DATA PROTECTION IN SYSTEM CENTER 2012

Jason Buffington
Analyst & Lab Engineer Enterprise Strategy Group (ESG) [email protected] / @JBuff
http://CentralizedBackup.com http://TechnicalOptimist.com

ESG Trusted Advisors

Vendor

Financial

Channel

Media

End User

2011 Enterprise Strategy Group

ESG Strategy Cornerstones

2011 Enterprise Strategy Group

ESG Coverage Taxonomy

Universal Topics:
Virtualization Cloud Green Application Trends GRC* IT Spending Midmarket Channel

IT Infrastructure
Servers

IT Operations
IT Operations Automation

Information & Risk Management

Security & Privacy

Storage

IT Service Management Data Center Power & Cooling

Data Protection Information Management Software & Services

Networking

Client Devices

Data Center Strategy & Best Practices

Data Management & Business Intelligence

IT Professional Services, Outsourcing, Customer Service & Support

*Governance, Risk, Management and Compliance 2011 Enterprise Strategy Group

SESSION AGENDA
How DPM fits in the Private Cloud How DPM fits in the backup world What is new in DPM 2012 Closing Q&A

Enterprise Strategy Group | Getting to the bigger truth.

TM

2012 IT Spending Intentions Survey: Results Summary

January 2012

2012 The Enterprise Strategy Group

Most Important IT Priorities for 2012

(top ten)

ESG Research Report: 2012 IT Spending Intentions Survey 2012 Enterprise Strategy Group

Enterprise Strategy Group | Getting to the bigger truth.

TM

Excerpts from

2010 Data Protection Trends ESG Research Report

http://www.enterprisestrategygroup.com/2010/04/2010-data-protection-trends/

2012 The Enterprise Strategy Group

Top Areas of Data Protection Investment for 2010

Source: Research Report: 2010 Data Protection Trends 2010 Enterprise Strategy Group, Inc. All Rights Reserved

High Priority Applications from a Data Protection Perspective

Source: Research Report: 2010 Data Protection Trends 2010 Enterprise Strategy Group, Inc. All Rights Reserved

Reasons Organizations Would Replace Current Backup Solution/Vendor

Source: Research Report: 2010 Data Protection Trends 2010 Enterprise Strategy Group, Inc. All Rights Reserved

WITH SYS CTR 2012 YOU MAY ALREADY OWN IT

Source: Research Report: 2010 Data Protection Trends 2010 Enterprise Strategy Group, Inc. All Rights Reserved

The Data Protection Manager components of

System Center 2012

unofficially short-handed as

DPM 2012

WHATS NEW IN 2012

Centralized Management
Infrastructure Enhancements
Certificate Based Authentication Smarter Media Co-location

Workload Enhancements
SharePoint Optimized Item-Level Restore Hyper-V ILR with DPM running in a VM Generic Data Source Protection
Disclaimer: DPM2012 is not yet shipping Features/Taxonomy subject to change

DPM CENTRALIZED MANAGEMENT

A single console for the datacenter that reduces management costs and can fit into the existing environment
Single Console for the Datacenter Reduce Management Costs Centrally Monitor and manage

Fits into my Environment

Reduce time for resolving issues

Work on important issues

Ticketing System

Extensibility
Runbooks

DEMO

DPM 2012 CENTRAL CONSOLE

REMOTE ADMINISTRATION AND CHANGE MANAGEMENT

Customer Speak
Too much time spent on establishing RDP connection - RDP connection time is typically 1-2 minutes, if we are lucky to get a free session Currently able to monitor and manage customer's onsite deployment entirely using SCOM, SCVMM etc. DPM is the only product forcing us to persist with RDP access for day to day operations and maintenance.

With DPM 2012 Central Console

Remotely administer DPM Servers Integrated into central console Select and press Manage From any Server or Client Windows XP, Windows 7 or Windows Server 2008 and above Remotely manage protection for data sources and protection groups from Central Console

ROLE BASED MANAGEMENT

Customer Speak
DPM must allow a broad team to access the DPM console in a secure way each with their own responsibilities & privileges How else can we manage securely? I had to request for a security process exception as some members of monitoring team are now DPM admins.

With DPM 2012 Central Console

Control operations available to each user.

Create User Roles (using SCOM) & associate & validate operation privileges of each role using Claim Based Token Service.
Designed for the Backup Service Team & not for the consumers of the backup service

REMOTE CORRECTIVE ACTIONS

Customer Speak
I do not want to leave the Central Console pane for my frequent tasks Please provide the ability to select a Alert and trigger the Corrective action from the Central Console. If a disk is out of space, allow me to grow it remotely. If my customer needs an ad-hoc Recovery Point, allow me to create one remotely. Individually selecting each data source or alerts and triggering the recommended action is a manual overload. DPM needs the ability to select multiple items and trigger the "recommended action."

With DPM 2012 Central Console

You can now run corrective actions on multiple alerts, without leaving the DPM Central Console. WPF Dialogs are integrated into the Centralized management SCOM pack. They talk to the AM service of the appropriate DPM Server (using SCOM SDK) & populates the UI dialog. On Click, a SCOM agent task is triggered on the DPM server.

SCOPED TROUBLESHOOTING
Customer Speak
More than half my team spends 75% of their time troubleshooting issues. DPM 2010 has is really stable; but there are various environment & infrastructure issues that need a quick root cause diagnosis. In my environment, I have 82 DPM servers with 15 really scaled up DPM servers (1000+ data sources). DPM Central Console should help me quickly find the needle, not just in the hay stack, but in the entire barn.

With DPM 2012 Central Console

You can now troubleshoot using a light weight scoped DPM Management Console.

You can get a scoped troubleshooting view based on the context (alert type & error id).
The user can quickly jump between alerts, affected items and the related backup jobs.

The user can swiftly identify patterns or trends

Users can now work on multiple issues and switch context easily.

PUSH TO RESUME BACKUPS

Customer Speak
Once the external/environmental issue causing backups failure is understood and fixed, it takes a lot of effort to look into each failure & invoke the appropriate corrective action.

With DPM 2012 Central Console

You dont spend any time to identify & invoke the appropriate Corrective action. Just Click on Push To Resume .

You are isolated from the complexity of the type of data source ; type of recovery point ; state of replica etc.
Lesser skilled operators, who are not specialists in DPM, can now handle most frequent failures caused by environmental issues, outages or misconfigurations.

ALERT REDUCTION
Customer Speak
A large number of alerts get generated due to a single root cause like Production Server not available Network, SQL Connection or Storage Outage No Free Tapes For each alert , a ticket gets raised. Each ticket increases the TCO.

With DPM 2012 Central Console

You will see substantial reduction in the number of alerts due to Root Cause consolidation: Infra goes bad causing backup failures. Ex: Agent is not responding : 10 alerts in DPM. Only one in SCOM. Logical consolidation: Backup failures sharing similar corrective actions. Ex: SQL Connection refused. SLA consolidation: Alert only when SLA specific to a type of data source is broken.

ALERT CATEGORIZATION
Customer Speak
In my scaled environment, alerts need to be categorized and associated with the appropriate Admin teams. The Infra Team is responsible for ensuring the core moving parts like, Network, Servers & Libraries up & running. The Monitoring team is responsible for ensuring that the backups succeed DPM Central Console should provide easy views to ensure alerts reach the appropriate team ASAP.

With DPM 2012 Central Console

Alerts will reach the appropriate team ASAP. DPM Admin can create out of the box views to categorize alerts and also customizable it without writing code. The Admin can create their own customizable workspace.

INTEGRATION WITH TICKETING SYSTEM

Customer Speak
All operations in our organization are integrated with a ticketing system. DPM Central Console should be able to associate alerts with the appropriate ticket. Though we use System Center Service Manager, our sister concern uses a HP product. Please ensure DPM works with both.

With DPM 2012 Central Console

You will have DPM alerts integrated with ticketing systems through SCOM. And the UI will show the associated Ticket ID. You will be able to work with all key ticketing solutions as DPM leverages the SCOM Connector framework.

REMOTE RECOVERY
Customer Speak
Recovery is not necessarily an infrequent operation especially in a scaled environment, such as ours. We have 2 recovery operators in our team & today too much time is spent on Finding the DPM Server associated with the data source to be recovered Establishing RDP connection - RDP connection time is typically 2 minutes Searching for the data source in DPM Recovery pane. Please make this easier & quicker We recover all HBI data sources once every 2 weeks for compliance.

