4th book published (Service Manager 2016)

On March 2nd I became a 4 time author. With several talented co-authors we published the Microsoft System Center 2016 Service Manager Cookbook. It was great to work with the co-authors and I would like to thank each of them for their hard work. The co-authors are:

 

  • Microsoft MVP Anders Asp
  • Microsoft MVP Andreas Baumgarten
  • Microsoft MVP Steve Beaumont
  • Service Manager/System Center expert Dieter Gasser

It was an honor to work with them. Also a shout out to Microsoft MVP Sam Erskine for writing up the foreword and helping with the technical review. Last I want to thank Rafael Delgado who also was a technical review on the book. This book is an update to the Microsoft System Center 2012 Service Manager Cookbook. In this new book you will read the new updated recipes for 2016, how to upgrade from 2012 R2 to 2016 and about the new HTML 5 portal.

Official book description:

System Center Service Manager (SCSM) is an integrated platform that offers a simplified data center management experience by implementing best practices such as Incident Management, Service Request, and Change control to achieve efficient service delivery across your organization.

This book provides you with real-world recipes that can be used immediately and will show you how to configure and administer SCSM 2016. You’ll also find out how to solve particular problems and scenarios to take this tool further. You’ll start with recipes on implementing ITSM frameworks and processes and configuring Service Level Agreements (SLAs). Then, you’ll work through deploying and configuring the HTML5 Self-Service Portal, configuring Incident and Problem Management, and designing and configuring change and release management. You’ll also learn about security roles and overall Microsoft SCSM 2016 administration.

Toward the end of the book, we’ll look at advanced topics, such as presenting the wealth of information stored within the Service Manager Data Warehouse, standardizing SCSM deployments, and implementing automation.

What you will learn:

  • See a practical implementation of the ITSM framework and processes based on ITIL
  • Deploy and configure the new Service Manager HTML5 Self-Service Portal along with Service Catalog design and configuration
  • Get to know about Incident, Problem, and Change Management processes and configuration
  • Get to grips with performing advanced personalization in Service Manager
  • Discover how to set up and use automation with and within Service Manager 2016
  • Work with Service Manager Data Warehouse
  • Find out what Security Roles are and how to implement them
  • Learn how to upgrade from SCSM 2012 R2 to SCSM 2016

The book can be ordered here:

https://www.amazon.com/dp/B01N5FL2SK

I also want to call out this is the 4th book that I have authored or co-authored. Here is a shot of all 4.

I have also been fortunate to be a technical reviewer on 5 other books. Here is a shot of them.

These books have all been on System Center products. I am stepping into a new era. Be on the lookout for more of a focus on cloud based solutions and know there is exciting stuff coming in the near future!

Read more

Backup Strategy should include Security

Planning for protection as a part of an IT Service Continuity plan often takes into consideration backup of applications and data as well as restore. But what about security?

When planning for protection of applications and data in your environment security should right up there in the forefront. “Backup Security” should be a key part of the plan.

Security in the context of backup can be thought of #1 as securing the backups, and #2 backups being used as an added measure for security breach mitigation. Let me break this down further.

In regards to securing backups you want to do things like encrypt backup data as it travels offsite, encrypting backup data at rest, being able to protect encrypted data, requiring security pins or further authentication of admins and more.

In regards to backup as an added measure for security backup becomes a direct part of Security planning in organizations. Sometimes when security measures fail backups are the only thing that can save you as a last resort. Backups are commonly becoming a way to recover from ransomware attacks as an alternative to paying the hackers. Here is a real world example.

Recently an unnamed hosting providers entire data center became hostage to a ransomware attack. This hacker got in due to a mistake of one of the system admins (more on how to protect at this level later) and basically had full domain admin rights to everything. Keep in mind majority of the servers in this scenario are for customers.

In this case the hosting provider had two choices. Option #1 go to the dark web via a tor network and pay a ton of money in bitcoin for the decryption key. Option #2 Restore everything from offsite backups and pray.

