Every IT organization needs to perform backups because they ensure data integrity and recovery in the event of data loss caused by a system failure, accidental deletion by a user, or corruption. Yet, as a consultant, I've found that backups are often treated as an afterthought. Sometimes the backup solution isn't architected properly or the systems providing the backups are underpowered. Other times the backup and restore procedures aren't well defined or routinely practiced until the unthinkable happens.
One item that is regularly overlooked when architecting and implementing a backup solution is the use of a dedicated backup network that's separate from the production network, as depicted in Figure 1. Each server to be backed up should have two network cards. The first network card should be used to connect to the production network. The second network card should be used to connect to the backup network.
Figure 1: Architecting the dedicated backup network
After I explain the benefits of using a dedicated backup network, I'll show you how to configure one for Microsoft System Center Data Protection Manager 2010. DPM 2010 provides disk- and tape-based backups for Microsoft OSs and line of business (LOB) applications that have Volume Shadow Copy Service (VSS) native support. Disk-based backups are intended for short-term data protection and rapid restores. Tape-based backups are intended for long-term data protection that's usually dictated by regulatory requirements. Disk- and tape-based backups can be combined to meet most organizations' backup and restore requirements. (Click the link for more information about DPM 2010.)
The Benefits
The main benefit of using a dedicated backup network is that it separates the backup traffic from the traffic in the production environment, thereby avoiding the network congestion that can result when a large amount of data is backed up or restored. This congestion can slow the response times of applications, which can, in turn, affect systems interoperability and user productivity.
An additional benefit of using a backup network is that you can use jumbo frames on a network card. This increases the Maximum Transmission Unit (MTU) size, which allows larger packets to be sent with less overhead from the underlying Ethernet media. Thus, the backup network can spend more time passing data and less time passing packet headers, which improves performance during backups and restores.
Note that not all network cards and switches support jumbo frames, so you need to check with your hardware provider to see whether your network cards and switches support this feature. In addition, if you plan to use Virtual LANs (VLANs) in the backup network, you need to make sure that your devices support using jumbo frames over a virtual interface.
The Implementation Plan
To set up a backup network for DPM 2010, you need to configure secondary network cards for the backup network, configure the HOSTS file on the DPM 2010 server, and specify the primary backup network.
Note that if your backup network will be providing system-state or bare-metal-recovery protection on a server running Windows Server 2008 or later, the Windows Server Backup Features must be installed on that server. Adding a feature to Server 2008 or later is outside the scope of this discussion, but you can use the TechNet article "Adding Server Roles and Features" for guidance.
How to Configure the Secondary Network Cards
You first need to configure the secondary network cards for the backup network, making sure that they don't have any DNS entries, WINS entries, or default gateways. Here are the steps to follow:
1. Log on to one of the servers that will be backed up and rename its network cards to designate which network they’re assigned to. In this example, they’re renamed Backup and Production.
2. Right-click the Backup network card and select Properties. Click Internet Protocol Version 4 (TCP/IPv4), then select Properties.
3. Add the designated IP address and subnet mask, as Figure 2 shows. Don’t assign a default gateway or any DNS servers.
4. Click the Advanced button, then select the DNS tab. Make sure that there are no DNS server entries listed and that the DNS suffix for the connection is left blank.
5. Select the WINS tab and make sure that there are no WINS servers listed and that NetBIOS over TCP/IP is enabled.
6. Click OK twice, then click Close.
Figure 2: Configuring the IP address and subnet mask for a secondary network card
You need to repeat steps 1 through 6 for the rest of the servers that will be backed up, including the DPM 2010 server. Take special precaution when configuring the Backup network card for the Active Directory (AD) domain controller (DC). There will be negative consequences to AD if its IP address is registered in DNS.
After you've configured all the Backup network cards, open a command prompt window on the DPM 2010 server and ping those cards' IP addresses to ensure there's connectivity. A common reason for not being able to connect is having a firewall blocking access.
How to Configure the HOSTS File
It's now time to configure the DPM 2010 server's HOSTS file so that it contains all the IP addresses that have been assigned to the Backup network cards. On a Windows server, the HOSTS file is located in the C:\Windows\System32\drivers\etc folder. You need elevated administrative permissions to edit this file. Figure 3 gives an example of what the HOSTS file will look like after you add the IP addresses.
Figure 3: Configuring the HOSTS file
How to Specify the Primary Backup Network
At this point, you can install the DPM agent on the servers to be backed up. Afterward, open the DPM Management Shell on the DPM 2010 server using the appropriate administrative privileges. (Your domain account must be part of the Local Administrators group.) The DPM Management Shell is built on top of Windows PowerShell.
Once opened, the DPM Management Shell's default folder is C:\Program Files\Microsoft Data Protection Manager\DPM\bin, as the last line in Figure 4 shows. After the command prompt, enter a command such as
Figure 4: Using the DPM Management Shell to specify the primary backup network
Add-BackupNetworkAddress -Address 10.1.1.0/24 -DPMServer MS-DPM-01 -SequenceNumber 1
This command uses the Add-BackupNetworkAddress cmdlet to tell DPM 2010 which network (in this case, 10.1.1.0/24) the DPM server (MS-DPM-01) should use as the primary backup network (indicated by -SequenceNumber 1).
You can specify a secondary network if desired. For example, to instruct the DPM 2010 server to use the public network as a secondary backup network, you'd use a command such as
Add-BackupNetworkAddress -Address 192.168.1.0/24 -DPMServer MS-DPM-01 -SequenceNumber 2
Data Protection Without Congestion
With the help of my colleague Jeff McMullen, I've demonstrated a general approach for deploying DPM 2010 on a dedicated backup network that most organizations should be able to implement. By following this approach, you'll have a tool that will protect your data without clogging up your production network with traffic from backing up and restoring data.
