sbuchanan

Blog Dive: SQL Protection with DPM

by

Background for this post

Since version 2006 DPM has been able to protect SQL databases. Often in environments that are using DPM I still see they are using DPM for backup of all workloads but not using it for SQL backups. There are reasons for this such as a lack of understand of how DPM protects SQL or lack of trust in DPM to protect SQL. The goal of this blog post is to lay out why you would want to use DPM to backup SQL, what SQL versions and functionality (such as AlwaysOn) are supported, what happens under the hood when DPM protects SQL and that you can use DPM as your sole solution for protecting SQL. This is an effort to convince those that don’t use DPM for SQL Backups today to start using it or those that don’t trust DPM for SQL backups that it is a great option to consider. This blog post is targeted directly at DBA’s or DPM admins that need to give information about SQL protection to their DBA’s.

One major challenge I had when I set out to write this blog post is that I am not a DBA or a SQL expert. So I don’t have any SQL “street cred” so I needed to fully understand what a SQL DBA would require to ok DPM being the sole backup solution for SQL in an organization.

I have the fortunate opportunity to work with an awesome SQL MVP named Jes Borland at Concurrency. As a part of my research for this blog post I reached out to Jes Borland to have a discussion around SQL protection. One of the important questions I asked her was “What things do you look for in a SQL backup solution?“. Her response was “What I look for in a backup tool: the ability to do all types of SQL Server backups – full, differential, log, copy-only. Ability to take advantage of built-in backup compression.” as well as “As a DBA, my main question is, “How do I restore?“. This was perfect as they are key things I should look out for to make sure DPM can do.

Now that we covered the background let’s look at what DPM can do when it comes to SQL protection.

Why would you want to use DPM to backup SQL?

  • DPM understands SQL and was designed to protect the advanced configurations of SQL.
  • DPM can protect SQL up to every 15 minutes.
  • Reduce potential conflicts between backup tools and schedules of SQL protection.
  • DPM can protect SQL at the instance level or the database level. When protection at the instance level is turned on DPM will detect new databases on that instance and automatically add them to protection.
  • DPM is an affordable option for protecting SQL. It is a good fit for small SQL shops and can scale for large enterprise SQL shops.
  • DPM has self-service recovery of SQL databases using the Self-Service Recovery Tool (SSRT) that can be extended to DBA’s.

What SQL versions and functionality does DPM support?

Versions:

  • 2005
  • 2008
  • 2008 R2
  • 2012
  • 2014

Functionality:

SQL Clustering

When protecting a SQL cluster DPM is cluster aware. DPM is aware of the clusters identity as well as the nodes in the cluster. In a SQL clustering scenario if the SQL Server is changed to a different node, DPM will continue to protect the clustered SQL without any intervention from backup administrators.

SQL Mirroring

If the SQL you are protecting is mirrored DPM is aware of the mirrored databases and will protect the shared data set properly.

SQL Log shipping

In scenarios when SQL log shipping is being used DPM will automatically discover that log shipping is being used and DPM will auto-configure itself to co-exist ensuring proper SQL protection.

SQL AlwaysOn

When protecting SQL AlwaysON DPM will automatically detect Availability Groups and detects when a failover occurs and will continue protection of the database.

What happens under the hood with SQL protection in DPM?

Protection:

When SQL protection is first setup an express full copy of the database is created and this is the initial backup of the database. Express full backups bring over block level changes of the databases themselves. This would be the entire database on the very first backup.

Express full backups leverage a filter technology. This filter technology is what identifies changed blocks instead of needing to read all of the data or use checksums. This filter technology is known as volume shadow services (VSS). Specifically the SQL Server VSS Writer is used during SQL protection. This does two things: DPM backup of SQL will not impact databases and it will only backup changed blocks after the initial backup of the database reducing the storage footprint. Backing up the block level changes also has a significantly lower impact of the protected server during backup.

After the initial backup of the SQL database DPM will perform subsequent express full backups and synchronizations between the express full backups. Synchronizations copy over SQL Transaction logs. A recovery is possible from both an express full and synchronization backups.

DPM can be set to protect SQL databases as often as every 15 minutes so that you can have frequent protection of SQL throughout a day. As a part of the DPM SQL protection recovery points are created for each incremental synchronization and express full backup. DPM can maintain up to 512 shadow copies of a full SQL Server database(s) by storing only the differences at the block level. In a scenario where you have one express full backup per week, stored as one of 512 shadow copy differentials between one week and the next, plus 7 days x 24 hours x 4 (every fifteen minutes), DPM would have over 344,000 recovery points (what you restore from) of SQL.