This hosting provider went for option #2 and thank goodness it worked. In this case if it weren’t for a solid offsite backup solution this hosting provider would have been up a creek without a paddle.

It is becoming more common that ransomeware will actually target backups because these are a high target and hackers understand this is a last resort for companies to save themselves. If the backups are deleted there is no other choice but to pay the ransom. This raises the security level of the backups. Administrative actions on backups need an extra layer of security.

Microsoft Business Continuity products help with not only protection but also security. These products consist of System Centers Data Protection Manager (DPM) and Operations Management Suites Azure Backup (AB) and Azure Site Recovery (ASR). In this post I am only going to touch on DPM and AB.

Some exciting things have been happening with Azure Backup and Data Protection Manager to ensure security is front and center as a part of your enterprise backup solution. Microsoft’s goal with the backup security is to provide prevention, alerting, and recovery.

More about this including a video can be found here:
https://azure.microsoft.com/en-us/blog/azure-backup-security-feature

Just yesterday DPM update rollup 12 for 2012 and update rollup 2 for 2016 was announced. Along with UR2 comes some enhanced security features for DPM. These will be called out later in this blog post. Microsoft has rolled out some great security features to both across hybrid clouds. I will go ahead and break these down.

– Azure Backup –

Encrypted backup data at rest
Described in DPM section.

Security PIN
With Azure Backup you can require a security pin for sensitive operations such as removing protection, deleting data, or changing other settings in Azure Backup itself such as changing a Passphrase.

Azure Backup also has some other security measures in place like a minimum retention range to ensure a certain amount of backup data is always available and notifications upon critical operations to subscription admins or others as specified.

NOTE: These security features are now also available in DPM with the UR’s (UR 12 for 2012 and UR2 for 2016) announced yesterday. When an administrator changes the passphrase, or delete backup data, you need to enter the PIN if you have Enhanced Security Enabled. Also, there is a minimum retention range of 14 days for cloud protected data that is deleted.

MFA
MFA is Multi-Factor Authentication. Microsoft has MFA available as a part of Azure Active Directory. Within Azure Backup you can configure it to require MFA of admins when performing critical operations. By enabling MFA you would then ensure via authentication from a second device usually physical to the user that they are who they say they are.

NOTE: When you enable security settings they cannot be disabled.

Ransomware attacks
Described in DPM section.

– Data Protection Manager –

Backup data encrypted during offsite transfer
When data is sent from DPM to Azure Backup it is encrypted before it even leaves your four walls. Data is encrypted on the on-premises server/client/SCDPM machine using AES256 and the data is sent over a secure HTTPS link.

Encrypted backup data at rest
Once backup data is on Azure it is encrypted at rest. Microsoft does not decrypt the backup data at any point. The customer is the only one with the encryption key that can decrypt the backup data. If this key is lost not even Microsoft can decrypt your backup data. This is very secure.

Protection and recovery of encrypted computers
The release of Hyper-V on Windows Server 2016 included a new feature known as Shielded virtual machines (VM’s). This feature essentially utilizes Virtual Trusted Platform Module (vTPM) technology and BitLocker to encrypt a VM to encrypt virtual machines at the virtual layer. This means if a VM is physically copied off a Hyper-V host whoever has the VM will not be able to get to the data on the virtual hard drive.

With the release of DPM 2016 it supports protecting Shielded VM’s. DPM can protect Shielded VM’s regardless if they are VHD or VHDX. This is great news because as a secure organization you should want to encrypt your virtual machines and DPM can protect them. This gives you an added layer of security on top of having backups.

Ransomware attacks
In today’s world ransomware attacks are a common thing. These type of attacks are targeted at small, medium, and large enterprise businesses. No company is too small or too big to be put in the crosshairs of ransomware attacks. A well-known attack is Cryptolocker.

