57
Protecting Client Data with System Center Data Protection Manager (DPM) 2010 Young Kwon SE Service Manager Client Data Service Management Microsoft IT SIM339 Islam Gomaa Microsoft MVP | System Center Data Protection Manager

SIM339. Mobile workforce Different users with different needs Large scale

Embed Size (px)

Citation preview

Protecting Client Data with System CenterData Protection Manager (DPM) 2010

Young KwonSE Service ManagerClient Data Service ManagementMicrosoft IT

SIM339

Islam GomaaMicrosoft MVP | System Center Data Protection Manager

Session Objectives and Takeaways

Session Objectives:Learn how DPM 2010 protects clients and how it differs from server protectionLearn about DPM Client Autodeployment with ConfigMgr and OpsMgrDiscover how MS IT is protecting client data on the Microsoft internal network

DPM 2010 is Enterprise Ready!ECAL customers already have everything they need!

Agenda

Overview of DPM 2010Challenges with Client BackupUsing DPM 2010 for client protection

DEMO: Protecting Client Data with DPM 2010Automatic DPM Client Deployment

Automating client deployment and assignment with ConfigMgr and OpsMgr

MS IT: How Microsoft IT protects client dataThe Future: Client Protection and DPM 2012

Backing up Data on Mobile ComputersThe challenge

Mobile workforce

Different users with different needs

Large scale

Client Backup in Most Organizations

End user

Limited/no IT involvementCumbersome for end users

Policies are difficult to enforce

Copy to servers backed up by IT

Do your own backups

Critical business data on laptops is not backed up

Requirements for Laptop Data Backup

Remove end user effort

Support roaming user backups

Allow customizability for specific users

Enforce admin defined restrictions

Keep IT costs low

How Does DPM Solve This?

Online Snapshots (up to 512)

Disk-based Recovery

Active Directory®

System State

Tape-based Backup

Data Protection Manager

Up to Every 15 minutes

Disaster Recoverywith offsite replication & tape

Data Protection Manager

file services

8:00 AM – 12:00 AM – 6:00 PMProtect “My Documents”Retain Data for – 14 Days

When you want to protect the data?What data you want to protect?How long you want to retain the data?

Backup

Server Admin

8:00 AM – 12:00 AM – 6:00 PMProtect “My Documents”Retain Data for – 14 Days

8:00 AM – 12:00 AM – 6:00 PMProtect ‘My Documents”Retain Data for – 14 Days

8:00 AM – 12:00 AM – 6:00 PMProtect “My Documents”Retain Data for – 14 Days

Backup Policy8:00 AM – 12:00 AM – 6:00 PMProtect “My Documents”Retain Data for – 14 Days

Client Protection/Recovery – Back-up Policy

Backup Policy8:00 AM – 12:00 AM – 6:00 PMProtect “My Documents”Retain Data for – 14 DaysDay

2

Client Protection/RecoveryDisconnected and connected

Day1

Backup at 8:00 AM

Backup at 12:00 Noon

8:00 AMTime to take a backup

12:00 NoonTime to take a backup

While Traveling by PlaneTraveling

At On Site Office Meeting

Back At Corporate Office

Backup Policy8:00 AM – 12:00 AM – 6:00 PMProtect “My Documents”Retain Data for – 14 DaysDay

10Day

7Day

3

8:00 AMTime to take a backup

Restore Yesterday’s

DataRestore Last Month’s Data

Client Protection/RecoveryDisconnected and connected

14 Days Policy

While Traveling on Plane

Client Protection/Recovery

Day1

Day2

Day10

Day1

Backup at 8:00 AM

Traveling At On Site Office Meeting

Back At Corporate Office

Backup at 12:00 AM

Backup at 8:00 AM

Counter Reset After Successful Backup

Backup To DPM

Protecting Clients with DPM 2010

Up to 60% of an organization’s data does not reside on servers in the datacenter!

demo

DPM 2010 scalability

A single DPM 2010 server can protect: *

100 production servers

1000 Windows clients

2000 SQL Server databases

25 Terabyte SharePoint farms with over 1M objects

40 Terabytes of Exchange storage groups & databases

* May vary based on size of each datasource, as well as scaling of DPM server memory, disk and I/O architecture

300

0

DPM 2010 – Roaming Laptops

Best-in-class laptop protection for Windows ClientsSupport for Windows XP, Windows Vista, and W7Backup over VPN or Direct Access

Scale to 3,000 clients per DPM server“Unique user data” only

Not the whole machine, so that the OS is not repeatedly backed up

Integration with local Shadow Copies for Windows Vista and Windows 7Centrally configured from DPM admin UIEnd-User–enabled restore from local copies offline and online, as well as DPM copiesAdmin-enabled restore from DPM copies

Client Backup and Restore

Restore Data from other machines you have permissions to

demo

Intuitive End User Interface

Easy monitoring of backups

Quick access to common information and features

Customizability

End User Restore

End user

DPM server

Restore from DPM

1. Local Restore when not connected

2. Network restore when connected

3. Remote restore for new laptop

Build, then Restore

Local Restore: Even when Offline

Restore to a New Laptop (from DPM)

Traditional Deployment Options

Enterprise DPML – “Application Agent” – per protected server

Unified support of Microsoft applications SQL, Exchange, SharePoint, & Virtualization – and files Protect DPM 2 DPM 4 DR – disaster recoveryBare Metal Recovery

Standard DPML = “File agent” per protected Windows Server

No additional “Open File” or add-on modules

file shares and directories

Client DPML“Desktop agent” XP Pro & Vista & W7

DPM Serverwith integrated Disk & Tape

Also available as a DPM OEM Appliancerunning on Windows Storage Server

DPM Server

Active DirectorySystem State

Pricing guidance posted on microsoft.com/DPM

Client DPML“Desktop agent” XP Pro & Vista & W7

DPM Serverwith integrated Disk & Tape

Also available as a DPM OEM Appliancerunning on Windows Storage Server

DPM Server

Pricing guidance posted on microsoft.com/DPM

Not sold separatelyUse Rights included with ML’s

Inside ECAL

Traditional DPM Agent Deployment

Many Ways to DeployActive DirectorySCCM or SCE – Most scalable optionPushed from DPM – Simplest Option, relationship auto-establishedSysprep – Great for System Replacements

Two binary packages = x86 or x64DPM Pushes the appropriate version

Two Step ProcessInstall the AgentEstablish a relationship to the DPM Server

Connect Agent to DPM Server

Actual PowerShell™ script

Attach-ProductionServer.ps1

$DPM -> DPM Server Name$PS -> Production Server Name$User, $Pwd, $Domain -> Credentials for associating agent with a DPM Server (admin)

Attach-ProductionServer.ps1 –DPMServerName $DPM –PSName $PS –Username $User – Password $Pwd –domain $Domain

Detailed blog entry on disconnected agent install scenarios at: http://blogs.technet.com/DPM

DPM Client Autodeployment

DPM 2010 Client Autodeployment

System Center Automatic Client ProtectionDeploy DPM agent via CfgMgrConnect clients to DPM servers via OpsMgr

Contoso

Active Directory

OU Clients US-west OU Clients US-east OU Clients Europe OU Clients Au Nz

DPM-US1 DPM-US2 DPM-EU1 DPM-AUNZ

Data Protection Manager

Active Directory®

Data Protection Manager Data Protection Manager

System Center Operations Manager

System Center Configuration Manager

1. Windows Clients with DPM Agents pre-installed using CfgMgr or as part of image.

2. List of Clients

3. Associates clients to available DPM servers & Protection Groups

4. Association List CfgMgr Package

5. Client associated with owner DPM server

System Center Unified Deployment of DPM Clients

Automated DPM 2010 Client Protection

Install DPM rollup 1 and 2Install OpsMgr agent on DPM serversDPM servers get discovered in the OpsMgr consoleAdd desired DPM servers to auto deploymentSpecify the desired domains to be considered for auto deploymentSetup the backup policy in the ClientPGSettings.xmlAdd unwanted clients for exclusion from getting auto deployed

Automated DPM 2010 Client Protection

Automated DPM 2010 Client Protection

Automated DPM 2010 Client Protection

Automated DPM 2010 Client Protection

How Microsoft IT is protecting individual business PC data

Young KwonSE Service ManagerClient Data Service ManagementMicrosoft IT

MS IT

How MSIT Protects our Servers

Total Server count that MSIT manages: 4,000

DatacenterClient Servers Migrated or In

Progress

DPM Servers Before

migration

Total DPM Servers after

2010 migration

DPM Servers that have been Consolidated

Redmond Area 2869 88 68 20

Dublin 494 16 8 10

Singapore 256 7 3 4

Japan 135 5 4 1

Other (HA) 199 17 13 4

Grand Totals 3953 133 96 37

DPM 2010 migration completed 3,953

Microsoft $ Spent for Data Backup, Loss and Recovery

37

Deskside dispatch tech cost for data backup & restore request – $370kData Recovery cost spent due to data Loss – $450k

External Hard Drive purchase (MS Market data only) –$580kExternal Hard Drive purchase (Non-MS Market, individual and Admin’s purchase) – $500k

2011 Total Estimated Spending: $2 Million

Reactive

Proactive

Client Data Backup Requirements and Needs at Microsoft

Data Protection

Data Availability

Data Portability

Data Centralization

Microsoft

IT Admin Client

Client PC Data Backup and Management at MicrosoftMany employees have asked “How should I back up my important data?”

Type of Data

Individual Corporate/Business

Data

Team/Group Corporate/Busines

s Sharing Data

Personal Data (pictures, music,

videos, documents)

Recommended Solutions

• IntelliMirror/User State Virtualization

• External Hard Drive with Bitlocker-To-Go

• SharePoint & MySite

• Virtual File Share Storage

• Self-host File Server

• SkyDrive

• Windows Live Mesh

• Windows Home Server

• External Hard Drive• Data Protection Manager (DPM)

DPM Client PC backup, Pros & Cons

Automatic scheduled

backup

Flexible Backup Choices

Easy & Multiple Points in time Restore

BenefitsCompetitivedifferentiation

PROs

Quota Limit, Single PC

backup at a time. Separate

Application

RisksCost

CONs

Pilot Program Timeline Milestones: 5 months pilot period

Completed DPM Client validations Became a MSIT supported PC backup solution

MSIT DPM Client Pilot Program was Completed Successfully!

8/5/2010 12/31/2010

9/1/2010 10/1/2010 11/1/2010 12/1/2010

8/5/2010 - 9/10/2010Timeline 1 Goal: 50, Actual: 83

9/11/2010 - 10/29/2010Timeline 2 Goal: 200, Actual: 304

10/30/2010 - 12/31/2010Timeline 3 Goal: 500, Actual: 812

What did we validate during the MSIT Pilot?

Product Feature: UI, Installation, Configuration, Incremental Backup & Restore

Reliability: Incident rate was 3.2% which is a lot less than shared goal 6%. Transactional NSAT score was 129 which was reflected high client satisfaction

Scalability: 5GB – 10GB quota limit, and One DPM server can host up to 3,000 client machines

Performance: Roaming user PC backup is optimal over WAN, MSITVPN or DirectAccess

Pilot User Experience Survey Results

Very Sat-isfied:48%

Satisfied33%

Dissatis-fied:14%

Very Dissatisfied:4%

NSAT Score: 129

5 GB is enough

10%

10 GB36%

15 GB30%

More than 15

GB24%

User's desired Quota Limit

MSIT Client DPM Offering

MSIT Client DPM Offering

Right-Click

Run As Administrator

MSIT Client DPM Offering

MSIT Client DPM Offering

MSIT Customized DPM Client Agent UI DPM Client System Tray UI DPM Client Protected Items Selection

Datacenter Server Architecture of MSIT Global Deployment

2 Redmond DPM ServersRedmond & North America

1 Sao Paulo DPM ServerSouth America

1 Japan DPM ServerFar East

1 Dublin DPM ServerEMEA

1 Singapore DPM ServerSouth Pacific

1 India DPM ServerIndia

1 Paris DPM ServerFrance

MSIT DPM Client PC Backup Service Projection

DPM Server Capacity Projection

Timeline Redmond Area Users

Worldwide Branch Office

Users

Total User Count by FY12

The Current User Count

FY12 4,000 6,000 10,000 3,000

User Adoption Projection

Timeline Data Center Server Readiness

Virtualized DPM Servers

Storage Capacity

The Current Storage

FY12Redmond &

Regional Data Centers

10 100 TB 50 TB

Related ContentBreakout Sessions/Chalk Talks

SIM213 - Microsoft System Center Data Protection Manager 2010 in the DatacenterSIM341 - A First Look at Microsoft System Center Data Protection Manager 2012

Hands-on LabsSIM360 HOL - Protecting Microsoft SharePoint with Microsoft System Center Data Protection Manager 2010 SIM361 HOL - How to Protect Microsoft SQL Server with Microsoft System Center Data Protection Manager 2010 SIM362 HOL - First Look at Microsoft System Center Data Protection Manager 2012 SIM363 HOL - Technical Introduction to Microsoft System Center Data Protection Manager 2010

Interactive Sessions SIM383 INT - Managing the Datacenter: Ask a Panel of Experts

DPM Resources

Website www.microsoft.com/DPMTechCenter technet.microsoft.com/DPMForums social.technet.microsoft.com/Forums/en-US/category/DPMTeam Blog blogs.technet.com/DPM

Islam’s email [email protected]’s email [email protected]’s email [email protected] DataProtectionBible.com

Related Content

Breakout Sessions (session codes and titles)

Interactive Sessions (session codes and titles)

Hands-on Labs (session codes and titles)

Product Demo Stations (demo station title and location)

Related Certification Exam

Find Me Later At…

Resources

www.microsoft.com/teched

Sessions On-Demand & Community Microsoft Certification & Training Resources

Resources for IT Professionals Resources for Developers

www.microsoft.com/learning

http://microsoft.com/technet http://microsoft.com/msdn

Learning

http://northamerica.msteched.com

Connect. Share. Discuss.

Complete an evaluation on CommNet and enter to win!

© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS

PRESENTATION.