How-To: Configure a Backup Network for Microsoft’s DPM 2010

Every IT organization needs to perform backups because they ensure data integrity and recovery in the event of data loss caused by a system failure,accidental deletion by a user, or corruption. Yet, as a consultant, I've found that backups are often treated as an afterthought. Sometimes the backupsolution isn't architected properly or the systems providing the backups are underpowered. Other times the backup and restore procedures aren't welldefined or routinely practiced until the unthinkable happens.

One item that is regularly overlooked when architecting and implementing a backup solution is the use of a dedicated backup network that's separatefrom the production network, as depicted in Figure 1. Each server to be backed up should have two network cards. The first network card should be usedto connect to the production network. The second network card should be used to connect to the backup network.

Figure 1: Architecting the dedicated backup network

After I explain the benefits of using a dedicated backup network, I'll show you how to configure one for Microsoft System Center Data ProtectionManager 2010. DPM 2010 provides disk- and tape-based backups for Microsoft OSs and line of business (LOB) applications that have Volume Shadow CopyService (VSS) native support. Disk-based backups are intended for short-term data protection and rapid restores. Tape-based backups are intended forlong-term data protection that's usually dictated by regulatory requirements. Disk- and tape-based backups can be combined to meet most organizations'backup and restore requirements. (Click the link for more information about DPM 2010.)

The Benefits

The main benefit of using a dedicated backup network is that it separates the backup traffic from the traffic in the production environment, therebyavoiding the network congestion that can result when a large amount of data is backed up or restored. This congestion can slow the response times ofapplications, which can, in turn, affect systems interoperability and user productivity.

An additional benefit of using a backup network is that you can use jumbo frames on a network card. This increases the Maximum Transmission Unit (MTU)size, which allows larger packets to be sent with less overhead from the underlying Ethernet media. Thus, the backup network can spend more timepassing data and less time passing packet headers, which improves performance during backups and restores.

Note that not all network cards and switches support jumbo frames, so you need to check with your hardware provider to see whether your network cardsand switches support this feature. In addition, if you plan to use Virtual LANs (VLANs) in the backup network, you need to make sure that your devicessupport using jumbo frames over a virtual interface.

The Implementation Plan

To set up a backup network for DPM 2010, you need to configure secondary network cards for the backup network, configure the HOSTS file on the DPM 2010server, and specify the primary backup network.

Note that if your backup network will be providing system-state or bare-metal-recovery protection on a server running Windows Server 2008 or later, theWindows Server Backup Features must be installed on that server. Adding a feature to Server 2008 or later is outside the scope of this discussion, butyou can use the TechNet article "Adding Server Roles and Features" for guidance.

How to Configure the Secondary Network Cards

You first need to configure the secondary network cards for the backup network, making sure that they don't have any DNS entries, WINS entries, ordefault gateways. Here are the steps to follow:

1.     Log on to one of the servers that will be backed up and rename its network cards to designate which network they’re assigned to. In this example, they’re renamed Backup and Production.

2.     Right-click the Backup network card and select Properties. Click Internet Protocol Version 4 (TCP/IPv4), then select Properties.

3.     Add the designated IP address and subnet mask, as Figure 2 shows. Don’t assign a default gateway or any DNS servers.

4.     Click the Advanced button, then select the DNS tab. Make sure that there are no DNS server entries listed and that the DNS suffix for the connection is left blank.

5.     Select the WINS tab and make sure that there are no WINS servers listed and that NetBIOS over TCP/IP is enabled.

6.     Click OK twice, then click Close.

Figure 2: Configuring the IP address and subnet mask for a secondary network card

You need to repeat steps 1 through 6 for the rest of the servers that will be backed up, including the DPM 2010 server. Take special precaution whenconfiguring the Backup network card for the Active Directory (AD) domain controller (DC). There will be negative consequences to AD if its IP addressis registered in DNS.

After you've configured all the Backup network cards, open a command prompt window on the DPM 2010 server and ping those cards' IP addresses to ensurethere's connectivity. A common reason for not being able to connect is having a firewall blocking access.

How to Configure the HOSTS File

It's now time to configure the DPM 2010 server's HOSTS file so that it contains all the IP addresses that have been assigned to the Backup networkcards. On a Windows server, the HOSTS file is located in the C:WindowsSystem32driversetc folder. You need elevated administrative permissions toedit this file. Figure 3 gives an example of what the HOSTS file will look like after you add the IP addresses.

Figure 3: Configuring the HOSTS file

How to Specify the Primary Backup Network

At this point, you can install the DPM agent on the servers to be backed up. Afterward, open the DPM Management Shell on the DPM 2010 server using theappropriate administrative privileges. (Your domain account must be part of the Local Administrators group.) The DPM Management Shell is built on topof Windows PowerShell.

Once opened, the DPM Management Shell's default folder is C:Program FilesMicrosoft Data Protection ManagerDPMbin, as the last line in Figure 4shows. After the command prompt, enter a command such as

Figure 4: Using the DPM Management Shell to specify the primary backup network

Add-BackupNetworkAddress -Address 10.1.1.0/24 -DPMServer MS-DPM-01 -SequenceNumber 1

This command uses the Add-BackupNetworkAddress cmdlet to tell DPM 2010 whichnetwork (in this case, 10.1.1.0/24) the DPM server (MS-DPM-01) should use as the primary backup network (indicated by -SequenceNumber 1).

You can specify a secondary network if desired. For example, to instruct the DPM 2010 server to use the public network as a secondary backup network,you'd use a command such as

 Add-BackupNetworkAddress -Address 192.168.1.0/24 -DPMServer MS-DPM-01 -SequenceNumber 2

Data Protection Without Congestion

With the help of my colleague Jeff McMullen, I've demonstrated a general approach for deploying DPM 2010 on a dedicated backup network thatmost organizations should be able to implement. By following this approach, you'll have a tool that will protect your data without clogging up yourproduction network with traffic from backing up and restoring data.