Deploy backup and recovery for business continuity


Your business continuity strategy defines how you keep corporate data available—and business workloads up and running—during both planned downtime and unplanned outages. This guide provides a backup and recovery solution.

How can this guide help you? This guide helps individuals and teams who are evaluating, designing, and deploying a backup and recovery solution. As an IT administrator or team in a medium-to-large business, you can use this guide to understand the recommend steps for deploying a backup and recovery solution.

In this solution guide:

  • Scenario, problem statement, and goals

  • What is the recommended design for this solution?

  • Why are we recommending this design?

  • What are the steps to implement this solution?

The following diagram illustrates the problem that this solution guide is addressing.

Backup Architecture

Scenario, problem statement, and goals

This section uses an example to describe the scenario, current problem, and goals that you might have.


You’re an expanding, medium-size organization whose business is built around a number of Microsoft technologies:

  • You have two Windows Server file servers that contain business data that ranges from critical to important.

  • You run a couple of virtualized internal applications on a Hyper-V host server.

  • You use an Exchange server for email, a SharePoint server for information sharing, and a server running SQL Server as a backend database for your application data.

  • Most of your employee desktop computers run Windows 7, 8, or 8.1. Employees are supposed to save business critical files to your network file servers or to a SharePoint site for collaboration purposes, but files are often left on local desktop computers.

  • You have a storage area network (SAN)/unified storage device from a non-Microsoft vendor.

Problem statement

The overall problem you want to solve is:

How do I get my business data backed up and stored, and how do I recover that data within a reasonable amount of time when an unexpected incident or disaster occurs?

In answering this question, you have a number of issues associated with your current environment:

  • Your backup strategy has grown piecemeal over the years, and the processes aren’t well-known.

  • Your current backup assumes all corporate data is of the same importance, although it isn’t.

  • Recovery was slow the last time you had an unexpected outage, and some critical data was lost.

  • You back up data only to an on-premises SAN disk. You’re concerned what might happen if a disaster occurs in the building.

  • Your current backup solution is complex to manage, there are scheduling limitations, and only some types of backups can be performed. In particular, your current solution isn’t optimized for backing up the Microsoft workloads around which your organization revolves.

  • Your storage needs are growing. There are currently 20 terabytes (TB) of data in the organization, and this number is growing at around 20 percent per year.

Organization goals

After analyzing the problem and issues, you’ve identified these goals and requirements:

  • Provide optimal and flexible backup—You need to back up different types of data with differing levels of detail, for example, applications, workloads, computers and servers, volumes, folders, and files. The solution should be optimized for backup of Microsoft workloads.

  • Provide resilient backup—Workloads must remain up and running during backup, so that normal operations aren’t disrupted.

  • Provide scalable storage—You need scalable storage to accommodate your growing needs.

  • Provide offsite storage—Offsite storage is important in case of onsite disaster.

  • Define data RPOs—The solution should reflect that not all data is equal, and it should allow for variations in recovery point objectives (RPOs) for different data types. An RPO defines the maximum period that’s acceptable for data to be unavailable when an outage occurs, so it’ll be shorter for more critical data.

  • Ensure ease of management and self-service—Backup should be initiated, managed, and monitored easily. Users need to be able to initiate backup and recovery from their computers.

  • Provide backup initiation—You need to be able to run both scheduled and on-demand backups.

  • Ensure simple data recovery—It should be easy to recover data manually and automatically. You’ll need to be able to restore data at different levels and to the original or alternate location.

  • Provide simple costing—Costing should be easy to figure out.

The following diagram illustrates the backup and recovery design, which focuses on Microsoft System Center 2012 R2 Data Protection Manager (DPM) and Microsoft Azure.

Backup Technologies

The following table lists the design elements.


Why is it included in this solution?

System Center 2012 DPM

System Center DPM (DPM) provides simple and centralized backup of Microsoft workloads, and servers and clients running Microsoft operating systems.

Azure Backup

Azure Backup enhances DPM backup options. In addition to backing up data to disk for short-term storage, you can back up data to the Azure cloud for off-premises online storage.

Why are we recommending this design?

Let’s see how these technologies align to your organizational goals and solve the problem and issues you identified.



Provide optimal and flexible backup

DPM provides tailored backup and recovery for Microsoft workloads, including:

  • Microsoft workloads: File Server, Exchange. SharePoint, Windows, Hyper-V.

  • File data— full server (all volumes), volumes, shares, folders.

  • SQL Server—database backup.

  • Exchange server—stand-alone server, databases in a database availability group (DAG).

  • SharePoint—farm, SharePoint search, front-end Web server content.

  • Hyper-V—Hyper-V computers, cluster-shared volumes (CSVs).

  • Client computers—file data.

  • Servers—System state or full backup for bare metal recovery.