As mentioned before in this blog post backups are an alternative to paying the ransom of a ransomware attack. They key here is to ensure you have a solid offsite backup in place such as Azure Backup. Having that offsite backup will ensure you can get your data back even if the ransomware attack get ahold of your onsite backup data.

I even go as far as to recommend sticking to the 3-2-1 rule (3 copies of backup data 2 offsite and 1 onsite). This way if something happens to one of your offsite copies of data you have another one. It may seem overkill to have 2 offsite copies but you would be surprised how often offsite backup data is accidently destroyed.

So there you have it. Security is a critical part of any backup solution. It is clear that Microsoft realizes this based on the security enhancements they have made to both Azure Backup and Data Protection Manager 2016. Their goal is to ensure both backup solutions are enterprise ready. I have been working with DPM for years and Azure Backup as soon as it came out. I know the team behind these products have a lot of new features and functionality planned for the future of these products and I am looking forward to it.

Read more

VMware VM Backup in DPM Setup

Today Microsoft released the availability to protect VMware virtual machines with System Center Data Protection Manager (DPM). This is a feature the community has been asking to get for a long time. Again the DPM team continues to deliver! Again the team has brought this new functionality to existing customers via an update rollup. You do not have to wait for a new version of DPM to start protecting VMware. This functionality is enabled in DPM 2012 R2 through update rollup 11. Download DPM 2012 R2 UR 11 from this link:

http://catalog.update.microsoft.com/v7/site/search.aspx?q=3162908

For DPM 2016 this funcionalty will come out of the box.

Now lets look at the install, setup, and recovery of VMware VM’s.

INSTALL THE UPDATE:

VMwareinDPM (17)

VMwareinDPM (1)

VMwareinDPM (2)

ADD VMWARE CREDENTIALS:

VMwareinDPM (3)

NOTE: This is an agentless backup. DPM does not install and agent here. It only connects to the VMWare host.

 

ADD VMWARE SERVER TO DPM:

VMwareinDPM (4)

VMwareinDPM (5) VMwareinDPM (6)

My VMWare server did not have a proper certificate. I had to add the following reg key:

DisableSecureAuthentication.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\VMWare]
“IgnoreCertificateValidation”=dword:00000001

It worked after that.

 

PROTECTING VMS:

VMwareinDPM (8) VMwareinDPM (9)

You can add a single VM as shown in the following screenshot.

VMwareinDPM (10)

Or set the protection to Auto.

VMwareinDPM (11)

If set to auto VM’s that are added to this host will automatically be protected.

There was no downtime during the protection of the VMWare VMs.

VMwareinDPM (12)

 

RECOVERING VMS:

You can see we can recover VM’s just like we can with Hyper-V.  You need to click on the VM folder to make the Recover option show.

VMwareinDPM (13)

If you click on a VM you will see the .vmdk files and can recover them.

VMwareinDPM (14)

The rest of the recovery process is the same as recovering a VM in Hyper-V.

VMwareinDPM (15) VMwareinDPM (16)

That concludes this post! Enjoy your ability to protect VMware with DPM.

Read more

Presenting at MMS 2016 – Azure Stack, Backup, & OMS

It’s almost time for MMS 2016. By the end of Friday 4-22-16 MMS registration will be closed as the event has sold out! This year I have the opportunity to present twice and help facilitate one of the pre-con sessions. Here is a breakdown of my sessions.

Session #1: My first session is on Azure Stack the new Hybrid solution from Microsoft! This session will include me and Daniel Savage an Azure Stack program manager from Microsoft! You never know what new never heard before stuff you might learn about in this session. I recommend you sign up. Here is the title, description, and link for this session:

TITLE: – Future-proof your Career with Azure Stack in the New Hybrid Cloud World! –

DESCRIPTION: “Write once, deploy anywhere”, “extension of Azure”, “cloud agility”, “Cloud in your data center” What do all these buzz words mean to you and your career? How does Azure Stack Microsoft’s Hybrid solution apply to you as an IT Pro? Does Hybrid Cloud really have a place in the enterprise?

Come to this session and let Azure Stack Program Manager Daniel Savage and MVP Steve Buchanan unpack it for you.

SPEAKER BIOS:

Future-proof your Career with AzureStack

LINK: http://sched.co/6Xjn

Session #2: In my second session I will be presenting with my good friend and fellow MVP Robert Hedblom. He is making the trip all the way across the pond from Sweden for this event. Our goal for this session is to save jobs! hahaha…. You don’t want to miss this session as we take you through the steps of designing your backup and restore strategies. Here is the title, description, and link.

TITLE: – Be a Hero or be Fired. Backup and Restore Strategy –

DESCRIPTION: Did you skip planning the backup strategy? If a disaster occurred could you restore or would you get fired?

Come see System Center MVP’s Steve Buchanan and Robert Hedblom walk you through building a bullet proof backup and restore strategy of your business services. These strategies can be used with Microsoft business continuity tools. Learn how to be a restore hero in the event of a disaster and keep your JOB!

SPEAKER BIOS:

Be a Hero or be Fired. Backup and Restor

LINK: http://sched.co/68×3

Session #3: The third session is actually a 4 hour pre-con session about Operations Management Suite (OMS). This is a session you don’t want to miss. This session will be jam packed with MVP and Microsoft rock-stars! It will be jam packed with deep knowledge and again you never know what new never heard before stuff you might learn about in here. In this session you will have direct access to the Microsoft product team that is behind OMS. I am honored to be a part of this session. I have the opportunity to help facilitate it. Here is the title, description, speaker bio’s and link for this session.

TITLE: OMS from “What is this?” to “Wow, it can do that?!” –

DESCRIPTION: This is a pre-con session where emcee’s Steve Buchanan and Cameron Fuller will facilitate a four hour session designed to explain what OMS is and what it can do for your organization.

In the first hour Bob Cornelissen (SCOMBob) and Cameron Fuller will provide an introduction to what OMS is and what benefits it can provide your organization.

In the second 1.5 hour session, join the Microsoft product team members as they dig in deep on IT automation within OMS.

In the final 1.5 hour session, join the Microsoft product team members as they dig in deep on Log Analytics & Security / Compliance.  

SPEAKER BIOS:

OMS Pre-con

LINK: http://sched.co/6MtU

See you at MMS 2016!

MMS

http://mmsmoa.com

Read more

Service Manager vs. ServiceNow

I am often asked how does Service Manager compare to ServiceNow. I don’t have a solid canned response for this. I often respond that you really have to compare System Center to ServiceNow because you get the entire suite when you buy System Center not just Service Manager. Also it would be a bad decision to not consider using the other components such as Operations Manager, Orchestrator, and Configuration Manager given the tight out of the box integration with Service Manager and these components.

With ServiceNow you get an ITSM solution but have to pay additional monthly fee’s when you want to add on other functionality such as automation, event management (monitoring), CMDB, or asset management. With System Center you get all of this for the price of System Center and you simply have to turn and configure the additional functionality you want. One more point is that many organizations own and utilize Configuration Manager and or Operations Manager and will often already own the licensing they need to deploy Service Manager.

On December 9th 2015 System Center MVP’s Chris Ross and Pete Zerger held an awesome webinar on System Center + Cireson vs ServiceNow. This was a must see webinar. It covered the often asked about topic of “Service Manager vs ServiceNow“.

These guys did a great job covering the topic. One of the most important areas they covered was Real-world Total Cost of Ownership (TCO) Comparison. TCO is one of the top data points that matter to businesses when they are considering a new ITSM solution.

In this blog post I am going to look at some of the key topics that stuck out to me from the webinar in regards to Service Manager vs ServiceNow. Keep in mind that these comparisons also include Cireson’s software.

