Back up client computers with DPM

You can deploy System Center Data Protection Manager (DPM) to back up client computers. Depending on the client operating system, you can back up volumes, shares, folders, files, and deduped volumes.

Prerequisites and limitations

Before you deploy DPM to protect client computer data, verify the deployment prerequisites:

• Read about the client operating systems you can support in What can DPM back up?

• Review the release notes and read about any client protection issues in What's supported and what isn't for DPM?

• Ensure that the client machines you want to back up are in the DPM server domain or in a domain with a two-way trust relationship with the DPM domain.

• To set up client machines for protection, install the DPM protection agent on them. If Windows Firewall is configured on the client computer, the agent installation will set up the firewall exceptions it needs. If you need to reset the firewall, you can reconfigure it by running SetDpmServer.exe. If you're using a firewall other than Windows Firewall, you'll need to open the necessary ports. Learn more in Deploy the DPM protection agent.

• DPM can back up client computers that are physically or wirelessly connected to the local area network (LAN) or back up over VPN. For VPN backup, the ICMP should be enabled on the client computer.

• Each DPM server can protect up to 3000 client computers. When protecting client computers at scale, we recommend you create multiple protection groups and stagger the recovery point times for those protection groups. The more the number of clients that belong to a protection group, the longer it takes to enumerate the changes to the protection group.

• You can tweak the performance of client data backup as follows:

  • If client data backup is slow, you can set this key to a lower value: HKLM\Software\Microsoft\Microsoft Data Protection Manager\Agent\ClientProtection\WaitInMSPerRequestForClientRead to a lower value.

  • To scale up client performance, you can tweak these registry keys:

    • Software\Microsoft\Microsoft Data Protection Manager\Configuration\DPMTaskController\MaxRunningTasksThreshold. Value: 9037ebb9-5c1b-4ab8-a446-052b13485f57

    • Software\Microsoft\Microsoft Data Protection Manager\Configuration\DPMTaskController\MaxRunningTasksThreshold. Value: 3d859d8c-d0bb-4142-8696-c0d215203e0d

    • Software\Microsoft\Microsoft Data Protection Manager\Configuration\DPMTaskController\MaxRunningTasksThreshold. Value: c4cae2f7-f068-4a37-914e-9f02991868da

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\Collocation\Client. Value: DSCollocationFactor

Before you start

1. Deploy DPM - Verify that DPM is installed and deployed correctly. If you haven't, see:

   • System requirements for DPM

   • What can DPM back up?

   • What's supported and what isn't for DPM?

   • Get DPM installed

2. Set up storage - You can store backed-up data on disk, on tape, and in the cloud with Azure. Read more in Prepare data storage.

3. Set up the DPM protection agent - The agent needs to be installed on client computers you want to protect. Read Deploy the DPM protection agent.

Well known folders to back up on client computers

If you're looking to back up certain common folders in your client machines, you can select these folders from the Well Known Folder list in DPM, and DPM will take backup of these folders on your client computers in subsequent backup cycles. Below is the list of the well known folders that you can back up with DPM:

The details of the registry entry are below. Modify the value USERNAME according to your username of the client computer.

• reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"/v Links /t REG_SZ /d C:\Users\USERNAME\Links

• reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"/v Downloads /t REG_SZ /d C:\Users\USERNAME\Downloads

• reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"/v “Slides Shows” /t REG_SZ /d C:\Users\USERNAME\Pictures

• reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"/v “Quick Launch” /t REG_SZ /d “C:\Users\USERNAME\AppData\Roaming\Microsoft\Internet Explorer\QuickLaunch”

Back up client computers

1. Select Protection > Actions > Create Protection Group to open the Create New Protection Group wizard in the DPM console.

2. In Select protection group type, select Clients. You only select clients if you want to back up data on a Windows computer running a Windows client operating system. For all other workloads, select server. Learn more in Deploy protection groups

3. In Select Group Members, select Add Multiple Computers. You can add the client computers you want to back up in a text file. In the file, you'll need to enter each computer on a new line. We recommend that you provide the FQDN target computers. For example, enter multiple computers in a .txt file as follows:

   • Comp1.abc.domain.com

   • Comp2.abc.domain.com

   • Comp3.abc.domain.com

   If DPM can't find the text file or any of the computers, it will add them to the log file. Select Failed to add machines to open the log file. To add new client computers to an existing protection group, right-click the group name and select Add client computers.

   • On the Specify Inclusions and Exclusions page, specify the folders to include or exclude for protection on the selected computers. To select from a list of well-known folders, such as Documents, select the dropdown list.

   Note

   • When you exclude a folder and then specify a separate inclusion rule for a subfolder, DPM doesn't back up the subfolder. The exclusion rule overrides the inclusion rule.
   • When you include a folder and then specify a separate exclude rule for a subfolder, DPM backs up the entire folder, except for the excluded subfolder.
   • When you include a well-known folder such as Documents, DPM locates the Documents folder for all users on the computer and then applies the rule. For example, if the user profile for computer Comp1 contains the Documents folder for both User1 and User2, DPM will back up both folders.
   • In the Folder column, enter the folder names using variables such as program files or you can use the exact folder name. Select Include or Exclude for each entry in the Rule column.
   • You can select Allow users to specify protection members to give your end users the choice to add more folders on the computer that they want to back up. However, the files and folders you have explicitly excluded as an administrator cannot be selected by the end user.
   • Under File type exclusions, you can specify the file types to exclude using their file extensions.

4. In Select data protection method, specify how you want to handle short- and long-term backup. Short-term backup is always to disk first, with the option of backing up from the disk to the Azure cloud with Azure backup (for short- or long-term). As an alternative to long-term backup to the cloud, you can also configure long-term back up to a standalone tape device or tape library connected to the DPM server.

5. In Select short-term goals, specify how you want to back up to short-term storage on disk. In Retention range, specify how long you want to keep the data on disk. In Synchronization frequency, specify how often you want to run an incremental backup to disk. If you don't want to set a backup interval, you can check just before a recovery point so that DPM will run an express full backup just before each recovery point is scheduled.

6. If you want to store data on tape for long-term storage in Specify long-term goals, indicate how long you want to keep tape data (1-99 years). In Frequency of backup, specify how often backups to tape should run. The frequency is based on the retention range you've specified:

   • When the retention range is 1-99 years, you can select backups to occur daily, weekly, bi-weekly, monthly, quarterly, half-yearly, or yearly.

   • When the retention range is 1-11 months, you can select backups to occur daily, weekly, biweekly, or monthly.

   • When the retention range is 1-4 weeks, you can select backups to occur daily or weekly.

   On a standalone tape drive, for a single protection group, DPM uses the same tape for daily backups until there's insufficient space on the tape. You can also colocate data from different protection groups on tape.

   On the Select Tape and Library Details page, specify the tape/library to use and whether data should be compressed and encrypted on tape.

7. In the Review disk allocation page, review the storage pool disk space allocated for the protection group.

   Total Data size is the size of the data you want to back up, and Disk space to be provisioned on DPM is the space that DPM recommends for the protection group. DPM chooses the ideal backup volume based on the settings. However, you can edit the backup volume choices in the Disk allocation details. For the workloads, select the preferred storage in the dropdown menu. Your edits change the values for Total Storage and Free Storage in the Available Disk Storage pane. Underprovisioned space is the amount of storage DPM suggests you add to the volume to continue with backups smoothly in the future.

8. In Choose replica creation method, select how you want to handle the initial full data replication. If you select to replicate over the network, we recommend you choose an off-peak time. For large amounts of data or less than optimal network conditions, consider replicating the data offline using removable media.

9. In Choose consistency check options, select how you want to automate consistency checks. You can enable a check to run only when replica data becomes inconsistent or according to a schedule. If you don't want to configure automatic consistency checking, you can run a manual check at any time by right-clicking the protection group in the Protection area of the DPM console and selecting Perform Consistency Check.

10. If you've selected to back up to the cloud with Azure Backup, on the Specify online protection data page, ensure to select the workloads that you want to back up to Azure.

11. In Specify online backup schedule, specify how often incremental backups to Azure should occur. You can schedule backups to run every day/week/month/year and the time/date at which they should run. Backups can occur up to twice a day. Each time a backup runs, a data recovery point is created in Azure from the copy of the backed-up data stored on the DPM disk.

12. In Specify online retention policy, specify how the recovery points created from the daily/weekly/monthly/yearly backups are retained in Azure.

13. In Choose online replication, specify how the initial full replication of data will occur. You can replicate over the network or do an offline backup (offline seeding). Offline backup uses the Azure Import feature. Read more.

14. On the Summary page, review your settings. After you select Create Group, initial replication of the data occurs. When it finishes, the protection group status will show as OK on the Status page. Backup then takes place in line with the protection group settings.

Recover client data

You can recover the client data using any one of the following methods:

• Allow clients to recover their own data by setting up user recovery
• Use the Recovery Wizard to recover client computer data

Select the required tab for steps to allow clients to recover their own data or recover client data using Recovery Wizard: