Data Protection Manager is able to use a dedicated network to make backups. But it is little touchy because DPM needs DNS resolution of servers on the dedicated network. Usually on production environments there are at least
- A production network with DNS zone. This DNS zone is used by Active Directory for production purposes.
- A private dedicated network for backup without DNS.
It is not recommended to register IP belonging to dedicated backup network in the production DNS zone because these IPs are not always reachable from outside. So there are two solutions: use host file on DPM (beurkkkk) or use DNS. I have chosen to use DNS with a new primary zone on the below example.
To use a dedicated network for Data Protection Manager, there are four steps:
- Create a backup DNS zone;
- Configure backup NIC on Domain Controller;
- Configure backup NIC on member servers;
- Configure DPM to use backup network.
For example, I have these networks:
- Production network: 10.10.0.0/24
- Backup network: 10.10.1.0/24
Create a backup DNS zone
- First of all, I create a backup DNS zone which I call backup.net. So I open a DNS console on a domain controller (dnsmgmt.msc) and I create a primary zone. Right click on the Forward Lookup Zone and select New Zone.
- On the New Zone Wizard welcome screen, click on Next.
- Create a Primary zone and to follow best practices, tick the Store the zone in Active Directory option.
- Select the replication scope. On my side I choose to replicate on all DNS servers running on domain controllers in this domain.
- Specify a Zone name. On my side I call my DNS zone backup.net.
- Next configure the dynamic update. To follow best practices I choose Allow only secure dynamic updates.
- To finish creating zone, click on Finish.
- Once your DNS zone is created, you should have it in Forward Lookup Zones in your DNS console.
- Once the zone is created, I recommend you to check listener on DNS service. So in the DNS console, right click on the server name and select properties.
- Make sure that the DNS Service listens on your backup network. If you make a change, don’t forget to restart the DNS service.
Configure backup NIC on Domain Controllers
Once the zone is created and the DNS service listens on your backup network, it is time to register your domain controllers in this zone. For that, open network connection configuration, right click on your backup NIC and select properties.
Edit Internet Protocol Version 4 (TVP/IPv4) properties and click on advanced.
Regarding domain controller I have this IP configuration:
- VMADS01: 10.10.1.5/24
- VMADS02: 10.10.1.4/24
To follow best practices, on VMADS01 primary DNS is 10.10.1.4 and secondary DNS is 127.0.0.1 On VMADS02, the primary DNS is 10.10.1.4 and secondary DNS is 127.0.0.1. In this way, DNS resolution is crossed.
You can use this Powershell script to configure your DNS settings as above:
Set-DnsClientServerAddress -InterfaceAlias "BackupNet" -ServerAddresses ("10.10.1.4","127.0.0.1")
Set-DnsClient –InterfaceAlias "BackupNet" -ConnectionSpecificSuffix "backup.net" –RegisterThisConnectionsAddress $true –UseSuffixWhenRegistering $true
Once the configuration is applied, don’t forget to run ipconfig /registerdns
So in my DNS zone, I have my two domain controllers registered automatically.
Configure Backup NIC on member servers
Now I apply the same configuration on member servers except that I set the primary DNS server to 10.10.1.4 and secondary DNS server to 10.10.1.5.
Set-DnsClientServerAddress -InterfaceAlias "BackupNet" -ServerAddresses ("10.10.1.4","10.10.1.5")
Set-DnsClient –InterfaceAlias "BackupNet" -ConnectionSpecificSuffix "backup.net" –RegisterThisConnectionsAddress $true –UseSuffixWhenRegistering $true
Once the configuration is applied, I run ipconfig /registerdns and all my servers are registered automatically in backup.net zone.
N.B: For IP Pool users on Virtual Machine Manager, you can make the configuration in VMM. Just configure the DNS and the specific connection suffix. However a Run Once script will be needed to tick the Use this connection’s DNS suffix in DNS registration option. You can use the Set-DNSClient powershell command like the script described above.
Configure DPM backup network
On DPM server, open a DPM Management shell. I will use the <verb>-DPMBackupNetworkAddress command to view and edit the networks used by Data Protection Manager. So First, I run Get-DPMBackupNetworkAddress to view backup network settings:
Use below command to add the 10.10.1.0/24 network as a first backup network in DPM. If DPM is able to resolve name on this network, it will use this network. The SequenceNumber is the priority of the network using.
Add-DPMBackupNetworkAddress –DPMServerName VMDPM01.home.net –Address 10.10.1.0/24 –SequenceNumber 1
Now I run again the Get-DPMBackupNetworkAddress and as you can see below, I have one backup network.
If you want to add your production network as a fallback network for backup, you can add another network with a SequenceNumber greater than 1.
To finish the configuration, restart the DPM service or restart DPM Server.
Now I run a backup and that will use the backup network.
** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful **