Data Protection Manager
Bill Boswell covers Microsoft's DPM in his last column as <span class="a11">Redmond</span> says a fond farewell to its favorite Windows Insider.
There's a chore we all hate. It's a chore that has to get done, and done right, and done every day, but it brings no happiness, no satisfaction of a job well done. This chore is the dental flossing of information technology.
You know the chore I'm talking about.
Yes, I know backups are absolutely critical and I never shirk my duty to do them every night. But when was the last time you saw a smile on someone's face in a cubicle piled with tape cartridges, calendars with little colored dots on the days and a stack of phone messages from off-site storage service bureaus who haven't been able to find a critical tape?
Most of all, I hate the phone call that starts off, "I was doing something with my H drive and now I can't find …"
I really hate that phone call. Don't you?
I also don't like training end users in branch offices to mount tapes because there's no local IT staff. Not only do they hate the chore even more than I do, it's my job hanging in the balance if the backup fails, not theirs. So every morning, I peer through the backup logs looking for the dreaded "Waiting for tape …" message.
But as the great Bob Dylan once said, the times they are a changin'.
Microsoft has released a beta of a
product that promises to make nightly tape backups as much of an anachronism as booting from 5-inch floppy drives. The product is called Data Protection Manager, or DPM.
At its most basic, DPM is a disk-to-disk backup solution. You get the speed and flexibility of doing an initial backup to disk, where you can let changes accumulate until a quiet time on the weekend when you can do a tape backup.
If you hate backups as much as I do, this is starting to sound appealing, yes?
But that's just the start. DPM maintains an exact replica of a protected volume, a replica refreshed hourly with changes from the source servers. So if a RAID array goes to the rings of Saturn at 4:30 p.m., you can restore every change to every file right up to the last hourly refresh of the DPM replica.
DPM also works with the Volume Shadow Copy Service (VSS) to maintain a list of previous versions of files in the DPM replica. If you get "the call" about a lost or fractured file, it just takes a minute to pluck the previous version from the DPM replica (Figure 1) and put it back into the production file system. Even better, you can simply stand out of the way and let the end user select the previous version using a simple-to-understand extension to the Explorer interface.
|Figure 1. The DPM Administrator Console showing a replica of a protected volume. (Click image to view larger version.)
But the pièce de résistance, as we say in southern New Mexico, is the ability of DPM to act as a central repository for branch office backups. The replication protocol used by DPM is designed to be friendly to WAN connections. You can also configure schedules and throttles and compression to make DPM replication across a WAN even friendlier.
DPM Storage Requirements
A DPM server needs at least two drives: one for the operating system and one for the DPM storage pools and assorted housekeeping files. These drives must be recognized by Logical Disk Manager as separate physical devices—an actual spindle, RAID array or LUN on a SAN—and not simply two partitions on the same device.
A DPM server can use the following types of storage for storage pools:
- Directly attached storage (DAS) using IDE, SCSI or SATA drives
- Fibre Channel SAN
- iSCSI device (must have Windows Hardware Certification)
You'll need considerable drive space on the DPM server. The total amount of storage depends on the volume of data you're protecting and the number of changes made to that data between tape backups. Microsoft recommends setting aside from two to three times the total size of all the volumes you're protecting with DPM.
There are several reasons for allocating so much space. First off, DPM maintains an exact, uncompressed replica of each protected data volume or share. Changes that replicate to the DPM server
initially land in a transfer log, and this log can grow quickly with lots of
Additionally, VSS squirrels away changes to the DPM replica and uses this historical content to make point-in-time copies for use in file and folder recovery. DPM ordinarily takes three point-in-time copies each working day and can store up to 64 copies, so if you give the DPM storage pool sufficient space, you only need to do a tape backup every 21 working days (about once a month.)
Keeping weeks and weeks of backup data on spindle can get a little risky, so you'll want to make sure that the array holding the DPM storage pool is as fault tolerant as possible. You'll also want to monitor the disks for impending failures and spin up replacements immediately at the first sign of trouble, just as you would for your live data. You can do your tape backups more often to minimize the risk.
DPM Server Requirements
Microsoft recommends that the DPM server have a 1GHz CPU or better, at least 1GB RAM and a little more than 1GB of space to hold the DPM
executables and database files (apart from the storage you need for the replicas and VSS differential files).
DPM comes on four CDs. In addition to the DPM files, you get a tailored
version of SQL Server 2000 and SQL Server 2000 Reporting Services and all the current service packs and hotfixes.
When I first saw this pile of files, I thought DPM was too big a monster to mess with. But whoever crafted the setup program really earned that computer science degree. Every file goes in exactly the right spot, each service gets configured in exactly the right way and the administrative console (Figure 2 shows the Reporting interface) is
simple and intuitive. Great stuff.
|Figure 2. The Reporting interface of the DPM Console is simple and intuitive. (Click image to view larger version.)
The operating system on the DPM server must be Windows Server 2003 SP1 or higher. DPM can be installed on a NAS server if the server uses
Windows Storage Server 2003. DPM cannot be installed on a domain
controller and should not be installed on an application server.
DPM can protect data on file servers running Windows 2000 SP4 (with the latest security rollup) and Windows 2003. The agents can be installed from the DPM server.
Installing the end user recovery
feature in DPM requires a small change to the Active Directory schema. This change adds a new object class and a couple of attributes that map source shares on protected volumes with target shares at the DPM replica.
There are several data sources that DPM can't protect:
- Volumes that enforce case sensitivity, a feature sometimes used in conjunction with Services for Unix.
- Clustered file resources (Look for this feature in future versions.)
- Databases such as SQL Server, Oracle or the Exchange store (This capability is in the works but won't be available in the initial release.)
- Operating system drive (There are ways to do bare metal restores, but they take a little planning.)
- Network traffic to and from the DPM server is not encrypted. If you want to protect the data stream, use IPSec.
Previous Version Retrieval
One of the sweetest DPM features is the way it works with VSS to support direct recovery of files in real time. Microsoft calls this "end-user recovery" although, in this context, the end user might very well be a help desk technician or backup operator rather than the actual file user.
DPM exposes the previous versions with a client package called DPMShadowCopyClient.msi. The package installs a tabbed extension in Explorer called Previous Versions. Each file that changes between
point-in-time copies will have a list
of historical copies in this Previous Versions tab.
When a previous version is selected, VSS aggregates the unchanged blocks from the main DPM replica with content it stored in a set of differential files. If the user deletes a file rather than simply changing it, the file is recovered by viewing previous versions of the original folder.
The DPM shadow copy client will remove the original Windows Server 2003 shadow copy automatically, which simplifies deployment. The DPM client will automatically check for local VSS copies at a file server along with checking for content at the DPM server.
You can configure DPM to protect an entire volume, specific folders and subfolders on a volume, or contents of a share point. You can aggregate multiple data sources into a single replica pool called a Protection Group. Figure 3 shows an example.
|Figure 3. Protection Groups gather multiple data sources into a single replica pool. (Click image to view larger version.)
All members of a Protection Group share the same replication interval and VSS point-in-time copy frequency. If a particular department wants more
frequent point-in-time copies to preserve data changes, you can support
this need by putting its volume or
share into a separate Protection Group. A single DPM server can host many Protection Groups.
There's a small architectural limitation to using Protection Groups. A
volume and its folders can belong
only to one Protection Group. For example, if you put the Engineering folder from a volume into Protection Group 1, then the Finance folder on the same volume must also go into Protection Group 1. As DPM gains traction in data centers, I expect that we'll start to architect our storage with this limitation in mind.
Cost and Availability
DPM is in wide beta right now and a copy can be downloaded from http://microsoft.com/windowsserver
system/dpm/download/default.mspx. The final product is expected to ship in the latter half of 2005. The pricing has yet to be established, but early indications are that the cost of deploying DPM could be recovered in very short order based on the simplicity of real-time file recoveries and the reduction in number and complexity of full tape backups. I'm impressed with the beta and I'm looking forward to putting it through its paces over the next few months. I hope you do the same.
[Ed. note: This is Bill Boswell's last
Windows Insider column for Redmond magazine, as he has decided to pursue other opportunities. His column has been a reader favorite for years, and his
combination of superior writing skills and ability to make technical topics understandable is unmatched in the industry. The entire staff of Redmond magazine wish him the best in everything he does in the future.—Keith Ward, Managing Editor]