Category Archives: Data Protection Manager

Caveats of Protecting Your SharePoint Environment with Microsoft Data Protection Manager

* This article was written in the context of System Center Data Protection Manager 2006 (SCDPM), a technology now considered deprecated with the introduction of System Center Data Protection Manager 2007. Variations may exist. *
Caveats of Protecting Your SharePoint Environment with Microsoft Data Protection Manager 
There are certain caveats that exist when using Microsoft Data Protection Manager within your SharePoint environment that have to be taken into consideration when planning your deployment and disaster recovery strategy. These caveats are very important when considering the impact that they might have on your enterprise environment and disaster recovery.
The Largest Caveat
The largest caveat that exists with a marriage of DPM and SharePoint is support for SQL backups (minus using the backup feature to export and flat file exportation) is not currently supported. This feature is planned to be built in the second half of 2007. 
Hardware Requirements for Microsoft Data Protection Manager
Firstly, you have to look at the actual server itself that you are using as your DPM environment. Running DPM requires using Windows Server 2003 with at the very least SP1 applied, and because you will require two volumes for DPM to function correctly you will need to have two different hardrives.  If you attempt to install DPM on a server with only one harddrive, you will get an exception thrown during the setup dialog. You can optionally add this volume at a later date. The reason that there are two harddrives required is the first will be the OS and relevant DPM program files, and the second will be used for data backups, and nothing else. Putting other program files on the second harddrive could possibly cause the DPM server to crash. Make sure that you also meet over the hardware requirements as well. Allocate at least:
  1. A 2 GHz or faster processor
  2. 2 GB of RAM
  3. 3 times the harddrive space as the estimated protected data
These are over the Microsoft recommendations, however when backing up SharePoint farms it can be a rather resource intensive process and therefore is better to plan over estimations that are more tailored to environments where DPM is mainly used as a file share backup mechanism. As well, SharePoint typically will increase the amount of data stored within its repositories dramatically from initial implementation to full production use by organizational virtual teams, and will only get larger as time progresses and more users adopt to using it. Multiplying your estimates by three is a guess, and the amount of disk space that you use should be on a company by company basis. 
Constantly Changing Data In Exported Backup Files
Remember that similar to SharePoint, Data Protection Manager will keep different revisions of its backups. Content housed within SharePoint is changed extremely frequently, since initial document creation can be housed there through an arbitrary amount of changes with an arbitrary amount parties involved. This can be from a single to a triple digit number depending on the nature of the documentation or object. One must plan accordingly with this in mind. Although DPM will only keep revision of the changes, it still can be a large amount when considering the environment we are tailoring DPM for is SharePoint. 
Ensuring Server Compliance Requirements for Data Protection Manager
Secondly, you have to look at the servers that you have available to assimilate into your DPM environment. Within a SharePoint environment, it is fairly atypical to have any other servers other than Windows Server 2003 running, however with some networks there are often other versions of servers such as Windows Server 2000. If you are using a Windows 2000 machine for your data storage, you should firstly install Service Pack 4. If you have other breeds of servers within your environment such as Unix and Linux, these servers are obviously not supported as data stored for DPM as well, as well, you can’t deploy agents to these servers since they won’t be compatible with the executables.
For Fresh Windows Server 2003 Installations 
Once you have Windows 2003 installed, it will bring up an .hta file which will allow you to configure server roles. Role implementation can also be launched by selecting the manage server roles selection out of the program files menu, or can be manually configured using the add/remove program dialog. You can configure the server with any role you choose besides a domain controller. Since the server will be querying other servers within the environment for disk-to-disk backups, it must be a member of the domain that your SharePoint server and SQL cluster reside on. It is not wise to put other software on this server as well, try to keep it as built down as possible so as not to interfere with other DPM processes.
Say No to Encryption with DPM
With SharePoint, the files that we are mostly concerned with protecting will be the exported SQL backup files and SharePoint file stores. There are some file types that are impossible for DPM to backup however, most notably those that are already encrypted, such as documents encrypted with PGP or other relevant encryption engines. When doing system restores of your SharePoint servers, there are other assets that will not stored within the backup, such as:
  • Paging Files
  • The Recycle Bin
  • Volume Information Folder
With SharePoint, there is typically not an end-to-end encryption solution in place because storing encrypted document within SharePoint repositories will confuse the gatherer and searching since it can’t correctly flag the data within the document. An end-to-end encryption solution for SharePoint that carries the encryption cipher is a piece of software currently being developed at ARB Security Solutions.
With the default package of DPM, there are the possibilities of using three different agents, for three different servers, purchasing more agents is relatively inexpensive if you need to protect more assets within your environment.

