During Teched 2009 in Berlin we where able to see and learn more on the next release of DPM. One of the features that Microsoft has put a lot of effort in is the client based protection.
In the 2007 release of DPM you could also protect clients, but that actually only works for “well connected” workstations. Machines switched off (or taken out of the network) will fail and flutter the DPM console with error messages.
The client based protection in DPM 2010 has been completely redesigned. With DPM 2010 clients are supported within the network, through VPN and even offline. Clients on the network or connected through VPN store their data on the DPM server. Restores can be done from the DPM server, using previous version in Explorer or the Office plug-in (image 10).
Clients offline, in an airplane for example, are also protected using a local back-up cache directory on their system. These clients can even do a restore when their on the road. When these clients connects to the network, the local cache is written to the DPM server. (local snapshots are not available on XP clients)
Offline clients will not generate loads of errors on the DPM server (like in DPM 2007) Only when a client has not connected to the DPM server for 14 days (default value\image 6) a warning will be displayed.
First step is to install the agent on the client, this process is a little different then for a server . You can use SCCM (System Center Configuration Manager) to install the agents, or do a manual installation. When the Windows Firewall is running you will need the tool SetDPMserver.exe to make the correct exclusions. You do not have to attach the agents in the DPM console like with other manual installations, this will be done automaticity when you create the protection group
Next step is to create a new protection group, the image below shows the option to create a server or a client based protection group. In this case we select the client bases protection group.
Image 1: Create new protection group
The DPM Administrator can select which data on the clients should be protected. This can be done on the Specify inclusions and Exclusions page. This is a rule base selection on volumes or folders, with the option include or exclude. The DPM Administrator can also allow/deny the user to add additional folders to protect. Under File type exclusions specify the file types to exclude using file extensions.
Image 3: Select files to include or exclude
In the screen below you specify the protection details. How long should data be kept on the DPM server, How often should data be replicated from the client to the DPM server, how many days can a client be disconnected before an alert is generated,
Image 6: Specify retention time
The DPM administrative console shows the protection status (from an administrative point of view)
Image 7: Protection group status
On the Client computer a new icon is available in the notification area. When activated with the mouse this icon shows the DPM synchronization status. The following information is showed when you click on the icon; the Summary tab allows users to check their protection status. How many files are protected, what is the current synchronization status, when was the last synchronization, when is the next.
Image 8: User GUI; protection status
The Protection items tab; When the Administrator allows it, the users can add additional directories to protect
Image 9: User GUI; specify additional directories
- Support up-to a 1000 clients per DPM server
- Support for Windows XP sp2*, Windows Vista and Windows 7
- DPM supports the following VPN protocols (PPTP,SSTP,L2TP)
*The end-user restore feature is not enabled on Windows XP
Conclusion: Client protection in DPM 2010 gives administrators and users a lot of new options to protect their client data. to be continued