With DPM 2012 Central Console

Point Click Recover Simply select the data-source and press Recover DPM Central Console transparently identifies the associated DPM Server DPM Central console launches the Remote Management Console of the associated DPM server, directly into the Recovery tab, with the data source pre-selected.

The Recovery Operator selects the PIT & performs the recovery.

DPM ACTIONS IN OPS-MGR

Management Tasks
Manage DPM Server Modify Disk Allocation Recover Datasource

Agent Tasks
Disable, Enable, Refresh

TAPE Library tasks

Enable , Disable Run Detailed Inventory Run fast Inventory

Troubleshoot
scoped console for alert, DS, PS, PG, Library, Disk

TAPE Drive tasks

Clean Enable, Disable

Backup Tasks
Create Recovery Point Run Consistency Check

DPM Server Tasks

Ping DPM Server Rescan disk, library Refresh library

Resume Backups
Disk, TAPE Library , PS, PG, DPMserver

Works with DPM 2010 too!

Take Recommended Action

maps to multiple actions

CERTIFICATE BASED PROTECTION

DPM 2010
DPM 2012

DPM 2010 supported protection of Production

Servers, not in a 2-way trust relationship with domain of DPM Server, using local accounts and NTLM.

Some organizations dont permit the use of local accounts

DPM 2012 can use Certificates for authentication for computers in untrusted domains More Secure also supports protection of Clustered Workloads

TAPE MEDIA CO-LOCATION

DPM 2010
DPM 2012

DPM 2010 Supported Media Co-location at a DPM Server Level

DPM 2012 has a much simplified Media Co-location feature at a more granular (Protection Group) Level

SHAREPOINT ITEM-LEVEL RECOVERY

DPM 2007 DPM 2010

DPM 2007 used SharePoint Recovery Farm before restoring to production farm

DPM 2010 did not require setting up a SharePoint Recovery Farm but mounted SQL Content dB to support for Item Level Recovery (ILR) of SharePoint backup data

DPM 2012

DPM 2012, restore of a 1 MB document takes less than 20 seconds

VIRTUAL PROTECTION

DPM 2010
DPM 2012

DPM 2010 protected VMs by comparing VHD blocks, typically once or twice per day

DPM 2012 uses normal changedblock tracking for blocks, and can be run more frequently during the day.

VIRTUAL DPM ENHANCEMENTS

Hyper-V Item Level Recovery (ILR) even when DPM is running inside a VM!

GENERIC DATA SOURCE PROTECTION

Generic Framework to support VSS writer-based apps
Similar workflow as other DPM workloads Capability to use XML to support applications which do not have a VSS writer

Supported features
Full and Express Full backup,
incl. replication & consistency checks

Restore to Original-Location or Recover-as-Files Referential Data Sources

e.g. SQL is a referential data source for SharePoint

Shared Disk Cluster Multi-Domain Tape

SUPPORTABILITY
Selectively Kill Jobs
In DPM 2010, if a Protection Group had multiple tape jobs running at a point of time, the user had to cancel all the tape jobs DPM 2012 provides you the capability to selectively pick a tape job and cancel it

Improved Tape Reliability

If a tape job fails when DPM tries to write to a Write-Protected tape or a Bad tape, DPM 2012 will automatically fire a replacement job by picking up a different tape

Smarter Media Co-Location

Allows multiple protection groups to share a tape

Co-locate remote-SQL DBs between DPM servers

bit.ly/ESGonDPM2012

FOR MORE INFO

System Center 2012 blogs.technet.com/SystemCenter
@System_Center Data Protection Manager www.microsoft.com/DPM blogs.technet.com/DPM technet.microsoft.com/DPM
social.technet.microsoft.com/Forums/enUS/category/DPM

Enterprise Strategy Group www.EnterpriseStrategyGroup.com

@ESG_Global or #ESGglobal Jason Buffington Blog CentralizedBackup.com

Book
Email

DataProtectionBible.com
[email protected]

Twitter @JBuff bit.ly/ESGonDPM2012