One of the setbacks for some organizations on going with Service Manager is that they believe there is no cloud option for it. That is wrong Service Manager can be deployed in Azure cloud. Also there are a couple of companies that have a SaaS offering for Service Manager. The following graphic looks at the different types of Service Manager deployments and their options.

clip_image001

This first chart looks the numbers of the TCO of Service Manager vs ServiceNow if you don’t already own the System Center ECAL licensing.

clip_image002

You will notice that over a 5 year period System Center including Cireson and Azure is lower TCO over ServiceNow. Wow. If this did not include Cireson or Azure the TCO of System Center would be even lower compared to ServiceNow.

This next chart looks at the TCO of System Center vs ServiceNow if your organization already owns the ECAL licenses or has an Enterprise Agreement (EA) with Microsoft.

clip_image003

This has even deeper savings compared to the first chart. Now remember this includes Cireson software and having Service Manager deployed in Azure.

This chart looks at the TCO of System Center vs ServiceNow with System Center being deployed on-premises.

clip_image004

Again the TCO savings with System Center goes even lower. This chart still includes Cireson with System Center. This does not include the cost of the data center fabric storage, VM’s etc… which would typically already be in place before deploying System Center.

The following table compares feature sets of System Center and ServiceNow.

clip_image005

Notice ServiceNow does offer features such as automation and system management but they come at an additional monthly cost. One more item to point out from this slide is that System Center offers functionality that ServiceNow does not such as enterprise and cloud backup through Data Protection Manager and Virtualization and Private cloud Management through Virtual Machine Manager and Azure Pack. ServiceNow does offer Event Management it requires an additional purchase and plugin install.

So I pulled out information from the webinar that stuck out to me. There is much more information in the webinar and context behind each of the charts I included in this blog post. I recommend you watch the full webinar. You can watch the entire webinar right here:

System Center + Cireson versus ServiceNow: A Head-to-Head Comparison from Team Cireson on Vimeo.

NOTE: Below is a link to another blog that covers Service Manager vs ServiceNow.

http://blog.navantis.com/reduce-it-spend-and-increase-performance-choosing-the-right-it-service-desk-tool/

Read more

2015 MVP Summit and MMS 2015

The past two weeks have been full of tech awesomeness. The first week was the 2015 MVP Summit and the second week was MMS 2015. I will recap both of these in this post. Well for the MVP Summit I can’t actually say anything about it but I can post a couple of cool pictures from it. 🙂 Here are some pics from the Summit.

With PowerShell MVP Trevor Sullivan and my roommate/friend CDM MVP Jakob Svendsen during breakfast.

With the man! Mr. OMS/System Center Jeremy Winter.

Good discussion with a bunch of smart guys. CDM MVP Stanislav Zhelyazkov (Stan the man), CDM MVP legend Cameron Fuller, and CDM MVP Jedi Dieter Wijckmans.

Read more

2 Sessions at MMS 2015

I am late posting this but better late than not at all. Next week I will be presenting at MMS 2015 on November 9th and 11th. In this post I will break down what each session is about. This is the second year of the community powered MMS event. The Midwest Management Summit is a 3-day conference purposely capped to just 500 attendees so that nobody gets lost in the crowd. Almost 60 Microsoft MVP’s will be presenting on System Center, cloud, PowerShell topics and more.

Areas the speakers will be presenting on are Operations Management Suite (OMS), Enterprise Mobility Suite (EMS), Operations Manager, Configuration Manager, Orchestrator, Service Management Automation, Azure Automation, Service Manager, Data Protection Manager, Azure Backup, Azure Pack, Azure Stack, Hyper-V, Nano server, PowerShell, Desired State Configuration and more. I am lucky to be co-presenting with two awesome System Center experts Natascia Heil @NatasciaHeil and Chiyo Odika @mrchiyo. The first session I will be presenting is:

-Real world automation with Service Manager and Azure Automation-

Here is what to expect from this session:

Automation is not only requesting and building virtual machines through Service Manager and Orchestrator. Automation can do much more and Service Manager can be combined with Microsoft’s other automation tools such as SMA, Azure Automation, and DSC. This session will teach you how to identify areas of automation in your company. It will cover automation fits in the ITIL story. It will also show some real life automation examples utilizing Microsoft newest automation tool (Azure Automation) and Service Manager.