For more information, see DPM protection support matrix.

Backed up data can be stored on tape or disk, and in the Microsoft Azure cloud.

Provide resilient backup

DPM uses the Volume Shadow Copy Service (VSS) to back up without disrupting normal operations.

DPM synchronization is asynchronous, so that it doesn’t block disk I/O on the protected sources. Data changes are stored in the agent synchronization log and then replicated across the network to the DPM server, where they are stored in the transfer log. VSS creates consistent point-in-time shadow copies of the copied data. After the synchronization is complete, VSS creates replicas that can be recovered as required.

Provide scalable backup and storage

DPM provides the following data volumes:

  • For 64-bit computers, you can back up approximately 600 volumes (300 replica volumes and 300 recovery volumes) with a DPM server.

  • Volume capacity within this limitation depends on DPM limitations, the data you’re protecting, and storage space. For more information about DPM limitations, see Preparing your environment for System Center 2012 R2 DPM.

  • To help scale backups from DPM in System Center 2012 R2 Update 3 onwards, you can define backup windows for virtual machine backup. These windows specify when the backup should start and finish. For more information, see Configure backup windows for virtual machines.

Provide offsite storage to tape

For long-term storage, you can back up data to tape. For more information, see Data Storage.

Provide offsite storage to Azure

In addition to backing up data to disk for short-term storage, you can back up data to Microsoft Azure for offsite storage:

  • You can back up data to Azure for files and folders, SQL Server, and Hyper-V. Other workloads aren’t supported.

  • Azure Backup supports 850 gigabytes (GB) per volume per backup. You can work around this limitation by using multiple volumes.

  • You can schedule a maximum of two backups a day. The maximum retention period is 120 days at once a day. If you schedule two backups a day, the maximum retention period is 60 days.

Define data RPOs

DPM organizes resources that you want to protect into protection groups. You can organize your protection groups by workload or by data importance. For example, you can create a protection group that contains multiple volumes that include critical business data, and another group with volumes containing less important end-user data. In case of unexpected outages, you can restore data from protection groups in accordance with the importance of data and the required RPO.

You can restore data from disk, tape, and Azure. Obviously, recovery from tape will be slower, aligning to a longer RPO. Disk and online backup can be restored more quickly for a shorter RPO.

Ensure ease of management and self service

You can centrally back up and restore all your data (from tape, disk, and Azure) in the DPM console, using simple wizards.

DPM provides self-service support:

Provide backup initiation

You can run scheduled and on-demand backups in DPM:

You can schedule some options in DPM:

  • On-demand—You can run an on-demand backup for a specific resource in a DPM protection group.

  • Scheduled—You can set up scheduled backups with a number of options, including how often source and replica data should be synchronized, and when backups should run. For details, see Configure and run backups.

Ensure simple data recovery

DPM provides a Recovery Wizard to recover:

  • Servers and client computers—File data can be recovered at the volume, share, folder, or file level. On protected client computers with end-user recovery enabled, users can recover their own files.

  • Exchange—mailboxes and mailboxes under a DAG.

  • SharePoint—farm, database, Web application, file or list item, SharePoint search, SharePoint Front-End Web server.

  • SQL Server—database.

  • Hyper-V—item-level recovery of files, folders, volumes, and virtual hard drives.

  • If you back up to Azure, you can recover DPM directly from the DPM console, to the same location or an alternate location.

Provide simple costing

DPM costs are in accordance with System Center licensing. See System Center 2012 R2.

To back up to Azure, you pay for data stored, not data transferred to computer resources. The first 5 GB per month is free. See Backup Pricing Details.

What are the steps to implement this solution?

Use the steps in this section to implement the solution. Verify each step before proceeding to the next.


If you want to print or export a customized set of solution topics, see Print/Export Multiple Topics – Help.

  1. Set up and deploy DPM

  2. Set up storage for backed up data

  3. Set up protection

  4. Set up self-service

  5. Validate your backups

Set up and deploy DPM

  • Download System Center 2012 R2 

    You can download a trial version of DPM before you acquire the full version. For more information, see Download the Evaluation: System Center 2012 R2 from the TechNet Evaluation Center.

  • Learn about DPM 

    Before you set up DPM, read about system requirements, supported deployments, and DPM features. For more information, see Get started with DPM in the TechNet library.

  • Install DPM

    After ensuring that all prerequisites are in place, install DPM. For more information, see Installing and Upgrading System Center 2012 - DPM in the TechNet library.

Set up storage for backed up data

Set up protection

  • A general walkthrough for setting up client protection is available on Kevin Holman’s System Center Blog.

  • Install and configure the DPM protect agent—Install the agent on each computer or server you want to protect.

  • Configure protection groups—Gather and organize the servers and computers you want to protect into protection groups. When you create a protection group, you set up short-term and long-term backup options, schedule backups, and set up initial replication for the data.

