Deploy backup and recovery for business continuity
Updated: February 6, 2014
Your business continuity strategy defines how you keep corporate data available—and business workloads up and running—during both planned downtime and unplanned outages. This guide provides a backup and recovery solution.
How can this guide help you? This guide helps individuals and teams who are evaluating, designing, and deploying a backup and recovery solution. As an IT administrator or team in a medium-to-large business, you can use this guide to understand the recommend steps for deploying a backup and recovery solution.
In this solution guide:
The following diagram illustrates the problem that this solution guide is addressing.
This section uses an example to describe the scenario, current problem, and goals that you might have.
You’re an expanding, medium-size organization whose business is built around a number of Microsoft technologies:
You have two Windows Server file servers that contain business data that ranges from critical to important.
You run a couple of virtualized internal applications on a Hyper-V host server.
You use an Exchange server for email, a SharePoint server for information sharing, and a server running SQL Server as a backend database for your application data.
Most of your employee desktop computers run Windows 7, 8, or 8.1. Employees are supposed to save business critical files to your network file servers or to a SharePoint site for collaboration purposes, but files are often left on local desktop computers.
You have a storage area network (SAN)/unified storage device from a non-Microsoft vendor.
The overall problem you want to solve is:
How do I get my business data backed up and stored, and how do I recover that data within a reasonable amount of time when an unexpected incident or disaster occurs?
In answering this question, you have a number of issues associated with your current environment:
Your backup strategy has grown piecemeal over the years, and the processes aren’t well-known.
Your current backup assumes all corporate data is of the same importance, although it isn’t.
Recovery was slow the last time you had an unexpected outage, and some critical data was lost.
You back up data only to an on-premises SAN disk. You’re concerned what might happen if a disaster occurs in the building.
Your current backup solution is complex to manage, there are scheduling limitations, and only some types of backups can be performed. In particular, your current solution isn’t optimized for backing up the Microsoft workloads around which your organization revolves.
Your storage needs are growing. There are currently 20 terabytes (TB) of data in the organization, and this number is growing at around 20 percent per year.
After analyzing the problem and issues, you’ve identified these goals and requirements:
Provide optimal and flexible backup—You need to back up different types of data with differing levels of detail, for example, applications, workloads, computers and servers, volumes, folders, and files. The solution should be optimized for backup of Microsoft workloads.
Provide resilient backup—Workloads must remain up and running during backup, so that normal operations aren’t disrupted.
Provide scalable storage—You need scalable storage to accommodate your growing needs.
Provide offsite storage—Offsite storage is important in case of onsite disaster.
Define data RPOs—The solution should reflect that not all data is equal, and it should allow for variations in recovery point objectives (RPOs) for different data types. An RPO defines the maximum period that’s acceptable for data to be unavailable when an outage occurs, so it’ll be shorter for more critical data.
Ensure ease of management and self-service—Backup should be initiated, managed, and monitored easily. Users need to be able to initiate backup and recovery from their computers.
Provide backup initiation—You need to be able to run both scheduled and on-demand backups.
Ensure simple data recovery—It should be easy to recover data manually and automatically. You’ll need to be able to restore data at different levels and to the original or alternate location.
Provide simple costing—Costing should be easy to figure out.
The following diagram illustrates the backup and recovery design, which focuses on Microsoft System Center 2012 R2 Data Protection Manager (DPM) and Microsoft Azure.
The following table lists the design elements.
Why is it included in this solution?
System Center DPM (DPM) provides simple and centralized backup of Microsoft workloads, and servers and clients running Microsoft operating systems.
Azure Backup enhances DPM backup options. In addition to backing up data to disk for short-term storage, you can back up data to the Azure cloud for off-premises online storage.
Let’s see how these technologies align to your organizational goals and solve the problem and issues you identified.
Provide optimal and flexible backup
DPM provides tailored backup and recovery for Microsoft workloads, including:
For more information, see DPM protection support matrix.
Backed up data can be stored on tape or disk, and in the Microsoft Azure cloud.
Provide resilient backup
DPM uses the Volume Shadow Copy Service (VSS) to back up without disrupting normal operations.
DPM synchronization is asynchronous, so that it doesn’t block disk I/O on the protected sources. Data changes are stored in the agent synchronization log and then replicated across the network to the DPM server, where they are stored in the transfer log. VSS creates consistent point-in-time shadow copies of the copied data. After the synchronization is complete, VSS creates replicas that can be recovered as required.
Provide scalable backup and storage
DPM provides the following data volumes:
Provide offsite storage to tape
For long-term storage, you can back up data to tape. For more information, see Data Storage.
Provide offsite storage to Azure
In addition to backing up data to disk for short-term storage, you can back up data to Microsoft Azure for offsite storage:
Define data RPOs
DPM organizes resources that you want to protect into protection groups. You can organize your protection groups by workload or by data importance. For example, you can create a protection group that contains multiple volumes that include critical business data, and another group with volumes containing less important end-user data. In case of unexpected outages, you can restore data from protection groups in accordance with the importance of data and the required RPO.
You can restore data from disk, tape, and Azure. Obviously, recovery from tape will be slower, aligning to a longer RPO. Disk and online backup can be restored more quickly for a shorter RPO.
Ensure ease of management and self service
You can centrally back up and restore all your data (from tape, disk, and Azure) in the DPM console, using simple wizards.
DPM provides self-service support:
Provide backup initiation
You can run scheduled and on-demand backups in DPM:
You can schedule some options in DPM:
Ensure simple data recovery
DPM provides a Recovery Wizard to recover:
Provide simple costing
DPM costs are in accordance with System Center licensing. See System Center 2012 R2.
To back up to Azure, you pay for data stored, not data transferred to computer resources. The first 5 GB per month is free. See Backup Pricing Details.
Use the steps in this section to implement the solution. Verify each step before proceeding to the next.
If you want to print or export a customized set of solution topics, see Print/Export Multiple Topics – Help.
Download System Center 2012 R2
You can download a trial version of DPM before you acquire the full version. For more information, see Download the Evaluation: System Center 2012 R2 from the TechNet Evaluation Center.
Learn about DPM
Before you set up DPM, read about system requirements, supported deployments, and DPM features. For more information, see Get started with DPM in the TechNet library.
After ensuring that all prerequisites are in place, install DPM. For more information, see Installing and Upgrading System Center 2012 - DPM in the TechNet library.
Configure disk storage—You’ll need to add a disk to the DPM backup storage pool to store replicas and recovery points. This disk shouldn’t have any volumes defined. For instructions, see Configure disk storage.
Set up tape storage—You’ll need to physically attach a tape library or stand-alone tape drive to the DPM server, and add it to the DPM library. For instructions, see Configure tape storage.
A general walkthrough for setting up client protection is available on Kevin Holman’s System Center Blog.
Install and configure the DPM protect agent—Install the agent on each computer or server you want to protect.
Configure protection groups—Gather and organize the servers and computers you want to protect into protection groups. When you create a protection group, you set up short-term and long-term backup options, schedule backups, and set up initial replication for the data.
For this solution, set up protection groups as follows:
Client computers and File servers—When you set up protection groups for client computers and file servers, you’ll select the computers or server and the file data you want to protect. You can also specify whether you want to allow users to specify other files to back up and recover. The users won’t be able to select any files you explicitly exclude. You’ll select disk and Azure for short-term storage, and tape for long-term storage.
SQL Server—When you set up a protection group, you’ll select the server running SQL Server that has the DPM agent installed, and you’ll specify which SQL Server databases on that server should be protected. You’ll select the options to perform short-term protection with disk and Azure Backup, and long-term protection with tape.
Exchange—Before protecting Exchange, you’ll need to copy the ese and eseutil files (usually located at C:\Program Files\Microsoft\Exchange Server\V14\Bin) to the DPM server. The versions of these files must be the same on the server you’re protecting, and on the DPM server. When you configure the protection group, you’ll select the Exchange mailbox databases you want to protect. You’ll configure short-term protection with disk only, and long-term protection with tape. Then, the wizard runs an integrity check for the Exchange databases. This offloads backup consistency checking from the Exchange server to the DPM server, eliminating the impact of running eseutil on the Exchange server during backup. There’s a useful full walkthrough of this deployment at MSExchange.org.
SharePoint—Before you configure a protection group, be sure the DPM protection agent is running on at least one Front End server in the farm, and on all SQL servers that host databases for the SharePoint Farm. In addition, you’ll need to run ConfigureSharepoint.exe –EnableSharepointProtection from an elevated Windows PowerShell command line with an account that has full access to SharePoint. This configures SharePoint permissions and VSS writer for DPM. When you configure the protection group, you’ll select a farm database from the SharePoint Front End server. When you configure the protection group, you’ll select the options to perform short-term protection with disk only, and long-term protection with tape.
Hyper-V—When you configure a protection group for Hyper-V, you select the virtual machines on the Hyper-V host or cluster that you want to protect. You can select the options to perform backups online (with no interruption to a working virtual machine), or offline (which pauses the virtual machine, takes a snapshot, and then backs it up). You’ll select the options to do short-term storage with disk and online with Azure Backup, and long-term storage with tape.
When you set up data storage options for the protection group, use these settings.
Disk-to-disk-to-tape backup (D2D2T)
Backup data to disk in the short term and tape in the long term
Backing up data to disk for short-term storage and tape for long-term storage provides more flexibility than disk-to-tape backup only, because in the short term you’ll back up your data to disk and in the long term to tape. It’s useful for:
Critical and important data with some loss tolerance. Using this method, there is a time period in which data is stored on disk and probably onsite. If disaster occurs before your data is moved to tapes offsite, data loss can occur.
Data that has a short RPO in the short term and a longer RPO as time goes on. For example, you might be working on a particular project, and file data for that project is critical, with a short RPO for the next three months. However, after that period the RPO for that data gets longer.
Use to back up:
For these scenarios, only disk is available for short-term storage. Azure Backup isn’t supported.
You’ll need to purchase a tape library or stand-alone tape drive that must be physically attached to the DPM server. The tape library can be direct SCSI-attached or SAN.
Disk-to-tape backup (D2T) + Azure Backup
Back up data to disk and Azure in the short term and to tape in the long term
Backing up to both disk and Azure for short-term storage works around some of the disadvantages of the disk-to-disk-to-tape method alone. It’s useful for:
Business-critical data that has a low loss tolerance in the short term and needs to be stored off premises.
Short-term data is available both on disk and in the cloud.
Use to back up:
SQL Server data
Server and client computer file data
You can specify that end users can independently recover file data by retrieving recovery points of their files. Enabling end-user recovery involves configuring Active Directory Domain Services (AD DS) to support end-user recovery, enabling the end-user recovery feature on the DPM server, and installing the shadow copy client software on the client computers. For more information, see Configure end-user recovery and recover file data.
You can also enable user recovery for SQL Server databases that are backed up by the DPM server, using the Self-Service Recovery Tool (SSRT). For more information, see Recover SQL Server databases using self-service recovery.
Verify that backups are working as expected. When you configure your workload backups with DPM protection groups, DPM immediately performs the initial replication (full backup) of the data. In the DPM console, the Protection Groups will show this initial replication as progress, and they will show an OK status when the replication succeeds. In addition, you can view the monitoring jobs and alerts in the console. You can monitor backups to Azure in the Azure portal. For more information, see Manage and monitor backup vaults in Azure Backup.