Installing and Configuring Microsoft’s Data Protection Manager (DPM) Part 1

by [Published on 26 July 2005 / Last Updated on 26 July 2005]

The beta of Microsoft's new Data Protection Manager (formerly called Data Protection Server) is now available to the public. DPM brings disk-based backup and recovery to enterprise networks as part of Microsoft’s new System Center product umbrella that also includes Microsoft Operations Manager (MOM) and Systems Management Server (SMS). In this two part article, we show you how to install and configure DPM and evaluate how this newest member of Microsoft's System Center product umbrella can be integrated into your overall security strategy.

If you would like to see the next article in this series please read Installing and Configuring Microsoft’s Data Protection Manager (DPM) Part 2.

Pre-installation Considerations

You can download the DPM beta software from the Microsoft Web site at http://www.microsoft.com/windowsserversystem/dpm/download/default.mspx. The beta version is good for 270 days (approximately 9 months). The final release is scheduled for the second half of 2005.

Hardware requirements for DPM are hefty:

  • 1 GHz or faster processor is recommended.
  • 1 GB of RAM is recommended (512 minimum).
  • Total of 1.2 GB of disk space is needed, and you must have at least two physical disks installed (one to be dedicated to the storage pool).

The download itself is about 685 MB. If you prefer, you can order the beta on CD. You’ll have to pay shipping and handling based on your location (to ship to Dallas, TX, the charge was $6.48). There are four CDs, which include DPM itself and all the prerequisite software (agent, client, SQL Server and SQL Reporting Services).

You need an NTFS partition on which to install DPM. This should not be the partition on which the system files are located.

Installing the DPM Server

DPM can be installed on Windows Server 2003 with Service Pack 1, or on Windows Storage Server 2003 SP1. It requires an Active Directory domain to store access control lists and security settings for files and folders. When you install DPM in the domain, the schema is modified to contain configuration settings for the recovery client.

Note:
If the Server 2003 computer on which you install DPM is a member of a Windows 2000 domain, you have to enable schema modifications on the domain controller. Instructions are here: http://support.microsoft.com/default.aspx?kbid=285172.

There are three parts to installation:

  • Install the DPM server software on the DPM server.
  • Install the agent software on the servers whose data you want to protect with DPM (Windows 2000 SP4, Server 2003 or Storage Server 2003).
  • Install the end-user recovery client on Windows XP and Server 2003 clients to allow users to access previous versions (shadow copies) of their files. You’ll also need to install a hotfix to enable end-user recovery. See KB article 895536 (http://support.microsoft.com/default.aspx?scid=kb;en-us;895536) for information on obtaining and installing the hotfix).

Note:
If you don’t want to bother with installing DPM, you will also be able to purchase dedicated DPM appliances from several MS partner OEMs.

SQL Server 2000 SP3a or above is required to use DPM. The good news is that when you buy DPM, it includes the SQL software and a restricted SQL 2000 license (for use with DPM only). SQL Reporting Services is also included.

The DPM setup wizard walks you through the steps of installing SQL 2000, the Reporting Services and the necessary service packs. IIS is not installed on Server 2003 by default. The wizard will install it if you haven’t previously done so.

Note:
You can do a semi-unattended installation of DPM, but you’ll need to manually install IIS first. You’ll also need to copy the contents of the DPM CDs to a set of shared folders.

The setup program will check your server and verify that it meets the requirements (hardware and software). You’ll get a warning message if a required component is missing. If you get past this stage without problems, installation is usually fairly straight forward. However, if the setup process hangs during the installation of SQL Server, you may have to manually install SQL.

You’ll need to enter a password to be used for the Microsoft$DPM$Acct local account that’s used to run SQL services. This should be a strong password. During the installation process, you’ll need to change out CDs to install the prerequisite software (unless you’re doing a semi-unattended installation).

Installing the File Server Agents

You must install the agent software on each file server you want to protect with DPM. These file servers will show up in the DPM console as “protected file servers.”

The agent software is installed from the DPM Administration console. Select Management, click the Agents tab, and select Install from the Actions list. DPM will query Active Directory to find a list of servers to display. You can select up to 50 servers from the Server name list. Then click Add to make them protected servers.

Note:
Sometimes it’s faster to type the name of the server in the Server name box and click Add, rather than browsing the list.

After the agent software is installed, the file servers must be restarted. You can choose to automatically restart them immediately after installation or manually restart later. You’ll need to enter administrative credentials before the agent software will be installed. A dialog box will let you know that the installation(s) proceeded successfully.

If you aren’t able to install the agent, it could be due to a network connectivity problem, a firewall issue, or because there is already an older version of the agent installed on the file server (it must be removed before you can install the new one). The installation will also fail if the file server has case-insensitive file naming disabled or if the Remote Registry service isn’t running on the file server.

Installing the End-user Recovery Client

If you want end users to be able to recover their data without administrative assistance, you’ll need to install the shadow copy client software on their computers. This allows them to get shadow copies of their file, either via shared folders on the DPM server or with the Recover Deleted Items option on the tools menu in Office 2003.

Note:
You must also enable end-user recovery on the DPM server, using the DPM administration console. We’ll discuss how to do this in Part 2 of this article.

The shadow copy client software can be downloaded from the Microsoft Web site at http://www.microsoft.com/windowsserver2003/downloads/shadowcopyclient.mspx. It can be installed on Windows 2000, XP Pro (with SP1 or later) and Server 2003 with SP1 or later.

You can install the client on multiple computers using the Software Installation feature of Group Policy or using another software distribution product such as Systems Management Server (SMS).

Summary

Deploying DPM is a fairly complicated process that involves installing prerequisite software on the DPM server, installing DPM itself, installing agents on the file servers you want to protect, and installing the shadow copy client software on end users’ machines if you want them to be able to recover their data independently. In Part 1 of this article, we described the installation process. In Part 2, we’ll show you how to configure DPM to protect your data and how end users can recover their protected files.

If you would like to see the next article in this series please read Installing and Configuring Microsoft’s Data Protection Manager (DPM) Part 2.

See Also


The Author — Deb Shinder

Deb Shinder avatar

Debra Littlejohn Shinder, MCSE, MVP (Security) is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and security.