Oaklands college: Protecting your data.


Published on

Protecting your Organisation’s Data with Microsoft Data Protection Manager (2007 and 2010).Tristan Self – Senior IT Infrastructure Engineer – Oaklands College

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Oaklands college: Protecting your data.

  1. 1. Wednesday 2 nd February 2011 Tristan Self – Senior IT Infrastructure Engineer – Oaklands College
  2. 2. <ul><li>Who am I? </li></ul><ul><li>Contents of Presentation </li></ul><ul><li>Introduction </li></ul><ul><li>Overview of DPM 2007 </li></ul><ul><li>Data and System Protection </li></ul><ul><li>How DPM Works </li></ul><ul><li>Oaklands College Case Study – Old Backup System and Problems </li></ul><ul><li>Oaklands College Case Study - How DPM 2007 has Solved These Problems </li></ul><ul><li>Oaklands College Case Study - Hardware Required and DPM Configuration </li></ul><ul><li>Why DPM fits FE Organisations? </li></ul><ul><li>What problems with DPM </li></ul><ul><li>DPM Implementation Procedure </li></ul><ul><li>DPM in Production </li></ul><ul><li>Licensing/Costs </li></ul><ul><li>Disaster Recovery </li></ul><ul><li>What’s New in DPM 2010 </li></ul><ul><li>Books/courses </li></ul><ul><li>Conclusion </li></ul><ul><li>Q and A </li></ul>
  3. 3. <ul><li>Protecting data and systems comprehensively is difficult especially when systems become large and budgets and staff are stretched. </li></ul><ul><li>Oaklands College has worked to the following 3 Tier Data and System Protection Strategy of which Microsoft DPM is a key part. </li></ul>3 Tier Data and System Protection Strategy
  4. 4. <ul><li>Microsoft Solution to Data Backup and Restore Data (2007 - 2 nd Gen. Product) </li></ul><ul><li>Allows Backup and Restore of all Core Microsoft Products: </li></ul><ul><ul><li>System State (Active Directory) – Windows Server 2003 and 2008 </li></ul></ul><ul><ul><li>Files/Folders - Windows Server 2003 and 2008 (and XP/Vista/7) </li></ul></ul><ul><ul><li>SQL Server 2000 SP4, 2005 SP1+ and 2008 (& Clustered) </li></ul></ul><ul><ul><li>Exchange Server 2003 SP2, 2007 and 2010 (& Clustered) </li></ul></ul><ul><ul><li>SharePoint 2007 and 2010 </li></ul></ul><ul><ul><li>Hyper-V Virtual Machines (rudimentary) </li></ul></ul><ul><li>Utilises VSS (Volume Shadow Service) in Windows Server </li></ul><ul><li>Disk to Disk (to Tape) and Disk to Tape </li></ul><ul><li>Designed for SMB to Enterprise Organisations with Short Backup Windows and Large Amounts of Data. (Like a College with 1000’s GB of data) </li></ul><ul><li>Efficient – “De-duplication” of Disk Backups and “Throttleable” bandwidth and minimal client utilisation (disk/cpu). </li></ul><ul><li>Fast Recovery from Disk to Production Server Without Need for Tapes </li></ul><ul><li>Continuous Data Protection (Can be Synchronised as often as 15 Minutes) </li></ul><ul><li>Multiple “Full Backups” per Day! </li></ul>
  5. 5. Typical Microsoft DPM Infrastructure A protection agent is installed on any server with data requiring protection such as a file server, Exchange or SQL server. When directed by the DPM server this agent is responsible for triggering the VSS snapshot and moving “Synchronising” the data from the protected server to the DPM server. Disk to Disk Disk to Disk to Tape Disk to Tape The data is stored in the DPM storage pool as a “replica” of the volume and a collection of “recovery points” (changed versions of the replica at a given point in time.) Aged recovery points are copied to tape based on the configuration of the retention. Storage Pool
  6. 6. The agent is installed on the protected server, the files and folders selected for backup, then DPM creates a replica of the data (full backup.) The agent then monitors the protected data (blocks) for changes and synchronises only the changed blocks to the DPM server at regular intervals. At specified time the DPM server generates a “recovery point” (a consistent full backup of the data) on the replica volume. Only the changed blocks between the new recovery point and the previous recovery point are stored (on the recovery point volume.) This is the basic principle to which DPM operates irrespective of data type being protected. Replica Volume Recovery Point Volume