We have two demo’s planned for this session. The first demo will show how to use Service Manager and Azure Automation. The second demo will show automating patch management using SCCM, Orchestrator, and Service Manager’s change management.

clip_image001

Link to this session:

http://mms2015.sched.org/event/bc3ffcd6aaaaef9a5e765493a0e6527f?iframe=no#.VjsTBeJcxps

The second session I will be presenting is:

-OMS Strategies and Notes from the Field-

Here is what to expect from this session:

OMS is a comprehensive web-based cloud IT Management solution with monitoring, automation and other features and solutions that will provide you with greater control and new capabilities across your hybrid cloud.

In this session, you will learn about strategies for getting the most out of OMS, best-practices, and learn from our extensive experiences in the field, deploying, configuring, and troubleshooting OMS.

clip_image002

Link to this session:

http://mms2015.sched.org/event/a4fb2e8bd31e7cab0de55695f9ec48a1#.VjsTCOJcxps

For more information on MMS 2015 and a full list of speakers and sessions visit:

http://mmsmoa.com/

Read more

Early Look: Service Manager HTML 5 Portal

***UPDATE 11-10-2015****

****UPDATE END****

Today the Microsoft Service Manager team announced that Service Manager’s UR8 will include the new HTML 5 self-service portal. Here is the link to that blog post: http://blogs.technet.com/b/servicemanager/archive/2015/10/21/ur8-release-date.aspx

This is very exciting news as we know a new improved portal for Service Manager has been highly requested for a long time. In this blog post I will give a quick tour of the new portal that is coming. Here is what you see when you first login with some descriptions of the different areas:

clip_image001[4]

Menu

You will find the fly out menu on the left side of the portal. On the top half are the navigation menu with contact info on the lower half.

clip_image002[4]

Announcements

The Service Manager team has brought announcements back to the portal.

clip_image0034.png

Service Catalog

Below is a screenshot of the Service Catalog the core of the self-service portal. You will see the Service Offerings listed in an easy way. As you click on a Service Offering you will see its Request Offerings pop out on the right.

clip_image004[4]

Here is what a Request Offering looks like:

clip_image005[4]

Notice on the request offering that you can favorite them by clicking on the heart icon.

clip_image006[4]

My Requests

End users have the ability to access requests they have submitted as shown in the screenshot below.

clip_image007[4]

My Activities

There is an area for activities to approve/reject, mark as completed/failed etc.

clip_image008[4]

Help Article (Knowledge Base)

The Help Articles area is a huge improvement over the last portal. Now the help articles show right in the web browser. They also can be rated and or favorite.

clip_image009[4]

The following screenshot shows that you can use keywords to scope down the help articles. This is helpful to narrow down to a specific topic.

clip_image010[4]

The next two screenshots show what an internal and external help article looks like in the new portal.

Read more

Unpacking The Operations Management Suite Android App

A while back there was a suggestion on Azure Operational Insights (Before renamed to Operations Management Suite) User Voice for an Android APP. You can see that here: http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6686744-android-mobile-app . This would allow us to access our OMS data from our Android mobile device! It is no secret I am an Android user so I was excited for this. On the User Voice thread Microsoft commented that we could expect an app in the fall of 2015. Well on October 15th one of my colleagues Rob Plank tweeted that there the OMS Android app was available in the Android market (https://twitter.com/rob_plank/status/654706738222907392). They kept their word and now we have an Android App for OMS! In this post we are going to take a tour of the new OMS Android App.

On your phone you can search Google Play for Microsoft OMS or click this link Operations Management Suite to find the app. Go ahead and install it.

clip_image001

Once installed you will find it with your other apps.

clip_image002

You can also place a shortcut to it on one of your main screens.

clip_image003

The first time you launch it you will need to either sign in or sign up.

clip_image004

Here is a screenshot of the sign in screen.

clip_image005

After you are logged in you need to select your workspace. You can see that I have 3 workspaces. Yes only a true geek would have multiple workspaces in OMS. LOL

clip_image006

After selecting your workspace you will have a similar look and feel to the web based version of OMS. You will also notice 3 main areas Dashboard, Overview, and Search. The first one you will land on is Dashboard. To access the other 3 main areas just scroll to the right. NOTE: I did not see a way to add solutions to OMS from the mobile app. You will need to do this from the web application itself.

The Dashboard view is equal to My Dashboard in the full OMS web application. So whatever you added to your My Dashboard is what you will see here.

 

Android OMS App Full OMS Web Application
clip_image007 clip_image008
clip_image009

Now if we go the Overview area this is the same view as we have on the full OMS web application. Overview has the solutions that you have added to your OMS. To see them all just scroll down.

Android OMS App Full OMS Web Application
clip_image010 clip_image011

You will notice the Searches view also matches what is in “Log Search” in the full OMS web application.

clip_image012

Read more

Blog Dive: SQL Protection with DPM

Background for this post

Since version 2006 DPM has been able to protect SQL databases. Often in environments that are using DPM I still see they are using DPM for backup of all workloads but not using it for SQL backups. There are reasons for this such as a lack of understand of how DPM protects SQL or lack of trust in DPM to protect SQL. The goal of this blog post is to lay out why you would want to use DPM to backup SQL, what SQL versions and functionality (such as AlwaysOn) are supported, what happens under the hood when DPM protects SQL and that you can use DPM as your sole solution for protecting SQL. This is an effort to convince those that don’t use DPM for SQL Backups today to start using it or those that don’t trust DPM for SQL backups that it is a great option to consider. This blog post is targeted directly at DBA’s or DPM admins that need to give information about SQL protection to their DBA’s.

One major challenge I had when I set out to write this blog post is that I am not a DBA or a SQL expert. So I don’t have any SQL “street cred” so I needed to fully understand what a SQL DBA would require to ok DPM being the sole backup solution for SQL in an organization.

I have the fortunate opportunity to work with an awesome SQL MVP named Jes Borland at Concurrency. As a part of my research for this blog post I reached out to Jes Borland to have a discussion around SQL protection. One of the important questions I asked her was “What things do you look for in a SQL backup solution?“. Her response was “What I look for in a backup tool: the ability to do all types of SQL Server backups – full, differential, log, copy-only. Ability to take advantage of built-in backup compression.” as well as “As a DBA, my main question is, “How do I restore?“. This was perfect as they are key things I should look out for to make sure DPM can do.

Now that we covered the background let’s look at what DPM can do when it comes to SQL protection.

Why would you want to use DPM to backup SQL?

  • DPM understands SQL and was designed to protect the advanced configurations of SQL.
  • DPM can protect SQL up to every 15 minutes.
  • Reduce potential conflicts between backup tools and schedules of SQL protection.
  • DPM can protect SQL at the instance level or the database level. When protection at the instance level is turned on DPM will detect new databases on that instance and automatically add them to protection.
  • DPM is an affordable option for protecting SQL. It is a good fit for small SQL shops and can scale for large enterprise SQL shops.
  • DPM has self-service recovery of SQL databases using the Self-Service Recovery Tool (SSRT) that can be extended to DBA’s.

What SQL versions and functionality does DPM support?

Versions:

  • 2005
  • 2008
  • 2008 R2
  • 2012
  • 2014

Functionality:

SQL Clustering

When protecting a SQL cluster DPM is cluster aware. DPM is aware of the clusters identity as well as the nodes in the cluster. In a SQL clustering scenario if the SQL Server is changed to a different node, DPM will continue to protect the clustered SQL without any intervention from backup administrators.

SQL Mirroring

If the SQL you are protecting is mirrored DPM is aware of the mirrored databases and will protect the shared data set properly.

