Manual47350010 Powerprotect Data Manager 19 14 Microsoft SQL Server User Guide

PowerProtect Data Manager 19.
14
Microsoft SQL Server User Guide
July 2023
Rev. 01
Notes, cautions, and warnings
NOTE: A NOTE indicates important information that helps you make better use of your product.
CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid
the problem.
WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
© 2020 - 2023 Dell Inc. or its subsidiaries. All rights reserved. Dell Technologies, Dell, and other trademarks are trademarks of Dell Inc. or its
subsidiaries. Other trademarks may be trademarks of their respective owners.
Contents
Figures.......................................................................................................................................... 7
Tables........................................................................................................................................... 9
Preface........................................................................................................................................10
Chapter 1: PowerProtect Data Manager for Microsoft Application Agent Overview...................... 15

PowerProtect Data Manager overview........................................................................................................................ 15
Introducing the Microsoft application agent............................................................................................................... 15
VM Direct limitations.........................................................................................................................................................16
Configure VM Direct with IPv4 and IPv6............................................................................................................... 16
Prerequisites....................................................................................................................................................................... 16
Supported Internet Protocol versions...........................................................................................................................17
Encryption in-flight........................................................................................................................................................... 20
PowerProtect Data Manager new deployment overview....................................................................................... 20
PowerProtect Data Manager existing deployment overview..................................................................................21
Security configuration...................................................................................................................................................... 22
Role-based security.................................................................................................................................................... 22
Chapter 2: Enabling the Microsoft Application Agent for Microsoft SQL Server.......................... 23
Microsoft SQL Server data protection and replication requirements.................................................................. 23
Microsoft SQL Server operational log files for backup and restore operations.................................................24
Protecting a stand-alone Microsoft SQL Server.......................................................................................................25
Protecting Microsoft SQL Server clustered environments.................................................................................... 25
Install, update, and uninstall the application agent................................................................................................... 26
Prerequisites ................................................................................................................................................................26
Install the Microsoft application agent with the wizard.....................................................................................26
Install the Microsoft application agent with a silent installation...................................................................... 29
Update the Microsoft application agent................................................................................................................ 32
Update the application agent in the PowerProtect Data Manager UI........................................................... 33
Uninstall the Microsoft application agent with the setup file...........................................................................34
Uninstall the Microsoft application agent with a silent uninstallation............................................................ 34
Required privileges for Application Direct backup and recovery..................................................................... 35
Stagger Microsoft SQL Server discovery jobs in host scale-out environments.......................................... 36
Configure the database backup stripe level..........................................................................................................36
Enable multi-stream backups for Microsoft SQL Server protection policy...................................................37
Manage the Microsoft application agent.....................................................................................................................38
Changing the preferred host address.....................................................................................................................39
View application agent details.................................................................................................................................. 39
Configurable ports for Microsoft SQL Server.............................................................................................................41
Support for existing Microsoft application agent backups with PowerProtect Data Manager......................41
Supporting existing Microsoft application agent backups with PowerProtect Data Manager................ 42
Using the backup discovery tool for PowerProtect Data Manager management of existing
backups......................................................................................................................................................................43
Microsoft application agent for application-aware protection...............................................................................44
Contents 3
Multiple virtual networks (MVLANs) for Microsoft SQL Server application-aware protection...............45
Naming conventions for backups with VM Direct...............................................................................................45
Minimum required privileges for VM Direct backup and recovery.................................................................. 46
Chapter 3: Managing Storage, Assets, and Protection................................................................. 47

Enable an asset source.....................................................................................................................................................47
Disable an asset source..............................................................................................................................................48
Delete an asset source.....................................................................................................................................................48
Disable the Microsoft application agent...................................................................................................................... 49
Reinstall the Microsoft application agent....................................................................................................................49
Setting the sysadmin privilege for Microsoft SQL Server hosts........................................................................... 49
Discover a Microsoft SQL Server application host...................................................................................................50
Protection policies for Microsoft SQL Server database protection...................................................................... 51
Supported protection policy purposes.................................................................................................................... 51
Supported protection policy objectives.................................................................................................................. 51
Replication triggers..................................................................................................................................................... 53
Roadmap for planning a Microsoft SQL Server database protection policy.................................................54
Before you add a protection policy for Microsoft SQL Server database protection..................................55
Add a protection policy.............................................................................................................................................. 57
Extended retention for protection policies created in PowerProtect Data Manager 19.11 or earlier........... 66
Protection rules ................................................................................................................................................................ 68
Protection rule attributes and criteria....................................................................................................................69
Add a protection rule................................................................................................................................................... 71
Manually run a protection rule..................................................................................................................................73
Edit or delete a protection rule ............................................................................................................................... 74
View assets applied to a protection rule................................................................................................................ 74
Change the priority of an existing protection rule ..............................................................................................74
Configure protection rule behavior......................................................................................................................... 75
Cancel a Microsoft SQL application agent protection or restore job...................................................................75
Edit the retention period for backup copies............................................................................................................... 76
Delete backup copies........................................................................................................................................................76
Retry a failed backup copy deletion........................................................................................................................ 77
Export data for deleted Exchange, File System, Kubernetes, Block Volume, and SQL backup
copies......................................................................................................................................................................... 78
Remove Exchange, File System, Kubernetes, Block Volume, and SQL backup copies from the
PowerProtect Data Manager database............................................................................................................. 78
Host CPU throttling.......................................................................................................................................................... 79
Enable the Microsoft application agent after Internet Protocol change..............................................................81
Enable the Microsoft application agent after hostname change........................................................................... 81
Enable the Microsoft application agent after host IP address change................................................................ 82
Enable the Microsoft application agent after reusing IP address from a different host................................. 82
Enable the Microsoft application agent after migration to a different Microsoft SQL Server host.............83
Enable the Microsoft application agent after Microsoft SQL Server upgrade.................................................. 83
Enable the Microsoft application agent after operating system upgrade........................................................... 84
Manage the PowerProtect agent service................................................................................................................... 84
About the PowerProtect agent service................................................................................................................. 84
Start, stop, or obtain the status of the PowerProtect agent service............................................................ 86
Troubleshooting PowerProtect agent service installations.............................................................................. 86
Troubleshooting PowerProtect agent service operations.................................................................................86
Register the PowerProtect agent service to a different server address on Windows.............................. 87
4 Contents
Recovering the PowerProtect agent service from a disaster.......................................................................... 87
Manage the cloud tier operations with PowerProtect Data Manager for application agents........................88
Add a Cloud Tier objective to a Microsoft SQL protection policy...................................................................88
Tier the PowerProtect Data Manager backups from DD to the cloud...........................................................89
Restore the cloud tier backups to DD.................................................................................................................... 90
Chapter 4: Performing Self-Service Application Direct Backups of Microsoft SQL Server

Databases................................................................................................................................. 91
Performing self-service Microsoft SQL Server database backups........................................................................91
Overview of Application Direct with Microsoft SQL Server backups................................................................... 91
Federated backups of Always On availability groups..........................................................................................92
Distributed segment processing.............................................................................................................................. 92
Configuring distributed segment processing........................................................................................................ 93
Best practices to back up Microsoft SQL Server with Application Direct..........................................................93
Configuring usage limits of DD resources............................................................................................................. 94
Configure the database backup stripe level..........................................................................................................97
Naming conventions for backups with Application Direct...................................................................................... 98
Circumstances that promote Microsoft SQL Server backups to level full ........................................................ 99
Scheduling backup jobs..................................................................................................................................................100
Scheduling Microsoft SQL Server backups by using SQL Server Agent..................................................... 100
Scheduling Microsoft SQL Server backups by using Windows Task Scheduler........................................ 105
Performing manual backups .........................................................................................................................................106
Perform backups with the Microsoft app agent for Application Direct SSMS plug-in............................ 106
Back up Microsoft SQL Server with the Application Direct backup command...........................................112
Perform backups with T-SQL scripts.................................................................................................................... 118
Chapter 5: Performing Self-Service Application Direct Restores of Microsoft SQL Server

Databases............................................................................................................................... 122
Restoring a Microsoft SQL Server application host................................................................................................122
Best practices to restore Microsoft SQL Server with Application Direct......................................................... 122
Restoring Microsoft SQL Server databases ............................................................................................................ 123
Prerequisites............................................................................................................................................................... 123
Restore a database with the Microsoft app agent for Application Direct plug-in..................................... 124
Perform database restores with the Microsoft application agent for Application Direct recover
command.................................................................................................................................................................. 131
Perform database restores with T-SQL scripts................................................................................................. 138
Performing table-level recovery...................................................................................................................................140
Table-level restore workflow.................................................................................................................................. 140
Launching the Microsoft application agent for Application Direct SSMS plug-in...................................... 141
Configure general table restore settings.............................................................................................................. 141
Configure optional table restore settings............................................................................................................ 142
Monitor the table restore mount operation ........................................................................................................144
Restore table-level data using ItemPoint............................................................................................................. 144
Performing Microsoft SQL Server disaster recovery............................................................................................. 146
Perform Microsoft SQL Server disaster recovery.............................................................................................146
Perform disaster recovery from the Cloud Tier..................................................................................................147
Chapter 6: Performing Centralized Restores of Application Direct Backups............................... 148

Centralized restores of Microsoft SQL Server Application Direct backups...................................................... 148
Considerations for centralized Microsoft SQL Server Application Direct restores.........................................149
Contents 5
Centralized restore of Microsoft SQL Server system databases........................................................................ 149
Centralized restore of a Microsoft SQL Server stand-alone database...............................................................151
Centralized restore of a Microsoft SQL Server AAG database............................................................................153
Centralized restore of multiple Microsoft SQL Server databases.......................................................................156
Chapter 7: Performing Self-Service Restores of Virtual Machine Backups................................. 159

Restoring a Microsoft SQL Server virtual machine backup.................................................................................. 159
Overview of Microsoft SQL Server virtual machine restore operations .......................................................... 159
Prerequisites..................................................................................................................................................................... 160
Restoring Microsoft SQL Server databases to a virtual machine....................................................................... 160
Restore Microsoft SQL Server databases with the VM Direct SSMS plug-in............................................ 161
Restore a Microsoft SQL Server database with the VM Direct recover command..................................169
Performing Microsoft SQL Server table-level recovery to a virtual machine...................................................174
Restore Microsoft SQL Server tables with the VM Direct SSMS plug-in................................................... 174
Restore Microsoft SQL Server tables with the VM Direct recover command...........................................180
Performing an instant access recovery......................................................................................................................184
Instant access recovery overview ........................................................................................................................ 184
Instant access recovery use cases........................................................................................................................185
Perform an instant access restore with the VM Direct SSMS plug-in.........................................................185
Chapter 8: Performing Centralized Restores of Virtual Machine Backups...................................194

Centralized restores of Microsoft SQL Server virtual machine backups...........................................................194
Considerations for centralized Microsoft SQL Server application-aware restores.........................................195
Centralized restore of Microsoft SQL Server system databases........................................................................ 196
Centralized restore of a Microsoft SQL Server stand-alone database.............................................................. 198
Centralized restore of a Microsoft SQL Server AAG database...........................................................................200
Centralized restore of multiple Microsoft SQL Server databases...................................................................... 202
Chapter 9: Protecting Virtual Machines Using the Transparent Snapshots Data Mover .............205
Overview of Transparent Snapshots Data Mover.................................................................................................. 205
vSphere Installation Bundle monitoring and management....................................................................................205
Transparent snapshots data mover system requirements................................................................................... 206
Prerequisites to virtual machine protection with the Transparent Snapshots Data Mover......................... 207
Additional privileges required for a dedicated vCenter user account to use Transparent Snapshot
Data Mover.............................................................................................................................................................207
Creating VMkernel ports for Transparent Snapshots Data Mover...............................................................207
Configuring Microsoft SQL Server application-aware protection with TSDM................................................ 208
Transparent Snapshots Data Mover unsupported features and limitations.....................................................209
Transparent Snapshots Data Mover performance and scalability........................................................................211
Migrating assets to use the Transparent Snapshots Data Mover....................................................................... 213
Appendix A: Microsoft SQL Server Best Practices and Troubleshooting.................................... 214

Troubleshooting storage units...................................................................................................................................... 214
Troubleshooting installation and operation................................................................................................................214
Troubleshooting an error about lockbox stable value threshold after major system update................. 220
Troubleshooting backups............................................................................................................................................... 221
Troubleshooting restores.............................................................................................................................................. 227
Troubleshooting centralized Microsoft SQL Server virtual machine restore operations........................ 230
Glossary.....................................................................................................................................231
6 Contents
Figures
1 Extended Properties page with backup stripe levels...................................................................................... 37

2 Extend retention backup behavior...................................................................................................................... 68
3 Federated backup command and data flow...................................................................................................... 92
4 Extended Properties page with backup stripe levels...................................................................................... 98
5 Application Direct - Backup-General page....................................................................................................... 107
6 DD system list and lockbox settings..................................................................................................................108
7 Add DD system details..........................................................................................................................................109
8 Application Direct - Backup-Options page....................................................................................................... 110
9 Application Direct - Backup-Monitor page....................................................................................................... 112
10 Application Direct - Database Restore-General page................................................................................... 125
11 Specifying the restore point................................................................................................................................ 126
12 Application Direct - Database Restore-Files page..........................................................................................127
13 Application Direct - Database Restore-Options page................................................................................... 129
14 Application Direct - Database Restore-Monitor page....................................................................................131
15 Application Direct - Table Restore-General page........................................................................................... 141
16 Application Direct - Table Restore-Options page.......................................................................................... 143
17 Application Direct - Table Restore-Monitor page.......................................................................................... 144
18 ItemPoint Data Wizard: select the source files...............................................................................................145
19 ItemPoint Data Wizard: select the target server........................................................................................... 145
20 ItemPoint Data Wizard: non-English instance name......................................................................................146
21 VM Direct: Database Restore General page....................................................................................................162
22 Specifying the restore point................................................................................................................................ 163
23 VM Direct: Database Restore Files page..........................................................................................................165
24 VM Direct: Database Restore Options page................................................................................................... 166
25 VM Direct: Database Restore Monitor page................................................................................................... 169
26 VM Direct: Table Restore General page........................................................................................................... 175
27 VM Direct: Table Restore Options page........................................................................................................... 176
28 VM Direct: Table Restore Monitor page...........................................................................................................178
30 ItemPoint Data Wizard: select the target server............................................................................................179
31 ItemPoint Data Wizard: non-English instance name..................................................................................... 180
33 ItemPoint Data Wizard: select the target server........................................................................................... 183
34 ItemPoint Data Wizard: non-English instance name......................................................................................183
35 VM Direct: Instant Access General page......................................................................................................... 186
36 Specifying the access point................................................................................................................................. 187
37 VM Direct: Instant Access Options page......................................................................................................... 188
38 VM Direct: Instant Access Active Mounts page............................................................................................ 190
39 VM Direct: Instant Access Active Mounts page............................................................................................. 191
40 VM Direct: Instant Access Active Mounts page.............................................................................................192
Figures 7
41 VM Direct: Instant Access Active Mounts page.............................................................................................193
8 Figures
Tables
1 Revision history..........................................................................................................................................................11
2 Related documentation............................................................................................................................................11
3 Style conventions..................................................................................................................................................... 12
4 Supported configurations....................................................................................................................................... 17
5 Required silent installation command options...................................................................................................29
6 Optional silent installation command options....................................................................................................30
7 Application agent information...............................................................................................................................40
8 Special characters supported with VM Direct..................................................................................................45
9 Required backup and retention types.................................................................................................................54
10 Centralized protection schedules........................................................................................................................ 54
11 Additional full backups for extended retention.................................................................................................54
12 Backup terminology and frequency..................................................................................................................... 57
13 Supported attributes and matching criteria by asset type............................................................................69
14 Supported special characters............................................................................................................................... 98
15 Software requirements........................................................................................................................................ 206
16 Minimum required vCenter user account privileges......................................................................................207
17 Scalability limits for the vCenter and ESXi server.......................................................................................... 211
18 TSDM maximum concurrent protection operations and memory consumption..................................... 212
19 Microsoft SQL Server skipped database cases and descriptions..............................................................226
Tables 9
Preface
As part of an effort to improve product lines, periodic revisions of software and hardware are released. Therefore, all versions of
the software or hardware currently in use might not support some functions that are described in this document. The product
release notes provide the most up-to-date information on product features.
If a product does not function correctly or does not function as described in this document, contact Customer Support.
NOTE: This document was accurate at publication time. To ensure that you are using the latest version of this document,
go to the Customer Support website.
Product naming
Data Domain (DD) is now PowerProtect DD. References to Data Domain or Data Domain systems in this documentation, in the
user interface, and elsewhere in the product include PowerProtect DD systems and older Data Domain systems.
Isilon is now PowerScale. References to Isilon, Isilon products, or Isilon appliances in this documentation, in the user interface,
and elsewhere in the product include PowerScale products and appliances.
In many cases the user interface has not yet been updated to reflect these changes.
Language use
This document might contain language that is not consistent with Dell Technologies current guidelines. Dell Technologies plans
to update the document over subsequent future releases to revise the language accordingly.
This document might contain language from third-party content that is not under Dell Technologies control and is not consistent
with the current guidelines for Dell Technologies own content. When such third-party content is updated by the relevant third
parties, this document will be revised accordingly.
Acronyms
The acronyms used in this document might not be familiar to everyone. Although most acronyms are defined on their first use, a
definition is not always provided with later uses of the acronym. For a list of all acronyms and their definitions, see the glossary
at the end of the document.
Website links
The website links used in this document were valid at publication time. If you find a broken link, provide feedback on the
document, and a Dell Technologies employee will update the link in the next release as necessary.
Purpose
This document describes how to configure and use the Dell PowerProtect Data Manager with the Microsoft application agent
to back up and restore Microsoft SQL Server. The PowerProtect Data Manager Administrator Guide provides additional details
about configuration and usage procedures.
Audience
This document is intended for the host system administrator who configures and uses the PowerProtect Data Manager with the
Microsoft application agent to back up and restore Microsoft SQL Server.
10 Preface
Revision history
The following table presents the revision history of this document.
Table 1. Revision history

Revision Date Description
01 July 11, 2023 Initial release of this document for PowerProtect Data
Manager version 19.14.
Compatibility information
Software compatibility information for the PowerProtect Data Manager software is provided by the E-Lab Navigator.
Related documentation
The following publications are available at Customer Support and provide additional information:
Table 2. Related documentation

Title Content
PowerProtect Data Manager Administrator Guide Describes how to configure, use and administer the software.
This guide also includes disaster recovery procedures.
Procedures specific to asset protection are provided in the
individual user guides.
PowerProtect Data Manager Deployment Guide Describes how to deploy and license the software.
PowerProtect Data Manager Release Notes Contains information about new features, known limitations,
environment, and system requirements for the software.
PowerProtect Data Manager Security Configuration Guide Contains security information.
PowerProtect Data Manager Amazon Web Services Describes how to deploy the software to Amazon Web
Deployment Guide Services (AWS).
PowerProtect Data Manager Azure Deployment Guide Describes how to deploy the software to Microsoft Azure.
PowerProtect Data Manager Google Cloud Platform Describes how to deploy the software to Google Cloud
Deployment Guide Platform (GCP).
PowerProtect Data Manager Cloud Disaster Recovery Describes how to deploy Cloud Disaster Recovery (Cloud DR),
Administration and User Guide protect virtual machines in the AWS or Azure cloud, and run
recovery operations.
PowerProtect Data Manager Cyber Recovery User Guide Describes how to install, update, patch, and uninstall the
PowerProtect Cyber Recovery software.
PowerProtect Data Manager File System User Guide Describes how to configure and use the software with the File
System agent for file-system data protection.
PowerProtect Data Manager Kubernetes User Guide Describes how to configure and use the software to back up
and restore namespaces and PVCs in a Kubernetes cluster or
Tanzu Kubernetes cluster.
PowerProtect Data Manager Microsoft Exchange Server User Describes how to configure and use the software to back
Guide up and restore the data in a Microsoft Exchange Server
environment.
PowerProtect Data Manager Microsoft SQL Server User Describes how to configure and use the software to back up
Guide and restore the data in a Microsoft SQL Server environment.
Preface 11
Table 2. Related documentation (continued)
Title Content
PowerProtect Data Manager Oracle RMAN User Guide Describes how to configure and use the software to back up
and restore the data in an Oracle Server environment.
PowerProtect Data Manager SAP HANA User Guide Describes how to configure and use the software to back up
and restore the data in an SAP HANA Server environment.
PowerProtect Data Manager Storage Direct User Guide Describes how to configure and use the software with the
Storage Direct agent to protect data on VMAX storage arrays
through snapshot backup technology.
PowerProtect Data Manager Network-Attached Storage Describes how to configure and use the software to protect
User Guide and recover the data on network-attached storage (NAS)
shares and appliances.
PowerProtect Data Manager Virtual Machine User Guide Describes how to configure and use the software to back
up and restore virtual machines and virtual machine disks
(VMDKs) in a vCenter Server environment with VADP or the
Transparent Snapshots Data Mover (TSDM).
PowerProtect Data Manager Storage Array User Guide Describes how to configure and use the software to protect
and restore data on PowerStore storage arrays.
VMware Cloud Foundation Disaster Recovery With Provides a detailed description of how to perform an end-to-
PowerProtect Data Manager end disaster recovery of a VMware Cloud Foundation (VCF)
environment.
PowerProtect Data Manager Public REST API documentation Contains the Dell Technologies APIs and includes tutorials to
guide you in their use.
vRealize Automation Data Protection Extension for Data Describes how to install, configure, and use the vRealize Data
Protection Systems Installation and Administration Guide Protection Extension.
Typographical conventions
The following type style conventions are used in this document:
Table 3. Style conventions

Formatting Description
Bold Used for interface elements that a user specifically selects or clicks, for example, names of
buttons, fields, tab names, and menu paths. Also used for the name of a dialog box, page,
pane, screen area with title, table label, and window.
Italic Used for full titles of publications that are referenced in text.
Monospace Used for:
● System code
● System output, such as an error message or script
● Pathnames, file names, file name extensions, prompts, and syntax
● Commands and options
Monospace italic Used for variables.
Monospace bold Used for user input.
[] Square brackets enclose optional values.
| Vertical line indicates alternate selections. The vertical line means or for the alternate
selections.
{} Braces enclose content that the user must specify, such as x, y, or z.
... Ellipses indicate non-essential information that is omitted from the example.
You can use the following resources to find more information about this product, obtain support, and provide feedback.
12 Preface
Where to find product documentation
To find the latest documentation, navigate to the PowerProtect Data Manager Info Hub or type www.dell.com/ppdmdocs in
your browser, or scan the following QR code on your mobile device.
Where to get support

The Customer Support website provides access to product licensing, documentation, advisories, downloads, and how-to and
troubleshooting information. The information can enable you to resolve a product issue before you contact Customer Support.
To access a product-specific page:
1. Go to the Customer Support website.
2. In the search box, type a product name, and then from the list that appears, select the product.
Support Library
The Support Library contains a knowledge base of applicable solutions that you can search for either by solution number (for
example, KB000xxxxxx) or by keyword.
To search the Support Library:
2. On the Support tab, click Support Library.
3. In the search box, type either the solution number or keywords. Optionally, you can limit the search to specific products by
typing a product name in the search box, and then selecting the product from the list that appears.
Live chat
To participate in a live interactive chat with a support agent:
2. On the Support tab, click Contact Support.
3. On the Contact Information page, click the relevant support, and then proceed.
Service requests
To obtain in-depth help from a support agent, submit a service request. To submit a service request:
2. On the Support tab, click Service Requests.
NOTE: To create a service request, you must have a valid support agreement. For details about either an account or
obtaining a valid support agreement, contact a sales representative. To find the details of a service request, in the
Service Request Number field, type the service request number, and then click the right arrow.
To review an open service request:

2. On the Support tab, click Service Requests.
3. On the Service Requests page, under Manage Your Service Requests, click View All Dell Service Requests.
Preface 13
Online communities
For peer contacts, conversations, and content on product support and solutions, go to the Community Network. Interactively
engage with customers, partners, and certified professionals online.
How to provide feedback

Feedback helps to improve the accuracy, organization, and overall quality of publications. You can send feedback to
DPADDocFeedback@dell.com.
14 Preface
1
PowerProtect Data Manager for Microsoft
Application Agent Overview
Topics:
• PowerProtect Data Manager overview
• Introducing the Microsoft application agent
• VM Direct limitations
• Prerequisites
• Supported Internet Protocol versions
• Encryption in-flight
• PowerProtect Data Manager new deployment overview
• PowerProtect Data Manager existing deployment overview
• Security configuration
PowerProtect Data Manager overview

Use PowerProtect Data Manager with the application agent to perform the following operations:
● Automate the configuration of the application agent backup policy and protection storage settings.
● Create a catalog of backups that the application agent creates. Then, monitor that catalog data to determine if retention
policies are being adhered to.
● Manage the life cycle of backups that the application agent creates. Ensure that the backups are marked for garbage
collection, based on the rules of the retention policy.
PowerProtect Data Manager does not change the way that the application agent works. DBAs, system administrators, or
backup administrators create the backups and perform the restore operations.
Introducing the Microsoft application agent

The Microsoft application agent enables an application administrator to protect and recover the Microsoft SQL Server
application data on the application host. PowerProtect Data Manager integrates with the Microsoft application agent to check
and monitor back up compliance against protection policies. PowerProtect Data Manager also enables central scheduling for
backups.
You can install the Microsoft application agent on a Windows Microsoft SQL Server host by using the install wizard. Install,
update, and uninstall the application agent provides instructions.
NOTE:
PowerProtect Data Manager supports the coexistence of the Microsoft application agent and the File System agent on
Windows. When a volume includes any application database and log files:
● File System agent block-based backups of the volume automatically exclude the database and log files from the file
system backup.
● File System agent file-based backups of the volume do not automatically exclude the database and log files, but you
can explicitly exclude those files through the exclusion filters in the policy. It is recommended that you exclude the
application database and log files from file system backups if you use the corresponding application agent to back up the
files.
In both cases, File System agent backups do not involve any database writer, regardless of whether or not the database and
log files are excluded. The backups do not interfere with the database backup chaining.
PowerProtect Data Manager for Microsoft Application Agent Overview 15

The PowerProtect Data Manager File System User Guide provides more details.
To enable the discovery and scheduling of backups with PowerProtect Data Manager, you must approve the client in the
PowerProtect Data Manager UI. Manage the Microsoft application agent provides more information.
The Microsoft application agent supports two protection technologies, Application Direct backup and VM Direct backup. A
Microsoft SQL Server host may only be registered to PowerProtect Data Manager with one protection technology. Once
registered, it is not possible to change the protection policy for that host.
Software compatibility information for the PowerProtect Data Manager software and application agents is provided by the
E-Lab Navigator.
VM Direct limitations
The Microsoft application agent does not support the following items for VM Direct operations due to VMware restrictions and
feature limitations:
● Application-consistent quiescing for virtual machines with IDE disks.
● Dynamic disks on the virtual machine.
● Multiple virtual network (MVLAN) environment where the application-aware client is connected to the data network only.
NOTE: The Microsoft application agent supports an MVLAN environment where the application-aware client is
connected to both data and management networks. In this case, the PowerProtect Data Manager server must have
an additional non-default virtual network that is tagged against Data, not against Management.
● Read-only volumes mounted on the Microsoft SQL Server virtual machine.
● VMware encrypted virtual machines.
● VMware Fault Tolerant virtual machines.
● RDM storage.
Configure VM Direct with IPv4 and IPv6

When using VM Direct with Microsoft SQL Server, you should explicitly separate virtual machine network communication by the
version of Internet Protocol used.
About this task
CAUTION: If this process is not followed, you might not be able to restore assets that have been backed up.
Steps
1. Ensure that all replication DD network interfaces used by the Microsoft SQL Server virtual machines have a name and have
the Data network purpose selected.
NOTE: Including IPv4 or IPv6 in the interface names can make it easier to follow the remaining steps.
2. Assign all assets of IPv4 Microsoft SQL Server hosts and their databases to the names of one or more IPv4 replication DD
network interfaces.
3. Assign all assets of IPv6 Microsoft SQL Server hosts and their databases to the names of one or more IPv6 replication DD
network interfaces.
Prerequisites
Ensure that your environment meets the requirements for a new deployment or update of PowerProtect Data Manager.
Requirements:
NOTE: The most up-to-date software compatibility information for the PowerProtect Data Manager software and the
application agents is provided by the E-Lab Navigator.
● A list of hosts that write backups to DD systems is available.
16 PowerProtect Data Manager for Microsoft Application Agent Overview

● DDOS version 6.2 or later and the PowerProtect DD Management Center are required. All models of DD systems are
supported.
NOTE: PowerProtect DD Management Center is required with a DDOS version earlier than 6.1.2. With DDOS version
6.1.2 or later, you can add and use a DD system directly without PowerProtect DD Management Center.
● Application agent 19.14 or earlier is required.
● License: A trial license is provided with the PowerProtect Data Manager software. Customers can contact Customer
Support for assistance with a permanent PowerProtect Data Manager license.
● Large environments require multiple PowerProtect Data Manager instances. Contact Champions.eCDM@dell.com for
assistance with sizing requests.
● The PowerProtect Data Manager 19.14 download file requires the following:
○ ESXi version 6.5, 6.7, or 7.0.
○ 10 vCPUs, 24 GB RAM, one 100 GB disk, and one 500 GB disk.
○ The latest version of the Google Chrome browser to access the PowerProtect Data Manager UI.
○ TCP port selected as the PowerProtect Data Manager communications port from the supported port ranges 7000 to
7009 and 7012 to 7020. The selected port is open between PowerProtect Data Manager and the application agent host.
NOTE: If a port is not selected from the port ranges, then the default port 7000 is used as the PowerProtect Data
Manager communications port. VM Direct supports only the default port 7000.
● VMware ESXi server that hosts PowerProtect Data Manager meets the following minimum system requirements:
○ 10 CPU cores
○ 24 GB RAM for PowerProtect Data Manager
○ Five disks with the following capacities:
￭ Disk 1—100 GB
￭ Disk 2—500 GB
￭ Disk 3—10 GB
￭ Disk 4—10 GB
￭ Disk 5—5 GB
○ One 1-GB NIC
● Each Microsoft SQL Server host meets the following minimum system requirements:
○ In a scaled environment:
￭ 8 CPU cores
￭ 16 GB of RAM
○ In a stand-alone environment:
￭ 4 CPU cores
￭ 4 GB of RAM
○ Microsoft SQL Server host must not have been previously registered to PowerProtect Data Manager using a different
protection type, either Application Direct or VM Direct.
For example, if the Microsoft SQL Server host was previously registered to PowerProtect Data Manager with Application
Direct during the Microsoft application agent installation, the protection type for that host may not be changed to VM
Direct, even if the Microsoft application agent is uninstalled.
NOTE:
It is recommended to use stripes only for large databases.
For performing a backup of 100 databases on a Microsoft SQL Server host, it is recommended to use 32 GB of RAM and
the default stream count values of 4 for full and differential backups and 1 for log backups.
Supported Internet Protocol versions

PowerProtect Data Manager and its components support IPv4 and IPv6 addresses in certain configurations.
Table 4. Supported configurations

Component Internet Protocol
PowerProtect Data Manager IPv4 only or both IPv4 and IPv6
core

Table 4. Supported configurations (continued)
Component Internet Protocol
PowerProtect Data Manager IPv4 only
cloud deployments (AWS, NOTE: Despite other entries in this chart to the contrary, if PowerProtect Data Manager
Azure, GCP) is deployed to a cloud environment, no component in the cloud can use IPv6.
VM Direct, TSDM, and Search IPv4 only or IPv6 only

NOTE: Virtual machines that are backed up must use the same protocol that VM Direct
uses. Virtual machines can use both IPv4 and IPv6, even though VM Direct and TSDM
cannot.
Application agents integrated NOTE: If both IPv4 and IPv6 are configured and the PowerProtect Data Manager FQDN
with PowerProtect Data is used, the agent uses IPv6 for network communication.
Manager:
● File System IPv4, IPv6, or both
● Microsoft Exchange Server IPv4 only or both IPv4 and IPv6
● Microsoft SQL Server IPv4, IPv6, or both
(Application Direct)
● Microsoft SQL Server (VM IPv4 only or IPv6 only
Direct) NOTE: Only the Microsoft SQL Server agent supports VM Direct.
● Oracle RMAN IPv4, IPv6, or both

● SAP HANA IPv4, IPv6, or both
● Storage Direct IPv4 only
Stand-alone application agents IPv4 only
Network-attached storage IPv4, IPv6, or both
(NAS)
Storage arrays (PowerStore) IPv4 only
Kubernetes IPv4 only
PowerProtect Data Manager IPv4 or IPv6
management
PowerProtect DD IPv4 or IPv6
communication
Report Browser IPv4 only
NOTE: If PowerProtect Data Manager is configured to use both IPv4 and IPv6,
configuring an NTP server and setting a time zone is required for accurate date and time
information in reports.
SupportAssist IPv4, IPv6, or both

Syslog Log Server Gateway IPv4 or IPv6
The following limitations and considerations apply.
Communication with components

If PowerProtect Data Manager is configured to only use one protocol, all components it communicates with must also use
that protocol. If some components that PowerProtect Data Manager communicates with use IPv4 and others use IPv6,
PowerProtect Data Manager must be configured to use both IPv4 and IPv6.

DD systems and DDVE
If a DD system or a DDVE instance uses only IPv6, the required IPv6 interface must be manually selected when a protection
policy is added or edited.
Network-attached storage and DD-system storage units

If the storage unit of a protection policy is different or changed from the destination asset source, you must assign a network
to the destination asset for a successful restore. For example, if your source asset is backed up in an IPv6 network, you must
assign an IPv6 network to the destination asset for the restore to be successful.
To assign a network for the destination asset, perform the following steps:
1. In the PowerProtect Data Manager UI, select Infrastructure > Assets > NAS.
2. Select the destination asset, click More Actions and select Assign Network. The Assign Network page appears.
3. Select a network from the Network Label list, click Save.
4. If a restore failed because of the wrong destination address, retry the operation.
Disaster recovery
Recovering a PowerProtect Data Manager server might result in a conflict with protection-policy configurations. For instance, if
the recovered server is configured to use only IPv4, a protection policy that is configured to use IPv6 cannot run.
Name resolution
Name resolution and reverse IP lookup must be configured to ensure the following:
● Fully qualified domain names of PowerProtect Data Manager, its components, and DD components resolve to a valid IPv4 or
IPv6 address.
● If both IPv4 and IPv6 addresses are used for DD, both addresses resolve to the same FQDN.
● All IPv4 and IPv6 addresses are valid and reachable.
● The FQDNs of application-agent hosts that use FQDN as their preferred host address resolve to a valid IPv4 or IPv6
address.
● Each application-agent host that uses FQDN as its preferred host address resolves the FQDN of PowerProtect Data
Manager to an IP address of the same protocol that it uses. For example, if a host uses IPv4, it resolves the FQDN of
PowerProtect Data Manager to an IPv4 address.
Server updates
IPv6 is only supported with new deployments of PowerProtect Data Manager 19.12 or later. Using IPv6 after updating from
PowerProtect Data Manager 19.11 or earlier is unsupported.
Search Engine indexing and adding IPv6 to an IPv4-only system

If you add IPv6 to an IPv4-only system, indexing from any existing Search Engine cluster becomes unavailable. After adding
IPv6, you must delete all IPv4 Search Engine nodes to remove the Search Engine cluster, and then add new IPv6 nodes to a new
cluster.
Unlike other PowerProtect Data Manager components, if IPv6 is used with a Search Engine, the FQDN of all Search Engine
nodes and related DD systems must always resolve to an IPv6 address and never to an IPv4 address.
Storage Policy Based Management

If using vCenter or ESXi 7.0u2 or earlier with only IPv6, SPBM providers must be added using their PowerProtect Data Manager
FQDN.

Service Unavailable messages with the vSphere Client
PowerProtect plug-in
If vCenter uses the vSphere Client PowerProtect plug-in with IPv6 and the vCenter host is added to PowerProtect Data
Manager using its IPv6 address or FQDN, Service Unavailable messages might be seen for the protected virtual machine.
Backups and restores of the protected virtual machine are unaffected, and these messages can be ignored.
Uncompressed IPv6 formatting

Network interfaces that exist on a DD 7.4.x or earlier system and that are configured to use an uncompressed IPv6 format
cannot be discovered. An example of an uncompressed IPv6 format is 2620:0000:0170:0597:0000:0000:0001:001a.
An example of a compressed IPv6 format is 2620:0:170:597::1:1a. To use these network interfaces, reconfigure them to
use either an IPv4 address or a compressed IPv6 address, and then initiate a discovery.
Encryption in-flight
PowerProtect Data Manager provides centralized management of encryption in-flight for supported workloads. Encryption
in-flight is supported for both centralized and self-service policies, where applicable.
You can ensure that backup and restore content is encrypted when read on the source, transmitted in encrypted form, and then
decrypted before it is saved on the destination. This prevents another party from intercepting private data.
PowerProtect Data Manager only supports encryption in-flight for File System, Kubernetes clusters, Microsoft SQL Server,
Microsoft Exchange Server, network-attached storage (NAS), PowerStore storage arrays, Oracle, SAP HANA, and VMware
virtual machine workloads. This is a global setting that is applicable to all supported workloads.
For File System, Microsoft Exchange Server, Oracle, SAP HANA, and NAS workloads, encryption in-flight is only supported for
Application Direct hosts. For File System agents, restore encryption is supported for image-level restore only. For Microsoft SQL
Server agents, restore encryption is supported for database-level restore only.
The PowerProtect Data Manager Administrator Guide and PowerProtect Data Manager Security Configuration Guide provide
more information about encryption in-flight, such as how to enable the feature and important considerations to understand
before enabling.
PowerProtect Data Manager new deployment

overview
Familiarize yourself with the high-level steps required to deploy PowerProtect Data Manager with the application agent.
Steps
1. Design how to group the backups, based on the storage requirements and retention policies.
The account team can help with backup storage design.
2. Install PowerProtect DD Management Center.
PowerProtect Data Manager uses PowerProtect DD Management Center to connect to the DD systems. The DD
Management Center Installation and Administration Guide provides instructions.
3. Deploy PowerProtect Data Manager from the download file.

The PowerProtect Data Manager Deployment Guide provides instructions.
4. Add external DD systems or PowerProtect DD Management Center to PowerProtect Data Manager.
The PowerProtect Data Manager Administrator Guide provides instructions on how to add protection storage.
5. Install the application agent on the appropriate hosts and connect them to PowerProtect Data Manager according to the
instructions in the next "Enabling" chapter.

DBAs should perform this operation.
6. Add new or approve pending agent requests in the PowerProtect Data Manager according to the instructions in the next
"Enabling" chapter.
7. After the approval of agent requests, PowerProtect Data Manager must run a discovery operation to discover the assets.
The PowerProtect Data Manager Administrator Guide provides information.
8. Add a protection policy for groups of assets that you want to back up.
You must add credentials to the database so that PowerProtect Data Manager can access the database and create backups.
The PowerProtect Data Manager Administrator Guide provides instructions.
NOTE: After you create a centralized protection job, the first backup is a full backup.
9. Add Service Level Objectives to the protection policy to verify that the protected assets meet the Service Level Agreements
(SLAs).
Configuration is complete.
10. Monitor protection compliance in the PowerProtect Data Manager dashboard.
PowerProtect Data Manager existing deployment

overview
Familiarize yourself with the high-level steps required to deploy PowerProtect Data Manager with the application agent to an
existing environment.
Steps
1. Install PowerProtect DD Management Center.
PowerProtect Data Manager uses PowerProtect DD Management Center to connect to the DD systems. The DD
Management Center Installation and Administration Guide provides instructions.
2. Deploy PowerProtect Data Manager from the download file.

The PowerProtect Data Manager Deployment Guide provides instructions.
3. Add external DD systems or PowerProtect DD Management Center to PowerProtect Data Manager.
The PowerProtect Data Manager Administrator Guide provides instructions on how to add protection storage.
4. Update the application agent or uninstall and then reinstall the application agent on the hosts and connect them to
PowerProtect Data Manager. Follow the instructions in the next "Enabling" chapter.
DBAs should perform this operation.
5. Add new or approve pending agent requests in the PowerProtect Data Manager according to the instructions in the next
"Enabling" chapter.
6. After the approval of agent requests, PowerProtect Data Manager must run a discovery operation to discover the assets.
7. Add a protection policy for groups of assets that you want to back up.
You must add credentials to the database so that PowerProtect Data Manager can access the database and create backups.
NOTE: After you create a centralized protection job, the first backup is a full backup.
8. Add Service Level Objectives to the protection policy to verify that the protected assets meet the Service Level Agreements
(SLAs).
Configuration is complete.

9. Monitor protection compliance in the PowerProtect Data Manager dashboard.
Security configuration
A separate guide provides some server configuration tasks which are intended specifically for PowerProtect Data Manager
security administrators, whose role may be separate from the PowerProtect Data Manager host system administrator.
The PowerProtect Data Manager Security Configuration Guide provides detailed instructions for all security-related tasks,
including but not limited to:
● Port requirements for and between the following components:
○ PowerProtect Data Manager
○ Configured DD systems
○ VM Direct appliances (embedded and external)
○ Application-agent hosts
○ Web and REST API clients
○ Callhome (SupportAssist)
○ ESXi
○ vCenter
● Configuring identity providers
● Managing local and external user accounts
● Changing and resetting passwords
● Assigning users and groups to roles and associated privileges
● Managing credentials for local and remote components
● Creating resource groups to define scopes of authority
● Managing security certificates, where applicable
Role-based security
PowerProtect Data Manager provides predefined user roles that control access to areas of the user interface and to protected
operations. Some PowerProtect Data Manager functionality is reserved for particular roles and may not be accessible from
every user account.
By using the predefined roles, you can limit access to PowerProtect Data Manager and to backup data by applying the principle
of least privilege.
The PowerProtect Data Manager Security Configuration Guide provides more information about user roles, including the
associated privileges and the tasks that each role can perform.

2
Enabling the Microsoft Application Agent for
Microsoft SQL Server
Topics:
• Microsoft SQL Server data protection and replication requirements
• Microsoft SQL Server operational log files for backup and restore operations
• Protecting a stand-alone Microsoft SQL Server
• Protecting Microsoft SQL Server clustered environments
• Install, update, and uninstall the application agent
• Manage the Microsoft application agent
• Configurable ports for Microsoft SQL Server
• Support for existing Microsoft application agent backups with PowerProtect Data Manager
• Microsoft application agent for application-aware protection
Microsoft SQL Server data protection and replication

requirements
PowerProtect Data Manager can manage and monitor data protection and replication for Microsoft SQL Server assets through
integration with the Microsoft application agent.
After installing the Microsoft application agent, review the following information for additional requirements before adding the
Microsoft application agent as an asset source in PowerProtect Data Manager and discovering the Microsoft SQL Server
assets.
Verify that the environment meets the following requirements:
● Ensure that you do not mix 32-bit and 64-bit instances on the same Microsoft SQL Server host.
PowerProtect Data Manager operations do not support hosts with a mix of 32-bit and 64-bit Microsoft SQL Server
instances.
● Ensure that all clocks on the Microsoft SQL Server host, domain controller, and PowerProtect Data Manager are time-
synced to the local NTP server to ensure discovery of the backups.
● Ensure that the Microsoft SQL Server and the PowerProtect Data Manager system network can see and resolve each other.
● Ensure that the port to be selected as the PowerProtect Data Manager communications port from the port ranges 7000 to
7009 and 7012 to 7020 is open on the Microsoft SQL Server host. Port 7000 is the default communications port. VM Direct
supports only the default port 7000.
● Ensure that port 8443 is open on the Microsoft SQL Server host. This requirement applies only to VM Direct.
● Ensure that DNS is configured correctly on the application agent host for Microsoft SQL Server.
● Ensure that DNS is configured correctly on the PowerProtect Data Manager host and the name resolution matches.
● Ensure that the Microsoft SQL Server host was not previously registered to PowerProtect Data Manager using a different
protection type, either Application Direct or VM Direct.
Direct during the Microsoft application agent installation, the protection type for that host may not be changed to VM
Direct, even if the Microsoft application agent is uninstalled.
Enabling the Microsoft Application Agent for Microsoft SQL Server 23

Microsoft SQL Server operational log files for backup
and restore operations
The Microsoft application agent uses the Microsoft SQL Server operational log file <program_name>_{cent|
self}_<date_and_time>_<trace_ID>.log for centralized and self-service backup and restore operations integrated
with PowerProtect Data Manager on a Microsoft SQL Server host.
Example logs for Application Direct operations:
● Operational log for centralized backup:
ddbmsqlsv_cent_20210729193042_TRACE_ID81adc95d817a1151EXEC_IDa15c4d5c6cc3be6d.log
● Operational log for centralized restore:

ddbmsqlrc_cent_20210729193042_TRACE_ID81adc95d817a1151EXEC_IDa15c4d5c6cc3be6d.log
● Operational log for self-service backup:

ddbmsqlsv_self_20210729193042_TRACE_ID81adc95d817a1151EXEC_IDa15c4d5c6cc3be6d.log
● Operational log for self-service restore:

ddbmsqlrc_self_20210729193042_TRACE_ID81adc95d817a1151EXEC_IDa15c4d5c6cc3be6d.log
Example logs for VM Direct operations:

● Operational log for centralized full backup:
msagentcon_cent_<date_and_time>_<trace_ID>.log
msagentcon_cent_20220110225147_b84156867446134a_80d7aa6817fba5c2.log
● Operational log for centralized TLOG backup:

ddbmsqlsv_cent_<date_and_time>_<trace_ID>.log
ddbmsqlsv_cent_20220110225203_b84156867446134a80d7aa6817fba5c2.log
● Operational log for centralized full restore:

msagentrc_cent_<date_and_time>_<trace_ID>.log
msagentrc_cent_20220110233331_TRACE_ID_b1d721e93e8efa85_EXEC_ID_bbb6ec0de4c98023.log
● Operational log for centralized TLOG restore:

ddbmsqlrc_cent_<date_and_time>_<trace_ID>.log
ddbmsqlrc_cent_20220111143527_TRACE_ID8ba1d54326cd8fb1EXEC_IDae318092dce5bdf0.log
● Operational log for tail log backup:

ddbmsqlsv_cent_20220111144533_TRACE_ID84897b4095326fd0EXEC_IDb9850192b6d8cedd.log
● Operational log for self-service full restore:

msagentrc_self_<date_and_time>_<trace_ID>.log
msagentrc_self_20220111145318_TRACE_ID_ae360518ea36e815.log
● Operational log for self-service TLOG restore:

ddbmsqlrc_self_<date_and_time>_<trace_ID>.log
ddbmsqlrc_self_20220111145447_TRACE_IDbadeadf11898892f.log
● Operational log for TSDM full backup:

msagentsv_cent_<date_and_time>_<trace_ID>.log
msagentsv_cent_20230710225203_b84156867446134a80d7aa6817fba5c2.log
The operational logs are deleted after 15 days by default. To override this default behavior and have the logs deleted
before 15 days, you can add the parameter setting purgeOperationalLogDays = <number_of_days> in the file
24 Enabling the Microsoft Application Agent for Microsoft SQL Server

<installation_path>\MSAPPAGENT\settings\.ddbmcon.msappagentconfig. Based on this parameter setting,
the logs older than the <number_of_days> are deleted.
For example, with the following parameter setting, the operational logs are deleted after 5 days:
purgeOperationalLogDays = 5
NOTE:
Debug logs are deleted after 30 days.
For VM Direct, the PowerProtect Data Manager export log for backup or restore must include the trace ID.
Protecting a stand-alone Microsoft SQL Server

Learn how to configure protection of a stand-alone Microsoft SQL Server.
Steps
1. Add storage for DD Management Console or the external DD.
2. Install the Microsoft application agent on the Microsoft SQL Server host.
Install the Microsoft application agent with the wizard provides information.
3. Add or approve the Microsoft application agent in PowerProtect Data Manager.
Manage the Microsoft application agent provides information.
4. Discover and add the credentials for the Microsoft SQL Server application host.
Discover a Microsoft SQL Server application host provides information.
5. Create a protection policy to protect the Microsoft SQL Server host.
Protection policies for Microsoft SQL Server database protection provides information.
NOTE: You cannot perform a backup to a secondary DD device. You can only restore from a secondary DD device.
Protecting Microsoft SQL Server clustered

environments
Learn how to configure protection of Microsoft SQL Server clustered environments, including Always On availability groups and
Failover Cluster Instances.
About this task

NOTE:
● PowerProtect Data Manager does not support a clusterless Always On Failover Cluster Instance (AAG over FCI)
Microsoft SQL Server.
● PowerProtect Data Manager does not support a distributed Always On availability group (distributed AAG) Microsoft
SQL Server. A distributed Always On availability group is a special type of availability group that spans two separate
availability groups.
On each node in the cluster. Repeat the steps to install the Microsoft application agent, and then add and discover the
application host in PowerProtect Data Manager.
CAUTION: Protection of Failover Cluster Instances (FCI) requires that all nodes in the cluster be registered
to the PowerProtect Data Manager server. Before registration, the node must be the active node and own all
the disks in the cluster. The recommended method is to failover all nodes to the registering node. Repeat this
step for all nodes in the cluster and any nodes added to the cluster. Failure to perform this step results in
unpredictable results during protection policy.

Steps
1. Add a storage system.
2. Install the Microsoft application agent on each node in the cluster.
Install the Microsoft application agent with the wizard provides information.
3. Configure the required user privileges on each node in the cluster.
Required privileges for Application Direct backup and recovery provides information.
4. Add or approve the Microsoft application agent on each node in the cluster.
5. Discover and add the credentials for each Microsoft SQL Server application host.
6. Create a protection policy to protect the cluster.
NOTE: You cannot perform a backup to a secondary DD device. You can only restore from a secondary DD device.
Install, update, and uninstall the application agent

Prerequisites
Ensure that a Microsoft SQL Server environment meets the following prerequisites before you install the Microsoft application
agent:
● Install the following applications on the Windows host:
○ Microsoft SQL Server
○ .NET Framework 4.0
If you are installing ItemPoint for table-level recovery, install .NET Framework 4.5.
● Ensure that you have a minimum of 2 GB disk space for the installation of the Microsoft application agent.
NOTE: The required log space continues to increase based on the activity on the application agent host. You can
estimate the required log space based on the retention period of the logs as set by the user.
● In the PowerProtect Data Manager UI, click and select Downloads from the System Settings menu. Under
Microsoft SQL Server, select Download Agent to download the Microsoft application agent download package,
msappagent1914_win_x64.zip, to the Windows Microsoft SQL Server host.
● Log in to the Microsoft SQL Server host as an administrator to install the Microsoft application agent.
● To deploy the Common Language Runtime (CLR) assembly, ensure that you have administrator access to the Microsoft SQL
Server host and master database. If the Microsoft SQL Server host is running in a domain, ensure that you have access as a
Domain administrator.
● Ensure that the required permissions are set up for the discovery of Microsoft SQL Server instances and databases by the
PowerProtect agent service. Required privileges for Application Direct backup and recovery provide more information.
● Ensure that the sysadmin privilege is set, as required to integrate the Microsoft SQL Server host with the PowerProtect
Data Manager and facilitate the discovery of assets with the correct size. Setting the sysadmin privilege for Microsoft SQL
Server hosts provides more information.
Install the Microsoft application agent with the wizard

Learn how to install the Microsoft application agent with the installation wizard.
About this task
NOTE:

In Always On availability group (AAG) or cluster environments, install the Microsoft application agent on each node in the
cluster.
Install the same version of Microsoft application agent on each node in an AAG or FCI cluster that is registered to
PowerProtect Data Manager.
Starting with Microsoft application agent 19.14, migration of the Microsoft application agent from an Application Direct
configuration to a VM Direct configuration or vice versa is not supported. During installation, if you try to migrate from
either type of configuration to the other, an error message is displayed about an invalid data path selection.
Steps
1. In the PowerProtect Data Manager UI:
a. Click , and then select Downloads from the System Settings menu.
b. Under Microsoft SQL Server, select Download Agent.
The Microsoft application agent download package, msappagent1914_win_x64.zip, is downloaded.
c. Upload the package to the Microsoft SQL Server host on Windows.
NOTE: To verify the authenticity and integrity of the downloaded package, follow the instructions in the PowerProtect
Data Manager Security Configuration Guide.
2. Open msappagent1914_win_x64.zip with WinZip.

3. Use WinZip to extract the msappagent1914_win_x64.zip file.
4. In the extracted folder, launch emcmsappagent-19.14.0.0.exe.
The installation wizard appears.
5. On the Welcome Wizard page, select I agree to the license term and agreements, and then click Next.
6. On the Change Install Location page, perform one of the following tasks:
● To install the Microsoft application agent in the default folder, leave the installation location as is.
The default installation folder is C:\Program Files\DPSAPPS\MSAPPAGENT.
● To specify a different installation location, perform the following steps:

a. Click Change.
b. In the dialog box that appears, specify the installation location.
c. Click OK.
7. Click Next.
8. On the Configure Installation Options page, specify any of the following installation options, as required:
● To integrate the Microsoft application agent with PowerProtect Data Manager for centralized or self-service Application
Direct protection of Microsoft SQL Server data, select the following options, as required:
○ To install the Microsoft application agent software, select Application Direct in the Data Paths group box.
NOTE:
The Microsoft application agent supports only the Application Direct and VM Direct workflows.
Ensure that the Microsoft SQL Server host was not previously registered to PowerProtect Data Manager with
the VM Direct option or as part of a virtual machine application-aware protection policy.
For example, if the Microsoft SQL Server host was previously registered to PowerProtect Data Manager with VM
Direct during the Microsoft application agent installation, the protection type for that host may not be changed
to Application Direct, even if the Microsoft application agent is uninstalled.
○ To install the SQL Server Management Studio (SSMS) plug-in user interface, select SSMS Plug-in.
You can use the SSMS plug-in to perform self-service Microsoft SQL Server backup and restore operations.
○ To enable table-level restores, select ItemPoint Granular Recovery.
This option installs ItemPoint for Microsoft SQL Server, which you can use to perform table-level restores.
○ Specify the PowerProtect Data Manager appliance details by performing the following steps:
a. Select PowerProtect Data Manager Registration at the top of the group box.

b. To enable the PowerProtect Data Manager communications port that you select in the Port field, ensure that the
Configure the Windows Firewall option is selected. This option is selected by default.
When the Configure the Windows Firewall option is enabled, the installation creates the Windows firewall
rule that allows inbound and outbound connections for the agent service process. Installation of the Microsoft
application agent requires a selected port on Microsoft SQL Server (selected from port ranges 7000 to 7009 and
7012 to 7020) and the port 8443 on PowerProtect Data Manager to be open bidirectionally. These ports enable
communication between the Microsoft application agent and PowerProtect Data Manager.
NOTE: If the File System agent is already installed and firewall rules are configured, then the Configure the
Windows Firewall option is selected by default but disabled for the Microsoft application agent. Configurable
ports for Microsoft SQL Server provides more information.
c. In the Appliance hostname or IP address field, type the hostname or IP address of the PowerProtect Data
Manager server.
If you specify a hostname or fully qualified domain name (FQDN) with an underscore (_) for the PowerProtect
Data Manager server, then the communication will be done by the system's IP, if provided by the system on
registration.
NOTE: Changing the PowerProtect Data Manager server hostname or IP address registers all the installed
application agents to the new PowerProtect Data Manager server.
d. To select a preferred host address for communication, select Preferred application host address for
communication and then an entry from the drop-down list.
If the Microsoft application agent is configured to use the
Application Direct data path, the preferred host address can be an IPv4 address, an IPv6 address, or a fully
qualified domain name (FQDN).
NOTE: Selecting an FQDN ensures continued communication between PowerProtect Data Manager and the
application agent host when the IP address changes. Using an FQDN is recommended for DHCP environments
and other environments where static IP addresses can change. If the preferred address is an FQDN, ensure
that lookup is enabled in the PowerProtect Data Manager UI. If lookup is not enabled, the preferred address
defaults to an IP address.
If the Microsoft application agent is configured to use the VM Direct data path, the use of an FQDN is
unsupported, and the preferred host address can only be an IPv4 address or an IPv6 address.
e. Select Port and specify the port number from the supported port ranges 7000 to 7009 and 7012 to 7020.
The specified port is used for communication between the Microsoft application agent and PowerProtect Data
Manager.
NOTE: If you do not specify a port number, the default port 7000 is used as the communications port. The
ports 7010 and 7011 are used by the agent service message bus.
● To install the VM Direct Engine onto a virtual machine that is not part of a protection policy, so as to recover application-
aware virtual machine backups from a differential virtual machine, select the following options as required:
NOTE:
By default, when a Microsoft SQL Server virtual machine is added to a virtual machine application-aware protection
policy in PowerProtect Data Manager, the Microsoft application agent and ItemPoint are silently installed on the
protected virtual machine. Before you restore a VM Direct Engine backup to an alternate virtual machine that is not
part of a protection policy, you must install the Microsoft application agent on the target virtual machine.
As part of centralized restores, PowerProtect Data Manager also has centralized management for installing the
Microsoft application agent on the virtual machine application-aware host that acts as a recovery-only host.
○ Select VM Direct in the Data Paths group box.
NOTE: The PowerProtect Data Manager appliance and local network configuration options are disabled when
you select the VM Direct option. PowerProtect Data Manager does not support the selection of a non-
default communications port for Microsoft SQL Server application-aware (VM Direct) operations with Microsoft
application agent.
Ensure that the Microsoft SQL Server host was not previously registered to PowerProtect Data Manager with the
Application Direct option. For example, if the Microsoft SQL Server host was previously registered to PowerProtect

Data Manager with Application Direct during the Microsoft application agent installation, the protection type for that
host may not be changed to VM Direct, even if the Microsoft application agent is uninstalled.
○ To install the SQL Server Management Studio plug-in user interface, select SSMS Plug-in.
○ To enable table-level restores, select ItemPoint Granular Recovery.
This option installs ItemPoint for Microsoft SQL Server, which you can use to perform table-level restores.
9. Click Install >.

10. On the CLR assembly deployment wizard page, perform the following steps:
a. Select or clear the Microsoft SQL Server instances on which you want to deploy the CLR assembly. By default, all the
Microsoft SQL Server instances are selected.
Deploying the CLR assembly enables you to run the T-SQL backup and restore scripts that use the CLR-integrated
T-SQL functions.
b. To deploy the CLR assembly, select one of the following authentication options:
NOTE: When you deploy the CLR assembly during the Microsoft application agent installation, the deployment
creates a Microsoft SQL Server login with the name ddbmaCLRExtLogin. The CLR procedures run under this
account.
● Current Windows User
● Use Windows Authentication
● Use Database Authentication
NOTE: The option Enable Storage Direct Stored Procedures is not applicable to Application Direct and VM
Direct workflows.
c. In the User name and Password fields respectively, type the username and the password of the user who has the
privileges to deploy the CLR assembly.
d. Click Deploy.
e. Click Install.
f. After the deployment is complete, click Next.
11. On the Complete the Setup page, click Finish.
Install the Microsoft application agent with a silent installation

Learn how to install the Microsoft application agent (including the agent service) with the command prompt for a silent
installation.
NOTE: Starting with Microsoft application agent 19.14, migration of the Microsoft application agent from an Application
Direct configuration to a VM Direct configuration or vice versa is not supported. During installation, if you try to migrate
from either type of configuration to the other, an error message is displayed about an invalid data path selection.
To silently install the Microsoft application agent (including the agent service), run the following command:
emcmsappagent-19.14.0.0.exe -silent -log "<log_file_path>"

[ProductInstallPath="<installation_path>"] [EnableSSMS={0|1}] [EnableVMDirect={0|1}]
[EnableProtectPoint={0|1}] [EnableSSMSProtectPoint={0|1}] [InstallPPDMAgentCheckBox={0|
1}] [EnableFirewallRules={0|1}] [PPDMHostname="<hostname/IP>"] [EnableCLR={0|1}]
[ClientPort=<port_number>] [PreferredAddress="<agent_hostname/IP>"]
NOTE: The ItemPoint software cannot be installed silently. To install ItemPoint for granular-level recovery, use the
Microsoft application agent installation wizard.
The following table describes the required silent installation command options.
Table 5. Required silent installation command options

Command option Description
-silent Specifies a silent installation.
-log "<log_file_path>" Specifies the path where the log file is created or saved. The log file
displays the status of the installation. For a silent installation, you must use
the -log "<log_file_path>" option.

The following table describes the optional silent installation command options.
Table 6. Optional silent installation command options

ProductInstallPath="<installation_path>" Specifies a modified path where the product and agent service must be
installed. This option must be specified for an installation to a custom
location. If you do not specify this option, the product and agent service
are installed in the default location.
NOTE: The agent service is always installed, regardless of the
InstallPPDMAgentCheckBox command option setting.
EnableSSMS={0|1} Specifies whether to install the SSMS plug-in. The default value is 1, which
installs the SSMS plug-in.
EnableVMDirect={0|1} Installs VM Direct when you specify the value 1. The default value is 0,
which does not install VM Direct.
EnableProtectPoint={0|1} Installs the Storage Direct hardware provider when you specify the value 1.
The default value is 0, which does not install Storage Direct.
EnableSSMSProtectPoint={0|1} Installs the Storage Direct hardware provider and the SSMS plug-in for
Storage Direct when you specify the value 1. The default value is 0, which
does not install these options.
InstallPPDMAgentCheckBox={0|1} Integrates the Microsoft application agent with the PowerProtect Data
Manager server during installation when you specify the value 1. The
default value is 0.
NOTE: Installation of the PowerProtect agent requires the port
specified by ClientPort (port 7000 by default) to be open
bidirectionally. Ensure that you use the EnableFirewallRules=1
command option setting to open the Windows firewall. The
ClientPort port or default port 7000 is required to enable
communication between the Microsoft application agent and the
PowerProtect Data Manager appliance.
EnableFirewallRules={0|1} Specifies to configure the Windows firewall when you specify the value
1. The default value is 0. The Windows firewall enables the bidirectional
inbound and outbound connections for the agent service over the port
specified by ClientPort, which enables the communication between the
Microsoft application agent and PowerProtect Data Manager.
PPDMHostname="<hostname/IP>" Specifies the hostname or IP address of the PowerProtect Data Manager
server where the backup information is reported.
EnableCLR={0|1} Specifies whether to deploy CLR. By default, this option is enabled and has
the value 1, which deploys CLR.
ClientPort=<port_number> Specifies the port on Microsoft SQL Server to be used for communication
between the Microsoft application agent and PowerProtect Data Manager.
The port number must be from the port ranges 7000 to 7009 and 7012 to
7020.
NOTE: If you do not specify a port number, the default port 7000 is
used as the communications port. The ports 7010 and 7011 are used by
the agent service message bus.
Setting the ClientPort option to a non-default port value is not

supported for a VM Direct installation.
The ClientPort option is not supported for a silent update. A silent

update uses the previously configured port number and disregards any
ClientPort option setting.
PreferredAddress="<agent_hostname/IP>" Specifies the address of the application agent host to be used for
communication between the Microsoft application agent and PowerProtect

Table 6. Optional silent installation command options (continued)
Data Manager. The preferred host address can be an IPv4 address, an IPv6
address, or a fully qualified domain name (FQDN).
NOTE: If the preferred address is an FQDN, ensure that lookup is
enabled in the PowerProtect Data Manager UI. If lookup is not enabled,
the preferred address defaults to an IP address.
Example commands to silently install the Microsoft application agent

Consider the following example commands to silently install the Microsoft application agent (including the agent service):
● The following command installs the Microsoft application agent with PowerProtect Data Manager by using the non-default
communications port 7005 and preferred application agent host address:
emcmsappagent-19.14.0.0.exe -silent -log "C:

\Users\Administrator\Desktop\installLog.txt" InstallPPDMAgentCheckBox=1
PPDMHostname="<PowerProtect_Data_Manager_hostname_or_IP>" ClientPort=7005
PreferredAddress="<application_agent_hostname_or_IP>"
● The following command installs the Microsoft application agent with VM Direct:

\Users\Administrator\Desktop\installLog.txt" EnableVMDirect=1
● The following command installs the Microsoft application agent with the Application Direct SSMS plug-in:

\Users\Administrator\Desktop\installLog.txt" EnableSSMS=1 ProductInstallPath="C:
\Users\Administrator\Desktop\msappagent"
● The following command installs the Microsoft application agent without deploying CLR:
emcmsappagent-19.14.0.0.exe -silent -log

"C:\Users\Administrator\Desktop\installLog.txt" ProductInstallPath="C:
\Users\Administrator\Desktop\msappagent" EnableCLR=0
● The following command installs the Microsoft application agent with Storage Direct only:

\Users\Administrator\Desktop\msappagent" EnableProtectPoint=1 EnableSSMS=0
● The following command installs the Microsoft application agent with Storage Direct and the SSMS plug-in:

\Users\Administrator\Desktop\msappagent" EnableSSMSProtectPoint=1
● The following command installs the Microsoft application agent with PowerProtect Data Manager:

\Users\Administrator\Desktop\installLog.txt" InstallPPDMAgentCheckBox=1
PPDMHostname="<PowerProtect_Data_Manager_hostname_or_IP>"
● The following command installs the Microsoft application agent (including the agent service) to a custom location that is not
on the system drive:

"C:\Users\Administrator\Desktop\installLog.txt" ProductInstallPath="G:
\Software\MSAPPAGENT" InstallPPDMAgentCheckBox=1
PPDMHostname="<PowerProtect_Data_Manager_hostname_or_IP>" EnableCLR=0

● The following command installs the Microsoft application agent (including the agent service) to a custom location and
enables the firewall for communication with PowerProtect Data Manager:
emcmsappagent-19.14.0.0.exe -silent -log "C:\Temp\PPDM.log"

EnableSSMS=1 ProductInstallPath="C:\custom\MSAPPAGENT" InstallPPDMAgentCheckBox=1
EnableFirewallRules=1 PPDMHostname="10.118.136.192" EnableCLR=0
Update the Microsoft application agent

The Microsoft application agent 19.14 supports a direct update from version 19.10 or later.
NOTE:
The same version of Microsoft application agent must be installed on each node in an AAG or FCI cluster that is registered
to PowerProtect Data Manager.
During an update from an earlier version, first update the PowerProtect Data Manager to version 19.14 as needed and then
proceed to update the Microsoft application agent on the Microsoft SQL Server host.
If a table-level restore was performed since the last reboot of the host, Microsoft application agent requests a reboot
during an uninstall operation. The Microsoft application agent installs and uses the Eldos CBFS driver for table-level
restores. The Eldos CBFS driver is loaded during the table-level restore operation. Microsoft requires the driver to be
unloaded before an uninstall operation.
1. Launch emcmsappagent-19.14.0.0.exe. The installation wizard appears.
2. On the Welcome Wizard page, select I agree to the license term and agreements, and then click Next.
3. By default, the PowerProtect Data Manager option is selected and the IP address is displayed. If these components were
installed in the previous version, SSMS Plug-in and ItemPoint Granular Recovery are also selected.
Whether the PowerProtect Data Manager option was previously selected or you select the option during this update,
you can change the firewall rule setting by the Configure the Windows Firewall option. Select the option to enable
the PowerProtect Data Manager communications port by creating the Windows firewall rule that grants the agent service
inbound and outbound access.
NOTE:
The Microsoft application agent requires a selected port on Microsoft SQL Server (selected from port ranges 7000 to
7009 and 7012 to 7020) and port 8443 on PowerProtect Data Manager to be open bidirectionally. These ports enable
communication between the Microsoft application agent and PowerProtect Data Manager. If you do not select a port
from the port ranges, the default port 7000 is used as the communications port.
If the File System agent is already installed and firewall rules are configured, then the Configure the Windows Firewall
option is selected by default but disabled for the Microsoft application agent.
Click Upgrade.
4. On the CLR assembly deployment wizard page, perform the following steps:
NOTE: When you deploy the CLR assembly during the Microsoft application agent update, the deployment creates a
Microsoft SQL Server login with the name ddbmaCLRExtLogin. The CLR procedures run under this account.
a. Select or clear the Microsoft SQL Server instances on which you want to deploy the CLR assembly. By default, all the
Microsoft SQL Server instances are selected.
b. To deploy CLR assembly, select one of the following authentication options:
● Current Windows User
c. In the User name and Password fields, respectively, type the username and password of the user who has the
privileges to deploy the CLR assembly.
d. Click Deploy.
e. Click Install.
f. After the deployment is completed, click Next.

If the update of the Microsoft application agent fails, complete the following steps:
1. Save a copy of the existing DPSAPPS folder.
2. Uninstall the Microsoft application agent from Control Panel > Programs > Programs and Features.
3. Install the Microsoft application agent.
4. Replace the DPSAPPS folder with the copy that was saved in step 1.
Update the application agent in the PowerProtect Data Manager UI

Learn how to perform a precheck operation and update the application agent software on one or more hosts in the
PowerProtect Data Manager UI.
Prerequisites
The precheck and update operations are only available for registered clients and application agent versions 19.10 and later.
Steps
To perform a precheck:
1. From the left navigation pane in the PowerProtect Data Manager UI, select Infrastructure > Application Agents.
The Application Agents window opens.
2. Select the check box next to each application agent host to be included in the precheck.
When the application agent versions on the selected hosts are 19.10 or later and the versions are earlier than the current
PowerProtect Data Manager version, the More Actions button becomes enabled.
3. Click More Actions > Precheck Update.
The Precheck Update window opens.
4. On the Schedule Precheck page:
a. In the Name text box, type a name for the precheck operation.
b. Select one of the following options:
● Precheck now—Performs the precheck immediately.
● Precheck later—Schedules the precheck to occur at a later time. If you select this option, specify the date and time
to perform the precheck.
c. Click Next.
5. On the Summary page, review the information for the selected application agent hosts, and then click OK.
The precheck verifies that the application agent hosts meet the minimum update requirements, including system memory,
disk space, and version requirements. If the precheck passes, PowerProtect Data Manager downloads the update software
package on each application agent host.
You can monitor the progress of the precheck operation in the System Jobs window.
To perform an update:
The Application Agents window opens.
7. Select the check box next to each application agent host to be included in the update.
NOTE: In a cluster environment, select each host of the cluster; otherwise, any unselected hosts are automatically
selected for the update. Ensure that each host of a cluster has the same application agent version.
When the application agent versions on the selected hosts are 19.10 or later and the versions are earlier than the current
PowerProtect Data Manager version, the More Actions button becomes enabled.
8. Click More Actions > Configure Update.
The Configure Update window opens.
9. On the Schedule Updates page:
a. In the Name text box, type a name for the update operation.
● Update now—Performs the update immediately.
● Update later—Schedules the update to occur at a later time. If you select this option, specify the date and time to
perform the update.

c. Click Next.
10. On the Summary page, review the information for the selected application agent hosts, and then click OK.
On each selected host, the update performs a precheck, places the host in maintenance mode, updates the application
agent, and then returns the host to normal mode.
You can monitor the progress of the update operation in the System Jobs window.
When the update is complete, the update status of each host changes to Up to date in the Application Agents window.
NOTE: A reboot is not required after the completion of the software update.
If the update fails:

● An error is displayed, and you must manually return the hosts to normal mode.
● Check the agent service logs for details on how to manually restore the host system.
● Check the ADM logs for more information.
● For detailed steps to downgrade to a previous version of the application agent, run the following command:
./pushupdate.sh -r -n
Uninstall the Microsoft application agent with the setup file

About this task
To uninstall the Microsoft application agent for Microsoft SQL Server with the setup file, perform the following steps.
NOTE: If a table-level restore was performed since the last reboot of the host, Microsoft application agent requests a
reboot during an uninstall operation. The Microsoft application agent installs and uses the Eldos CBFS driver for table-level
unloaded before an uninstall operation.
Steps
1. Launch emcmsappagent-19.14.0.0.exe.
2. On the Install Modification page, select Remove, and then click Next.
3. On the Configure Uninstallation Options page, click Remove.
4. On the Removing the CLR assembly page:
a. Select the required Microsoft SQL Server instances to remove the CLR assembly.
By default, all the Microsoft SQL Server instances are selected.
b. Select one of the following options to remove the CLR assembly:
c. In the User name and Password fields, type the credentials for the user who has the privileges to remove CLR
assembly.
d. Click Remove.
e. After the removal is completed, click Next.
Uninstall the Microsoft application agent with a silent

uninstallation
Learn how to uninstall the Microsoft application agent with the command prompt for a silent installation.
NOTE: If a table-level restore was performed since the last reboot of the host, Microsoft application agent requests a
reboot during an uninstall operation. The Microsoft application agent installs and uses the Eldos CBFS driver for table-level
unloaded prior to an uninstall operation.

To uninstall the Microsoft application agent without any intervention, run the following command:
emcmsappagent-19.14.0.0.exe -uninstall -q UninstallAgentService=1 -log "<log_file_path>"
where:
● -q indicates a silent uninstallation.
● UninstallAgentService=1 is mandatory for a silent uninstallation. If this option is not added in the uninstall command,
then the agent service still exists after the Microsoft application agent is uninstalled.
● -log specifies the path where the log file must be created or saved.
NOTE: The log file displays the status of the uninstallation. For a silent uninstallation, you must use the -log
<log_file_path> option.
Consider the following example command to silently uninstall the Microsoft application agent:
emcmsappagent-19.14.0.0.exe -uninstall -q UninstallAgentService=1 -log "C:

\Users\Administrator\Desktop\uninstallLog.txt"
Required privileges for Application Direct backup and recovery

Learn about the user requirements for Application Direct backup and recovery.
Required Microsoft SQL Server roles

Assign the user the following Microsoft SQL Server roles:
● sysadmin
● public
Required Windows user permissions

Create a local or domain Windows user account and assign the following roles:
● The built-in Windows Administrator.
● A domain user added to the local Administrators user group.
● For a stand-alone server only:
○ For table-level backup and recovery, assign the administrative privileges.
○ For database-level backup and recovery, assign the following permissions:
￭ Add the user to the "Create global objects" Windows policy.
￭ For all Microsoft SQL Server instances on the host that will be protected, assign the following permissions to the data
and log folder of the database:
- Read
- Write
- List folder contents
Assign the permissions for all paths where databases are stored, including the default data and log folder of the
Microsoft SQL Server installation. The default data and log folder may be under the Microsoft SQL Server installation
folder. For example, for Microsoft SQL Server 2012, the default folder is C:\Program Files\Microsoft SQL
Server\MSSQL12.MSSQLSERVER\MSSQL\.
● For an Always On availability group only:

○ A local user account added to the Administrators user group on each node in the cluster. The username and password
must be the same on each node.
NOTE: For an Always On availability group, Failover Cluster Instance, or Always On Failover Cluster Instance, if you
use an account that you created (an account that is not the built-in Windows Administrator), you must launch the tool
where you perform the backup or recovery with elevated permissions (run as administrator).

Setting the sysadmin privilege for the Microsoft SQL Server host
To enable the integration with PowerProtect Data Manager on the Microsoft SQL Server host, the database OS account or NT
AUTHORITY\SYSTEM account on the host requires the sysadmin privilege. Setting the sysadmin privilege for Microsoft SQL
Server hosts provides more information.
Required privileges for T-SQL backups

To enable the Application Direct backups using Transact-SQL (T-SQL) scripts with the Microsoft application agent, specific
access permissions are required. The SQL Agent Service login user must have read and write access permissions in the
Microsoft application agent installation directory, which is C:\Program Files\DPSAPPS\MSAPPAGENT by default.
Stagger Microsoft SQL Server discovery jobs in host scale-out

environments
In a host scale-out environment with many Microsoft SQL Server hosts to register to PowerProtect Data Manager, consider the
following method for staggering the Microsoft SQL Server discovery jobs.
Kick off the installer in smaller group of hosts

When you install the Microsoft application agent by script, kick off the installer in smaller groups of hosts. The discovery jobs will
kick off after the agent installation. Distributing the installer in smaller groups helps to stagger the incoming discovery results to
Configure the database backup stripe level

Starting with version 19.6, you can modify the stripe level of a backup at the individual database level by using the following
procedures. You can set the stripe level through the following procedures only for self-service stand-alone Microsoft SQL
Server backups, not for centralized backups performed through PowerProtect Data Manager.
CAUTION: After you update from version 19.6, centralized backups ignore any parallelism and backup stripe
settings that were previously configured on the Extended Properties page in SQL Server Management Studio
(SSMS). For centralized backups with version 19.6 or later, you must configure the parallelism settings through
the PowerProtect Data Manager UI, as described in the next topic.
The backup stripe level configuration includes the following features:
● The backup stripe level setting for individual databases has a higher priority than the stripe level setting through the backup
command with the -S option.
● For any database, the minimum supported stripe level is 1 and the maximum supported stripe level is 32.
● In an FCI or AAG cluster, setting the backup stripe level of a database at any node reflects across all the nodes in the cluster.
To set the backup stripe level for any database, use either of the following procedures:
● Perform the following steps in the SQL Server Management Studio (SSMS):
1. Right-click the database name, and select Properties.
2. In the properties window, select Extended Properties from the left side pane.
3. Add the required property name and the backup stripe level value:
○ For a full backup, add the property name ppdmFullStripes and a value between 1 and 32.
○ For a differential backup, add the property name ppdmDiffStripes and a value between 1 and 32.
○ For a log backup, add the property name ppdmLogStripes and a value between 1 and 32.

Figure 1. Extended Properties page with backup stripe levels
● Run the following T-SQL statements to set the backup stripe level for any database:
USE <database_name>;
GO
EXEC sp_addextendedproperty
@name = N'ppdmDiffStripes',
@value = '4';
@name = N'ppdmFullStripes',
@value = '8';
@name = N'ppdmLogStripes',
@value = '2';
Enable multi-stream backups for Microsoft SQL Server protection

policy
To enable multi-stream Microsoft SQL Server backups for a centralized protection policy, you can set the parallelism value in
the PowerProtect Data Manager UI. The parallelism value controls the number of parallel streams that the Microsoft application
agent uses to write the backup data to DD.
The following procedure enables the setting of separate stripe levels for the backup types that are supported for Microsoft SQL
Server. If you do not change the settings, the default settings are used for a centralized backup, with a default stripe value of 4
for full and differential backups and a default stripe value of 1 for log backups.
the PowerProtect Data Manager UI.
In the PowerProtect Data Manager UI, perform the following steps to set the parallelism for multi-stream backups:
1. Select Infrastructure > Assets > SQL.
2. Select the required Microsoft SQL Server asset.

3. Select More Actions > Set Stream Count.
4. Set the stream count for each backup type as a value between 1 and 32 in the Full, Differential, and Log fields. The default
stream count values are 4 for full and differential backups and 1 for log backups.
NOTE: A stream count value of 1 is recommended for log backups.

5. Click Save.
Manage the Microsoft application agent

You can use the PowerProtect Data Manager UI to add a Microsoft application agent for data protection, approve and reject
pending agent requests, and edit and delete existing agents.
Steps
1. Select Infrastructure > Application Agents.
The Application Agents window appears.
NOTE: If the PowerProtect agent service could register during the installation, the Microsoft SQL Server host is already
listed and does not need to be added.
2. In the Application Agents window, click Add.

3. Select one of the following options:
● Select FQDN/IP Address or CSV Filename.
○ If you select FQDN/IP Address, perform the following steps:
a. Type the fully qualified domain name (FQDN) for the application agent.
b. Select the date until which the application agent is preapproved.
c. Click Save.
○ If you select CSV Filename, perform the following steps:
a. Click .
NOTE: The contents of the .csv file must be in the following format, for example:
"ppdm.dell.com"
"ppdm2.dell.com"
The browser window appears.

b. Select the .csv file, and then click Open.
The uploaded file name appears in the CSV Filename field.
c. Select the date until which the application agent is preapproved.
d. Click Save.
● If you have disabled Auto Allow List, perform the following steps:
NOTE: The Auto Allow List option is disabled by default. When Auto Allow List is enabled, all
preapproved application agents are automatically approved.
a. Select the required application agent.
○ Approve
○ Reject
○ Edit, and then make the required changes.
○ Remove
c. Click Save.
Next steps
Discover a Microsoft SQL Server application host describes how to set the host credentials before you schedule a backup.

Changing the preferred host address
You can change the preferred host address that is used for communication between PowerProtect Data Manager and the
application-agent host.
If the Microsoft application agent is configured to use the Application Direct data path, the preferred host address can be an
IPv4 address, an IPv6 address, or a fully qualified domain name (FQDN).
NOTE: Using an FQDN is only available as of version 19.14 of the application agent.
It is recommended to use an FQDN as the preferred host address in DHCP environments and other environments where static
IP addresses can change. When DHCP is used instead of an IP address and the IP address of the host changes, the following
benefits occur:
● Communication between PowerProtect Data Manager and the host is uninterrupted.
● Backup and restore operations succeed.
● Reregistration of the application agent is not required.
If the Microsoft application agent is configured to use the VM Direct data path, the use of an FQDN is unsupported, and the
preferred host address can only be an IPv4 address or an IPv6 address.
Change the preferred host address

About this task
To change the preferred host address, perform the following steps:
Steps
1. From the left navigation pane, select Infrastructure > Application Agents.
2. Select the entry for the host.
3. Click More Actions and select Set Preferred Address.
4. From the Preferred Address drop-down, select the preferred address.
NOTE: DNS name resolution must be enabled to select a fully qualified domain name. If it is not enabled, enable it by
selecting Infrastructure > Application Agents and clicking Configure DNS Name Resolution. After it is enabled,
repeat these steps.
View application agent details

Use the Application Agents window in the PowerProtect Data Manager UI to monitor the registration and update status of
application agents, and view details for individual application agents.
To view application agent details, from the left navigation pane, select Infrastructure > Application Agents.
Agent registration status displays the total number of application agents that are awaiting approval, approved, registered, or
rejected.
Agent update status displays the total number of application agents that are up-to-date, available, scheduled, in progress, or
failed.
NOTE: If the update of an application agent fails for any reason, the agent host is counted as available. The host is included
in the total number of available applicant agents.
At the end of the Agent update status row, you can click to view information about scheduled updates. The Schedules
table appears and displays the following information:
● Update/Precheck Name
● Date and Time
● Schedule Status
● Host Count
● Actions

The lower table in the Application Agents window displays information about individual application agents. The following table
describes the available information.
Table 7. Application agent information

Column Description
Details Click in the Details column to view details and summary information for the
application agent, including registration status.
Host Name The name of the application agent host.
IP The IPv4 or IPv6 address of the application agent host.
Registration Status The registration status of the application agent:
● Awaiting Approval
● Pending Approval
● Registered
● Approved
● Rejected
● Expired
● Accepting Certificates
● Failed
OS The operating system of the application agent host.
Agent Type The application agent type.
Throttling Status This column applies only to the version 19.14 or later File System agent, Microsoft SQL
Server agent, and Oracle RMAN agent.
The status of backup throttling on the application agent host:
● No Throttling—CPU throttling is not set for backups on the host.

● Throttling—CPU throttling is set for backups on the host.
● Unsupported—CPU throttling is unsupported because the host has only pre-19.14
application agents or application agents other than the File System agent, Microsoft
SQL Server agent, or Oracle RMAN agent.
CPU Throttling (hidden by default) This column applies only to the version 19.14 or later File System agent, Microsoft SQL
NOTE: To display this hidden Server agent, and Oracle RMAN agent.
column, click the icon on the
The CPU utilization limit value for backup throttling on the application agent host.
lower left and then select CPU
Throttling from the Show/
Hide Columns list.
Current Version The current version of the application agent.

Update Status The update status of the application agent host:
● Available—The PowerProtect Data Manager release is 19.14 and the application
agent release is 19.10, 19.11, 19.12, or 19.13.
● In Progress—The update of the application agent is in progress.
● Up to Date—The PowerProtect Data Manager release and the application agent
release are both 19.14.
● Scheduled—The application agent is scheduled for an update.
● Failed—The update of the application agent failed.
● Not Supported—The PowerProtect Data Manager release is 19.14 and application
agent release is earlier than 19.10.
Filter and sort information

Use the filtering and sorting options to find specific application agents, and to organize the information that you see.

You can filter and sort the information that appears in table columns. Click in the column heading to filter the information in
a table column, or click a table column heading to sort that column.
Use the Search field to filter application agents based on a search string. When you type a keyword in the Search field, the
PowerProtect Data Manager UI filters the results as you type. To clear the search filter, remove all keywords from the Search
field.
Export application agent data

To export the data that is shown in the table to a .CSV file, click Export All.
For more information about the Export All functionality, see the PowerProtect Data Manager Administrator Guide.
Configurable ports for Microsoft SQL Server

The Microsoft application agent supports the configurable ports feature for Microsoft SQL Server.
During the installation of Microsoft application agent on the Microsoft SQL Server host, you can specify the communications
port from the supported port ranges 7000 to 7009 and 7012 to 7020. This specified port and the port 8443 on PowerProtect
Data Manager enable the communication between the Microsoft application agent and PowerProtect Data Manager, and both
ports are open bidirectionally.
NOTE:
If you do not specify a port number, the default port 7000 is used as the communications port. The ports 7010 and 7011 are
used by the agent service message bus.
Port configuration is not supported for a silent update. A silent update uses the previously configured port number, and
disregards any ClientPort option setting. Port configuration is supported for an update only through the Microsoft
application agent installation wizard.
For a AAG configuration, it is recommended to use the same port number for all the nodes in the AAG.
After the port configuration, the Microsoft application agent operations might display the following messages in certain cases:
● When the specified port is invalid (not in the supported port range):
The specified port number is not within the required range.
● When the specified port is busy:
Port is currently being used by another service.
In a coexistence scenario, the Microsoft application agent is installed as the primary agent with a specified port number, and
the File System agent is installed as a secondary agent. The File System agent installation can use the same port number as
specified for the primary agent. If the port number of the secondary agent is then changed for some reason, the updated port
number is used for both agents. The same results occur when the File System agent is installed as the primary agent and the
Microsoft application agent is installed as the secondary agent. The secondary agent installation can use the same port number
as specified for the primary agent.
Support for existing Microsoft application agent

backups with PowerProtect Data Manager
The Microsoft application agent provides the capability to import existing stand-alone deployments, including their existing
backups, to PowerProtect Data Manager. Existing backups are Microsoft application agent backups that you performed before
integrating the Microsoft application agent with the PowerProtect Data Manager software and before adding an asset to a
PowerProtect Data Manager protection policy.
NOTE:
Importing Microsoft SQL Server backup copies to PowerProtect Data Manager is supported only from backups that are
performed with Microsoft application agent 4.7 and later.

You can import up to three previous months of existing backups.
Retention lock is not supported for discovered existing backups in PowerProtect Data Manager.
Importing is not supported for DD Boost-over-FC backups and 32-bit FCI instance backups.
With the importing capability, PowerProtect provides the following centralized features:
● Visibility of both existing backups and any new self-service or PowerProtect Data Manager policy-driven backups of
imported assets.
● Automatic configuration of target protection storage based on the PowerProtect Data Manager protection policies that are
used for your database.
● All the other functionality that is provided for PowerProtect Data Manager protection policies.
When you create a protection policy, the PowerProtect Data Manager software can either create or reuse a storage unit on the
specified DD system backup host, subject to limitations. All subsequent backups of assets in that protection policy go to this
storage unit. This implementation uses scripts (T-SQL or CLI) or the Microsoft application agent SSMS plug-in UI to override
the storage unit information that is provided in any running backup with the storage unit information from PowerProtect Data
Manager.
Supporting existing Microsoft application agent backups with

PowerProtect Data Manager
Learn how to support the existing Microsoft application agent backups.
Steps
1. Update the Microsoft application agent on the Microsoft SQL Server host.
Update the Microsoft application agent provides information.
2. Run the backup discovery tool, AgentBackupDiscovery.exe, to enable management of existing Microsoft application
agent backups with PowerProtect Data Manager.
Using the backup discovery tool for PowerProtect Data Manager management of existing backups provides information.
NOTE: This step enables the discovery of old backup copies that the Microsoft application agent created during
self-service backups with stand-alone deployments.
3. Register and approve the Microsoft application agent in PowerProtect Data Manager.
After a few minutes of approving the Microsoft SQL Server host, older backup copies are discovered. Depending on the
number of backups, the discovery and subsequent visibility of the backups in PowerProtect Data Manager can take some
time. The retention time of the discovered existing backup copies equals the retention time that was set in the protection
policy plus 14 days, rounded off to the next day.
4. Discover and add the credentials for the Microsoft SQL Server application host.
5. Create a protection policy to protect the Microsoft SQL Server host. For importing assets, only a subset of databases can be
imported. It is not mandatory for all the databases on the host to be imported.
The first backup after importing must be a full backup:
● The first centralized backup is automatically promoted to a full backup.
● The first self-service backup is automatically performed as a full backup.
NOTE: You cannot perform a backup to a secondary DD system device. You can restore only from a secondary DD
system device.
6. Perform a self-service backup of the Microsoft SQL Server databases. Imported assets can be part of either a centralized or
self-service protection policy.
Performing self-service Microsoft SQL Server database backups provides information.

Using the backup discovery tool for PowerProtect Data Manager
management of existing backups
To enable the PowerProtect Data Manager management of existing backups after you have updated the Microsoft application
agent or imported the current version, you must run the backup discovery tool, AgentBackupDiscovery.exe. Existing
backups are Microsoft application agent backups that you performed before integrating the Microsoft application agent with the
PowerProtect Data Manager software.
At the end of an update of the Microsoft application agent with the installer, the wizard displays a message about running the
AgentBackupDiscovery.exe tool to discover existing backups and manage them in PowerProtect Data Manager software.
CAUTION:
Importing Microsoft SQL Server backup copies to PowerProtect Data Manager is supported only from backups
that are performed with Microsoft application agent 4.7 and later.
Retention lock is not supported for discovered existing backups in PowerProtect Data Manager.
You cannot use the backup discovery tool to discover existing DD Boost-over-FC backups or 32-bit FCI instance
backups.
If you delete a Microsoft SQL Server database before importing but the database backup copies exist on the DD
system, then after importing, PowerProtect Data Manager will not manage those backup copies.
After you run the backup discovery tool, you can continue to use the existing backup scripts to perform the
Microsoft application agent backups. Ensure that all the databases backed up with a particular script are added
to a single protection policy. By default, the PowerProtect Data Manager overrides the DD details by using
the storage unit from the protection policy. If you do not want the DD details to be overridden, use the -a
"SKIP_DD_OVERRIDE=TRUE" option in the backup scripts.
To discover the existing backups by using the backup discovery tool, perform the following steps.
1. In the Microsoft application agent installation directory, C:\Program Files\DPSAPPS\MSAPPAGENT\bin, run
AgentBackupDiscovery.exe as the administrator.
The Discovery of existing backups dialog box appears.
NOTE: If the program does not start but displays the following message, an ongoing backup discovery process is
running, as invoked by the PowerProtect Data Manager:
Backup discovery is in progress. Please wait for it to complete.
When the discovery process is complete, you can run the backup discovery tool.
2. In the DD system list in the dialog box, select the appropriate DD IP address or hostname, storage unit, and username for the
existing backups that you want the PowerProtect Data Manager software to discover.
NOTE: Select only one storage unit at a time. After discovery is complete for the storage unit, you can run the backup
discovery tool again to discover the backups of another storage unit.
3. In the Client hostname field, you can change the client hostname from the default local hostname as needed.
To enable the backup discovery for an AAG or FCI, you must specify the appropriate client hostname:
● If the host is part of an AAG, specify the Windows cluster name.
● If the host is part of a Microsoft SQL Server virtual server or FCI, specify the virtual server name.
4. In the Backup discovery time period field, select the number of months for the time period, as the time in the past when
the backups were performed. You can select 1 month, 2 months, or 3 months for the time period.
5. In the Application field, select SQL as the application.
6. After you have specified the required field values, click Generate.
When the PowerProtect Data Manager software completes the generation of the backup metadata or breadcrumbs, the
following message appears in the dialog box. Depending on the number of old backups, the generation of breadcrumbs can
take some time:
Breadcrumbs generated successfully.
The retention time for the discovered backup is the same as the expiration time set when the backup was taken.

Microsoft application agent for application-aware
protection
The Microsoft application agent is a component of the PowerProtect Data Manager data protection solution for VMware virtual
machines.
A PowerProtect Data Manager application-aware VM protection policy uses the Microsoft application agent to provide
advanced application-consistent protection for the following Microsoft SQL Server workloads:
● Full backup to DD—Configure a PowerProtect Data Manager protection policy with the application-aware option to perform
a Microsoft SQL Server backup to a DD device as part of either a transparent snapshot data mover (TSDM) backup or
a VMware image-level backup. A Microsoft SQL Server full backup is performed during the in-guest quiesce by VMware
Tools. When the backup is performed as part of the VMware image-level backup, the Microsoft SQL Server data files are
backed up as part of the VMDKs during the VM Direct backup. After completing the backup, the Microsoft application agent
is automatically run on the virtual machine to catalog the Microsoft SQL Server backup on the DD associated with the
protection policy.
NOTE: In each application-aware protection policy, ensure that the retention lock is enabled for both protection and
replication objectives.
● Transaction log backup—When configuring a PowerProtect Data Manager protection policy with the Application Aware
option, set an interval for Transaction log backup to enable transaction log backups for Microsoft SQL Server instances
running on the virtual machine, and specify the frequency of backups. The Microsoft application agent is run on the virtual
machine to perform the transaction log backup. Backups are written directly to the DD associated with the protection policy.
A transaction log backup is only performed for databases in the proper state; otherwise, databases are skipped.
● Database restore, flat file restore, table-level restore, or database Instant Access restore to the source virtual machine or
an alternate virtual machine. To perform restores to an alternate virtual machine, that virtual machine must be an asset
of PowerProtect Data Manager. However, instance-level restores can only be performed to the original source instance.
Performing Self-Service Restores of Virtual Machine Backups provides details on how to use Microsoft application agent to
restore Microsoft SQL Server databases backed up with an application-aware VM protection policy.
The Microsoft application agent software package is bundled with the PowerProtect Data Manager appliance, and is
automatically configured on a virtual machine when you add the virtual machine asset to a VM application-aware protection
policy. As part of the VM protection policy configuration, both the VM Direct agent and the Microsoft application agent
are installed on the virtual machine. The Microsoft application agent installation includes the software components that are
required for self-service restore, including the Microsoft application agent SQL Server Management Studio (SSMS) plug-in and
ItemPoint. After the agent installations, configuration information for the DD is also sent to the virtual machine, calling the
Microsoft application agent to perform the lockbox configuration. Subsequent protection policy backups and self-service restore
operations jobs also use this information without any further action required. During application-aware Microsoft SQL Server
full backups and transaction log backups, PowerProtect Data Manager updates the VM Direct agent and Microsoft application
agent software packages as required.
The virtual machine credentials that are provided in the protection policy or within the virtual machine asset are used during
Microsoft application agent installation and during Microsoft SQL Server full and transaction log backups. The Microsoft
application agent is first called to validate the virtual machine configuration. The agent verifies that the Microsoft SQL Server is
installed and running, and that the provided virtual machine credentials have the necessary permissions to perform a Microsoft
SQL Server backup.
In order to perform Microsoft SQL Server application-consistent data protection for virtual machines, the Microsoft application
agent requires the following:
● The Microsoft application agent runs under the virtual machine credentials that are provided in the VM protection policy or
virtual machine asset for installation and data protection operations. Configure all Microsoft SQL Server instances on the
virtual machine to grant account rights for this account to perform Microsoft SQL Server database backup and recovery
operations:
○ Add the account to Microsoft SQL Server logins.
○ Grant the account the sysadmin role.
NOTE: The Microsoft application agent supports only a domain Administrator or local Administrator account for the
virtual machine credentials. The user can be an Administrator, a domain user with local Administrator privileges, or a local
user with local Administrator privileges. Minimum required privileges for VM Direct backup and recovery provides details
on how to enable the support for a domain or local user with Administrator privileges.
● Network connectivity, hostname resolution, and firewall ports between the DD device and the virtual machines that are part
of Microsoft SQL Server application-consistent protection policies and restore to alternate operations. This connectivity is
required to enable the Microsoft application agent to perform client direct operations to DD.

● VMware vCenter server version 6.7 or later.
● VMware ESXi server version 6.7 or later.
● VMware Tools version 11 or later.
● Enable the UUID attribute (disk.EnableUUID=TRUE) in the vSphere Client.
NOTE: After you set disk.EnableUUID to TRUE, ensure that you reboot the virtual machine.
● The virtual machine must use SCSI disks only, and the number of available SCSI slots must at least match the number
of disks. For example, a virtual machine with 7 disks only requires one SCSI controller, but a virtual machine with 8 disks
requires 2 SCSI controllers.
● The VM Direct Engine requires live network connectivity to the ESXi where the targeted Microsoft SQL Server virtual
machine resides.
Multiple virtual networks (MVLANs) for Microsoft SQL Server

application-aware protection
PowerProtect Data Manager cannot automatically configure a virtual network connection between an agent in a virtual machine
and PowerProtect Data Manager when PowerProtect Data Manager is configured with multiple virtual network connections.
If you use multiple virtual networks, the virtual machine asset must have a connection to the default interface for PowerProtect
Data Manager. Manually configure the VLAN to provide access to the virtual machine before you add the virtual machine to the
protection policy.
Naming conventions for backups with VM Direct

When naming Microsoft SQL Server instance, database, and filegroups, consider that the Microsoft application agent does not
distinguish the difference between upper and lowercase letters. The names are not case-sensitive.
Therefore, if there are two or more databases with the same name but with different capitalization, such as DB1 and db1, the
Microsoft application agent views these databases as the same and by default backs up only one of the databases.
The following table describes the special characters that are supported for naming database backups in Microsoft SQL Server
stand-alone, cluster, and Always On availability group configurations with VM Direct.
Table 8. Special characters supported with VM Direct

Special character Name
~ Tilde
` Accent grave
! Exclamation mark
@ At the rate
% Percentage
^ Caret
& Ampersand
( Open parenthesis
) Close parenthesis
- Hyphen
_ Underscore
{ Open curly bracket
} Close curly bracket
\ Backslash
. Period

NOTE: While Microsoft SQL Server supports naming instances with the hash symbol (#), the Microsoft application agent
does not. If an instance includes a hash symbol, backups of that instance will fail.
Minimum required privileges for VM Direct backup and recovery

Learn about the user requirements for VM Direct backup and recovery.
The minimum required privileges for VM Direct backup and restore operations depend on the version of vmtools that is installed
on the VM system:
● With the vmtools version 11.x or later, the Microsoft application agent supports a domain user or local user account with
enabled UAC for the virtual machine credentials.
● With the vmtools version earlier than 11.x, the Microsoft application agent supports only a domain Administrator or local
Administrator account with disabled UAC for the virtual machine credentials. The user can be an Administrator, a domain
user with local Administrator privileges, or a local user with local Administrator privileges (user is added to the domain of
PowerProtect Data Manager).
The following subtopic provides more details about enabling the required user privileges for VM Direct operations.
Windows permissions required for the domain user or local user for VM Direct
workflow
With vmtools version 11.x or later installed on the VM system, you can configure the protection policies and perform the VM
Direct backup and restore operations by using domain user or local user credentials with enabled UAC.
To enable the support for a domain user or local user with enabled UAC, make the user a member of the "Administrators" Active
Directory group in Computer Management > System Tools > Local Users and Groups.
The user can be an Administrator, a domain user with local Administrator privileges, or a local user with local Administrator
privileges.
NOTE: UAC is enabled by default on a Windows VM system. If you need to enable UAC, complete the following steps:
1. Select Control Panel > User Accounts > User Accounts > Change User Account Control Settings, and move the
slider to select Notify me only when apps try to make changes to my computer.
2. Select Local Security Policy > Local Policies > Security Options > User Account Control: Run all
administrators in Admin Approval Mode, and select Enabled on the Local Security Setting tab.
3. Reboot the VM system.
When you configure a protection policy, edit the policy and select the domain user or local user.
NOTE: To use the SSMS plug-in as the local user to perform a self-service restore of a VM Direct backup, you must launch
the SSMS plug-in by selecting Run as administrator.

3
Managing Storage, Assets, and Protection
Topics:
• Enable an asset source
• Delete an asset source
• Disable the Microsoft application agent
• Reinstall the Microsoft application agent
• Setting the sysadmin privilege for Microsoft SQL Server hosts
• Discover a Microsoft SQL Server application host
• Protection policies for Microsoft SQL Server database protection
• Extended retention for protection policies created in PowerProtect Data Manager 19.11 or earlier
• Protection rules
• Cancel a Microsoft SQL application agent protection or restore job
• Edit the retention period for backup copies
• Delete backup copies
• Host CPU throttling
• Enable the Microsoft application agent after Internet Protocol change
• Enable the Microsoft application agent after hostname change
• Enable the Microsoft application agent after host IP address change
• Enable the Microsoft application agent after reusing IP address from a different host
• Enable the Microsoft application agent after migration to a different Microsoft SQL Server host
• Enable the Microsoft application agent after Microsoft SQL Server upgrade
• Enable the Microsoft application agent after operating system upgrade
• Manage the PowerProtect agent service
• Manage the cloud tier operations with PowerProtect Data Manager for application agents
Enable an asset source

An asset source must be enabled in PowerProtect Data Manager before you can add and register the asset source for the
protection of assets.
About this task

Only the Administrator role can manage asset sources.
In some circumstances, the enabling of multiple asset sources is required. For example, a vCenter Server and a Kubernetes
cluster asset source must be enabled for Tanzu Kubernetes guest cluster protection.
There are other circumstances where enabling an asset source is not required, such as the following:
● For application agents and other agents such as File System and Storage Direct, an asset source is enabled automatically
when you register and approve the agent host. For example, if you have not enabled an Oracle asset source but have
registered the application host though the API or the PowerProtect Data Manager user interface, PowerProtect Data
Manager automatically enables the Oracle asset source.
● When you update to the latest version of PowerProtect Data Manager from an earlier release, any asset sources that were
previously enabled appear in the PowerProtect Data Manager user interface. On a new deployment, however, no asset
sources are enabled by default.
Steps
1. From the PowerProtect Data Manager user interface, select Infrastructure > Asset Sources, and then click + to reveal
the New Asset Source tab.
2. In the pane for the asset source that you want to add, click Enable Source.
The Asset Sources window updates to display a tab for the new asset source.
Managing Storage, Assets, and Protection 47

Results
You can now add or approve the asset source for use in PowerProtect Data Manager. For a vCenter server, Kubernetes cluster,
SMIS Server, or PowerProtect Cloud Snapshot Manager tenant, select the appropriate tab in this window and click Add. For an
application host, select Infrastructure > Application Agents and click Add or Approve as required.
NOTE: Although you can add a Cloud Snapshot Manager tenant to PowerProtect Data Manager in order to view its health,
alerts, and the status of its protection, recovery, and system jobs, you cannot manage the protection of its assets from
PowerProtect Data Manager. To manage the protection of its assets, use Cloud Snapshot Manager. For more information,
see the PowerProtect Cloud Snapshot Manager Online Help.
Disable an asset source

If you enabled an asset source that you no longer require, and the host has not been registered in PowerProtect Data Manager,
perform the following steps to disable the asset source.
About this task

NOTE: An asset source cannot be disabled when one or more sources are still registered or there are backup copies of the
source assets. For example, if you registered a vCenter server and created policy backups for the vCenter Server virtual
machines, then you cannot disable the vCenter Server asset source. But if you register a vCenter server and then delete it
without creating any backups, you can disable the asset source.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Asset Sources, and then select the tab of the asset
source that you want to disable.
If no host registration is detected, a red Disable button appears.
2. Click Disable.
Results
PowerProtect Data Manager removes the tab for this asset source.
Delete an asset source

If you want to remove an asset source that you no longer require, perform the following steps to delete the asset source in the
About this task

Only the Administrator role can manage the asset sources.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Asset Sources, and then select the tab for the type of
asset source that you want to delete.
2. Select the asset source name in the asset source list, and then click Delete.
3. At the warning prompt that appears, click Continue.
The asset source is deleted from the list.
Results
PowerProtect Data Manager removes the specified asset source in the Asset Sources window.
Any associated assets that are protected by the protection policy are removed from the protection policy and their status is
changed to deleted. These assets are removed automatically as part of daily PowerProtect Data Manager cleanup after all
associated backup copies have been deleted. These assets can also be removed manually. The PowerProtect Data Manager
Administrator Guide provides details on how to remove assets from PowerProtect Data Manager.
The copies of assets from the asset source are retained (not deleted). You can delete the copies from the copies page, if
required.
48 Managing Storage, Assets, and Protection

Disable the Microsoft application agent
You can use the procedure in this topic to disable the Microsoft application agent.
Steps
1. Remove the assets from the protection policies:
a. From the left navigation pane in the PowerProtect Data Manager UI, select Protection > Protection Policies.
The Protection Policies window appears.
b. Select the protection policy that you want to modify, and click Edit.
The Edit Policy window opens on the Summary page.
c. In the Assets row, click Edit.
The Assets page appears.
d. To remove the assets from the protection policy, select the assets and click Remove.
The Assets page is updated with the changes.
2. Delete the Microsoft SQL Server host by deleting the asset source according to Delete an asset source. This procedure
unregisters the host from PowerProtect Data Manager and removes the host assets after all the asset copies have expired.
The assets and asset source of the original host are still in the "Deleted" state, unless the asset copies have expired and
garbage collection has run.
NOTE: If you unregister and reregister the Microsoft application agent instead of completing this deletion step, then
duplicated asset names might appear in the PowerProtect Data Manager UI.
3. To delete the asset copies, follow the instructions in Delete backup copies.
Reinstall the Microsoft application agent

You can use the procedure in this topic to reinstall and reregister the Microsoft application agent with the PowerProtect Data
Manager server.
About this task

To reregister the application agent back to the same PowerProtect Data Manager server after you delete an asset source,
complete the following steps.
Steps
1. Go to Control Panel > Programs > Programs and Features.
2. Use the Change option for the Microsoft application agent to reinstall the Microsoft application agent.
3. In the installation wizard, select the PowerProtect Data Manager option.
Results
After the installation completes, the Microsoft application agent is reregistered to the PowerProtect Data Manager server.
Setting the sysadmin privilege for Microsoft SQL

Server hosts
To enable the integration with PowerProtect Data Manager on each Microsoft SQL Server host, ensure that the database OS
account or NT AUTHORITY\SYSTEM account on each host has the required sysadmin privilege.
Before you register any Microsoft SQL Server host with PowerProtect Data Manager, set the required sysadmin privilege by
completing one of the following two procedures on each Microsoft SQL Server host.

Setting the sysadmin privilege for database OS account
By default, the Microsoft application agent uses the SYSTEM account for asset discovery. However, this requires granting the
SYSTEM account the Microsoft SQL Server sysadmin role, which might not comply with corporate security requirements. As an
alternative, you can complete the following procedure to use a domain or local user account instead for asset discovery. When
you select the option Use the credentials for both asset discovery and backup as follows, the configuration for using the
domain or local user account is centrally managed from PowerProtect Data Manager.
NOTE: This procedure is only supported for a host with application agent release 19.11 or later installed.
Complete the following steps to ensure that the database OS account on each host has the sysadmin privilege.
1. Log in to each Microsoft SQL Server instance, open the SQL Server Management Studio (SSMS), and select View > Object
Explorer.
2. In the Object Explorer, expand Security and then expand Logins.
3. Right-click the database OS account name, and then select Properties.
4. In the Login properties window, select Server Roles.
5. Select sysadmin under Server roles.
6. Click OK.
The Login properties window closes.
7. In the PowerProtect Data Manager UI, select Infrastructure > Asset Sources, and then select the SQL tab.
8. Select the required hostname in the list, and then click Edit Credentials.
9. On the Set Credential page, specify the database OS credentials and select the option Use the credentials for both
asset discovery and backup.
NOTE: On the Set Credential page, the option Use the credentials for both asset discovery and backup does not
appear when the database OS credentials setting is None or the application agent release is earlier than 19.11.
10. Click Save.
Setting the sysadmin privilege for NT AUTHORITY\SYSTEM account

Complete the following steps to ensure that the NT AUTHORITY\SYSTEM account on each host has the sysadmin privilege.
1. Log in to each Microsoft SQL Server instance, open the SQL Server Management Studio (SSMS), and select View > Object
Explorer.
2. In the Object Explorer, expand Security and then expand Logins.
3. Right-click NT AUTHORITY\SYSTEM, and then select Properties.
4. In the Login properties window, select Server Roles.
5. Select sysadmin under Server roles.
6. Click OK.
The Login properties window closes.
Discover a Microsoft SQL Server application host

After you register an application host with PowerProtect Data Manager, the host appears in the Asset Sources window. Then
you can select the host, perform discovery, and modify the application host credentials. For application hosts, discovery is
required if you want to schedule a backup. Assets must also be discovered for the centralized copy management of self-service
backups.
About this task

Perform the following steps to discover a Microsoft SQL Server application host as an asset source in the PowerProtect Data
Manager UI.
Steps
1. Select Infrastructure > Asset Sources.
The Asset Sources window appears.

2. Select the SQL tab.
3. If you are adding a Microsoft SQL Server database, select the host entry and click Edit Credentials.
The Edit Credentials dialog appears.
NOTE: The supported syntax for credentials is <user>@<host> or <user>@<domain>. The syntax <host>\<user> or
<domain>\<user> is not supported.
4. If you are adding credentials for a Microsoft SQL Server database, ensure that you specify the OS credentials for the
Microsoft SQL Server host. Ensure that these credentials have the rights to perform the Microsoft SQL Server backup and
restore operations.
5. Click Save.
6. On the SQL tab, select the application host and then click Discover.
The Initiate Discovery dialog appears with an option to immediately start a full discovery of the assets on the host.
NOTE: On the SQL tab, you can click Discover at any time if any additions or other changes to your Asset Sources
have taken place outside of the PowerProtect Data Manager environment. Asset discovery is also initiated by default
after registration of the host to PowerProtect Data Manager and at hourly intervals. Discovery time is based on
networking bandwidth. Each time you initiate a discovery process, the resources that are discovered and those that are
handling the discovery impact the system performance.
7. Click Yes.
Results
If the application host is properly configured and discovery is successful, the database assets can now be added to a
PowerProtect Data Manager protection policy.
Protection policies for Microsoft SQL Server database

protection
Protection policies define sets of objectives that apply to specific periods of time. These objectives drive configuration, active
protection, and copy-data-management operations that satisfy the business requirements for the specified data. Each policy
type has its own set of user objectives.
Only the Administrator role can create or edit protection policies.
The next topics discuss protection policy terminology, concepts, and available options for planning protection policies. All
protection policies require a primary backup or retention objective. The remaining objectives are optional.
Supported protection policy purposes

These points provide generalized descriptions of PowerProtect Data Manager behavior. The different asset types prescribe
asset-specific actions and conditions for each purpose:
● Centralized Protection—PowerProtect Data Manager manages the complete protection life cycle. The backup trigger is
part of the protection policy.
● Self-Service Protection—The local application on the host handles backing up data and provides backup triggers. The
local application passes backup data to PowerProtect Data Manager, which manages the rest of the protection life cycle.
● Exclusion—Marks the specified assets as intentionally exempt from data protection operations. Otherwise, assets that
are not assigned to any protection policy are reported as unprotected. PowerProtect Data Manager restricts the specified
assets from being assigned to other protection policies.
Self-service operations are still available for centralized protection policies. Along with the backup schedule from the protection
policy, DBAs can schedule self-service backups when required.
Supported protection policy objectives

Each objective of a protection policy accomplishes one of the following purposes:
● Primary Backup—Creates and updates the catalog of backups for data that is protected by a centralized protection policy.

● Primary Retention—Creates and updates the catalog of backups for data that is protected by a self-service protection
policy. PowerProtect Data Manager receives the backup data from a local application on the asset.
● Replication—Sends a replica of designated backups or retentions, along with the associated metadata, to a remote server
for additional redundancy.
● Extended Retention—Extends the retention period for designated backups or retentions for long-term purposes. This type
of objective is only supported for protection policies that were created in PowerProtect Data Manager 19.11 or earlier.
● Cloud Tier—Moves the designated backups, retentions, or replicas from the local protection storage to an associated cloud
unit for long-term storage or archival purposes.
Primary backup objective

A primary backup objective contains a backup target and one or more schedules.
The backup target determines where and how PowerProtect Data Manager stores the asset backups:
● Which protection storage system and storage unit to use.
● Which network interface is necessary to reach the selected protection storage system.
● Whether to enable retention locking that protects against accidental deletion or tampering.
The schedules determine what and when PowerProtect Data Manager backs up:
● The types of backups to perform.
● When backups should start.
● How often to perform each type of backup.
● How long to retain each type of backup.
● The times when PowerProtect Data Manager can and cannot perform backups.
Primary retention objective

A primary retention objective contains a retention target and retention rules.
The retention target determines where and how PowerProtect Data Manager stores the asset backups:
The retention rules determine how PowerProtect Data Manager handles backup data from the asset:
● How long to retain each type of backup.
● Whether different types of backup should be retained for the same period.
● Whether to extend the retention period for specific backups.
Replication objective
A replication objective contains a replication target and one or more schedules.
The replication target determines where and how PowerProtect Data Manager stores the replicas:
The schedules determine what and when PowerProtect Data Manager replicates:
● The types of backups to replicate.
● When replication should start.
● How often to replicate.
● How long to retain each replica.
● The times when PowerProtect Data Manager can and cannot replicate.

Extended retention objective
Protection policies that were created in PowerProtect Data Manager 19.9 or earlier might have extended retention objectives.
However, you cannot edit or add new extended retention objectives.
Cloud tier objective

A cloud tier objective contains tiering rules:
● Which backups, retentions, or replicas to move to the cloud tier.
● When to move data to the cloud tier.
Replication triggers
PowerProtect Data Manager orchestrates protection policy replication objectives independently of the primary backup. When
you add a replication objective to a policy, select one of the available triggers.
The default replication trigger is a schedule window that you define by setting a recurrence period plus start and end times.
Replication occurs during the defined window. For example, every day between 8 p.m. and 12 a.m.
You can also trigger replication immediately after the completion of the associated primary backup, whether scheduled or
manual. At the start of the primary backup, PowerProtect Data Manager generates an associated replication job that remains
queued until the end of the protection job. If the backup fails or completes with exception, the associated replication job is
skipped. Restarting the protection job queues the associated replication job again.
When you create a replication objective, you can specify either scheduled replication or replication after backup completion,
which is applicable to both centralized and self-service protection policies.
NOTE: For replication after backup completion, it is recommended that you update the application agents to the latest
version.
Depending on the type of backup, the following versions are required to ensure that replication occurs immediately after the
backups complete:
● For self-service primary backups, update all application agents to PowerProtect Data Manager version 19.12 or later.
● For centralized primary backups, update all application agents to PowerProtect Data Manager version 19.11 or later.
If you want to replicate only specific backups, perform a manual replication of these backups in advance.
Using a schedule can help you manage network traffic by replicating during off-peak hours. However, for larger backup sets, the
primary backup may not finish before the start of the replication schedule, which creates a replication backlog. Replication after
backup completion prevents a replication backlog from forming.
To prevent data loss, the replication after backup completion trigger replicates new backups from the primary objective and any
outstanding backups that have not yet replicated.
A job status of Completed with Exceptions during replication

After a triggered replication job, you might see a job status message similar to the following:
Completed with Exceptions

ABA0017: plc_linux_rac: Backup was successful for the ORACLE_DATABASE asset ORCLPP on
the host oracle.test.com but the copy metadata information is currently unavailable.
The backup of this asset completed successfully but the copy metadata information has
not yet been discovered by PowerProtect Data Manager. If the 'Replicate immediately upon
backup completion' option is enabled for this protection policy, the replication job
for the copy might appear in 'Unknown' or 'Cancel' state. Once the copy metadata is
discovered by PowerProtect Data Manager, the copy will be replicated.
Review the backup copy details in the View Copies pane of the PowerProtect Data Manager
UI Infrastructure > Assets window to determine when the discovery is complete.
If you see this message, the replication backup is not immediately available.

To correct this issue, either wait for the next automatic discovery or initiate a discovery.
Roadmap for planning a Microsoft SQL Server database protection

policy
Before you create a protection policy, assemble the following information:
1. Identify a supported purpose for this protection policy that corresponds to your goal.
For example, performing centralized protection or application aware backups.
2. Identify what supported objectives this protection policy should accomplish. Supported protection policy objectives provides
more information.
For example, primary backup and replication to a remote server.
3. Use the following tables to list all required primary backup or retention types and their associated retention periods. Include
any additional full backups for extended retention.
4. For centralized, crash consistent, or application aware protection, list the backup frequency and start/end times for each
primary backup type.
5. Identify a protection storage system and storage unit where PowerProtect Data Manager should store the primary backup or
retention.
For this target, identify any required virtual networks or interfaces, and whether retention locking is required.
6. If replication is required, identify the remote protection storage system and storage unit.
Table 9. Required backup and retention types

Primary backup or retention Retention period (with units) Retention period units
types
Example (full) 1 week weeks
Full
Differential
Log
Other:
Other:
Other:
Table 10. Centralized protection schedules

Primary backup types Creation frequency (with units) Start and end
Example (full) 1 week 08:00 PM to 08:00 AM
Full
Differential
Log
Other:
Other:
Other:
Table 11. Additional full backups for extended retention

Primary backup or Created every (week/ On the (day of week/ Retention period
retention types month/year) month/year)
Retained full backup 1 Week Saturday 52 weeks
(example)

Table 11. Additional full backups for extended retention (continued)
Primary backup or Created every (week/ On the (day of week/ Retention period
retention types month/year) month/year)
Retained full backup 2
Retained full backup 3
Before you add a protection policy for Microsoft SQL Server

database protection
Review the limitations, prerequisites, and best practices in this section and the following topics before you continue.
Additional procedures for system administrators

The PowerProtect Data Manager Administrator Guide provides more information about procedures that require the
Administrator role. The PowerProtect Data Manager system administrator typically performs these procedures, some of which
have server-wide effect.
Many of these procedures are not specific to this asset type. However, some procedures in the PowerProtect Data Manager
Administrator Guide are prerequisites for, or also applicable to, asset protection. For example:
● Adding and configuring protection storage, including storage units
● Adding and configuring virtual networks
● Managing protection policies, including adding or removing assets, and disabling a policy, and protection rules
● Managing backups, such as editing retention periods and deleting backup copies
● Managing any running jobs
Review these procedures when required for your environment or when called out by a task in this guide. If required, coordinate
with your PowerProtect Data Manager system administrator or backup and restore administrators.
Maintaining protection policies

Refer to the PowerProtect Data Manager Administrator Guide for more information about editing, disabling, or deleting
protection policies.
You can change any of the following information for an existing enabled or disabled protection policy:
● Policy name and description
● Adding or removing assets from the policy
● Backup and replication schedule
● Backup optimization mode
● Settings for network interface, storage target, storage unit, and retention lock.
You cannot modify a protection policy type or purpose. For these actions, add a policy with the new type or purpose. Storage
quotas cannot be changed by editing a policy.
NOTE:
Once you save changes for an enabled or disabled policy, most changes take effect immediately. For a disabled policy's
primary backup schedules, however, the changes do not take effect until you reenable the policy, since these schedules do
not run in Disabled state.

Protection policy prerequisites
Before you configure a protection policy for asset protection, observe the following points and perform the following actions:
Notes
● For each database that you add as an asset in a protection policy, ensure that the database has only one hostname. A single
database must not have more than one hostname.
● If a database is protected in an Always On availability group, you cannot configure stand-alone backups of that database in a
protection policy group.
● You can only protect an asset with one policy at a time. Assets can move between protection policies, depending on the
protection rule priorities. Protection rules do not automatically move assets that were manually added to a policy to a
different policy.
● When creating a policy, limit the number of database assets within the policy to under 500 and stagger the start time of
replication policies. These actions prevent potential replication failures.
● Before scheduling weekly, monthly, or yearly backups, set the PowerProtect Data Manager time zone to the local time zone.
Otherwise, the backup still runs but is triggered based on the PowerProtect Data Manager time zone.
● Policy-level credentials are mandatory. Credentials that you set at the asset level and host level take precedence over the
credentials that you set at the protection policy level. Asset-level credentials have the highest precedence.
● For database backups, PowerProtect Data Manager chains the dependent backups together. For example, the incremental
or transaction log backups are chained to their base full backup. The backups do not expire until the last backup in the chain
expires. As a result, all incremental and transaction log backups are recoverable until they have all expired.
● When a new asset is added to a protection policy, the asset is not protected until the next full backup runs, whether or not
the asset is added within the backup schedule window. To immediately start protecting the asset, run a manual full backup of
the entire policy from the policy page or the newly added asset from the assets page.
Initial configuration
● Enable the Microsoft SQL database asset source.
● Review the authentication requirements for a Microsoft SQL database.
● Add any required Microsoft SQL database credentials.
● Set the sysadmin privilege for the Microsoft SQL database hosts.
● Register the application hosts with PowerProtect Data Manager.
● Perform a discovery of the application hosts.
● Where applicable, configure any necessary Service Level Agreements (SLAs). The PowerProtect Data Manager
Administrator Guide provides instructions.
Objectives
● For replication after backup completion, PowerProtect Data Manager 19.12 or later and application agents 19.12 or later are
required. It is recommended that you update the application agents to the latest version.
● To move a backup or replica to Cloud Tier, the corresponding objectives must have a retention time of 14 days or more.
Storage
● Add protection storage.
The PowerProtect Data Manager Administrator Guide provides more information about working with storage units, such as
the relationships between storage units and policies, and applicable limitations.
● Before you add a replication objective, add remote protection storage for the replication target.
● Before you add a Cloud Tier objective, PowerProtect Data Manager requires the discovery of protection storage with a
configured Cloud unit.
NOTE: PowerProtect Data Manager does not support the automatic retention lock (ARL) setting on the DD system. The
option to create a storage unit during protection policy configuration does not support compliance mode retention locking,
only governance mode. To use compliance mode retention locking, create and configure a storage unit before you configure
an associated protection policy. If you enable retention locking and select a storage unit where the retention lock mode

is None, the retention lock defaults to governance mode. The PowerProtect Data Manager Administrator Guide provides
more information.
Networking
If applicable, complete all of the virtual network configuration tasks before you assign any virtual networks to the protection
policy. The PowerProtect Data Manager Administrator Guide provides more information.
Protection policy best practices

Before you create a protection policy, note the following best practices:
● In the Protection Policies window, you can export protection policy data by using the Export All functionality.
Understanding backup terminology and managing backup frequency

When scheduling backups in a protection policy, be aware of the following:
● Different protection-policy types can use different terminology to describe available backup levels. This terminology can
differ not only between protection-policy types, but also from traditional terminology.
● To avoid high CPU usage that can lead to failure issues, do not schedule backups more often than recommended.
To understand the different backup levels to manage backup frequencies, see the following table.
Table 12. Backup terminology and frequency

Protection-policy Available backup Description Equivalent Recommended
types levels traditional minimum backup
terminology interval
Microsoft SQL Full All the data is backed up. Full Daily
Server centralized
Differential Only the data that has A differential backup is 12 hours
changed since the last performed, followed by
differential backup or the last a merge operation that
full backup if there are no produces a full backup
other differential backups is in storage.
backed up.
Log The transaction logs are - 30 minutes
backed up.
NOTE: In some situations, a full backup might be performed even though a synthetic-full backup was scheduled. Possible
reasons for a full backup include the following:
● There is no existing full backup.
● The size of a volume has changed.
● There has been a file path change.
● The asset host has been rebooted.
You can increase the backup frequency of a protection policy by scheduling more full or synthetic-full backups with different
retention times to meet your requirements.
Add a protection policy

The following tasks complete the Add Policy wizard, which is specific to each asset type.
1. Select a protection policy type
2. Select a protection policy purpose
3. Select protection policy assets
4. Add protection policy objectives
5. Configure protection policy options
6. Review the protection policy summary

Select a protection policy type
Open the Add Policy wizard and select the protection policy type.
Steps
1. From the left navigation pane, select Protection > Protection Policies.
The Protection Policies window appears.
2. In the Protection Policies window, click Add.
The Add Policy wizard appears.
3. On the Type page, specify the following fields, and then click Next:
● Name—Type a descriptive name for the protection policy.
● Description—Type a description for the policy.
● Type—Select Microsoft SQL Server.
Results
The wizard moves to the Purpose page. Continue to Select a protection policy purpose.
Select a protection policy purpose

Select from the list of supported purposes.
Steps
1. On the Purpose page, select one of the following options to indicate the purpose of the new protection policy group, and
then click Next:
● Centralized Protection—PowerProtect Data Manager manages the complete protection life cycle. The backup trigger
is part of the protection policy.
● Self-Service Protection—The local application on the host handles backing up data and provides backup triggers. The
local application passes backup data to PowerProtect Data Manager, which manages the rest of the protection life cycle.
● Exclusion—Marks the specified assets as intentionally exempt from data protection operations. Otherwise, assets
that are not assigned to any protection policy are reported as unprotected. PowerProtect Data Manager restricts the
specified assets from being assigned to other protection policies.
2. If you selected Centralized Protection, click Set Credentials to specify new policy-level credentials or select existing
credentials from the list.
The supported syntax for credentials is <user>@<host> or <user>@<domain>. The syntax <host>\<user> or
<domain>\<user> is not supported.
Results
The wizard moves to the Assets page. Continue to Select protection policy assets.
Select protection policy assets

About this task
You can change the assets view to display all assets that are discovered by PowerProtect Data Manager or a hierarchical view
with the assets in a tree structure underneath the application host. For example, a hierarchical view might be helpful when you
have added multiple SQL databases, so that you can more easily identify which assets belong to which host and instance.
● List view ( )—This view uses a table display that enables you to see all unprotected assets within a table, and then select
individual unprotected assets that you want to include in the protection policy.
● Hierarchical view ( )—This view uses a tree view that shows the hierarchical relationships of the Microsoft SQL Server
hosts, their application servers or instances (including Failover Cluster Instances (FCIs)), stand-alone database assets, and
any Always On availability groups (AAGs) with their database assets.

When you expand the hierarchical or tree view, you can see all the assets and AAGs within a host and instance. When you
select a host or instance container, all the contained assets and objects are also selected. You can also select individual
assets or a group of assets within the host or instance container to include in the protection policy.
NOTE:
For FCIs and AAGs, when you select the node of one host, the same selection automatically applies to the other hosts in
the cluster.
The hierarchical view is supported only for an Application Direct protection policy, not an application-aware protection
policy.
The hierarchical view is also available on the following pages in the PowerProtect Data Manager UI:
○ Protection > Protection Policies > Protect Now

○ Protection > Protection Policies > Edit Policy > Assets
○ Infrastructure > Assets
○ Restore > Assets
When you select a host or instance within the hierarchical view, the and icons appear on the container line. If a selected
instance is the only instance on a host, the icons appear on the host line above the instance, not on the instance line.
● Dynamic Protection ( )—Dynamic protection is enabled by default. When dynamic protection is enabled, a dynamic
protection rule is automatically created to ensure that all the selected assets within the selected host or instance container
are dynamically protected by the protection policy. PowerProtect Data Manager manages the protection rule. The rule is
updated automatically when you edit the policy and make changes to the container selections, or when assets are moved
into or out of a selected container.
With dynamic protection, any new databases or assets that you add to the instance or AAG or container after the policy
is created or edited will be automatically added to the protection policy. Any databases or assets that you remove from
the instance or AAG or container are also removed from the policy. When any selection overlap occurs between different
policies, the UI displays the overlaps and helps you to resolve the asset assignment conflicts by adjusting the protection
rules' priority.
To disable the dynamic protection for a container, click and then click Disable in the displayed text box. When the
dynamic protection is disabled, the protection policy does not dynamically protect the selected container and its objects. As
a result, all the selected objects within the container become static selections that are not automatically protected by the
policy.
After you create or edit a protection policy that has dynamic protection, you can select Protection > Protection Rules to
see the protection rule details for the protection policy, including the priority of the protection rule. Dynamic protection rules
apply only at the container level.
● AAG Selection ( )—This icon appears when the selected host or instance includes one or more AAGs. By default, the icon
is enabled and all the AAGs within the host or instance are selected. When you want to exclude all the contained AAGs from
the protection policy, click and then click Exclude in the displayed text box.
In the hierarchical view, you might see in the Protection Policy column, next to a selected host, instance, database, or AAG
to indicate that one of the following issues exists. Hover over to see the issue description:
● When the Microsoft application agent version is earlier than 19.9, an AAG folder might display an incomplete hierarchical
view of the data. To obtain a complete view of the data, update the Microsoft application agent. Version 19.9 is not
supported.
● An asset assignment conflict exists because the host, instance, or contained object is already protected by another
protection policy. After you click Next on the Assets page and click OK on a notification page, the Check conflicts
due to rule priority page appears, where you can adjust the protection rule priorities and resolve the conflicts.
Steps
1. On the Assets page, select the unprotected assets that you want to add to the backup of this protection policy group.
The window enables you to filter by asset name to locate the required assets.
2. Click Next.
If the Assets page included any asset assignment conflicts with other protection policies, a notification page appears that
describes the assets that are already assigned to other protection policies:
● To continue, click OK.

● To return to the Assets page, click Cancel.
When you click OK, the Check conflicts due to rule priority page appears, displaying the assets with conflicting
assignments and their protection policies and rules.
a. In the Protection Rules pane, you can click the up and down arrows to change the protection rule priority of any policy.
When you raise the rule priority for a policy, the assets with conflicts in a lower-priority policy are moved to the policy
with the higher protection rule priority.
3. Click Next.
Results
For exclusion policies, the wizard moves to the Summary page. Continue to Review the protection policy summary.
For all other policy purposes, the wizard moves to the Objectives page. Continue to Add protection policy objectives.
Add protection policy objectives

Use these instructions to add the objectives that you identified during policy planning:
● Configure a primary backup objective
● Configure a primary retention objective
● Configure a replication objective
● Configure a cloud tiering objective
Optionally, select a policy-level Service Level Agreement (SLA) from the Set Policy Level SLA list, or select Add to open the
Add Policy Service Level Agreement wizard and create a policy-level SLA.
Configure a primary backup objective

Primary backup objectives apply to all protection policy purposes except self-service and exclusion policies.
Prerequisites
NOTE:
When a new asset is added to a protection policy during a scheduled backup window, the backup starts right away.
However, if an asset is added to a protection policy outside of the scheduled backup window, the backup does not start
until the next time that backups are configured to run.
If a new asset is added to a protection policy that has a weekly or monthly backup schedule and the current time is within
the scheduled Start and End times, the backup runs right away, regardless of the date. If the current time is not within the
scheduled Start and End times, the backup does not start until the next time that backups are configured to run.
NOTE: Any backup that starts before the End time continues until completion.
Steps
1. Click Add under Primary Backup.
The Add Primary Backup dialog appears.
2. On the Target pane, specify the following fields:
a. Storage Name—Select a backup destination from the list of protection storage, or select Add to add protection storage
and complete the details in the Storage Target dialog.
b. Storage Unit—Select whether this protection policy should use a New storage unit on the selected protection storage
system, or select an existing storage unit from the list.
Hover over a storage unit to view the full name and statistics for available capacity and total capacity, for example,
testvmpolicy-daily-123ab (300 GB/1 TB).
The Space field indicates the total amount of space, and the percentage of available space, on the protection storage
system.
When you select New, PowerProtect Data Manager creates a storage unit on the selected protection storage system
upon policy completion. The storage unit name follows the format policy name-hostname-unique identifier.

For example, testvmpolicy-daily-123cd.
c. Network Interface—Select a network interface from the list, if applicable.

d. Retention Lock—Move the Retention Lock slider to the right to enable retention locking for these backups.
The retention lock mode setting comes from the configuration of the selected storage unit. When you enable retention
locking, the Retention Lock Mode field displays the corresponding storage unit setting.
Setting a retention lock applies to the current backup copy only, and does not impact the retention lock setting for
existing backup copies.
e. SLA—From the list, select an existing service level agreement that you want to apply to this objective, or select Add to
create an SLA within the Add Backup Service Level Agreement wizard.
3. On the Schedules pane, specify the following fields to schedule a full backup of this protection policy:
a. Create a Full backup every—Specify how often to create a full backup.
b. Retain for—Specify the retention period for the full backup.
For database backups, PowerProtect Data Manager chains the dependent backups together. For example, the
incremental or log backups are chained to their base full backup. The backups do not expire until the last backup in
the chain expires. This ensures that all incremental and log backups are recoverable until they have all expired.
c. Start and End—The activity window. Specify a time of day to start the full backup, and a time of day after which
backups cannot be started.
d. Click Save.
4. Optionally, click Add backup and specify the following fields to schedule other backup types (differential or log) for this
protection policy:
NOTE: When you select this option, the backup chain resets.
a. Create a <backup_type> backup every—Specify the backup type from the drop-down list, and then specify the
interval at which the backup job runs within the window that you specify.
Available backup types are Differential or Log. The backup interval depends on the backup interval of the full backup
schedule:
● If the full backup schedule is hourly or daily, the backup interval of subsequent backup levels can be between 1 and 12
hours or between 1 and 60 minutes.
● If the full backup schedule is weekly or monthly, the backup interval of subsequent backup levels can be daily,
between 1 and 12 hours, or between 1 and 60 minutes.
b. Retain for—Specify the retention period for this backup.
CAUTION: If you set a shorter retention period for a differential or log backup than for the corresponding
full backup, data loss might occur and you might be unable to recover the point-in-time copies.
c. Start and End—The activity window. Specify a time of day to start the backup, and a time of day after which backups
cannot be started.
5. Click Add Backup and repeat the procedure for creating full backups if you want to create additional backup copies at
different intervals with different retention periods.
Within this protection policy, when a full schedule conflicts with another full backup schedule, a message appears, indicating
that there is a conflict. Schedule occurrences can conflict with each other when the activity windows are identical or occur
entirely within the same time range. To avoid full schedule conflicts in a policy, edit the activity windows.
If you proceed with conflicting schedules, the backup of the lower priority schedule will be skipped. Schedule priority is
ranked according to the following criteria:
● Full schedules have a higher priority than Synthetic Full schedules.
● For schedules of the same backup type, the schedules that run less frequently have a higher priority than schedules that
run more frequently.
● For schedules with the same backup type and frequency, the schedule with the longest activity window has the higher
priority. If the activity windows are also identical, only one of these schedules will run.
When a schedule conflict between full backups occurs, PowerProtect Data Manager runs the full backup with the longest
retention period.

6. Click Save to save the changes and return to the Objectives page.
The Objectives page updates to display the name and location of the storage target under Primary Backup.
Next steps
After completing the objective, you can change any details by clicking Edit next to the objective.
Configure any remaining objectives. When you have configured all required objectives, click Next.
The wizard moves to the Options page. Continue to Configure protection policy options.
Configure a primary retention objective

Retention objectives apply to self-service protection policies.
Steps
1. Click Add under Primary Retention.
The Add Primary Retention dialog appears.
2. On the Target pane, specify the following fields:
a. Storage Name—Select a backup destination from the list of protection storage, or select Add to add protection storage
and complete the details in the Storage Target dialog.
b. Storage Unit—Select whether this protection policy should use a New storage unit on the selected protection storage
system, or select an existing storage unit from the list.
Hover over a storage unit to view the full name and statistics for available capacity and total capacity, for example,
testvmpolicy-daily-123ab (300 GB/1 TB).
The Space field indicates the total amount of space, and the percentage of available space, on the protection storage
system.
When you select New, PowerProtect Data Manager creates a storage unit on the selected protection storage system
upon policy completion. The storage unit name follows the format policy name-hostname-unique identifier.
For example, testvmpolicy-daily-123cd.

d. Retention Lock—Move the Retention Lock slider to the right to enable retention locking for these backups.
Setting a retention lock applies to the current backup copy only, and does not impact the retention lock setting for
existing backup copies.
e. SLA—From the list, select an existing service level agreement that you want to apply to this objective, or select Add to
create an SLA within the Add Backup Service Level Agreement wizard.
3. On the Retention (Self Service) pane, change any required retention periods.
By default, all backup types share the same retention period.
4. To change the retention periods for specific backup types:
CAUTION: If you set a shorter retention period for a differential or log backup than for the corresponding full
backup, then data loss might occur and you might be unable to recover the point-in-time copies.
a. Clear Set the same retention time for all backup types.
b. Change the Retain <backup_type> For field values as required.
After changing this option, you can create additional backup patterns with different retention periods. For example, you can
add a full backup pattern Retain full backups created every week on the Monday and Tuesday for 2
months.
5. Click Save to save the changes and return to the Objectives page.
The Objectives page updates to display the name and location of the storage target under Primary Retention.

Next steps
After completing the objective, you can change any details by clicking Edit next to the objective.
Configure a replication objective

Optionally, replicate the primary backup or retention to a remote server for added protection. You can specify either scheduled
replication or replication after backup completion.
Prerequisites
NOTE: When creating multiple replicas for the same protection policy, it is recommended to select a different storage
system for each copy.
NOTE: If you select a storage unit that is the target of another objective for the same policy, the UI issues a warning. The
PowerProtect Data Manager Administrator Guide provides information about replicating to shared protection storage to
support PowerProtect Cyber Recovery. Verify the storage targets and the use case before you continue.
About this task

For replicas of centralized backups, when you set retention periods for different backup types, any undefined types use the
full backup retention period. For example, if you do not define a log backup in the primary objective, the log backup for the
replication objective is also undefined. After you run a manual log backup, replicas of that log backup use the same retention
period as the full backup.
Steps
1. Next to the primary backup or retention objective, click Replicate.
An entry for Replicate appears to the right of the primary backup or retention objective.
2. Under Replicate, click Add.
The Add Replication dialog appears, with information in the left pane for each schedule that has been added for the
primary objective of this protection policy.
NOTE: PowerProtect Data Manager replicates backups for all the listed schedules. You cannot select individual
schedules for replication.
3. Select a storage target:
a. Storage Name—Select a replication destination from the list of protection storage, or select Add to add protection
storage and complete the details in the Storage Target window.
b. Storage Unit—Select whether this protection policy should replicate to a New storage unit on the selected protection
storage system, or select an existing storage unit from the list.
d. Retention Lock—Move the Retention Lock slider to the right to enable retention locking for these replicas.
e. SLA—Select an existing replication service level agreement that you want to apply to this schedule from the list.
Or, select Add to create a replication SLA within the Add Replication Service Level Agreement wizard.
The PowerProtect Data Manager Administrator Guide provides more information about replication targets.
4. Select when to replicate the backups or retentions:
Replication triggers provides more information.
● To replicate after the backup finishes, move the Replicate immediately upon backup completion slider to on.
● For scheduled replication, move the Replicate immediately upon backup completion slider to off, and then complete
the schedule details in the Add Replication dialog.
For replication of the primary backup, the schedule frequency can be every day, week, month, or x hours.

For daily, weekly, and monthly schedules, the numeric value cannot be modified. For hourly, however, you can edit the
numeric value. For example, if you set Create a Full backup every 4 hours, you can set a value of anywhere from 1 to
12 hours.
By default, all replicas of the primary objective inherit the retention period from the Retain For value of the synthetic full
and full backup schedules.
5. To specify a different retention period for replicas of different backup or retention types:
CAUTION: If you set a shorter retention period for the replicas of additional backup types than for the
corresponding full backup, you may be unable to recover from those replicas. The additional backup types
include log, incremental, differential, and so on, where applicable.
a. Clear Set the same retention time for all replicated copies.
b. Click Edit in the row of each schedule that you want to change.
c. Update the value in the Retain For field.
d. Click Save.
6. Click Save to save your changes and return to the Objectives page.
Next steps
Configure a cloud tiering objective

For some protection policy types, you can add a Cloud Tier objective to a protection policy to move local full backups to the
Cloud Tier after a predefined number of days.
Prerequisites
To move a backup or replica to Cloud Tier, the corresponding objectives must have a retention time of 14 days or more.
Cloud Tiering happens at 00:00 UTC each day. Depending on your time zone, this time may be within business hours and thus
Cloud Tiering may impact available network bandwidth. Cloud Tiering applies to both centralized and self-service protection
policies.
About this task

The PowerProtect Data Manager Administrator Guide provides more information about adding a Cloud objective and managing
or working with Cloud Tier backups and replicas.
Steps
1. Click Cloud Tier next to or under one of the following:
● A primary backup objective.
● A primary retention objective.
● A replication objective.
The wizard creates an entry for Cloud Tier to the right of, or below, the associated objective.
2. Under the entry for Cloud Tier, click Add.
The Add Cloud Tier Backup dialog appears, with summary information for the parent objective to indicate whether you are
adding this Cloud Tier objective for the primary objective or the replication objective.
3. To tier the backups from all the full primary backup or replication schedules of this policy, keep the All applicable full
backups slider to the right.
Otherwise, move the slider to the left and select one or more full schedules to tier.
4. Set the following parameters:
● Select the appropriate Cloud Unit from the Cloud Target list.
● For Tier After, set a time of 14 days or more.
NOTE: If either of the following conditions are true, you can still select this schedule for tiering:
● The retention period of a schedule is less than the minimum 14 days required before tiering occurs.

● The retention period of a schedule is less than the value in the Tier After field.
However, you must edit the retention period of this schedule, or its backup or replica, to a value greater than the Tier
After field before the retention period of the copy expires. Otherwise, PowerProtect Data Manager will not move the
backup or replica of this schedule to the cloud tier.
5. Click Save to save your changes and return to the Objectives page.
Next steps
Configure protection policy options

On the Options page, select any additional options that are required for the policy.
Steps
1. Exclude Simple Database—Select this option to exclude the databases in simple recovery model from the transaction log
backups.
2. Exclude System Databases—Select this option to exclude the Microsoft SQL Server system databases (including
databases named master, model, and msdb) from the differential and transaction log backups.
3. Exclude Unprotectable Database—Select this option to exclude the databases in an unprotectable state from all backups.
4. Backup Promotion—Select one of the following backup promotion options to use for differential and transaction log
backups:
Option Description
ALL Enables backup promotion. This setting is the default backup promotion setting.
NONE Disables backup promotion, without displaying a warning during backups.
NONE_WITH_WARNINGS Disables backup promotion, but displays a warning during a backup when a backup promotion
would normally occur.
5. To enable the debug logs for troubleshooting purposes, select Troubleshooting.
6. Click Next.
Results
The wizard moves to the Summary page. Continue to Review the protection policy summary.
Review the protection policy summary

Review the protection policy group configuration details. You can click Edit next to any completed window's details to change
any information. When completed, click Finish.
An informational message appears to confirm that PowerProtect Data Manager has saved the protection policy. When a new
protection policy is created, PowerProtect Data Manager performs the first full backup and subsequent backups according to
the specified schedule.
Click OK to exit the window, or click Go to Jobs to open the Jobs window to monitor the backup of the new protection policy
group.
Viewing protection policy jobs

You can monitor and view detailed information in the Jobs window for protection policy objectives, including backups and
restores.
The Cancel and Retry options are not available for self-service jobs that are created by database application agents.

