FAQ – Azure IaaS workload protection using Data Protection Manager

Last week we announced the support for System Center Data Protection Manager (DPM) running in an Azure IaaS VM, for protecting workloads in Azure. The overwhelming positive response has been accompanied by deep-dive questions and a request for more details about certain aspects. This blog post is a list of Frequently Asked Questions to help customers on-board themselves faster with the solution.

Licensing

Q1.  What is the licensing model for DPM?

Customers need a System Center license, and then use license mobility offered with System Center to run DPM in Azure.

Q2.  How many System Center license SKUs do I need?

Depends on the number of virtual operating system environments (virtual OSEs) that DPM is protecting. One Azure IaaS virtual machine is effectively equal to one virtual OSE. You will need one Datacenter edition of System Center for every eight virtual OSEs in Azure. Read more about it in the System Center 2012 R2 licensing datasheet.

Q3.  What about pay-as-you-use pricing? Is there a gallery VM for DPM?

Pay-as-you-use pricing is currently not being offered. Leave us a comment if you are interested in using pay-as-you-use pricing.

Cross-premise protection

Q4.  Can I protect my on-premises assets with DPM in Azure? If I have hybrid infrastructure, what should I do?

No, cross-premise protection is not supported. Azure workloads should be protected by DPM instances in Azure. On-premise workloads should be protected by DPM instances on-prem. Refer the diagram below for the supported deployment for on-premises and Azure cloud.

protecting workloads in Azure and on-premises: supported DPM deployment architecture

Q5.  Why can’t I protect my on-premises assets with DPM in Azure?

At scale there are network issues like latency and lower throughput that need to be accounted for, and backups SLAs will most likely might not be met. The performance and scale that customers are accustomed to cannot be guaranteed in a cross-premise setup.

Q6.  Can I protect my Azure assets with DPM on-premise?

No, cross-premise protection is not supported. Apart from the performance and scale considerations, there would also be network egress costs (due to the data transfer by DPM).

Workload support

Q7.  What are the workloads that are supported?

The list can be found in the original announcement.

Q8.  Why does DPM in Azure support fewer workloads than DPM on-premises?

The primary reason is that Azure supports a limited set of workloads and operating systems. If Azure doesn’t support an OS or a workload, DPM in Azure will not support it either.

Q9.  What about bare metal recovery?

While DPM can take bare-metal backups, the bare-metal restore will not work in Azure as customers do not have access to the Azure fabric. Thus both bare-metal backup and restore cannot be supported in Azure. Azure snapshots are the best alternative available today.

Q10.  Is SQL Always-On supported?

DPM already supports the backup of SQL Always-On in on-premise deployments. For the configurations of SQL that are supported in Azure, the backup of these SQL configurations by DPM is also supported (including Always-On).

Setting up DPM in Azure

Q11.  How do I install DPM in Azure?

  1. Option 1: Upload a VHD with the DPM installation bits to Azure; attach the disk to a virtual machine and install the software.
  2. Option 2: Download the DPM trial bits from the System Center evaluation website; install DPM on a trial basis; run the upgrade wizard to make DPM into a production setup.

Q12.  Can I move an existing on-premise DPM virtual machine to Azure?

This is not recommended for all scenarios as DPM has a tight dependency on Active Directory. Utilize this option only if there is a single virtual network stretching across Azure and the on-premises infrastructure, and if the on-premise Active Directory is accessible from Azure.

Storage configuration

Q13.  Is DPM in an Azure IaaS virtual machine different in some way?

To users of DPM there should be no difference in how DPM is operated. Some features available in DPM on-premise will not be available when used in Azure. For example: Tape storage, iSCSI disks, Fiber channel etc.

Q14.  So, where do I store the backup data?

On Azure disks attached to the DPM virtual machine. Once attached to the virtual machine, the disks and the storage space are managed from within DPM.

Q15.  How much data can I back up?

Depends on the number of disks and size of disks attached to the DPM virtual machine. There is a maximum number of disks that can be attached to each Azure virtual machine (4 disks for A2 size, 8 disks for A3 size, and 16 disks for A4 size), and maximum size of each disk (1 TB). This determines the total backup storage pool available.

Q16.  Are locally attached disks my only option?

Data can also be offloaded by sending it to Azure Backup.

Q17.  I have a large number of workloads to protect. What should I do?

  1. Option 1, Scale up: Increase the size of the DPM virtual machine from A2 to A3 to A4 and add more local storage.
  2. Option 2, Offload data: Send older data to Azure Backup, and retain only the newest data on the storage attached to the DPM server.
  3. Option 3, Scale out: Add more DPM servers to protect the workloads.

Q18.  I want to have longer retention of backup data for my workloads. What should I do?

Sending data to Azure Backup is the best option. Azure Backup as also recently introduced Long Term Retention for data coming from DPM.

Q19.  Do I need to allocate more space for Azure Backup use?

Yes, the Azure Backup agent needs temporary storage for its own use (Cache location), and for data restored from the cloud (local staging area). The good news is that each Azure virtual machine comes with some temporary disk storage. This is available to the user as the volume D:\. The local staging area needed by Azure Backup can be configured to reside in D:\, and the cache location can be placed on C:\. In this way, no space needs to be carved out from the data disks attached to the DPM virtual machine.

Azure Backup agent cache location

Azure Backup recovery - staging area

 

Performance and Scale

Q20.  How do I choose a size for the DPM virtual machine?

Use the DPM virtual machine size calculator excel sheet that can be downloaded from TechNet Gallery.

Q21.  Do I have to deploy an A4 size virtual machine?

Not at all. Start with the A2 size and grow as your backup needs grow.

Q22.  Why should I have a separate storage account for DPM?

The storage account has a limit of 20,000 IOPS. DPM alone can use up a significant chunk of the IOPS. Keeping DPM storage from the production storage ensures that the production workloads are not starved for IOPS at the time of backup.

Protecting the DPM virtual machine

Q23.  Is DPM DR supported?

Yes. You need to ensure that the DPM servers are within the same Azure virtual network. This usually means that the secondary DPM server is within the same geo.

Q24.  What are my other options?

  1. Option 1: Use Azure snapshots for the DPM OS and data disks. The VM would need to be shut down to ensure consistency.
  2. Option 2: Backup the DPM SQL Server databases only. Michael Jacquet has a recently posted a great blog article about this topic.

Q25.  What about disasters? How should I send my data to another zone/region?

Storing data in Azure Backup takes care of this. Azure Backup uses GRS storage in the backend that asynchronously replicates data to a secondary region hundreds of miles apart from the primary.

 

That’s it! Drop us a comment if you have more questions or have feedback to share!

 

Please click on the relevant links below to get started: