Search This Blog

Saturday, September 3, 2011

Configure Central Console and Role Based Access to Manage DPM Server (DPM 2012 or DPM 2010)

 

Current scenario (using DPM 2010):-

DPM2010Scenario

In current scenario, here is how i normally deploy DPM 2010 on branch environment. Each branches will have DPM server to protect the server at designated branch. To manage the DPM Server, local administrator will access to local dpm server. However, for HQ Administrator, he/she need to open 4 different console when want to manage branch DPM server. Therefore, this is where DPM 2012 come into picture in order to resolve the administrator tedious work of managing the DPM servers.

 New Scenario (using DPM 2012 and DPM 2010):-

DPM2012Scenario

In new scenario, HQ Administrator access to 1 console: SCOM console to manage multiple DPM Server which located in different branches. Besides than that, HQ Administrator can assign different roles to local branch administrator rather than provide Full Administrator right.

Note:- This guide is gathered from DPM 2012 Beta Guide. However i have enhance the guide by putting more graphical configuration. For more detail, please refer to Microsoft DPM 2012 Beta Guide.

Therefore, I'm assumed that you have knowledge about DPM 2010 and SCOM 2007 R2 before following this guidelines.

Step 1:-Pre-requisite:-

a) Install Central Console

User need to install DPM Central Console on SCOM 2007 R2 Server.

Import the Management Pack to SCOM. The MP is available in SCOM Server after the Central Console Server & Client installation.

image

b) Patch DPM 2010

-Install with QFE2

-Install hotfixes from here.

Step 2:-Post Installation:- Override 4 monitor

image

image

image

image

Step 3:-Add the following registry key:-

a) On SCOM Server

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Modules\Global\PowerShell

image

b) On entire DPM Server

* Must have install SCOM Agent before modify the registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Modules\Global\PowerShell

image

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HealthService\Parameters

image

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\<Management Group Name>

image

Step 4:- Monitor DPM Server

a) Open SCOM Console, you can monitor the health of DPM servers

image

b) Task executed can view from Jobs console.

image

Step 5: Configure Role Based Access

With Role Based Access, you can assign different right to different administrator based on their job scope.

a) On SCOM Server, execute DefaultRoleConfigurator.exe from C:\Program Files\Microsoft DPM\bin\.

image

b) Open SCOM Console, click on Administration, security and select User Roles.

image

The following is the default roles which you assign to users.

Default Role

Description

DPM Reporting Operator

Can create, modify and view scheduled or on-demand reports

DPM Read-Only Operator

Can view all DPM configuration, jobs and alerts.

DPM Tier-1 Support

Can view all alert and job information. Can perform basic jobs like re-running a failed job.

DPM Tape Admin

Can perform all tape related actions.

DPM Tier-2 Support

Can perform all tasks of tier-1 support and additionally can troubleshoot problems.

DPM Admin

Can perform all actions.

DPM Recovery Operator

Can only perform recovery of data protected by DPM.

DPM Tape Operator

Can perform only lightweight tape related operations such as running tape inventory, cleaning dives, etc.