POLL: POWERSHELL VS. GUI - DO YOU WANT TO BE A DEVOP OR AN ADMIN?
DPM 2012 – Part 2: Role Based Access and scoped console
In this second part of this four part series reviewing DPM 2012 we’ll look at the new Role Based Access feature and dive into the scoped DPM console.
By Paul Schnackenburg - Mon, February 13, 2012 - 0 comments Paul Schnackenburg works part time as an IT teacher as well as running his own business in Australia. He has MCSE, MCT, MCTS and MCITP certifications. Follow his blog TellITasITis.
The scoped DPM console
The Central Console also enables another nifty troubleshooting feature – the scoped DPM console. When an alert is raised in SCOM you can click the Troubleshoot button which will take you to a DPM console which only shows the data sources, backup jobs and agents that are affected by this particular issue. Even better, once you have resolved the underlying cause you can run a test backup with a single click before resuming the entire backup job. It also provides context; the ticket number, alert and DPM server is listed in an area at the top of the scoped console.
Centralizing management inside of SCOM doesn’t just mean an aggregated view of all backups across many DPM servers; it also lets you work on more important issues first, for instance by showing issues that affect multiple data sources. Segregating errors into infrastructure and backup failures enables Tier 1 or 2 support to focus on backup failure alerts, whereas Backup Admins work on infrastructure problems and Tape Admins focus on tape errors.
Smaller environments can use the Remote Administration feature which lets you install the DPM console on a workstation and then connect that console to any remote DPM server.
The Scoped Console will be a real time saver in troubleshooting scenarios.
Role Based Access in DPM 2012
Another sign that DPM is stepping up to the big league is the application of Role Based Access (RBA) similar to how other Microsoft products (Exchange, SCOM) are approaching authorization for particular tasks in big organizations. Be aware that the DPM 2012 RBA model only covers the task itself, i.e. this user can recover data but you can’t further limit this by objects, i.e. this user can only recover Exchange data from these databases.
DPM comes with a set of seven built in roles with descriptive names: Read-Only User, Recovery Operator, Reporting Operator, Tape Operator and Tape Admins as well as the all-powerful DPM admin. The last two are Tier-1 Support (help desk) who can resume backups and take automated recommended action and the Tier-2 Support (escalation) who also can run backups on demand and take corrective actions such as enabling / disabling agents. Note that the roles are respected by the SCOM console and scoped DPM consoles that are opened from within the SCOM console but are NOT respected in the DPM console on the DPM server itself.
Incorporating the DPM user roles using the SCOM user role approach is another great way of integrating DPM into SCOM.
In part three we’ll over other improvements in DPM 2012.