you configure a protection group for Hyper-V, you select the virtual machines on the Hyper-V host or cluster that you want to protect. You can select the options to perform backups online (with no interruption to a working virtual machine), or offline (which pauses the virtual machine, takes a snapshot, and then backs it up). You’ll select the options to do short-term storage with disk and online with Windows Azure Backup, and long-term storage with tape.

Verify that backups are working as expected. When you configure your workload backups with DPM protection groups, DPM immediately performs the initial replication (full backup) of the data. In the DPM console, the Protection Groups will show this initial replication as progress, and they will show an OK status when the replication succeeds. In addition, you can view the monitoring jobs and alerts in the console. Backups to Windows Azure can be monitored in the Windows Azure portal. For more information, see Manage and monitor backup vaults in Windows Azure Backup.

You can specify that end users can independently recover file data by retrieving recovery points of their files. Enabling end-user recovery involves configuring Active Directory Domain Services (AD DS) to support end-user recovery, enabling the end-user recovery feature on the DPM server, and installing the shadow copy client software on the client computers. For more information, see How to enable end-user recovery.

You can also enable user recovery for SQL Server databases that are backed up by the DPM server, using the Self-Service Recovery Tool (SSRT). For more information, see DPM Self-Service Recovery Tool.

 

Content type References

MSDN forum

TechNet forum

Blog

이 정보가 도움이 되었습니까?
(1500자 남음)
의견을 주셔서 감사합니다.
표시:
© 2014 Microsoft