Category Archives: Data Protection Manager

OMS and System Center: What's New in October 2017

This article lists the main changes announced in October concerning Operations Management Suite (OMS) and System Center. This is a concise summary that contains the necessary references for further study.

Operations Management Suite (OMS)

Log Analytics

In Log Analytics in August was released a major update that introduces a number of changes, as the powerful new query language, the introduction of the new Advanced Analytics portal and greater integration with Power BI. For further information you can consult the specific article Log Analytics: a major update evolves the solution. During the month, Microsoft announced that from 30 October 2017 is started automatically the upgrade process of the OMS workspaces not yet updated manually. Everything will be done in a gradual way for region according to the schedule below:

Figure 1 - Scheduling for rollout of the upgrade of Log Analytics

Also starting from 16 October 2017 the new OMS workspaces are already build in the new mode and there is no possibility to create a legacy workspace. For further information you can consult the article Azure Log Analytics workspace upgrades are in progress.

Solutions

Thanks to the solution Azure Log Analytics Container Monitoring for the Service Fabric under Linux now you can:

  • Centralize and correlate logs that are related to containers.
  • For containers and nodes display in almost real-time metrics for CPU, memory, storage and network utilization.
  • Identify containers with excessive use of resources.
  • Control the use of process-wide resources (Docker container top).
  • See an inventory of the container node that contains information about the Orchestration.

Figure 2 – Container Monitoring solution for Linux Service Fabric

The presence of an Azure Resource Manager (ARM) template that lets you create a new Log Analytics Workspace and install during the deployment the OMS agent on all nodes of the Service Fabric cluster facilitates the activation of the monitor. At the end of the cluster deployment simply add to the workspace of Log Analytics the solution Container Monitoring available in Azure Marketplace, and in a few minutes will be available in Log Analytics information on the Service Fabric. For further information you can consult the article Azure Log Analytics Container Monitoring solution for Linux process Fabric.

By using the Azure Action Groups you can use the Log Analytics solution IT Service Management Connector Solution to automatically open incident in your product or service of IT Service Management (ITSM), if properly supported, against alert generated in the Azure environment. The steps to configure this new feature is documented in the ad Send your Azure alerts to ITSM tools using Action Groups.

Agent

Released a new version of the OMS agent for Linux systems that mainly has solved some bugs and introduced some useful improvements. For more details and to get the updated version please refer to the official GitHub page OMS Agent for Linux GA v 1.4.1-123

Figure 3 – Bug fixes and what's new for the OMS agent for Linux

Azure Automation

As for Azure Automation have been announced, currently in preview, exciting new features:

  • Update management: it allows you to have visibility on the updates compliance for both Windows and Linux systems, regardless of their location (Azure, on-premises or others cloud). It also allows you to schedule the deployment to install the updates within a specific maintenance window. Among the features offered is the ability to exclude specific updates from the deployment and retrieve logs for the deployment useful for troubleshooting.
  • Inventory: it allows you to retrieve inventory information about the installed applications within systems. All this can easily be accessed directly from the portal Azure.
  • Track changes: useful for monitoring changes made to systems for services, daemons, software, registry and files. This feature can be very useful to diagnose specific problems and to enable alerts against unexpected changes.

Figure 4 – New features in preview of Azure Automation

For further details please consult the specific article What's New in Azure Automation: Inventory, Change Tracking and Update Management.

Azure Automation also introduces the ability to implement runbook written in Python 2 and adds support for the role Hybrid Runbook Worker under Linux. These features are currently in public preview.

System Center

TheUpdate Rollup 4 for Microsoft System Center 2016 has been released.

These are the System Center products affected by the update that resolves several issues and introduces some improvements:

The Update rollup 4 introduces support for the security protocol TLS 1.2 for all encrypted communications. Earlier versions of TLS and SSL encryption mechanisms are not considered with a high level of security, for this reason Microsoft has decided to introduce for the following System Center products official support for the security protocol TLS 1.2:

  • System Center Operations Manager (SCOM)
  • System Center Virtual Machine Manager (SCVMM)
  • System Center Data Protection Manager (SCDPM)
  • System Center Orchestrator (SCO)
  • Service Management Automation (SMA)
  • Service Provider Foundation (SPF)
  • System Center Service Manager (SM)

Enabling TLS 1.2 requires that you follow the following macro step:

  1. Install security updates for Windows Server, .NET 4.6 and SQL Server.
  2. Install the Update Rollup 4 of System Center 2016 on the different components. Regarding Service Management Automation (SMA) and Service Provider Foundation (SPF) you still need to apply the latest Update Rollup available. In addition to SMA you need to update its Management Pack.
  3. Change the settings to enable TLS 1.2 in the Windows environment on all System Center components.
  4. Adapt the System Center component-specific settings that require it (SCOM, SCDPM and SCO).

For more details you can follow the specific deployment guide.

System Center Configuration Manager

Released version 1709 for the branch Technical Preview of System Center Configuration Manager: Update 1709 for Configuration Manager Technical Preview Branch – Available Now!

The new features in this update are:

  • Co-management: solution that allows the management of devices using either System Center Configuration Manager and Microsoft Intune. Thanks to Windows 10 Fall Creators Update there is the opportunity to join the device both to the Active Directory domain (AD) on-premises and to Azure AD in the cloud. This expands the possibilities for management of devices using the Configuration Manager client and the MDM agent of Intune.

Figure 5 – Co-Management from the SCCM console

  • Improvement regarding the use of SCCM connected to Intune for the management of the mobile devices with regard to the settings of VPN profiles. With this update, in fact while creating a new VPN profile shows only the appropriate settings for the platform that you intend to configure. More details about you can retrieve them in this article.

Also released version 1710 always for the branch Technical Preview of System Center Configuration Manager. The many innovations introduced with this update are available in the announcement Update 1710 for Configuration Manager Technical Preview Branch – Available Now!.

I remind you that the releases in the Technical Preview Branch allows you to evaluate in preview new SCCM functionality and is recommended to apply these updates only in test environments.

System Center Operations Manager

In the table below the news about SCOM Management Pack 2016:

The changes introduced by these new MPs can be found in the article DHCP 2016 and 2012 R2 Management Pack release.

System Center Orchestrator

Released the latest version of’Integration Pack for System Center 2016.

To test and evaluate for free Operations Management Suite (OMS) you can access this page and select the mode that is most appropriate for your needs.

Azure Backup Server v2 in Windows Server 2016

Azure Backup Server is a solution available on the market since October 2015 and in the spring of this year has been released the second version of the product, named Azure Backup Server v2 (MABS v2), that supports installation on Windows Server 2016. Actually Azure Backup Server has inherited the same capabilities of System Center Data Protection Manager, with the substantial difference that does not support backup to tape. Using Azure Backup Server v2 implemented on Windows Server 2016 allows the use of Modern Backup Storage that guarantees, thanks to the new technologies introduced in Windows Server 2016, to improve the performance of backups, to reduce the occupation of storage and to increase the resilience and safety with regard to the protection of virtual machines. This article describes how to implement Azure Backup Server v2 and contains the instructions to follow to take advantage of the benefits through native integration with Windows Server 2016.

Installation requirements

Deploy Azure Backup Server v2 (MABS v2) can be performed on a standalone physical server , on a virtual machine in VMWare or Hyper-V or on a virtual machine hosted on Azure.

The operating system can be Windows Server 2012 R2, but it is recommended Windows Server 2016 in order to benefit from the advantages of Modern Backup Storage. The machine must be joined to an Active Directory domain and should have the ability to access in Internet to Microsoft Azure even if you decide not to send the protected data to the cloud.

Regarding hardware specs Microsoft recommends the following.

Processor
Minimum: 1 GHz, dual-core CPU.
Recommended: 2.33 GHz, Quad-core CPU.

RAM
Minimum: 4 GB.
Recommended: 8 GB.

Disk space
Software installation: recommended about 8-10 GB.
Storage Pools: 1.5 times the data you wish to protect.
Scratch Location: at least the 5% of the total space of the protected data in the cloud.

With regard to the software requirements you must install Microsoft .Net 3.5 SP1, Microsoft .Net 4.6 and Hyper-V Powershell modules.

Finally you need to create on its own subscription Azure a Recovery Service Vault, which will be associated with the Azure Backup Server. The setup of Azure Backup Server will require the Vault credentials which can be downloaded by accessing the properties from the Azure Portal:

Figure 1 – Backup Download Credentials

 

Installation procedure

The download of the installation setup of Azure Backup Server v2 can be started directly by accessing this Microsoft page. After the download of different files you need to run the executable MicrosoftAzureBackupServerInstaller.exe to extract installer binaries in a single folder. Inside the chosen folder, you can run the Setup.exe file to start the installation process later documented.

Figure 2 – Select Install Microsoft Azure Backup Server

Figure 3 – Welcome page

Figure 4 – Check the prerequisites

azure backup server requires the presence of a microsoft sql server instance to host the related database. If you do not have an existing instance to use (required at least SQL Server 2014 SP1) the setup installs SQL Server 2016 Service Pack 1 (recommended by Microsoft). In this scenario you do not require the acquisition of a license for SQL Server as long as the instance is for the exclusive use of MABS v2.

Figure 5 - Choice relative to the SQL Server that hosts the DBs of MABS v2 anf check of the requirements

If you have not installed the Hyper-V Powershell module the setup will install it, but you will need to stop the installation setup to restart the system.

Figure 6 – Requirements not met and restart required for Hyper-V Powershell module installation

Figure 7 – Requirements met

Figure 8 – Choice of installation path

The setup of MABS v2 creates the account MICROSOFT$DPM$Acct local to the machine that will run SQL Server and SQL Server Agent services and the account DPMR$Servername used for the generation of reports.

Figure 9 – Choice of password for the MICROSOFT$DPM$Acct and DPMR$Servername

Figure 10 – Choice of deploying updates to MABS v2 via Windows Update

Figure 11 - Summary concerning the installation choices

At this point starts the setup of Microsoft Azure Recovery Services (MARS) Agent required to connect to the Recovery Service Vault in Microsoft Azure.

Figure 12 - Configuration of the proxy server if required for access to public services in Microsoft Azure

Figure 13 – Verification of the presence of the necessary requirements and installation of MARS

After installing the MARS, starts the registration process of the Azure Backup Server to the Azure Recovery Service Vault that requires the Backup Vault credentials (recoverable following the step documented in Figure 1) and the passphrase required to perform the encryption of stored data. You should save this key in a safe place as it is necessary during recovery operations and can not be recovered in any way by Microsoft staff.

Figure 14 -Choose Backup Vault Credentials

Figure 15 – Passphrase for encryption of backups

After completing these steps, you must wait the end of the installation process.

Figure 16 - MABS v2 installation completed successfully

Before proceeding with the configuration of MABS v2 it is recommended to apply the latest update available for Microsoft Azure Backup Server v2 which you can be downloaded from the Microsoft support site.

At this point, it is necessary to configure the SQL Server instance just installed according to their own needs, and it is recommended to apply thelatest Cumulative Update available for SQL Server 2016 Service Pack 1.

 

Features provided by the integration between MABS v2 and Windows Server 2016

Azure Backup Server v2 is natively integrates with the new technologies available in Windows Server 2016 so you can enjoy the following benefits:

  • Efficiency major in backups operations: using the technologies Refs Block Cloning, VHDX and Deduplication you can get a reduction of storage needed to protect data and improve performance in the execution of backup. The configuration of the Modern Backup Storage can be done by following the steps documented in official documentation, which although relating to DPM 2016 is identical for Azure Backup Server v2. Very interesting also the functionality Workload-Aware Storage that allows you to select which volumes use depending on the type of workloads are protected, having thus the opportunity to choose more efficient storage and dedicate it to more frequent backup tasks for which it is good to have high performance.
  • Reliability elevated in Hyper-V virtual machine protection, thanks to the integration with technology Resilient Change Tracking (RCT) can natively track changes made to VMs compared to backups, without the need to add filter drivers. This reduces the time-consuming tasks to perform consistency checks.
  • Security: ability to backup and restore Shielded VMs.

 

Costs of the solution

As regards the cost of the solution is good to specify that it is obviously necessary to contemplate the license of the machine's operating system on which you are installing MABS v2. An interesting aspect is that in order to implement Azure Backup Server is not require any licence concerning System Center, but you must have an Azure subscription . In the cost of the solution you should consider a fee for each protected instance and any storage occupied in Microsoft Azure. For more details on the cost of the solution, please consult the Official Microsoft page on the Pricing.

 

Conclusions

Azure Backup Server v2, with its approach cloud-first and through the integration with certain features in Windows Server 2016 , is a complete and functional solution for the protection of different workloads. For those using the first release of Azure Backup Server you can upgrade to MABS v2 keeping all the settings. The advice is still to implement MABS v2 on Windows Server 2016 so that you have a solution that allows you to perform backups with speeds up to 3 times and to reduce up to 50% storage utilization.

System Center 2016: What's new in Data Protection Manager

With the release of System Center 2016 one of the components which saw the largest number of news is definitely Dpm. DPM 2016 introduces major improvements in terms of performance and changes regarding storage management and security. The whole is then further enhanced thanks to the support of the new Hyper-V feature in Windows Server 2016.

Modern Backup Storage

DPM 2016 introduces a new mechanism for managing storage defined Modern Backup Storage which uses a block-cloning technology based on Resilient File System (ReFS).

Thanks to the use of Modern Backup Storage you can get the following benefits:

  • Disk space optimization: Modern Backup Storage saves approximately the 30-40% storage and have a high degree of flexibility in the management of the same by using volumes ReFS and save backups on VHDX. In DPM 2016 There is no need to allocate a priori the space to devote to protecting resources and is able to adapt employment of storage for backups dynamically based on the size of the source to be protected.
  • Performance improvement: DPM 2016 for saving data on volumes ReFS makes use of a technology block-method-based cloning allocate-on-write instead of copy-on-write (used by VolSnap in DPM 2012 R2). This change enables a performance increase up to the 70%.
  • Decrease in costs: Thanks to the functionality workload-aware storage DPM introduces a further flexibility in the choice of different protection storage workloads that we sconsente to reduce their costs. DPM is able to use high-performance storage and more expensive for workloads with very high I, which may be such as SQL or Sharepoint, and storage less performance for workloads with reduced I.

In order to use Modern Backup Storage requires that DPM is installed on Windows Server 2016.

For more details about the Modern Backup Stoarge you can see Introducing DPM 2016 Modern Backup Storage.

Hyper-V protection

The following changes affect virtual machine protection with DPM 2016.

  • Resilient change tracking (RCT) – DPM uses the new native change tracking mechanism introduced in Hyper-V called Resilient Change Tracking (RCT). RCT significantly increases the resilience of the data compared to the previous change tracking mechanism based on VSS technology and therefore reduces the need for consistency check and thus save time. DPM during differential backups is able to locate and transfer only the blocks that have changed and that are indicated by the change tracker.

The virtual machines that are created directly on Windows Server 2016 and protected by DPM 2016 use of default RCT and therefore you can enjoy the following benefits in terms of protection:

  • Increased reliability: We do not require consistency check after migration of virtual machines;
  • High scalability: You may have a higher number of backup jobs in parallel and a lower impact on storage utilization;
  • Superior performance: faster backups and a lower impact on fabric.

If you want to use the functionality of RCT for virtual machines created on older versions of the hypervisor is wants to update the configuration file version of VMs (For more details, see the upgrading virtual machine version to Windows Server 2016) and on the DPM server 2016 You must stop the protection of virtual machines by selecting the option Retain Data and create a new Protection Group.

  • Continued protection during cluster aware updates – Windows Server 2016 introduced the ability to add a node Windows Server 2016 to an existing Hyper-V cluster consisting of Windows Server nodes 2012 R2. This feature allows you to update the cluster systems without any downtime. DPM 2016 You can protect your virtual machine also during the update process thus continuing to adhere to the established SLAS.
  • Secure VM Backups – DPM 2016 supports backup and recovery of Shielded VMs while maintaining the same level of security. In this regard it is good to specify that in this scenario the capabilities of Item Level Recovery (ILR) and Alternate Recovery Location (ALR) to a location outside the "guarded fabric" are not allowed.
  • Hyper-V with ReFS SOFS Cluster – DPM 2016 cannot protect Hyper-V virtual machines that reside on cluster SOFS that use ReFS. Backup and recovery is also supported for virtual machines that do not use RCT.
  • Hyper-V with Storage Spaces Direct – DPM has the ability to detect and protect virtual machines that use Storage Space Direct in different scenarios, for example, in Hyper-converged scenario where is Hyper-V (compute) that Storage Space Direct (storage) reside on the same cluster. For more details about Storage Spaces Direct on Windows Server 2016 I refer you to this article.

Conclusions

Having regard to the important new features and the many benefits that can be gained by switching to Data Protection Manager 2016 all current users of the solution should seriously consider upgrading. For those who want to explore and evaluate DPM 2016 can Download the trial version from Microsoft System Center Evaluation Center.