Upload
bertina-melanie-hill
View
213
Download
0
Tags:
Embed Size (px)
Citation preview
Protecting Client Data with System CenterData Protection Manager (DPM) 2010
Young KwonSE Service ManagerClient Data Service ManagementMicrosoft IT
SIM339
Islam GomaaMicrosoft MVP | System Center Data Protection Manager
Session Objectives and Takeaways
Session Objectives:Learn how DPM 2010 protects clients and how it differs from server protectionLearn about DPM Client Autodeployment with ConfigMgr and OpsMgrDiscover how MS IT is protecting client data on the Microsoft internal network
DPM 2010 is Enterprise Ready!ECAL customers already have everything they need!
Agenda
Overview of DPM 2010Challenges with Client BackupUsing DPM 2010 for client protection
DEMO: Protecting Client Data with DPM 2010Automatic DPM Client Deployment
Automating client deployment and assignment with ConfigMgr and OpsMgr
MS IT: How Microsoft IT protects client dataThe Future: Client Protection and DPM 2012
Backing up Data on Mobile ComputersThe challenge
Mobile workforce
Different users with different needs
Large scale
Client Backup in Most Organizations
End user
Limited/no IT involvementCumbersome for end users
Policies are difficult to enforce
Copy to servers backed up by IT
Do your own backups
Critical business data on laptops is not backed up
Requirements for Laptop Data Backup
Remove end user effort
Support roaming user backups
Allow customizability for specific users
Enforce admin defined restrictions
Keep IT costs low
Online Snapshots (up to 512)
Disk-based Recovery
Active Directory®
System State
Tape-based Backup
Data Protection Manager
Up to Every 15 minutes
Disaster Recoverywith offsite replication & tape
Data Protection Manager
file services
8:00 AM – 12:00 AM – 6:00 PMProtect “My Documents”Retain Data for – 14 Days
When you want to protect the data?What data you want to protect?How long you want to retain the data?
Backup
Server Admin
8:00 AM – 12:00 AM – 6:00 PMProtect “My Documents”Retain Data for – 14 Days
8:00 AM – 12:00 AM – 6:00 PMProtect ‘My Documents”Retain Data for – 14 Days
8:00 AM – 12:00 AM – 6:00 PMProtect “My Documents”Retain Data for – 14 Days
Backup Policy8:00 AM – 12:00 AM – 6:00 PMProtect “My Documents”Retain Data for – 14 Days
Client Protection/Recovery – Back-up Policy
Backup Policy8:00 AM – 12:00 AM – 6:00 PMProtect “My Documents”Retain Data for – 14 DaysDay
2
Client Protection/RecoveryDisconnected and connected
Day1
Backup at 8:00 AM
Backup at 12:00 Noon
8:00 AMTime to take a backup
12:00 NoonTime to take a backup
While Traveling by PlaneTraveling
At On Site Office Meeting
Back At Corporate Office
Backup Policy8:00 AM – 12:00 AM – 6:00 PMProtect “My Documents”Retain Data for – 14 DaysDay
10Day
7Day
3
8:00 AMTime to take a backup
Restore Yesterday’s
DataRestore Last Month’s Data
Client Protection/RecoveryDisconnected and connected
14 Days Policy
While Traveling on Plane
Client Protection/Recovery
Day1
Day2
Day10
Day1
Backup at 8:00 AM
Traveling At On Site Office Meeting
Back At Corporate Office
Backup at 12:00 AM
Backup at 8:00 AM
Counter Reset After Successful Backup
Backup To DPM
Protecting Clients with DPM 2010
Up to 60% of an organization’s data does not reside on servers in the datacenter!
demo
DPM 2010 scalability
A single DPM 2010 server can protect: *
100 production servers
1000 Windows clients
2000 SQL Server databases
25 Terabyte SharePoint farms with over 1M objects
40 Terabytes of Exchange storage groups & databases
* May vary based on size of each datasource, as well as scaling of DPM server memory, disk and I/O architecture
300
0
DPM 2010 – Roaming Laptops
Best-in-class laptop protection for Windows ClientsSupport for Windows XP, Windows Vista, and W7Backup over VPN or Direct Access
Scale to 3,000 clients per DPM server“Unique user data” only
Not the whole machine, so that the OS is not repeatedly backed up
Integration with local Shadow Copies for Windows Vista and Windows 7Centrally configured from DPM admin UIEnd-User–enabled restore from local copies offline and online, as well as DPM copiesAdmin-enabled restore from DPM copies
Intuitive End User Interface
Easy monitoring of backups
Quick access to common information and features
End User Restore
End user
DPM server
Restore from DPM
1. Local Restore when not connected
2. Network restore when connected
3. Remote restore for new laptop
Build, then Restore
Enterprise DPML – “Application Agent” – per protected server
Unified support of Microsoft applications SQL, Exchange, SharePoint, & Virtualization – and files Protect DPM 2 DPM 4 DR – disaster recoveryBare Metal Recovery
Standard DPML = “File agent” per protected Windows Server
No additional “Open File” or add-on modules
file shares and directories
Client DPML“Desktop agent” XP Pro & Vista & W7
DPM Serverwith integrated Disk & Tape
Also available as a DPM OEM Appliancerunning on Windows Storage Server
DPM Server
Active DirectorySystem State
Pricing guidance posted on microsoft.com/DPM
Client DPML“Desktop agent” XP Pro & Vista & W7
DPM Serverwith integrated Disk & Tape
Also available as a DPM OEM Appliancerunning on Windows Storage Server
DPM Server
Pricing guidance posted on microsoft.com/DPM
Not sold separatelyUse Rights included with ML’s
Inside ECAL
Traditional DPM Agent Deployment
Many Ways to DeployActive DirectorySCCM or SCE – Most scalable optionPushed from DPM – Simplest Option, relationship auto-establishedSysprep – Great for System Replacements
Two binary packages = x86 or x64DPM Pushes the appropriate version
Two Step ProcessInstall the AgentEstablish a relationship to the DPM Server
Connect Agent to DPM Server
Actual PowerShell™ script
Attach-ProductionServer.ps1
$DPM -> DPM Server Name$PS -> Production Server Name$User, $Pwd, $Domain -> Credentials for associating agent with a DPM Server (admin)
Attach-ProductionServer.ps1 –DPMServerName $DPM –PSName $PS –Username $User – Password $Pwd –domain $Domain
Detailed blog entry on disconnected agent install scenarios at: http://blogs.technet.com/DPM
DPM 2010 Client Autodeployment
System Center Automatic Client ProtectionDeploy DPM agent via CfgMgrConnect clients to DPM servers via OpsMgr
Contoso
Active Directory
OU Clients US-west OU Clients US-east OU Clients Europe OU Clients Au Nz
DPM-US1 DPM-US2 DPM-EU1 DPM-AUNZ
Data Protection Manager
Active Directory®
Data Protection Manager Data Protection Manager
System Center Operations Manager
System Center Configuration Manager
1. Windows Clients with DPM Agents pre-installed using CfgMgr or as part of image.
2. List of Clients
3. Associates clients to available DPM servers & Protection Groups
4. Association List CfgMgr Package
5. Client associated with owner DPM server
System Center Unified Deployment of DPM Clients
Automated DPM 2010 Client Protection
Install DPM rollup 1 and 2Install OpsMgr agent on DPM serversDPM servers get discovered in the OpsMgr consoleAdd desired DPM servers to auto deploymentSpecify the desired domains to be considered for auto deploymentSetup the backup policy in the ClientPGSettings.xmlAdd unwanted clients for exclusion from getting auto deployed
How Microsoft IT is protecting individual business PC data
Young KwonSE Service ManagerClient Data Service ManagementMicrosoft IT
MS IT
How MSIT Protects our Servers
Total Server count that MSIT manages: 4,000
DatacenterClient Servers Migrated or In
Progress
DPM Servers Before
migration
Total DPM Servers after
2010 migration
DPM Servers that have been Consolidated
Redmond Area 2869 88 68 20
Dublin 494 16 8 10
Singapore 256 7 3 4
Japan 135 5 4 1
Other (HA) 199 17 13 4
Grand Totals 3953 133 96 37
DPM 2010 migration completed 3,953
Microsoft $ Spent for Data Backup, Loss and Recovery
37
Deskside dispatch tech cost for data backup & restore request – $370kData Recovery cost spent due to data Loss – $450k
External Hard Drive purchase (MS Market data only) –$580kExternal Hard Drive purchase (Non-MS Market, individual and Admin’s purchase) – $500k
2011 Total Estimated Spending: $2 Million
Reactive
Proactive
Client Data Backup Requirements and Needs at Microsoft
Data Protection
Data Availability
Data Portability
Data Centralization
Microsoft
IT Admin Client
Client PC Data Backup and Management at MicrosoftMany employees have asked “How should I back up my important data?”
Type of Data
Individual Corporate/Business
Data
Team/Group Corporate/Busines
s Sharing Data
Personal Data (pictures, music,
videos, documents)
Recommended Solutions
• IntelliMirror/User State Virtualization
• External Hard Drive with Bitlocker-To-Go
• SharePoint & MySite
• Virtual File Share Storage
• Self-host File Server
• SkyDrive
• Windows Live Mesh
• Windows Home Server
• External Hard Drive• Data Protection Manager (DPM)
DPM Client PC backup, Pros & Cons
Automatic scheduled
backup
Flexible Backup Choices
Easy & Multiple Points in time Restore
BenefitsCompetitivedifferentiation
PROs
Quota Limit, Single PC
backup at a time. Separate
Application
RisksCost
CONs
Pilot Program Timeline Milestones: 5 months pilot period
Completed DPM Client validations Became a MSIT supported PC backup solution
MSIT DPM Client Pilot Program was Completed Successfully!
8/5/2010 12/31/2010
9/1/2010 10/1/2010 11/1/2010 12/1/2010
8/5/2010 - 9/10/2010Timeline 1 Goal: 50, Actual: 83
9/11/2010 - 10/29/2010Timeline 2 Goal: 200, Actual: 304
10/30/2010 - 12/31/2010Timeline 3 Goal: 500, Actual: 812
What did we validate during the MSIT Pilot?
Product Feature: UI, Installation, Configuration, Incremental Backup & Restore
Reliability: Incident rate was 3.2% which is a lot less than shared goal 6%. Transactional NSAT score was 129 which was reflected high client satisfaction
Scalability: 5GB – 10GB quota limit, and One DPM server can host up to 3,000 client machines
Performance: Roaming user PC backup is optimal over WAN, MSITVPN or DirectAccess
Pilot User Experience Survey Results
Very Sat-isfied:48%
Satisfied33%
Dissatis-fied:14%
Very Dissatisfied:4%
NSAT Score: 129
5 GB is enough
10%
10 GB36%
15 GB30%
More than 15
GB24%
User's desired Quota Limit
Datacenter Server Architecture of MSIT Global Deployment
2 Redmond DPM ServersRedmond & North America
1 Sao Paulo DPM ServerSouth America
1 Japan DPM ServerFar East
1 Dublin DPM ServerEMEA
1 Singapore DPM ServerSouth Pacific
1 India DPM ServerIndia
1 Paris DPM ServerFrance
MSIT DPM Client PC Backup Service Projection
DPM Server Capacity Projection
Timeline Redmond Area Users
Worldwide Branch Office
Users
Total User Count by FY12
The Current User Count
FY12 4,000 6,000 10,000 3,000
User Adoption Projection
Timeline Data Center Server Readiness
Virtualized DPM Servers
Storage Capacity
The Current Storage
FY12Redmond &
Regional Data Centers
10 100 TB 50 TB
Related ContentBreakout Sessions/Chalk Talks
SIM213 - Microsoft System Center Data Protection Manager 2010 in the DatacenterSIM341 - A First Look at Microsoft System Center Data Protection Manager 2012
Hands-on LabsSIM360 HOL - Protecting Microsoft SharePoint with Microsoft System Center Data Protection Manager 2010 SIM361 HOL - How to Protect Microsoft SQL Server with Microsoft System Center Data Protection Manager 2010 SIM362 HOL - First Look at Microsoft System Center Data Protection Manager 2012 SIM363 HOL - Technical Introduction to Microsoft System Center Data Protection Manager 2010
Interactive Sessions SIM383 INT - Managing the Datacenter: Ask a Panel of Experts
DPM Resources
Website www.microsoft.com/DPMTechCenter technet.microsoft.com/DPMForums social.technet.microsoft.com/Forums/en-US/category/DPMTeam Blog blogs.technet.com/DPM
Islam’s email [email protected]’s email [email protected]’s email [email protected] DataProtectionBible.com
Related Content
Breakout Sessions (session codes and titles)
Interactive Sessions (session codes and titles)
Hands-on Labs (session codes and titles)
Product Demo Stations (demo station title and location)
Related Certification Exam
Find Me Later At…
Resources
www.microsoft.com/teched
Sessions On-Demand & Community Microsoft Certification & Training Resources
Resources for IT Professionals Resources for Developers
www.microsoft.com/learning
http://microsoft.com/technet http://microsoft.com/msdn
Learning
http://northamerica.msteched.com
Connect. Share. Discuss.
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.