The following screenshot is an example of SQL protection in DPM. The top half in red shows an example of auto protection of SQL at the instance level while the lower half in blue is an example of individual database protection.

clip_image001

Truncating SQL logs:

DPM does truncate the SQL transaction logs as a part of the backup process. DPM truncates the logs (creates empty space inside the transaction log) after each synchronization.

Note that if the synchronization is set to a long window of time such as 12 hours the transaction log could grow to large for truncating and will need to be shrunk. So general rule is to keep the synchronization’s closer together.

To shrink the SQL transaction logs this needs to be done manually or using a SQL Maintenance job. This could always be done using a Pre-Backup/Post-Backup script.

Now if “Just before a recovery point” is selected in the protection group then the synchronization (incremental backup) will not be scheduled to run. Configuring this way tells DPM that only express full backups should run. Transaction logs will not be truncated by DPM in this scenario.

Recovery:

A good friend of mine System Center MVP Robert Hedblom always says “backup is about the restore”. I subscribe to the same principle in that “restore should always be the focus of any backup solution”. In a disaster recovery situation DPM can be used to restore from a loss of the database down to within 15 minutes of the failure. DPM can recover the database to original instance, a separate instance to a folder, or even copy to a tape. You can see those options reflected in the following screenshot:

clip_image002

When recovering to original SQL instance or a alternate SQL instance you can specify what state you want to leave the database in. Restoring the database in a non-operational state will allow you the ability to restore transaction logs in addition to the database restore.

clip_image003

You also have the option to specify where you want to place the database files (.MDF) and log files (.LDF) during the restore.

clip_image004

The DPM Self-Service Recovery Tool (SSRT) can be deployed on the client computers of the DBA/s. When recovering a database using the SSRT the experience is much like it is when recovering directly from DPM. When the New Recovery Job button is clicked a Recovery Wizard window will open with the same options as recovering directly from DPM. A screenshot of the SSRT shown below displays the UI with a restore job that has completed.

clip_image005

Details of a recovery job in the SSRT are shown in the following screenshot.

clip_image006

Hopefully this article has shed some light on SQL protection with DPM and will help you consider using DPM to protect your SQL instances/databases. For further information on SQL protection with DPM visit the following links on TechNet:

Read more

Service Manager SCCM Remote Control Management Pack

by

Configuration Manager has a Remote Control tool. This tool is often used by service desks to conduct remote support sessions with end users. More information about this tool can be found here: https://technet.microsoft.com/en-us/library/Gg682062.aspx

A common ask in any Service Manager deployment is to use this tool within Service Manager from Incidents. For some time there have been many blogs out there with the steps on how to setup this integration. A quick search on your favorite search engine will bring back many results. The steps to set this up are relatively easy to do however they can be prone to errors.

I recently collaborated with fellow System Center expert Sam Erskine (www.itprocessed.com) to package this in a management pack as an effort to reduce the steps needed to set this up. I use it myself on Service Manager projects and it saves me time. I can import a management pack on a new SCSM deployment and then it is ready to be used. If you are using User Affinity in SCCM and the SCCM connector in Service Manager users primary device will automatically be assigned. This relationship flows over to Service Manager through the SCCM connector. When you click on the SCCM Remote Control Task it will attempt to connect to the primary device. Here is what it looks like:

clip_image001

Download the solution here: https://gallery.technet.microsoft.com/Service-Manager-SCCM-0ee48590

Read more

Agent Pending Management Ghost

by

One of my clients recently had an issue with SCOM 2012 R2 latest UR. They were trying to install the SCOM agent on a server. It did not work through the console they would receive the following warning:

One or more computer you are trying to manage are already in the process of being managed. Please resolve these issues via the Pending Management view in Administration, prior to attempting to manage them again.”

clip_image001

The server was not displaying under SCOM Console>>Administration>>Pending Management. They installed the SCOM agent manually but it still did not show in SCOM Console>>Administration>>Pending Management. I jumped into PowerShell and ran the following:

Get-SCOMPendingManagement | ft AgentName,AgentPendingActionType

Output:

clip_image002

NOTE: You can also run this query “select * from agentpendingaction” against the OperationsManager database to see a list of agents in a pending state.