What is Disaster Recovery in Relation To SharePoint?

* This article was written in the context of System Center Data Protection Manager 2006 (SCDPM), a technology now considered deprecated with the introduction of System Center Data Protection Manager 2007. Variations may exist. *

What is Disaster Recovery in Relation To SharePoint?
Disaster recovery in relation to SharePoint can mean many things, depending on the organization. Different enterprises use SharePoint for different purposes, ranging from implementing it solely for collaborating and communicating within virtual teams to using it solely for hooks into other server systems such as Team Foundation Server or Project Server. For whatever reason a company uses SharePoint, it is clear that there needs to be policies in place that will facilitate disaster recovery in the event that something may cause massive data loss for your portal. In essence, DR in relation to SharePoint can generally be thought of as processes, mechanisms, and policies that if data loss does occur for whatever reason that disrupts the portal to an irretrievable state it can quickly be returned to operational efficiency with little effort.
Why Should I Be Concerned With Disaster Recovery?
Disaster recovery can be an issue at many levels. Damage could inflict SharePoint file stores, custom development (ASP.NET 2.0 WebParts, SharePoint WebParts, or Framed Applications), design / branding efforts (master pages, manual modifications), and most importantly your stored business data. Without a disaster recovery policy and DR tools, your SharePoint environment can quickly become a central portion of business processes within an enterprise to a useless system leaving a bad taste in user’s mouth bringing SharePoint adoption to a standstill.
What Can I Do To Prepare for Proper Disaster Recovery?
There are several mechanisms that should be implemented in order to prepare for a disaster recovery situation. Some of which deal with implementing a proper disaster recovery policy, others are for implementing various types of software that will help to facilitate bringing your portal backup to speed if there is an event of large data loss.
What Types of Disaster Recovery Software Are Available?
There are several types of disaster recovery software that are based on varying types of software theories. In relation to the actually physical archiving of backup data, the three most popular are:
  1. Disk-to-Tape (DtT)
  2. Disk-to-Disk (DtD)
  3. Disk-to-Disk-to-Tape (DtDtT) 
Three of the most popular types of software are:
  1. RTR (Real Time Replication)
  2. CDP (Continuous Data Protection)
  3. DPM (Data Protection Manager)
How do I Choose the Appropriate Software for Disaster Recovery?
The software that you choose for your disaster recovery policy varies heavily on your organization. Some of the decision factors will be based on company cultural, some on functionality that you desire out of your DR bundles. As an example of cultural decisions, some shops will only implement Microsoft-centric software since it will generally build on and into other server packages and client software (as is the case with the Microsoft Operations Framework, since DPM will tie into Microsoft Operations Manager for management and reporting purposes), and is typically part of their Microsoft enterprise agreement(s). Some organizations are indifferent to the vendor, and are more concerned with varying functionality. When looking at replication or disaster recovery solutions, quick decisions are never the best ones. You have to examine each package in relation to your SharePoint environment, and possibly other systems that might be sheltered by the same solution.
Why is SharePoint a Difficult Product to Implement Disaster Recovery for?
SharePoint as a platform is subject to constant change, users uploading, modifying, and deleting documentation and other relevant portal assets, customizations being made to different site collections, and new portions of the portal being extended and de-extending everyday at every hour. Implementing disaster recovery for an environment that requires such an extent of synchronous backups during such intensive intervals during normal user hours is incredibly difficult. Ensuring that data is constantly intact in such a largely user adopted platform can also be problematic since the platform is almost constantly in use.
Is the Disaster Recovery Process a Task of a SharePoint Administrator, Network Administrator, or Users?
Protecting the assets of the portal is the responsibility of all of the above parties, and doesn’t all solely on the shoulders of just one position or person. The SharePoint administrator is typically most familiar with the status of the database and overall environment, the network administrator knows bandwidth usage and disk allocation within the network, and the users of the portal are typically the most familiar regarding specific assets within arbitrary site collections. The restore process depending on what has been lost can be the responsibility of either of the parties as well, as long as the process as it is tripped is documented, and doesn’t interfere with other SharePoint user activities.
What Does a Disaster Recover Policy Consistent of for SharePoint?
Here is a sample disaster recovery policy for SharePoint. It might have to be tailored to your environment more depending on what your corporate standards are, but will still be a good start. It is free to use with no copyright restrictions.
Is There Specific Disaster Recovery Software Exclusive To SharePoint?
There is no disaster recovery software made explicitly for SharePoint. However, such packages as Data Protection Manager are easily tailored to implement disaster recovery for a SharePoint environment, and can shelter other systems as well.
What Are the Prices of Disaster Recovery Software?
Disaster Recovery software can range from relatively cheap to exceedingly expensive and can depend on certain agreements with certain vendors (such as having enterprise agreements within Microsoft). It depends on what level of functionality you are seeking from the software. With real-time-replication, you can recover data within minutes of a disaster, but is not cost effective for small-to-medium (SMS&P) businesses, whereas DPM will be an hourly solution, but several thousands of dollars less and is relatively inexpensive to extend (buy more agents for) and maintain.

Data Protection Manager Integration With SharePoint Impacts

* This article was written in the context of System Center Data Protection Manager 2006 (SCDPM), a technology now considered deprecated with the introduction of System Center Data Protection Manager 2007. Variations may exist. *

Integrating Data Protection Manager into Your Current Backup Strategy
Microsoft Data Protection Manager does not replace normal backup strategies using tape media for off-site storage backup; this is still a necessary step for appropriate portal data protection. This is for several reasons, however the most clear is that if something does happen at the local data center, such as a natural disaster or corporate espionage, it is still possible to restore normal data operations. It is possible to use disk drives for off-site storage, however they are obviously sensitive to external elements and would be extremely arduous to attach and detach to devices in order to transfer information. Tapes can store similar quantities of data, however are much better mechanisms for the removal and transportation of the media.
Typical Disaster Recovery Specific Hardware
Typically within a legacy backup strategy, data is pulled from a file server that houses manually moved backed up files. Tapes are typically governed by an arm winch (this can also be known by other names), that can automatically pick and relate backups using firmware built on simple selection algorithms to appropriately choose tapes on a defined backup schedule.
Winch and Machine — > | | —–|= |=====| < — Tape Drives
| | |=====|
| | |=====|
An arm winch isn’t a necessity for smaller environments, since they can often be fairly expensive for smaller businesses (unless purchased used), and sometimes the amount of data being backed up doesn’t necessitate the need for winches since it can easily be handled manually be a network administrator or similar employee. Plan your DR hardware accordingly, and don’t overdue it. Minus the cost up front for the arm winch hardware, take into account maintenance of the tapes themselves (from buying new tapes as others become antiquated to buying more as you gain more data and more are retired off-site), to tape deportation and re-importation (a job of the network / SharePoint administrator), to maintaining the actually tape system itself, along with several other actions.
Why DPM Doesn’t Replace Tape Backups
Tape backups are the first step for a proper disaster recovery plan and DPM doesn’t replace a tape backup strategy. Rather, DPM is an intervention of within a DR process, a placeholder between your tape backups to streamline the process and make it easier for an organization to facilitate agile backups of your environment as they occur. DPM integrates into existing disaster recovery processes by providing an extra layer of disaster recovery functionality.
Three Methods of DPM Integration
DPM integrates in a variety of fashions, however the three most typical are:
  • Parallel Program Instantiation (PPI)
  • Virgin Program Adoption (VPA)
  • Interchangeable Program Exchange (IPA)
Parallel Program Instantiation
Parallel Program Instantiation (PPI) is a common method of implementing DR solutions because it allows an eventual merging of a DR solution within an environment without a complete drop of a legacy DR solution. It is similar to upgrading arbitrary line of business applications; typically a staging environment is set for the upgrade before it is applied to an actual production environment. For example, when migrating your SharePoint environment from a 2003 instance to SharePoint 2007 (MOSS, currently in beta as of the writing of this article due for a technical refresh in approximately two weeks) it would be atypical and ill-advised to just run an upgrade against your environment since there are a variety of factors that exist which might impact this type of upgrade. Typically, there should be a staged environment that would allow granular conclusions about an upgrade that will mimic the eventual production environment.
Virgin Program Adoption
Virgin Program Adoption (VPA) is a common method for organizations that are just starting out with a disaster recovery policy, or have a malformed disaster recovery system currently. As the name implies, the current enterprise network is not currently implementing a disaster recovery system, and there is an introduction of disaster recovery practices. This is one of the easiest DPM implementations because there are no expectations involved and there is no necessity of integration with legacy DR implementations.
Interchangeable Program Exchange
Interchangeable Program Exchange (IPE) is a method when the former disaster recovery solution is so malformed that it is considered nearly non-existent, or not only doesn’t offer benefits, but can be considered detrimental to normal business operations. IPE means that there is no staging environment because the mitigation of risks typically involved in PPI aren’t a large concern, and therefore a direct solution replacement will not cause operational interruptions.
As you can see, there are a variety of implementations that are possible depending on your current network configuration and how you wish to approach an implementation of a DR policy. Sometimes, it will require a mixture of two approaches, or for you to define your own process as you see fit towards corporate DR goals.