    For this solution, set up protection groups as follows:

    • Client computers and File servers—When you set up protection groups for client computers and file servers, you’ll select the computers or server and the file data you want to protect. You can also specify whether you want to allow users to specify other files to back up and recover. The users won’t be able to select any files you explicitly exclude. You’ll select disk and Azure for short-term storage, and tape for long-term storage.

    • SQL Server—When you set up a protection group, you’ll select the server running SQL Server that has the DPM agent installed, and you’ll specify which SQL Server databases on that server should be protected. You’ll select the options to perform short-term protection with disk and Azure Backup, and long-term protection with tape.

    • Exchange—Before protecting Exchange, you’ll need to copy the ese and eseutil files (usually located at C:\Program Files\Microsoft\Exchange Server\V14\Bin) to the DPM server. The versions of these files must be the same on the server you’re protecting, and on the DPM server. When you configure the protection group, you’ll select the Exchange mailbox databases you want to protect. You’ll configure short-term protection with disk only, and long-term protection with tape. Then, the wizard runs an integrity check for the Exchange databases. This offloads backup consistency checking from the Exchange server to the DPM server, eliminating the impact of running eseutil on the Exchange server during backup. There’s a useful full walkthrough of this deployment at

    • SharePoint—Before you configure a protection group, be sure the DPM protection agent is running on at least one Front End server in the farm, and on all SQL servers that host databases for the SharePoint Farm. In addition, you’ll need to run ConfigureSharepoint.exe –EnableSharepointProtection from an elevated Windows PowerShell command line with an account that has full access to SharePoint. This configures SharePoint permissions and VSS writer for DPM. When you configure the protection group, you’ll select a farm database from the SharePoint Front End server. When you configure the protection group, you’ll select the options to perform short-term protection with disk only, and long-term protection with tape.

    • Hyper-V—When you configure a protection group for Hyper-V, you select the virtual machines on the Hyper-V host or cluster that you want to protect. You can select the options to perform backups online (with no interruption to a working virtual machine), or offline (which pauses the virtual machine, takes a snapshot, and then backs it up). You’ll select the options to do short-term storage with disk and online with Azure Backup, and long-term storage with tape.

  • When you set up data storage options for the protection group, use these settings.

    Backup medium



    Scenario recommendation

    Disk-to-disk-to-tape backup (D2D2T)

    Backup data to disk in the short term and tape in the long term

    Backing up data to disk for short-term storage and tape for long-term storage provides more flexibility than disk-to-tape backup only, because in the short term you’ll back up your data to disk and in the long term to tape. It’s useful for:

    • Critical and important data with some loss tolerance. Using this method, there is a time period in which data is stored on disk and probably onsite. If disaster occurs before your data is moved to tapes offsite, data loss can occur.

    • Data that has a short RPO in the short term and a longer RPO as time goes on. For example, you might be working on a particular project, and file data for that project is critical, with a short RPO for the next three months. However, after that period the RPO for that data gets longer.

    Use to back up:

    • Exchange servers

    • SharePoint servers

    • For these scenarios, only disk is available for short-term storage. Azure Backup isn’t supported.

    You’ll need to purchase a tape library or stand-alone tape drive that must be physically attached to the DPM server. The tape library can be direct SCSI-attached or SAN.

    Disk-to-tape backup (D2T) + Azure Backup

    Back up data to disk and Azure in the short term and to tape in the long term

    Backing up to both disk and Azure for short-term storage works around some of the disadvantages of the disk-to-disk-to-tape method alone. It’s useful for:

    • Business-critical data that has a low loss tolerance in the short term and needs to be stored off premises.

    • Short-term data is available both on disk and in the cloud.

    Use to back up:

    • SQL Server data

    • Hyper-V data

    • Server and client computer file data

Set up self-service

You can specify that end users can independently recover file data by retrieving recovery points of their files. Enabling end-user recovery involves configuring Active Directory Domain Services (AD DS) to support end-user recovery, enabling the end-user recovery feature on the DPM server, and installing the shadow copy client software on the client computers. For more information, see Configure end-user recovery and recover file data.

You can also enable user recovery for SQL Server databases that are backed up by the DPM server, using the Self-Service Recovery Tool (SSRT). For more information, see Recover SQL Server databases using self-service recovery.

Validate your backups

Verify that backups are working as expected. When you configure your workload backups with DPM protection groups, DPM immediately performs the initial replication (full backup) of the data. In the DPM console, the Protection Groups will show this initial replication as progress, and they will show an OK status when the replication succeeds. In addition, you can view the monitoring jobs and alerts in the console. You can monitor backups to Azure in the Azure portal. For more information, see Manage and monitor backup vaults in Azure Backup.

See also

Content type


MSDN forum

TechNet forum