  7. 9. <ul><li>Express Full Backup – Generally Performed once a day. (But can be more if you use a “Simple” backup mode (e.g. SQL Server), you can use these to create multiple full backups per day.) </li></ul><ul><li>Transaction Log Backup - In addition to an Express Full Backup, at a specified interval, e.g. every 15 minutes—DPM pulls and stores the transaction logs of the application. </li></ul><ul><ul><li>In the event of a recovery, DPM restores the last express full backup, then applies all the transaction logs created since that backup was made. </li></ul></ul><ul><ul><li>If only the database disk was corrupt and the transaction logs were on a separate disk on the live machine, DPM would also play back any transaction logs that were still on the live server that had not yet made it to DPM. </li></ul></ul><ul><ul><li>This process means “zero loss” for your transactional applications, assuming the database was corrupt, BUT....not your server was a melted mass of metal and plastic, in this event you would have data up to the point of the last synch of the transaction logs... </li></ul></ul><ul><li>Only Changed Blocks - Again like with a file/folder backup only the changed blocks are “synched” with the DPM server; reducing server and network load. </li></ul>
  8. 12. Restore Granularity For individual Exchange mail item restores the database can be mounted offline with an EDB file opening tool and then items exported to PST for Exmerging or importing back into the mailbox.
  9. 16. <ul><li>FE College based in St. Albans and WGC in Hertfordshire, about 850 staff and 13,000 students. </li></ul><ul><li>5 campuses all with servers and data to be protected, but only 3 campuses are permanently manned with IT staff. </li></ul><ul><li>Busy inter-campus wireless site links </li></ul><ul><li>History of data loss and IT failures, complete loss of all e-mail in 2007, users lacking confidence of protection of their data from loss. </li></ul><ul><li>Wide range of applications and data sources for protection: </li></ul><ul><ul><li>System State (Active Directory) </li></ul></ul><ul><ul><li>SQL Server </li></ul></ul><ul><ul><li>Exchange Server </li></ul></ul><ul><ul><li>SharePoint 2007 Server </li></ul></ul><ul><ul><li>File/Folder Data </li></ul></ul><ul><ul><li>Oracle </li></ul></ul><ul><ul><li>MySQL </li></ul></ul><ul><li>7TB of file data of staff and students. </li></ul><ul><li>300GB+ Exchange Email Data. </li></ul><ul><li>Numerous SQL Databases and Database Servers. </li></ul><ul><li>75 Servers (Physical + Virtual) </li></ul><ul><li>2,500 Workstations </li></ul><ul><li>Microsoft Based (almost completely) </li></ul><ul><li>Microsoft Windows 2003/2008 Server </li></ul>
  10. 17. <ul><li>Old System </li></ul><ul><ul><li>Dell PowerEdge and Dell Tape Library LTO2– Microsoft Windows 2000 Server with Veritas NetBackup </li></ul></ul><ul><li>Problems </li></ul><ul><ul><li>Aging Hardware and Software </li></ul></ul><ul><ul><ul><li>Aging hardware and software (6 Years old) </li></ul></ul></ul><ul><ul><li>Support Intensive </li></ul></ul><ul><ul><ul><li>Constant hardware and software failures, as well as jobs freezing or failing part way through. Complicated interface and procedures meaning reliance on a single member of staff. </li></ul></ul></ul><ul><ul><li>Bandwidth and Disk Intensive </li></ul></ul><ul><ul><ul><li>Bandwidth and disk intensive, backups could often not be re-run soon after failing due to the performance impact of running them during the day. </li></ul></ul></ul><ul><ul><li>Incomplete Backup </li></ul></ul><ul><ul><ul><li>Not all data captured due to disk and tape space limitations. </li></ul></ul></ul><ul><ul><ul><li>“ Monolithic” backups of SQL databases and Exchange data using NTBackup constantly failing. </li></ul></ul></ul><ul><ul><ul><li>Full backups of main college file server 1.4TB barely able to finish over a weekend, liable to failure. </li></ul></ul></ul><ul><ul><li>Limited Support for Applications </li></ul></ul><ul><ul><ul><li>No direct support for SQL, Exchange or SharePoint, relied on the “disk dump and copy” method to capture a backup. This often failed due to the data size and was fiddly to restore in an emergency. </li></ul></ul></ul><ul><ul><li>Restores Unreliable and Difficult </li></ul></ul><ul><ul><ul><li>Restores required input of tapes where unreliable and could take many hours for even a single file to be found and restored. </li></ul></ul></ul><ul><ul><ul><li>Not able to meet recovery point objective of a daily backup of all college data. </li></ul></ul></ul><ul><ul><li>No Disaster Recovery Support </li></ul></ul>
  11. 18. <ul><li>Requirements of New Backup System </li></ul><ul><ul><li>Minimise Cost </li></ul></ul><ul><ul><ul><li>To be as cheap as possible for hardware and software licensing. </li></ul></ul></ul><ul><ul><li>Minimise Support </li></ul></ul><ul><ul><ul><li>Minimal day to day support required. Simple interface so more staff can operate backup system. </li></ul></ul></ul><ul><ul><li>Disaster Recovery Enabled Solution </li></ul></ul><ul><ul><li>Meet “Recovery Point Objective” of a Daily Backup of all College Data </li></ul></ul><ul><ul><li>Reduce Restore Time </li></ul></ul><ul><ul><ul><li>Restoration must be quicker and easier to perform, recent data should not be on tape and should be on disk. </li></ul></ul></ul><ul><ul><li>Efficient and Minimal Performance Impact </li></ul></ul><ul><ul><ul><li>Minimal performance impact to production servers and network when backups/restores are taking place. </li></ul></ul></ul><ul><ul><li>Tape Backup Solution Included </li></ul></ul><ul><ul><ul><li>Should be easy to use and configure and must provide long-term protection running for up to 7 years on tape. </li></ul></ul></ul><ul><ul><li>Application and Infrastructure Support for Microsoft Apps and Virtual Environment </li></ul></ul><ul><ul><ul><li>Support for backing up data from Windows Servers running in a VMWare virtual infrastructure. </li></ul></ul></ul><ul><ul><ul><li>Must directly support protection of SQL Server 2000 SP4, 2005 and 2008, Exchange 2003/2007/2010 and SharePoint 2007 </li></ul></ul></ul><ul><ul><ul><li>Must give a reasonable solution to allow backup of non-Microsoft apps via an agent or other means. </li></ul></ul></ul><ul><ul><li>Scalable </li></ul></ul><ul><ul><ul><li>Must scale easily to allow for more data to be stored and more servers to be protected. </li></ul></ul></ul>
  12. 19. <ul><li>Aging Hardware and Software </li></ul><ul><ul><li>New hardware and software utilising inexpensive SATA RAID for disk storage and latest LTO4 tape drive to replace hardware. </li></ul></ul><ul><li>Support Intensive </li></ul><ul><ul><li>Simple GUI and better reliability has allowed a wider range of staff to be able to use the backup system. </li></ul></ul><ul><ul><li>Central monitoring of jobs and central tape management. </li></ul></ul><ul><li>Bandwidth and Disk Intensive </li></ul><ul><ul><li>VSS and Changed Block “Synch”– Minimises network bandwidth use during backup/restore. </li></ul></ul><ul><ul><li>Minimal impact to production server disk activity during backups. </li></ul></ul><ul><li>Incomplete Backup </li></ul><ul><ul><li>De-duplication disk store – All data can be backed up, and stored on disk for many days with minimised disk usage. Then archived to tape for long-term storage. </li></ul></ul><ul><ul><li>3 full backups a day of file servers, 1.6TB server can be backed up in minutes rather than days using “Express Full Backup” , full Exchange backup every 2 hours, better than the “monolithic” full backup copy required before. </li></ul></ul><ul><li>Limited Support for Applications </li></ul><ul><ul><li>Direct support protection of SQL Server 2000 SP4, 2005 and 2008, Exchange 2003/2007/2010 and SharePoint 2007 </li></ul></ul><ul><ul><li>Oracle and MySQL captured using the “dump to disk” method. </li></ul></ul><ul><li>Restores Unreliable and Difficult </li></ul><ul><ul><li>Recovery Point Objectives – Meet and often exceeded! </li></ul></ul><ul><ul><li>Restores of files and database data take only minute to find the file and restore it from disk </li></ul></ul><ul><li>No Disaster Recovery Support </li></ul><ul><ul><li>Secondary off-site server support </li></ul></ul>
  13. 20. <ul><li>CPU </li></ul><ul><ul><li>Dell PowerEdge R710 – Intel Xeon E5530 – 2x CPU 2.4Ghz </li></ul></ul><ul><li>RAM (DPM is RAM hungry) </li></ul><ul><ul><li>32GB (more if you can afford it) </li></ul></ul><ul><li>Server Disks (DPM is IOPS hungry) </li></ul><ul><ul><li>2 x 15k SAS HDD - RAID 1 – OS, DPM Binaries and SQL Log Files </li></ul></ul><ul><ul><li>4 x 15k SAS HDD - RAID 5/10 – SQL Database Files </li></ul></ul><ul><li>Storage Pool Disks (Based on your data size) </li></ul><ul><ul><li>2 x Dell MD1000 with 15 x 1TB 7.2k SATA Disks with PERC 6/E Controller </li></ul></ul><ul><li>Tape Library (Based on your retention and data volume) </li></ul><ul><ul><li>1 x Dell TL2000 with LTO 4 Tape Drive (24 Tape Library) </li></ul></ul><ul><li>Microsoft Windows 2008 Server Enterprise (64-Bit) </li></ul><ul><li>Microsoft SQL Server 2005 Standard (64-bit) </li></ul>
  14. 23. <ul><li>Reasonably Simple to Implement </li></ul><ul><li>Simple to operate, more staff can be involved in file/folder restores. </li></ul><ul><li>Minimal Support Required </li></ul><ul><li>Supports a large environment with large amounts of data. </li></ul><ul><li>Software cost is less than that of similar competitor products (with Microsoft Educational Licensing.) </li></ul><ul><li>When a student deletes all their work you can restore it quickly and easily from disk within minutes. </li></ul>
  15. 24. <ul><li>Anti-Virus Issues – Kaspersky Anti-virus can’t cope with the mount points for the DPM storage pool and locks the volumes if it sees a virus. </li></ul><ul><li>Microsoft Only – If you run a Microsoft shop this won’t be an issue, if you have Mac or Unix/Linux servers or non-Microsoft applications this could become problematic. </li></ul><ul><li>Design - Relies on good protection group design to make it effective. Changing the design afterwards is difficult and time consuming. </li></ul><ul><li>SharePoint - Backup/restore works but is clunky in DPM 2007, but more stable and easier to use in DPM 2010. Requires another SharePoint licence and recovery server for item level restores. </li></ul><ul><li>DPMDB Corruption – All of DPM relies on its database, as long as this is backed up you’re ok. However backup of this is tricky without a secondary server to avoid catch 22 situation. </li></ul><ul><li>Inconsistent Data Volumes and Manual Intervention – Replica/RP volumes don’t grow automatically, volumes can become inconsistent sometimes. Both these problems are resolved in DPM 2010. </li></ul>
  16. 25. <ul><li>Agree Data Protection Policy with Business </li></ul><ul><ul><li>“ Lose no more than four hours of production data.” </li></ul></ul><ul><ul><li>“ Provide me with a retention range of 30 days.” </li></ul></ul><ul><ul><li>“ Make data available for recovery for seven years.” </li></ul></ul><ul><li>Design Protection Group Configuration </li></ul><ul><li>Design the DPM Backup Infrastructure </li></ul><ul><ul><li>Size the disk and tape pools required </li></ul></ul><ul><ul><li>Check the hardware compatibility List </li></ul></ul><ul><ul><li>Determine number of licences required </li></ul></ul><ul><li>Purchase Hardware and Software </li></ul><ul><li>Implement DPM server(s) </li></ul><ul><li>Deploy DPM Client and Create Protection Groups </li></ul><ul><li>Create First Replicas of all Data Sources </li></ul><ul><li>Decommission Old Backup System </li></ul><ul><li>Perform, test and document Restore Procedures </li></ul>
  17. 26. <ul><li>Works fine with Physical or Virtual Machines (VMWare 3.5 & 4 or Microsoft Hyper-V) </li></ul><ul><li>DPM server must be Physical </li></ul><ul><li>Staging Server is recommended for restores of databases, SharePoint or large file data. </li></ul><ul><li>No noticeable performance overhead to disk or network with DPM running. </li></ul><ul><li>Ensure 15K SCSI disks in RAID 5/10 for DPMDB Disks – Performance Hungry </li></ul><ul><li>RAM Hungry (Minimum 32GB RAM) </li></ul><ul><li>Protection Group Design Considerations </li></ul><ul><li>Protect the DPMDB at all costs! </li></ul><ul><li>Use Microsoft 2008 Server R2 Enterprise (64-BIT) for best performance and scalability. </li></ul><ul><li>Use local SQL install – Maintain performance and removes need for additional SQL License </li></ul>
  18. 27. <ul><li>DPM Server Licensing </li></ul><ul><li>Microsoft DPM 2007 Server license </li></ul><ul><li>No SQL Server license needed if using local DPM SQL install </li></ul><ul><li>DPM Client Licensing </li></ul><ul><li>DPM Enterprise CAL – </li></ul><ul><ul><li>System State, File/Folder, and SQL, Exchange, Hyper-V and SharePoint </li></ul></ul><ul><li>DPM Standard CAL </li></ul><ul><ul><li>System State and File/Folder </li></ul></ul><ul><li>Licenses managed from within DPM console </li></ul><ul><li>DPM Server OS Licensing </li></ul><ul><li>Microsoft Windows 2008 Server R2 Enterprise (64-Bit) </li></ul><ul><li>SharePoint Recovery Farm / Recovery Staging Server </li></ul><ul><li>Microsoft Windows Server OS License </li></ul><ul><li>Microsoft SharePoint 2007 License (1 Server needed only) </li></ul><ul><li>Microsoft SQL Server 2005/2008 License </li></ul>
  19. 28. Hardware Costs Software Costs Microsoft DPM 2007 Server Licence x 1 = £31.45 Microsoft DPM 2007 Enterprise Data Protection ML x 40 = £23.41 x 40 = £936.40 Microsoft DPM 2007 Standard Data Protection ML x 20 = £8.53 x 20 = £170.60 (If using DPM integrated SQL, no SQL server licence is needed.) Prices correct as of July 2009 – Microsoft Campus Agreement Total DPM Software Cost = £1904.25 <ul><ul><li>Dell PowerEdge R710 – Intel Xeon E5530 – 2x CPU 2.4Ghz – 32GB RAM = ~ £7000 </li></ul></ul>Dell PowerVault MD1000 – 15 x 1TB SATA 7.2K HDD = ~£9,000 (includes cost of external RAID controller card) Dell PowerVault TL2000 with LTO-4 Tape Drive = ~£9,500 (includes cost of external controller card) LTO4 Tapes = ~£25 each Total DPM Hardware Cost = £ 25,000
  20. 29. <ul><li>A secondary DPM server can be setup on another campus/site to protect the primary DPM server and its replicas. Off-site backup and Disaster Recovery for your data simply implemented. </li></ul><ul><li>This can be a disk only backup, and can have a small disk pool with a shorter retention to save costs. </li></ul><ul><li>Failure of the primary DPM server does not affect restore from disk as these can be made from the secondary. </li></ul><ul><li>DPM clients can be easily switched to use the secondary DPM server instead. </li></ul><ul><li>Backup uses minimal bandwidth as only the changed blocks are sent to the secondary. Can be scheduled and throttled for out of hours. </li></ul>
  21. 30. <ul><li>Performance and Reliability Improvements (Self-Healing) </li></ul><ul><li>Automatically Grow Volumes as Required </li></ul><ul><li>Shrink Volumes to use Disk Space Effectively </li></ul><ul><li>SharePoint 2010 no Longer Requires Recovery Farm Server for Item Level Restores </li></ul><ul><li>SharePoint Backups more Complete and Reliable </li></ul><ul><li>Tape Management Improvements </li></ul><ul><li>Protect Standalone Servers (non-domain, workgroup or DMZ) </li></ul><ul><li>Support for More Data Sources </li></ul><ul><li>Better, more complete Hyper-V Support </li></ul><ul><li>Improved Self-Service end users for file and SQL Databases </li></ul>
  22. 31. <ul><li>Mastering System Center Data Protection Manager 2007 - ISBN: 978-0-470-18152-2 </li></ul><ul><li>Managing Microsoft System Center Data Protection Manager 2007 - Course 50023A </li></ul>
  23. 32. Thank You for Listening Any Questions?