I ran

Get-SCOMPendingManagement | where {$_.AgentName -Like “SERVERNAME.SERVERDOMAIN.com”} | Deny-SCOMPendingManagement

It gave this error:

clip_image003

I then ran:

Get-SCOMPendingManagement | where {$_.AgentPendingActionType -eq “ManualApproval”} | Deny-SCOMPendingManagement

This gave the same error. I then ran Get-SCOMPendingManagement | where {$_.AgentName -Like “SERVERNAME.SERVERDOMAIN.com”} and this worked fine. So PowerShell was not helping me here except for showing me some servers are in the pending state even though they do not show in the console.

To resolve this issue I was able to fix this by removing the stuck agents in SQL. To do this I ran the following stored procedure (blog on this here) against the OperationsManager database:

exec p_AgentPendingActionDeleteByAgentName ‘SERVERNAME.SERVERDOMAIN.com’

After that I ran

Get-SCOMPendingManagement | ft AgentName,AgentPendingActionType in PowerShell again and the server was no longer listed.

I then went back to SCOM Console>>Administration>>Pending Management and now the server shows as pending. I clicked Approve and the SCOM agent was fine after that.

clip_image004

Read more

Update: SCSM Discovery Report v1.3

by

I have made some more updates to the SCSM Discovery Report script. It is now version 1.3. The updates include:

First: Updated the SCSM Version Checker code to version 2. Microsoft MVP Steve Beaumont worked with Samuel Erskine to optimize the PowerShell in the SCSM version checker. This optimization is now a part of the SCSM Discovery Report script. This also detects up to UR7 now.

clip_image001.png

 

Second: Fixed Service Manager Management Group Name section not displaying the name.

clip_image002.png

Third: Updated the Display Data Warehouse Information section to use UR7’s Get-SCDWInfraLocation CMDlet.

clip_image003.png

The script can be downloaded here: https://gallery.technet.microsoft.com/Service-Manager-Discovery-a25c7d80

Read more

System Center 2012 R2 UR7 Highlights

by

Its been a while since I have posted a new blog. I have been busy working on multiple System Center projects and other behind the scene activities. Today update rollup 7 for System Center 2012 R2 was released and this is definitely worth a post. This UR includes DPM, SCSM, SPF, VMM, , SCORCH, Azure Pack, but not Operations Manager. UR7 for Operations Manager will be coming within a few weeks. More info here.  It is interesting that SCOM is not in this UR and we actually see SCORCH included. Here are some highlights from UR7:

For Orchestrator The Monitor SNMP Trap activity has an issue fixed and there is a fix for Stop Job and Stop Runbook. The SCORCH UR also includes some fixes for SMA.

For Service Manager we see a bunch of fixes. Some fixes I want to call out are MPSync Data Warehouse job stop responding and the Get-SCDWInfraLocations cmdlet introduced in update rollup 5 have been fixed. Great work from the Service Manager team. Keep it up.

Beyond just fixes we see new features in two of the System Center components VMM and DPM. As always its exciting to see new features added via UR’s.

In VMM we see support for Windows 10, the ability to provision and customize Debian 8 Linux as a Guest Operating System, support for VMWare vCenter 5.5, the ability to have Multiple External IP Addresses per Virtual Network, the ability to re-associate orphaned virtual machines to their service or VM role, and support for VMM DHCP Extension PXE/TFP Forwarding. There also is a ton of great fixes for issues in VMM. This is great work from the team and should make VMM more stable.

In DPM we see support for Windows 10 client protection, and a really cool feature being the ability to use alternate DPM servers to recover backups from Azure Backup vault. These means if you sent your backup data to Azure from one DPM server and it croaks you can connect a different DPM server to your Azure Backup subscription and recover data from Azure! I have a feeling we will continue to see greater collaboration between on premise backup/DR (DPM) and cloud backup/DR Azure Backup in the future.

To access update rollup 7 visit this link: https://support.microsoft.com/en-us/kb/3069110

Read more

Script: Export Unsealed Service Manager Management Packs

by

Customizations to Service Manager are stored in unsealed management packs. These should be backed up. These can be exported from Service Manager and stored in a safe location. The process to export unsealed management packs from the Service Manager console is manual and each have to be exported one by one. A better way to do this is to use a script to export all un-sealed management packs.

There are several scripts out there that can do this but most are for older versions of SCSM. I have recently updated one of these scripts. It was created by Microsoft MVP and one of the top Service Manager experts Anders Asp. Here is his blog with the original script: http://www.scsm.se/?p=227

I have updated the script to work with the latest SCSM PowerShell CMDlets and have tested it with SCSM 2012 R2 UR7.

