Wednesday, November 25, 2009

DPM 2010: Client Based Protection

During Teched 2009 in Berlin we where able to see and learn more on the next release of DPM. One of the features that Microsoft has put a lot of effort in is the client based protection.
In the 2007 release of DPM you could also protect clients, but that actually only works for “well connected” workstations. Machines switched off (or taken out of the network) will fail and flutter the DPM console with error messages.
The client based protection in DPM 2010 has been completely redesigned. With DPM 2010 clients are supported within the network, through VPN and even offline. Clients on the network or connected through VPN store their data on the DPM server. Restores can be done from the DPM server, using previous version in Explorer or the Office plug-in (image 10).
Clients offline, in an airplane for example, are also protected using a local back-up cache directory on their system. These clients can even do a restore when their on the road. When these clients connects to the network, the local cache is written to the DPM server. (local snapshots are not available on XP clients)
Offline clients will not generate loads of errors on the DPM server (like in DPM 2007) Only when a client has not connected to the DPM server for 14 days (default value\image 6) a warning will be displayed.

First step is to install the agent on the client, this process is a little different then for a server . You can use SCCM (System Center Configuration Manager) to install the agents, or do a manual installation. When the Windows Firewall is running you will need the tool SetDPMserver.exe to make the correct exclusions. You do not have to attach the agents in the DPM console like with other manual installations, this will be done automaticity when you create the protection group
Next step is to create a new protection group, the image below shows the option to create a server or a client based protection group. In this case we select the client bases protection group. 
Image 1: Create new protection group

Now it’s time to select the members, the clients you will protected.
select members
Image 2: Select protection group members

The DPM Administrator can select which data on the clients should be protected. This can be done on the Specify inclusions and Exclusions page. This is a rule base selection on volumes or folders, with the option include or exclude.  The DPM Administrator can also allow/deny the user to add additional folders to protect. Under File type exclusions specify the file types to exclude using file extensions.
select data
Image 3: Select files to include or exclude 

Protecting client computers can consume a lot of storage on your DPM server. Therefore you can limit the amount of disks available per protected client
select allocation 
Image 5: Specify storage space

In the screen below you specify the protection details. How long should data be kept on the DPM server, How often should data be replicated from the client to the DPM server, how many days can a client be disconnected before an alert is generated,
select retention
Image 6: Specify retention time

The DPM administrative console shows the protection status (from an administrative point of view)
protection overview
Image 7: Protection group status

On the Client computer a new icon is available in the notification area.  When activated with the mouse this icon shows the DPM synchronization status. The following information is showed when you click on the icon; the Summary tab allows users to check their protection status. How many files are protected, what is the current synchronization status, when was the last synchronization, when is the next.
image image
Image 8: User GUI; protection status

The Protection items tab; When the Administrator allows it, the users can add additional directories to protect
Image 9: User GUI; specify additional directories

With DPM 2010 allows users to recover data items from client computers. Restores can be done directly from explorer, with the option Restore previous version.
Image 10: Previous version restore

The list will include files that are saved on the DPM server as well as local recovery points,
Image 11: Available previous versions


  • Support up-to a 1000 clients per DPM server
  • Support for Windows XP sp2*, Windows Vista and Windows 7
  • DPM supports the following VPN protocols (PPTP,SSTP,L2TP)

*The end-user restore feature is not enabled on Windows XP

Conclusion: Client protection in DPM 2010 gives administrators and users a lot of new options to protect their client data. to be continued

1 comment: