SCDPM installation and configuration for newbie

Admission

This document presents the methodology to correctly install and configure System Center Data Protection Manager 2012 R2 , together with associated services .

The procedures contained herein assume that:

  • • System platform is Windows Server 2012 R2 Standard Edition
  • • It is planned to use a dedicated database based on MS SQL 2012 Standard
  • • It is planned D2D2T backup ,
  • • The server is in domain.

This document also assumes that the person using it has general knowledge of data security and ability to navigate Windows Server 2012 R2.

Installation

1. Initial screen

2. EULA

3. Start of setup

4. SQL database setup

5. SQL

7. Register information

8. Install location

9. Microsoft Update

10. CEIP options

11.Setup summary

12. Installation process

13. Finished installation

Summary

At this stage we completes the installation of DPM’a.

Configuration

After installation, we must first set up storage space for the backups. Then install the agent on servers that e want to protect with DPM, the last step is to create a Protection Group which in accordance with the options will back up different types of data from different data sources.

GUI description

DPM’s consists of 5 divided areas:

  1. Options for view C,
  2. Navigation after view C,
  3. General information from D view,
  4. Main bookmarks,
  5. Detailed information from C view.

Monitoring bookmark

14. DPM GUI

View from Picture 15 shows the “Monitoring” which contains all the information regarding the status of the DPM server and the individual tasks. In the pane A we have several buttons:

  • Subscribe and Options

    Here are options regarding basic configuration and notification.


15. What alerts should be send


16. Configuration for SCOM


17. CEIP option


18. Options for End user recovery


19. New computers discovery options


20. Mail configuration

  • Abaut DPM


21. DPM Information

  • Help


22. DPM’s help

Protection bookmark

View from picture 15 shows the “Protection” bookmark which contains all active and inactive backup copy group in DPM’e .

23. Protection bookmark view

    Expanding group in windows C will get a view like below.

24. Detailed information on one of the backup groups

By clicking on a specific group of backup we receive detailed information in the E area such as:

• The status of the group,

• Method protect,

• Length of keeping copies

• Configuration allocate space for backup purposes.

• Optimization options

25. Detailed information on selected data source

By clicking on a specific data source we receive detailed information in the area of E such as:

  • The status of the data source
  • Track the replica,
  • Latest backup repository ,
  • Last backup repository ,
  • The total number of recovery points ,
  • The amount of space allocated for backup (separately replica and separately on restore points) .

In A field are options for specifically selected group, server, or a data source, which at the moment is selected. These options are different depending on whether a group is selected , the server or data source.

26. Option for selected group

New – Create new group

Modify – modify existing group,

Delete – delete group,

Optimize – Network optimization options and express full backup,

Consistency Check – force consistency check,

Disk – resum disk backups,

Tape – resumes tape backups,

Self service recovery – self service recovery options,

Disk allocation – displays disk allocations for backups,

Tape catalog retention – options for time retentions of tape backups

Recovery point status – report generation for recovery points.

Remaining options

27. Options for selected server

New – adding new server to the group.

28. Options with data source selected

Recovery point – force recovery point creation,

Remove –     removal of selected data sources.

Recovery bookmark

    The most important part is in the area B where first we have to choose a domain from which you want to select the protected object and then the choice of protected servers. Expanding the list of domains see all the machines from different domains which any data sources are backups by DPM’a .

29. List

Similarly, when you expand the list of individual machines. The area is used to navigate the directory tree stored backups . However, in Area C, select the first of which date we are interested in the backup and then you can browse what is available from this period to be restored.

30. Possible data to recovery

Reporting bookmarks

In C field are available reports.

31. Reporting

Management bookmark

In area A is a button to install agents on the devices. In area B we can choose the ability to manage between agents , disks and tape libraries . When you select a specific agent on area C , under E there is information about the version of the agent or more detailed information on the causes of the problem with the agent on the machine.


32. Management

    Turning to manage disks in Area A there are options to add disks and refresh them . After you select the drive from Area C , under E appear information about the status of the disk such as:

  • The status of the drive,
  • Used place
  • Free space,
  • Protected data sources that are on it .

33. Disk management

    Moving in the management of libraries in area B will get the opportunity to its configuration.

34. Library

Disk space for backups

Configuration backup space is based on adding local disks. In the current configuration for backups are used VHDs hooked up to a machine running the DPM server then this disc is added in DPM’e .

35. Adding disk to the pool

Agent installation

We distinguish between two methods of connecting an agent to DPM’a.

Installation,

Attachment of already installed agent.

  • From trusted domain,
  • From untrusted domain or workgroup.

Agent installation files are located on the DPM server location:

C: \ Program Files \ Microsoft System Center 2012 \ DPM \ DPM \ ProtectionAgents \ RA \Version Number

Trusted domain

If the target device is in the trusted domain the most convenient method is simply installing a remote agent providing domain administrator privileges .

36. Choosing of installation method


37. Device selection

38. Privileges to add or install

39. Restart options

40. Summary

41. Installation

42. Success

    In case the installation failed next to ” TASK ” will show an additional tab which provides information to help with diagnosis of the problem. In the case of major problems with the installation of an agent in the trusted domain, you can install it manually on the target device and then plug it into the DPM server .

Untrusted domain or workgroup

In untrusted domain and workgroups agent can, not be installed remotely. On each server, you must install it manually taking into account whether you are using a 32bit or 64bit OS version

43. Agent installation files

44. Installation progress

45. Successful installation

    In the event of an unsuccessful installation additional information will be prompted here that can help to diagnose the issue.

Upon successful installation, you must manually specify to the agent with which DPM server and on what account is to be established communication . User account given in the command below is created locally on the device on which the DPM agent , and must be unique for each device. This procedure creates a local account and password. DPM server name must be FQDN.

46. Successful installation

    Due to the fact that the computer from an untrusted domain is unable to resolve the DNS name of DPM server , enter it rigidly in the host file and then check whether the name is properly resolved .

47. Adding DPM ip to host

The next step is to hook up the device with installed DPM agent to the DPM server . But first we must add on the DPM server in the host file information necessary to resolve the DNS name of the device from untrusted domain.


48. Host file on DPM server

    First now we can attach the agent to DPM server.

49. Options for agent attachment

Here we input the FQDN of the device you want to hook up to DPM’a . Username and password must be identical with that which we gave the command line on a device with an untrusted domain . This process also creates a local user with the same name and password.

50. Logon credentials.

51. We can attach several devices at once

52. Summary

53. Successful installation

In case the installation failed next to ” TASK ” will appear an additional tab which provides information to help with diagnosis of the problem.


54. Agent in DPM console

Types of DPM backups

Product

Protectable Data

Recoverable Data

Exchange Server 2003

Exchange Server 2007

  • Storage group
  • Storage group
  • Database
  • Mailbox
Exchange Server 2010
  • Stand-alone Exchange Server 2010 servers
  • Databases under a database availability group (DAG)
  • Mailbox
  • Mailbox databases under a DAG
SQL Server 2000

SQL Server 2005

SQL Server 2008

SQL Server 2008 R2

SQL Server 2012

  • Database
  • Database
Windows SharePoint Services 3.0

Microsoft Office SharePoint Server 2007

SharePoint Server 2012

  • Farm
  • SharePoint Search
  • Front-end Web server content
  • Farm
  • Database
  • Web Application
  • File or list item
  • SharePoint search
  • SharePoint Front-End Web Server
Windows Server 2003

Windows Server 2008

Windows Storage Server 2003

Windows Storage Server 2008

Windows Server 2008 R2

  • Volume
  • Share
  • Folder
  • Volume
  • Share
  • Folder
  • File
Microsoft Virtual Server 2005 R2 SP1
  • Virtual server host configuration
  • Virtual machines
  • Data for applications running on virtual machines1
  • Virtual server host configuration
  • Virtual machines
  • Data for applications running on virtual machines1
Hyper-V
  • Hyper-V computers
  • Cluster shared volumes
Item-level recovery of:

  • Files and folders
  • Volumes
  • Virtual Hard Drive (VHD)
All computers that can be protected by DPM except client computers.
  • System state
  • System state
Client computers
  • Windows XP Service Pack 2 (SP2) and later.
  • Windows Vista or Windows Vista Service Pack 1 (SP1).
  • Windows 7 Client
  • File data

Note
Recovery from previous versions of files and folders is not enabled on Windows XP computers.
Virtual Machine Manager Database Database

Creating backup tasks

First we choose whether we want to protect a server or desktop then add the source data from one or multiple devices that we want to protect with the same options and schedule.

55. Type of device

56. Available data sources

    DPM detects what can be backed up. In the case of servers, shared folders and SQL databases. In the case of Hyper-V clusters copies of entire virtual machines.

57. Data sources on cluster

For the purpose of the document we will create backup for a test server from which we want to make a backup of all shares and databases.

58. Adding data sources

59. Creating group

    We create a group and choose what type of backups we want to have

  • Short term backup on disk with retention period between 1 and 64 days,
  • Short term backup on tape with retention period between 1 and 12 weeks,
  • Long term backup on tape with retention period between 1 and 99 years.

60. Creating a schedule

    Here we setup following options:

  • Retention period,
  • How should be the synchronization made,
  • Schedule for recovery points based on files,
  • Schedule for application based recovery (SQL)

61. Consistency Check settings

62. Summary

63. Transmission optimization

64. Successful creation of protection group

    In case the installation failed next to ” TASK ” will show an additional tab which provides information to help with diagnosis of the problem.

Modification of backup job

Modifying backup job means going through the same configuration windows as when creating the backup job and changing it.

Deleting protection group

To delete a backup job , select it and click Delete.

65. Deleting backup job

It will ask whether you want to keep or erase the data that the job secured . If we decide to leave we will be able to recover data from an old backup job until you manually remove them . If we remove already at this point you release the disk space.

By clicking on the Stop Protection will begin the process of removing the backup job.

66. Acknowledge window

    In case the installation failed next to ” TASK ” will show an additional tab which provides information to help with diagnosis of the problem.

Recovering from backup

67. Recovery

Select the server from which you want to recover the data and from when to restore a copy, dates in bold indicate that at least one copy on that day (it can be more time to copy a given day , select the ” recovery time “). Only now you can search for a specific folder or file you want to recover.

68. Choosing of data to recovery

    We choose “Recovery” and follow the steps.

69. Selection Review


70. Choosing of recovery location

71. Additional options

72. Summary


73. Recovering

74. Successful recovery

75. Final effect

Advertisements

ASA CX module

I know CX module will be EOL by the end of 2017, but still you never know ;].

The build in device malware protection is a bit annoying as there is no easy way to make an exception.

I had recently and interesting issue when one of the governmental sites was blocks by malware protection. How surprised i was to see that there is now way to make an exception, the setting was global for all out coming traffic. So to allow a single site with rep of -7 (in my case that was the government site,  from -6 to -10 site is considered insecure) i would be forced to lover the security of the whole company what was of course unacceptable.

So after a bit of googling i have found this.

Basically i had to create malware policy that allows site of rep -7 an then make it default device policy. After that you have to set the default policy of -6 to every access policy (overriding the device setting)  you have except the one with your exception (where you put before the url of the problematic site). Setting no policy for malware protection, as it was suggested in the link above, did not work for me, that’s why i have made device policy less restrictive then the local access policies malware protection setting. Now the traffic goes thru the white list policy without malware protection. And because the policy allows only specific URL address’es it want pass any other site with rep -7 then the one i have put there.

SCVMM installation and configuration for newbie

Introduction

This document presents a methodology of installation and configuration for System Center Virtual Manager 2012.

Installing VMM

VMM needs dedicated SQL server

1. First step

2. Installation options

3. Registration information

4. Licensing terms

5. CEIP

6. Installation location


7. SQL configuration window

8. Account configuration

     This is a domain account that will perform automated tasks in SCVMM . It should be first created in AD. Default permissions will suffice.

9. Port configuration

10. Self service portal configuration

11. Library configuration

12. Summary

13. Installation process

14. Successfully finished installation

VMM GUI description

VMM graphical interface is divided into 4 main areas below.

15. VMM GUI

Area A – different options depending on the choice in the area of B and C,

Area B – representation of the major groups of options after selecting the area of C,

Area C – main groups of options,

Area D – various information displayed on the basis of choice in the Fields B and C.

Main groups of options

VMs and Services

Here there are all the necessary features and options related to the creation and management services , virtual machines and clusters. Figure 15 shows just the appearance of it after the election in the area C ” VMs and Services”.

The area B shows an expandable tree that contains all virtual machines clusters and services . For easier management of multiple machines , you can create folders and grouping . The three lowest catalogs have just been created to group .

16. Groups

    The area D shows depending on where you are in the area B different virtual machines and different information related to resource use and their status

Fabric

Here are the tools you need to configure the virtualization environment

17. GUI Fabric

Library

Create and manage libraries, profiles and templates.

18. Library

Jobs

It is a diary of events which are described in great detail all the activities carried out in and by the VMM . Errors are presented very clearly and shall be presented immediately recommended actions to resolve the problem.

19. Jobs

Settings

Here are the options associated with the operation of the VMM

20. Settings

Initial configuration

After the correct installation VMM must configure the basic things and those that are intended to enable us to continue working with the program .

Configuration of the start of the transition to ” Settings” > ” Security” > ” Run As Accounts ” and check if there is an account that we gave during the installation process . If it does not need to be added .

Next, we prepare a library. By default, the default library is installed on the VMM server and the installation process is one window in which we can point to its catalog . You can add libraries. Adding library involves identifying the server and there share located to be added to the VMM .

Adding a library:

21. Adding library


22. Options

    Enter a domain account that has the authority to share to add them to VMM .

23. Choosing of server

24. Choosing share

25. Summary

26. Summary

    After successfully adding the library will scan and its representation as VHD files, ISO and other files recognized by VMM and used by him.

26. Files in library

    To take full advantage of the functionality of the library should also make changes in AD . This is described in Chapter 6.

Adding clusters

27. Adding clusters

28. Select location

29. Credentials

Capture1

30. Searching for objects

Capture

31. Choosing cluster

32. Placement of the cluster in VMM

33. Summary

34. Cluster after attachment

VMM Library configuration

In order to direct streaming ISO image to a VM machine rather than each time copying it to the Host on which the virtual machine that wants to use an image you need to configure permissions in AD .

To start sharing ISO follow these steps :

  • Select a domain account as the VMM service account on the VMM server
  • Configure the required permissions share and NTFS directory on the VMM library
  • Make forced delegation for Hyper-V hosts
  • Set up a virtual machine to use a shared ISO

Warning.

Shared ISO can be added only after the creation of a virtual machine and not in the process of its creation.

VMM service domain account

Was created during the installation process

Configuring share and NTFS permissions

From the explorer windows permissions for share I NTFS should be set as follows .

  • VMM service account must have permissions : Read Access,
  • Accounts host computers on which to find the virtual machine uses the ISO ( in the case of clusters, all hosts from the cluster ) must have permissions : Read Access,
  • In addition, you should still configure the delegation of authority to the CIFS protocol on all Hyper-V hosts . To do this, you must have administrator privileges domain . The configuration starts with the entry in the bookmark delegation computer object representing the Hyper-V host . Then select the ” Trust this computer for delegation to Specified services only” and “Use any authentication protocol .” Then click “Add” in the newly opened window , click on “Users or Computers” after selecting the computer on which the share is the VMM Library, displays a list of available services . Select cifs . This continues for all hosts that want to benefit from the individual libraries.

Creation of profiles and templates

Creating profiles and templates is also performed with the ” Library” .

Profile defines a hardware configuration that is to have a virtual machine (drives , memory, CPU , etc. ) , while the VM template defines the pattern ready virtual machine including an attached disk vhd ( sysprep or empty).

Creating templates

Select the VM Templates and click the right mouse button. Select ” Create VM Template” .

35. Selection

    In the first window, we decide whether a new template is to be created from an existing VHD or is in the Library. It is best to do so on the basis of a VHD that is syspreped operating system of our choice.