The script is named: ExportUnsealedSCSMMPs.ps1

You can download the script locally on a Management Server

Edit the script and change “C:\Unsealed SCSM MPs\” to a directory on your server. Be sure to leave the “\” at the end.

Run the script from an elevated PowerShell window on a Management Server by typing

.\ExportUnsealedSCSMMPs.ps1

You should see the following output:

clip_image001

The unsealed MP’s will be loaded in a folder with the current date as seen in the following screenshot:

clip_image002

Note: Old folders will need to be manually cleaned up. You can also schedule this using Task Scheduler.

This script can be downloaded here:

https://gallery.technet.microsoft.com/Export-Unsealed-Service-43602dd4

Read more

SCRIPT: Schedule Maintenance Mode SCOM 2012 R2

by

I know scheduled maintenance mode functionality is coming to SCOM 2016 as shown here. However I have clients that are still on SCOM 2012 R2 that need to schedule maintenance mode in SCOM right now. There are options out there for this already the best solution is a tool called SCOM 2012 Maintenance Mode Scheduler . It has a small fee but is well worth it. Sometimes I have clients that would prefer to run a script vs. pay the fee for a tool especially when this is coming to SCOM 2016.

There are a bunch of scripts out there for this but most are old and or don’t work. I have been using my own script to do this for a while. I recently updated it and have decided to share it. I run this script from Windows task scheduler. It could also just as easily be scheduled to run from Orchestrator, SMA or Azure Automation. I will put the download link at the end of this blog post. This script will put a SCOM group in maintenance mode. It also sets the duration in minutes but can easily be changed to hours.

Here is the PowerShell script:

Read more

4th time System Center MVP

by

This morning I received an email from Microsoft that I am awarded System Center Cloud and Datacenter Management MVP for the 4th year. Here is the email I received: The System Center Cloud and Datacenter Management MVP’s are a great lively bunch of folks. It is an honor to still be a part of this … Read more

Operations Management Suite in SCSM Console

by

Today I was playing around with Service Manager and decided to add a view for Operations Management Suite in the Service Manager Console. I have placed it in a management pack for use in other Service Manager environments. I have uploaded the management pack to TechNet Gallery. Once you load the management pack an Operations Management Suite folder will show up within Work Items.

image

NOTE: The first time you open Operations Management Suite inside of Service Manager you will see compatibility mode warning just click on continue.

clip_image001

Here are some screenshots:

clip_image002

clip_image003

clip_image004

Download the management pack here:

https://gallery.technet.microsoft.com/Operations-Management-10f68429

Read more

Cant change SCOM agents Primary Management SVR in SCOM Console

by

Problem:

When in SCOM you go to change the primary management server on a SCOM agent but you cannot. It is grayed out.

clip_image001

More details about this issue referenced on the following links:

https://social.technet.microsoft.com/Forums/systemcenter/en-US/c5214222-0cc3-4da5-a40e-64cbeff91573/r2-cannot-change-primary-management-server?forum=operationsmanagergeneral

http://www.systemcentercentral.com/forums-archive/topic/moving-agents-from-one-gateway-server-to-another/

I built a quick script to help with this. It can be used in any SCOM environment. Details are as follows:

Script:

MoveAgentSCOMMgmtServer.ps1

Description:

This script can be used to move agents from one management server or gateway server to another.

There is a common issue “Cannot change SCOM agents Primary Management via the GUI (SCOM Console)”. This script can be used to help with this issue.

This script should be run in an administrative PowerShell console on a SCOM management server. You can run this script using: powershell.exe -executionpolicy unrestricted -command .\MoveAgentSCOMMgmtServer.ps1

How to run:

Step 1: Copy the MoveAgentSCOMMgmtServer.ps1 script to a SCOM management server.

Step 2: Open an elevated PowerShell and navigate to the script. For example: CD “C:\SCOM Scripts”

Step 3: Run powershell.exe -executionpolicy unrestricted -command .\MoveAgentSCOMMgmtServer.ps1

You will be prompted to enter the name of the management server you want the SCOM Agents set to. You need to enter in the servers full FQDN. This can be a management server or a gateway server.

clip_image002

Step 4: A window will pop up with a list of your SCOM Agents. Select the SCOM Agents you want to change the primary management server for. Click the OK button.

clip_image003

Step 5: Once the SCOM Agents are set you should see a similar output.

clip_image004

Download from TechNet Gallery:

https://gallery.technet.microsoft.com/Move-Agent-SCOM-Primary-9927d7a3

Read more