- The risk of fake OAuth apps in Microsoft 365 and Azure - Fri, Nov 27 2020
- Azure Sentinel: Microsoft's SIEM for the cloud and on-premises - Fri, Oct 30 2020
- Microsoft Cloud App Security - Tue, Sep 29 2020
In a virtualized environment the issue is whether to backup from inside the guest or from the host. The latter provides “bare metal restore” of an entire VM where something’s gone catastrophically wrong with a VM (or the host) but in general it doesn’t provide granular restore of files / folders. DPM 2010 added Item Level Restore (ILR), allowing you to restore individual files or folders within a VM even though it had only been backed up from the host. But this capability was only available when DPM 2010 ran on physical hardware, if the DPM server itself was in a VM this capability was not available. DPM 2012 fixes this glitch and can now do ILR even when the DPM server is a VM.
Note that in both DPM 2010 and 2012 ILR is only for files and folders, if you’re running a transaction based workload such as SQL, Exchange or SharePoint in a VM you’ll need to install the agent inside the VM for granular protection. Also be aware that the Hyper-V role needs to be installed on the physical server for DPM 2010 in both Windows Server 2008 and 2008 R2, this is also the case when DPM 2012 runs on top of Windows Server 2008 but NOT when running on 2008 R2.
For stand-alone Hyper-V servers DPM 2012 introduces Changed Block Tracking, which transfers only the changed blocks rather than reading the whole VHD file. This improves backup performance as well as enhancing the Hyper-V server performance by reducing the number of IOs required for backup.
The tested scalability limits in DPM 2012 hasn’t changed from DPM 2010 and remains at 80 TB for replica volumes and 40 TB for recovery point volumes for a total of 120 TB.
DPM 2010 supports item level recovery for SharePoint but it’s time consuming as the entire content database has to be transferred to a staging location before items can be recovered. In a move sure to please SharePoint administrators (and stressed users who needs that document NOW) DPM 2012 instead attaches the database files on a recovery point to a SQL Server instance remotely and recovers the item. This can also be done for data in SQL Filestream content databases. Another improvement for SharePoint is farm level protection where new sites added to a farm are automatically protected.
For business with large tape libraries the added control with the new tape retention policies will be very useful.
DPM has had a tape optimization feature for some time which allows data co-location to better utilize available space on tapes. What was lacking in earlier versions was control over what data is housed with what; with only a single global policy for how many days before a tape can be overwritten.
DPM 2012 improves this by allowing you to configure Protection Group sets. Within each set you can control the Write Period which is the length of time that a tape is available for writing new backups as well as Expiration Tolerance which is the time an expired recovery point can remain on a tape until the tape is marked as expired.
Another tape improvement is that a single Protection Group can spawn multiple tape jobs and in DPM 2010 if one of those jobs had an issue, all of the jobs had to be stopped, in DPM 2012 only the job with an issue needs to be killed.
Also new in DPM 2012 is that any workload that comes with a VSS writer can now be recognized and protected by DPM, this is called Generic Data source protection.
In this part three of the four part series on DPM 2012 we covered a slew of different improvements in areas such as Hyper-V, tape management and Item Level Recovery. The next part will cover certificate based authentication along with a look at some areas where DPM could still do with improvement.