36. Selection of VHD

37. Selected VHD disk

38. Template name

39. HW configuration

    Jeżeli wcześniej stworzyliśmy już profil sprzętowy można tutaj z niego skorzystać, jeżeli nie należy ręcznie ustawić wszystkie opcje.

40. Selection of profile

41. Application profile

42. Summary

43. Created profile

HW Profile

We choose the hardware profile and click the right mouse button. Select ” Create Hardware Profiles” .

44. Profile name

45. Option selection

In the above, you make all the parameters of hardware or a virtual machine

  • The number of virtual processors ,
  • The amount of RAM , and that is to be dynamically allocated ,
  • Configurations COM ports , FDD and GPU ,
  • Configure the number of disks IDE SCSI ,
  • Configuration quantities of network cards and network VM with which they are connected ,
  • Other advanced options.

46. Added profile

Creating a Virtual Machine

By creating a hardware profile, and VM Template , create a new virtual machine is limited to the following

47. The window VMs and Services.

  • Being in the ” VM ‘s and Services” , click on “Create Virtual Machine”

48. Source selection

  • Select the appropriate VM Template.

49. Selection

50. VM name

51. Hardware configuration of VM

52. Option

53. Selection of host for the VM

54. VM location

55. Network configuration

56. PRO options

57. Summary

58. Copy process of VHD via BITS

59. Successful creation of VM

60. VM view in VMM

Monitoring of machines and clusters

SCVMM allows you to monitor and view statistics load of clusters , hosts and virtual machines . From the ” VMs and Services ” You see the following parameters :

61. Monitoring capability’s

    Adding the appropriate column can have a preview of parameters for individual virtual machines.

In contrast, switching from a view ” VMs ” to ” Overview” you can view the daily and monthly performance clusters and hosts for the consumption of CPU , RAM , network, and disk space consumption.

62. Performance

63. Performance

Mapped File takes all RAM memory

When having problems with RAM on 2008 R2 and RamMap shows that this memory is being eaten by Mapped File do as fallows:

Solution 1

Use RAMmap to “Empty System Working Set” as needed. If you have this problem on daily basis go to second solution

Solution 2
http://support.microsoft.com/kb/976618

http://www.microsoft.com/en-us/download/details.aspx?id=9258

 

I think this might, more or less, permanently solve the problem.

In any case you might need to upgrade server memory.

Control memory usage of WSUS 3.0 internal DB

1) Install the management tools for SQL Server. You need sqlncli_x64.msi (for x64 Systems) and SQLServer2005_SQLCMD_x64.msi (for x64 Systems) both o this files cane be found here

2) Run the sqlcmd utility and change the config options.

c:\Program Files\Microsoft SQL Server\90\Tools\binn\SQLCMD.EXE -S -E \MICROSOFT##SSE ;

If above one does not work try this

c:\Program Files\Microsoft SQL Server\90\Tools\binn\SQLCMD.EXE -E -S \\.\pipe\MSSQL$MICROSOFT##SSEE \sql\query;

1> sp_configure ‘show advanced options’, 1
2> reconfigure;
3> go
Configuration option ‘show advanced options’ changed from 0 to 1. Run the RECONFIGURE statement to install.
1> sp_configure ‘max server memory’, 512;
2> reconfigure;
3> go
Configuration option ‘max server memory (MB)’ changed from 2147483647 to 512. Run the RECONFIGURE statement to install.
1> exit

How to request a SAN certificate using MS CA Web enrollment Pages

Works like charm

Ammar Hasayen - Blog

1. Run those commands on the CA server

certutil -setreg policyEditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc
net start certsvc

2. In the Attributes box, type the desired SAN attributes. SAN attributes take the following form:

san:dns=dns.name[&dns=dns.name]

For example : To add two DNS names to the SAN field , you can type :

san:dns=corpdc1.fabrikam.com&dns=ldap.fabrikam.com

Note : Some services requires that the Subject name of the certificate , is also the first entry of the SAN certificate extension . Suppose you are issuing a certificate for Exchange OWA , and you need to include the internal and external URL in one certificate with SAN field . The subject of the certificate will be ( OWAInternal.contoso.com) and the SAN field will be ( OWAInternal.contoso.com, OWAExternal.contoso.com)

View original post