Simplified workflow to configure backup to Azure from DPM

System Center Data Protection Manager (DPM) offers backup to Azure for long term protection by leveraging Azure Backup. The first step in configuring DPM-A (DPM backup to Azure) is to register the DPM server to the Azure Backup vault. This article explains how the registration process is greatly simplified and enhanced with Update rollup UR4 for DPM.

Till Update Rollup 3 (UR3), users were required to generate a self-signed certificate and upload this certificate to the backup vault through the portal. During the registration process, the certificate was used to register the server to the backup vault. While this process ensured security, it was a bit overwhelming.

With UR4, registration of the DPM server to the Azure Backup vault is simplified without compromising on the security by using a concept called “vault credential”. A vault credential is an authentication entity that can be downloaded from the backup vault on the portal. The vault credential is valid for 48 hours from the downloaded time and can only be used during the registration process to authenticate the server with the backup vault.

Simplified workflow of registering DPM server to the backup vault

Step 0: Prerequisites

The following are the pre-requisites for getting started with DPM-A registration:

  1. An active subscription on Azure. (Sign up for trial)
  2. A backup vault created on Azure.
  3. DPM deployment with UR4 downloaded and installed.

Step 1: Download the vault credentials and install the Azure Backup agent

Navigate to the Quick Start page of your designated vault from the Azure Recovery Services portal. Download the Azure Backup agent and the vault credentials from the links mentioned on the portal page.

Quick start page with vault credentials and Azure Backup agent

Install the Azure Backup agent on the DPM server. Refer to “Getting Started with Azure Backup” for the detailed steps on installing the agent. The following screenshot shows the final status upon the successful installation of the agent.

Agent installation wizard: successfully installed

Now go to the DPM Administrator console and complete the registration process.

Step 2: Register DPM Server to Azure Backup vault with vault credentials

To register the DPM Server to the backup vault, open the DPM console. In the Management pane, select Online and then select Register. These actions are highlighted in the picture below. Enter the right proxy settings and select Next to proceed to the Backup Vault screen.

Register Server Wizard: Proxy Configuration

In the Backup Vault section of the Register Server wizard, Browse to the vault credentials file that was downloaded earlier from the portal (in step 1 above). It takes a few seconds for the authentication to happen. The vault information is then auto-populated for review.

Register Server Wizard - using vault credentials

There are a few more steps to complete the registration including entering the settings for the recovery folder, network throttling, and the encryption passphrase. Detailed explanation of these options is available in this TechNet article.

On successful registration, the following status is shown for Online subscriptions in DPM Administrator console.

DPM Server configured for online protection

This completes the registration process and the DPM server is configured to backup to Azure.

Frequently Asked Questions (FAQ)

Q1) I downloaded the vault credentials 3 days ago. Can I use the vault credentials to register my server?

A1) No. The vault credentials will have to be downloaded again. A new vault credential file is generated every time the user clicks on the “Download vault credentials” link on the portal. The validity of the credential file is 48 hours from the time it is generated.

Q2) I have online protection enabled with UR3. I am upgrading from UR3 to UR4. Will this impact my online backup protection?

After the upgrade to UR4, all online protection operations will fail until the latest Azure Backup agent is installed. It is strongly recommended to upgrade the Azure Backup agent before upgrading to UR4.

Q3) I have online protection enabled with UR3. I have no plans to upgrade to UR4. What is the impact?

Backward compatibility for UR3 and older versions is provided by retaining the certificate management flow in the portal, as shown below. Please note that upgrading to UR4 is strongly recommended as it brings in latest features and fixes.

Upload certificate flow on the backup vault page

 

Quick Reference

Download DPM UR4 and follow the steps outlined in the article for installation. Configure DPM to Azure with vault credentials, or learn how to configure DPM to Azure with certificates.