System Center (SC) 2016, now in Technical Preview 4 (TP4) at the time of writing, is coming along nicely. We looked at Configuration Manager in Joseph’s excellent article and at Virtual Machine Manager 2016 TP3. Over the next few weeks, we’ll be looking at the other parts of SC, such as Service Manager, Orchestrator, and Operations Manager. Today we will review Data Protection Manager (DPM) 2016.

If you’re interested in seeing how DPM has evolved, we’ve got you covered: 2012 R2, DPM 2012, and even older versions. With the regular Update Rollup cadence for System Center 2012 / 2012 R2, new features are added every few months, so the 2016 wave of System Center doesn’t come with a huge amount of new innovation. This is, in some ways, a blessing for a resource strapped sysadmin—the delta is smaller, so upgrades should flow easier. To complete the “DPM picture,” you should also look at Microsoft Azure Backup Server (MABS). It’s basically a “free” DPM 2012 R2, without tape support, that lets you backup workloads to local disk and then to Azure.

Coming in DPM 2016 is support for mixed mode Hyper-V clusters (Windows Server 2012 R2 and 2016 nodes in the same cluster) and support for protecting workloads on Storage Spaces Direct (S2D). Also on the table are Resilient Change Tracking (RCT) and support for shielded virtual machines (VMs) that are protected by a virtual TPM chip and Bitlocker.

Reports in the DPM Console

Reports in the DPM Console

Mixed mode clusters

The upgrade story for Hyper-V keeps improving for every version. Going between 2012 R2 and 2016, you’ll be able to evict one existing node (or add a new one), clean install 2016, and then join it back into the cluster. Rinse and repeat until your whole cluster is upgraded, at which point you can “flip the switch” on the cluster functional level.

DPM 2016 will be able to backup VMs across both versions and track which host they’re on. However, note that Nano Server isn’t supported (at least not in TP4). That’s going to be a show stopper for Microsoft’s recommendation that Nano Server as the preferred virtualization host platform. I hope Microsoft will fix this in a later TP.

Storage Spaces Direct

S2D is an evolution of Storage Spaces in Windows Server 2012 / 2012 R2. It can be used in a disaggregated fashion in which local storage on several hosts (four is the minimum, at the moment) is presented to a Hyper-V cluster as highly-available storage. Alternatively, it can be hyper-converged so that local storage in each Hyper-V host is used to store VMs.

DPM 2016 supports backing up VMs in this configuration, but again, not on Nano Server. I tested this with a few VMs on my four-node S2D (physical) cluster; it worked as expected.

Creating a Protection Group

Creating a Protection Group

Resilient Change Tracking

One of the big changes coming in Windows Server 2016 Hyper-V is the shift away from relying on backup vendors writing their own file system filter driver to track changes in virtual disks. This functionality is moving into the core Hyper-V platform. Hopefully, third party backup vendors should be able to support Windows Server 2016 Hyper-V faster, since they don’t have to develop their own filter driver. DPM 2016 will, of course, support this functionality, which means that changed blocks are tracked using an on-disk map as well as an in-memory map. More details can be found in Taylor Brown’s excellent presentation at TechEd Europe 2014.

Backing up Bitlocker-protected VMs

With shielded VMs and virtual TPM chips coming to Windows Server 2016 and Microsoft drawing a strong security boundary between the VM / workload administrators and the fabric administrators, of course, backup becomes a challenge. Sure, you can run an agent inside the VM and back it up on a per-VM basis, but most enterprises want a single backup solution that protects all the VMs from a host perspective. DPM 2016 will support the backup of virtual TPM/Bitlocker-protected VMs.


Here’s a list of the supported workloads that DPM 2016 TP4 (and 2012 R2) can backup; it’s the usual suspects. Note that Exchange 2016 is not supported yet, neither by DPM 2016 TP4 nor 2012 R2. There’s a short survey that may be of interest to you.

Looking at user voice for DPM (and Azure backup), the top requests are being able to do item-level recovery from Exchange (third-party backup solutions offer this, but not through supported methods), 5-minute (instead of 15) intervals for SQL backup, support for protecting SQL Server 2014 databases stored on CSV volumes, support for protecting NAS and CIFS volumes, and automatically adding new VMs on a Hyper-V host. Even existing users seem mostly interested in incremental feature improvements, rather than huge new features.

Interestingly, a planned feature is managing on-premises DPM servers that do “disk to disk to Azure” from the Azure backup interface.

Subscribe to 4sysops newsletter!

If you were looking for compelling features to throw out your current backup solution and invest in System Center, I think the forthcoming 2016 version will disappoint. It’s very much a gradual evolution of the current product, which is a solid backup solution for Microsoft workloads. To be truly competitive, it needs to add VMware backup support, as well as other enterprise workloads. I suspect this will happen in the future, but perhaps in Azure services instead of DPM.

  1. markm75 6 years ago

    I noticed or maybe never noticed with previous versions… that if you backup the hyperv container for a given VM.. it backs up the VHDS.. so if you have C and D for instance, both are included, this much i realized.. but i’m noticing that you can drill inside the VM’s vhds for individual files..

    In the past i’ve always installed the agent on the VM itself, and configured DPM to backup those files..

    I’m wondering what do most do.. do they just do the container and rely on drilling in to restore individual files?  What if the VHD becomes corrupt.. i would think having the VM’s individual files via its own agent may have value? Or maybe not?  I go back 30 days on our recovery points.. so i suppose you could just try to go back a few extra days before corruption (though i’ve never ran into corruption per say)..

    Any thoughts.. how are most doing this?


  2. Author

    Hi Mark,

    I don’t know how most people do it but one of the big decision points is licensing. If you put an agent in every VM and you have a lot of them, that will cost a lot more. It also depends on the workload in the VM, if it’s a fileserver, the ability to do a individual file restore from the host might be fine but if its an exchange server or SQL server, you’ll need an agent in the VM for granular restores.

    Hope that helps,

    Paul Schnackenburg

  3. Mark Ferrel 5 years ago

    “Storage Spaces / Windows Server does data protection just as well as your RAID controller, probably better.”

    Uh…isnt S2 just re-branded Windows software RAID? So in this case you believe software RAID beats a hardware RAID controller? I guess I’m a bit skeptical. To be fair I was skeptical when I first read they had this serial transmission that was faster than parallel too lol.

  4. Author

    Hi Mark,

    Thanks for your comment. No, S2D isn’t software RAID which is a common misconception. Software RAID (think NT 4) was literally mirroring a whole drive to another drive (or striping) whereas S2D uses a variable size slab to chunk up the data. Those slabs are then spread across many drives, so for instance a three way mirror ensures there are three copies of every slab, but they can be on more than three drives. The net result is much better performance.

    And yes, if you build an eight node S2D cluster with say NVMe (cache) and SSD (storage) and you have fast networking between all the nodes you have in effect a VERY fast SAN, definitely blowing any single hardware RAID controller in a single server right out of the water.

    That’s not to say that hardware RAID doesn’t have it’s place, but the two technologies are not really comparable.




Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account