SQL Log shipping

In scenarios when SQL log shipping is being used DPM will automatically discover that log shipping is being used and DPM will auto-configure itself to co-exist ensuring proper SQL protection.

SQL AlwaysOn

When protecting SQL AlwaysON DPM will automatically detect Availability Groups and detects when a failover occurs and will continue protection of the database.

What happens under the hood with SQL protection in DPM?

Protection:

When SQL protection is first setup an express full copy of the database is created and this is the initial backup of the database. Express full backups bring over block level changes of the databases themselves. This would be the entire database on the very first backup.

Express full backups leverage a filter technology. This filter technology is what identifies changed blocks instead of needing to read all of the data or use checksums. This filter technology is known as volume shadow services (VSS). Specifically the SQL Server VSS Writer is used during SQL protection. This does two things: DPM backup of SQL will not impact databases and it will only backup changed blocks after the initial backup of the database reducing the storage footprint. Backing up the block level changes also has a significantly lower impact of the protected server during backup.

After the initial backup of the SQL database DPM will perform subsequent express full backups and synchronizations between the express full backups. Synchronizations copy over SQL Transaction logs. A recovery is possible from both an express full and synchronization backups.

DPM can be set to protect SQL databases as often as every 15 minutes so that you can have frequent protection of SQL throughout a day. As a part of the DPM SQL protection recovery points are created for each incremental synchronization and express full backup. DPM can maintain up to 512 shadow copies of a full SQL Server database(s) by storing only the differences at the block level. In a scenario where you have one express full backup per week, stored as one of 512 shadow copy differentials between one week and the next, plus 7 days x 24 hours x 4 (every fifteen minutes), DPM would have over 344,000 recovery points (what you restore from) of SQL.

The following screenshot is an example of SQL protection in DPM. The top half in red shows an example of auto protection of SQL at the instance level while the lower half in blue is an example of individual database protection.

clip_image001

Truncating SQL logs:

DPM does truncate the SQL transaction logs as a part of the backup process. DPM truncates the logs (creates empty space inside the transaction log) after each synchronization.

Note that if the synchronization is set to a long window of time such as 12 hours the transaction log could grow to large for truncating and will need to be shrunk. So general rule is to keep the synchronization’s closer together.

To shrink the SQL transaction logs this needs to be done manually or using a SQL Maintenance job. This could always be done using a Pre-Backup/Post-Backup script.

Now if “Just before a recovery point” is selected in the protection group then the synchronization (incremental backup) will not be scheduled to run. Configuring this way tells DPM that only express full backups should run. Transaction logs will not be truncated by DPM in this scenario.

Recovery:

A good friend of mine System Center MVP Robert Hedblom always says “backup is about the restore”. I subscribe to the same principle in that “restore should always be the focus of any backup solution”. In a disaster recovery situation DPM can be used to restore from a loss of the database down to within 15 minutes of the failure. DPM can recover the database to original instance, a separate instance to a folder, or even copy to a tape. You can see those options reflected in the following screenshot:

clip_image002

When recovering to original SQL instance or a alternate SQL instance you can specify what state you want to leave the database in. Restoring the database in a non-operational state will allow you the ability to restore transaction logs in addition to the database restore.

clip_image003

You also have the option to specify where you want to place the database files (.MDF) and log files (.LDF) during the restore.

clip_image004

The DPM Self-Service Recovery Tool (SSRT) can be deployed on the client computers of the DBA/s. When recovering a database using the SSRT the experience is much like it is when recovering directly from DPM. When the New Recovery Job button is clicked a Recovery Wizard window will open with the same options as recovering directly from DPM. A screenshot of the SSRT shown below displays the UI with a restore job that has completed.

clip_image005

Details of a recovery job in the SSRT are shown in the following screenshot.

clip_image006

Hopefully this article has shed some light on SQL protection with DPM and will help you consider using DPM to protect your SQL instances/databases. For further information on SQL protection with DPM visit the following links on TechNet:

Read more