From the PowerProtect Data Manager UI left navigation pane, you can select Jobs > Protection Jobs to view the Protection
Jobs window, which displays the protection job group status. You can also click the job ID in the Protection Jobs window to
view the Job ID Summary window, which displays the status of each asset job.
The status of an asset job is Skipped when the asset is present in the asset host but unavailable for backup because it is
offline or in a restoring, recovery pending, or suspect state. You can see the reason for the Skipped status in the details
section of the Job ID Summary window.
When all the assets in a job group are skipped, the job group status appears as Skipped in the Protection Jobs window.
When some but not all assets in a job group are skipped, the job group status appears as Completed with Exceptions.
When at least one asset in a job group has the Failed status, the job group status appears as Failed.
When a backup fails or a backup is skipped, the backup job steps appear as canceled for the particular database. The backup job
steps are displayed on the Step Log tab in the details section of the Job ID Summary window.
Self-service restore job steps that are displayed on the Step Log tab do not include a step for sending summary statistics for
the restore. Summary statistics are not sent for self-service jobs.
A centralized AAG database restore using the Restore to all replicas option displays minimal restore job steps on the Step
Log tab. The job steps are currently limited to "Database restore" and "Database postrestore".
Extended retention for protection policies created in

PowerProtect Data Manager 19.11 or earlier
NOTE: This section only applies to protection policies created in PowerProtect Data Manager 19.11 or earlier. For protection
policies created in PowerProtect Data Manager 19.12 or later, you add multiple full schedules for primary backup and
replication objectives. Protection policies that were created in an earlier release with the Extend Retention objective are
supported. However, you cannot edit existing extended retention objectives or add new extended retention objectives in
these policies. Knowledge Base article 000204454 at https://www.dell.com/support/ provides detailed information about
specific Extend Retention objective migration scenarios when updating PowerProtect Data Manager.
For protection policies created in PowerProtect Data Manager 19.11 or earlier, the Extend Retention objective allows you to
extend the retention period for the primary backup copy for long-term retention. For example, your regular schedule for daily
backups uses a retention period of 30 days. However, you can extend the retention period to keep full backups taken on
Mondays for 10 weeks.
Both centralized and self-service protection policies support weekly, monthly, and yearly recurrence schedules to meet the
demands of your compliance objectives. For example, you can retain the last full backup containing the last transaction of a
fiscal year for 10 years. Extended retention periods can retain scheduled full backups with a repeating pattern for a specified
amount of time.
For example:
● Retain full yearly backups that are set to repeat on the first day of January for 5 years.
● Retain full monthly backups that are set to repeat on the last day of every month for 1 year.
● Retain full yearly backups that are set to repeat on the third Monday of December for 7 years.
Preferred alternatives
When you define an extended retention objective for a protection policy, you define matching criteria that select preferred
backups to retain. If the matching criteria do not identify a matching backup, PowerProtect Data Manager automatically retains
the preferred alternative backup according to one of the following methods:
● Look-back—Retain the last available full backup that was taken before the matching criteria.
● Look-forward—Retain the next available full backup that was taken after the matching criteria.
For example, consider a situation where you configured a protection policy to retain the daily backup for the last day of the
month to extended retention. However, a network issue caused that backup to fail. In this case, look-back matching retains the
backup that was taken the previous day, while look-forward matching retains the backup that was taken the following day.
By default, PowerProtect Data Manager uses look-back matching to select the preferred alternative backup. A grace period
defines how far PowerProtect Data Manager can look in the configured direction for an alternative backup. If PowerProtect
Data Manager cannot find an alternative backup within the grace period, extended retention fails.

You can use the REST API to change the matching method or the grace period for look-forward matching. The PowerProtect
Data Manager Public REST API documentation provides instructions. If there are no available backups for the defined matching
period, you can change the matching method to a different backup.
For look-forward matching, the next available backup can be a manual backup or the next scheduled backup.
Selecting backups by weekday

This section applies to centralized protection policies. Self-service protection policies have no primary backup objective
configuration.
When you configure extended retention to match backups by weekday, PowerProtect Data Manager might identify a backup as
having been taken on the wrong weekday. This behavior happens where the backup window does not align with the start of the
day. PowerProtect Data Manager identifies backups according to the day on which the corresponding backup window started,
rather than the start of the backup itself.
For example, consider a backup schedule with an 8:00 p.m. to 6:00 a.m. backup window:
● Backups that start at 12:00 a.m. on Sunday and end at 6:00 a.m. on Sunday are identified as Saturday backups, since the
backup window started on Saturday.
● Backups that start at 8:01 p.m. on Sunday and end at 12:00 a.m. on Monday are identified as Sunday backups, since the
backup window started on Sunday.
● Backups that start at 12:00 a.m. on Monday and end at 6:00 a.m. on Monday are identified as Sunday backups, since the
backup window started on Sunday.
In this example, when you select Sunday backups for extended retention, PowerProtect Data Manager does not retain backups
that were taken between 12:00 a.m. and 8:00 p.m. This behavior happens even though the backups occurred on Sunday.
Instead, PowerProtect Data Manager selects the first available backup that started after 8:00 p.m. on Sunday for extended
retention.
If no backups were created between 8:01 p.m. on Sunday and 6:00 a.m. on Monday, PowerProtect Data Manager retains the
next alternative to extended retention. In this example, the alternative was taken after 6:00 a.m. on Monday.
Extended retention backup behavior

When PowerProtect Data Manager identifies a matching backup, automatically extended retention creates a job at the
beginning of the backup window for the primary objective. This job remains queued until the end of the backup window.
The following examples describe the behavior of backups with extended retention for centralized and self-service protection.
Centralized protection
An hourly primary backup schedule starts on Sunday at 8:00 p.m., and ends on Monday at 6:00 p.m. with a weekly extended
retention objective set to repeat every Sunday. PowerProtect Data Manager selects the first available backup starting after
8:00 p.m. on Sunday for long-term retention.
The following diagram illustrates the behavior of backups with extended retention for a configured protection policy. In this
example, full daily backups starting at 10:00 p.m. and ending at 6:00 a.m. are kept for 1 week. Full weekly backups are set to
repeat every Sunday and are kept for 1 month.

Figure 2. Extend retention backup behavior
Self-service protection
For self-service backups, PowerProtect Data Manager uses a default backup window of 24 hours. A backup schedule starts on
Sunday at 12:00 p.m, and ends on Monday at 12:00 p.m. with a weekly extended retention objective set to repeat every Sunday.
PowerProtect Data Manager selects the first available backup that is taken between 12:00 p.m. on Sunday and 12:00 p.m. on
Monday for long-term retention.
Replication of extended retention backups

You can change the retention time of selected full primary backups in a replication objective by adding a replication objective to
the extended retention backup. The rules in the extended retention objective define the selected full primary backups. Review
the following information about replication of extended retention backups.
● Before you configure replication of extended retention backups, create a replication objective for the primary backup.
● Configure the replication objective of the extended retention and match this objective with one of the existing replication
objectives based on the primary backup. Any changes to a new or existing storage unit in the extended retention replication
objective or the replication objective of the primary backup is applied to both replication objectives.
● The replication objective of extended retention backups only updates the retention time of replicated backup copies. New
backup copies are not created in the replication storage.
Protection rules
Protection rules comprise one or more conditions that select matching assets and automatically assign them to a corresponding
protection policy. PowerProtect Data Manager applies these rules to assets at discovery time.
You can apply protection rules to policies for the following asset types:
● Virtual machine
● File System
● Kubernetes
● Microsoft Exchange
● Microsoft SQL
● Network Attached Storage (NAS)
● Oracle
● SAP HANA
● PowerStore block volumes
Before defining a protection rule, note the following:
● Creating protection rules requires at least one existing protection policy.
● An asset can only belong to one protection policy.
● Assets can move from one policy to another policy based on the priorities of the protection rules. You can manually move
an asset into a protection policy and override automatic placement through protection rules. Manual assignment protects the

asset through the specified policy but protection rules no longer apply to that asset. To apply protection rules again, remove
the asset from the protection policy.
● To ensure the protection of homogeneous assets, the protection rule must specify a storage asset type.
● For virtual machine protection policies, virtual machine tags created in the vSphere Client can only be applied to a
protection rule.
● A virtual machine application-aware protection policy that protects a Microsoft SQL Server Always On availability group
(AAG) must include all the virtual machines of the AAG in the same protection group. Failure to meet this requirement
might result in Microsoft SQL Server transaction log backups being skipped. Ensure that the protection rules are designed to
include all the AAG virtual machines.
● For Oracle assets, ensure that the Oracle protection rules do not use the DB ID and Oracle SID Name field settings that were
supported with versions prior to PowerProtect Data Manager 19.6.
Protection rule attributes and criteria

The following table provides a list of the available rule attributes and criteria for all asset types that support the application of
protection rules to policies. The available matching criteria depend on the selected attribute.
Table 13. Supported attributes and matching criteria by asset type

Asset type Supported attributes Matching criteria Notes
Virtual Cluster Name Begins with, Contains, If using the Host Name for a virtual
machines Does not contain, Does machine protection rule to determine which
Datacenter Name
not equal, Ends with, assets get included, ensure that you do not
Datastore Name Equals, Matches RegEx, specify a host in a cluster. If you specify
Does Not Match RegEx a host in a cluster, PowerProtect Data
Host Name Manager will not protect the virtual machine
assets under this host because although
OS Type
these assets are currently running within
this host, they are not owned by the host
and can be switched to another host under
the same cluster at any time.
Power State Equals, Does not equal The Power State attribute is applicable
only to virtual machines, and enables
filtering of virtual machine hosts based on
the state of the host.
vCenter Name Begins with, Contains, ● The VM Folder Name and VM
Does not contain, Does Resource Pool attributes support
VM Display Name
not equal, Ends with, protection for all virtual machine assets
VM Folder Name Equals, Matches RegEx, and resource pools in the selected folder
Does Not Match RegEx and its subfolders.
VM Resource Pool ● Regular expressions for the VM Folder
Name and VM Resource Pool
attributes use Google RE2J syntax. The
operators and effects on the Optional
tab of the dialog box are unavailable for
these attributes. However, the operators
and effects on the Unsupported tab
are available, as are the standard regular
expression predefined character classes.
For example, \d for a digit.
Regular expressions for all other

attributes use ElasticSearch regex
syntax. These expressions do not
support predefined character classes.
Because predefined character classes
are valid for some attributes, the UI does
not mark these classes as invalid syntax.
This is true even for attributes where
such classes are not supported.

Table 13. Supported attributes and matching criteria by asset type (continued)
VM Size Greater than, Less than
VM Tags Equals, Does not equal, In,
Not in
File systems File System Name Begins with, Contains,

Does not contain, Does
Host Name
not equal, Ends with,
Cluster Name Equals, Matches RegEx,
Does Not Match RegEx
Host Type
File System Type Begins with, Contains,
Equals
File System Size Greater than, Less than
Exchange Application Name Begins with, Contains,

servers Does not contain, Does
DB Name
Equals, Matches RegEx,
SQL Application Name Begins with, Contains,

databases Does not contain, Does
DB Name
Host/Cluster/Group Equals, Matches RegEx,
Name Does Not Match RegEx
Host Type Equals
Oracle DB Name Begins with, Contains, The addition of a protection rule is not
databases Does not contain, Does supported for a newly discovered Oracle
Host/Cluster/Group Data Guard asset. When a PowerProtect
Name Data Manager system is updated from an
Does Not Match RegEx earlier version, the Oracle Data Guard asset
continues to be associated with previously
Host Type Equals defined protection rules.
Oracle Version Begins with, Contains,
Kubernetes Namespace Name Begins with, Contains,

namespaces Does not contain, Does
Namespace Label Equals, Does not equal
SAP HANA Application Name Begins with, Contains,

databases Does not contain, Does
DB Name
Network- Share Name Begins with, Contains,

attached Does not contain, Does
storage not equal, Ends with,

Table 13. Supported attributes and matching criteria by asset type (continued)
Share Size Greater than, Less than
File System Name Begins with, Contains,
Protocol Equals, Does not equal
Server Name Begins with, Contains,
Server Address
Block Block Volume Name Begins with, Contains,

Volumes Does not contain, Does
Block Volume Size Greater than, Less than
Block Volume WWN Begins with, Contains,
Origin Type Equals, Does not equal
Replica Storage Array Begins with, Contains,
Name Does not contain, Does
Storage Array IP Begins with, Contains,
Storage Array Name Begins with, Contains,
Equals
Add a protection rule

Select a protection policy and then define one or more conditions. Where applicable, create compound rules by linking multiple
conditions through logical operators.
About this task

Compound rules enable you to combine multiple selection criteria through AND and OR operators for higher precision. For
example, assets in a particular data center with particular tags. Compound rules must have at least one condition.

The Add Protection Rule wizard displays compound rules in containers. Grouping rules in the same container represents a
logical AND of those rules. Placing rules in separate containers represent a logical OR of those rules. For example, the compound
rule (A AND B) OR (C) corresponds to one container with rules A and B, and another container with rule C.
The wizard validates fields as you type. As you define the protection rule, the wizard also displays a count of assets which
match the entire protection rule, next to View Filtered Assets.
Steps
1. From the PowerProtect Data Manager UI, select Protection > Protection Rules.
The Protection Rules window appears.
2. Select the tab that corresponds to the asset type or host for which you would like to add the protection rule, and then click
Add.
PowerProtect Data Manager supports the application of protection rules for the following asset types:
● Virtual machine
● File System (Block Volumes)
● Kubernetes namespaces
● Microsoft Exchange
● Microsoft SQL
● Network Attached Storage (NAS)
● Oracle
● SAP HANA
● PowerStore block volumes
The Add Protection Rule window opens to the Select Protection Policy page.
3. Select the target protection policy for the protection rule and then click Next.
The Add Rule Description page appears.
4. Define the purpose of the protection rule:
a. Name. For example, Rules Prod Finance. The name must be unique.
b. Description. For example, Finance department production servers
c. Click Next.
The Add Conditions page appears.
5. Define the protection rule:
a. Select an attribute. The available attributes depend on the selected host type.
b. Select a matching criteria. The available matching criteria depend on the selected attribute.
NOTE: Where the available matching criteria includes regular expressions, click for a list of supported operators
and effects in a separate dialog box.
c. Depending on the selected attribute, supply a search phrase to compare against the attribute or select an option from
the list.
The wizard displays a count of matching assets beside the rule and enables new Add Rule options for compound rules.
For example, a rule with the filters VM Folder Name, Contains, and Finance can match assets belonging to your
finance department to the selected protection policy.
6. To define a compound rule:
The wizard only enables some Add Rule options after the successful validation of other rules in the same container. For
example, rules cannot be empty.
a. Select a logical operation, and then click the corresponding Add Rule option.
● If you select + (AND), the new rule appears in the same container.
● If you select Add Rule - OR, the new rule appears in a separate container.
b. Repeat the previous step to define the new protection rule.
c. To remove a rule from a compound rule, click for that rule.
NOTE: The wizard disables for any rules whose deletion would result in an empty container. To remove these
rules, remove the entire container.
The wizard removes the selected rule and any associated Add Rule options.
d. To remove an entire container and any rules within it, click for that container.
The wizard also removes any associated Add Rule options.
e. To remove all rules, click Reset Rules.

The wizard displays a count of matching assets beside each rule and, for each container, a count of matching assets for all
rules in the container.
NOTE: The counts displayed by the Protection > Protection Rules > Add Protection Rules > Add Conditions and
Protection > Protection Rules > Add Protection Rules > Add Conditions > Filtered Assets panes only count
the number of assets in the filtered folders and resource pools. The counts do not include assets in subfolders or
sub-resource pools. Despite the displayed count, all assets in subfolders and sub-resource pools are also protected. For
existing protection rules, accurate asset counts are displayed in the Protection > Protection Rules and Protection >
Protection Policies panes.
7. To see a list of unprotected assets which match the protection rule, click View Matching Assets.
The Matching Assets window opens and displays the details of each matching asset. Verify that the list includes all
expected assets, and then click Done.
8. If the protection rule and list of matching assets do not meet expectations, adjust the rules accordingly. Alternatively, reset
the rules and then build the protection rule again.
9. If the protection rule and list of matching assets meet expectations, click Next.
The Summary page appears.
10. Review the protection rule details and then click Finish.
Results
The new protection rule automatically protects any matching assets.
Manually run a protection rule

PowerProtect Data Manager automatically runs protection rules when new assets are detected or when existing assets are
modified. You can also run protection rules manually.
Prerequisites
NOTE: For SQL, Oracle, SAP HANA, file system, and block volume asset types, the protection rule runs only on scheduled
discovery in PowerProtect Data Manager. Ensure that you schedule discovery for these asset types.
Steps
1. From the PowerProtect Data Manager UI, select Protection > Protection Rules.
2. Select the required protection rules, and then click Run.
PowerProtect Data Manager runs all of the selected protection rules for the current asset type.
Schedule an asset source discovery

For some asset types, the protection rule runs only upon scheduled asset source discovery in PowerProtect Data Manager.
About this task

This task applies only to the following asset types:
● File System
● Microsoft SQL Server
● Block volumes
● SAP HANA
Steps
1. Select Infrastructure > Asset Sources.
2. Select the tab for the type of asset source that you want to discover.
3. Select the asset source name in the asset source list, and then click Discover.
4. From the Discovery Schedule list, select the time of day to initiate the discovery.

Edit or delete a protection rule
You can change the name, description, the rule filters, and the associated protection policy.
Steps
1. Select Protection > Protection Rules.
NOTE: On the Protection Rules window, the Source column lists Protection Policy and User created rules. The
Protection Policy rules, that is, the protection rules that are created dynamically while adding or editing the protection
policy cannot be edited or deleted. Unselect the server/host of an asset by editing the protection policy to delete such
rules.
2. To edit a protection rule, select the rule and then click Edit.
The Edit Protection Rule window appears.
a. Select a protection policy, and then click Next.
b. Modify the name, description, or filter rules, and then click Next.
Add a protection rule provides more information about working with rules.
c. Review the protection rule summary, and then click Finish.
3. To delete a protection rule, select the rule and then click Delete.
PowerProtect Data Manager removes from protection policies any assets that were added because of this protection rule.
PowerProtect Data Manager adds those assets again if you do not update related protection rules.
View assets applied to a protection rule

You can view the assets that are applied to a protection rule from the Protection Rules window. If the modification of a
protection rule results in assets moving from one policy to another, the Protection Rules window enables you to verify the
results.
About this task

To view assets that are applied to a protection rule, complete the following steps.
Steps
1. From the left navigation pane, select Protection > Protection Rules.
2. Click the link in the Assigned Assets Count column for the protection rule.
The Assets List window appears and displays the matched assets.
3. To export asset records for the protection rule, in the Assets List window, click Export All.
Change the priority of an existing protection rule

When multiple protection rules exist, you can define the priority of each rule. Priority determines which rule applies to an asset
when that asset matches multiple rules and those rules have conflicting actions.
About this task

For example, if an asset matches several protection rules and each rule specifies a different protection policy, then the rule with
the highest priority determines the policy assignment.
Protection rule priorities are integers. Smaller integers represent a higher priority.
Steps
1. Select Protection > Protection Rules.

2. To change a protection rule's priority, select the rule and then click Up or Down.
Remember that the smaller integer has the higher priority.
Configure protection rule behavior

You can use the REST API to configure what happens when a protection rule changes.
The PowerProtect Data Manager Public REST API documentation provides instructions.
NOTE:
If you update from a previous release of PowerProtect Data Manager, the configured behavior for protection rule changes
still applies to the current release. For example, in PowerProtect Data Manager 19.12, if you did not configure protection
rules through application.properties to move assets across policies, then you cannot change the behavior with this
method in PowerProtect Data Manager 19.13 or later.
However, if you updated the configuration file to enable protection rules to move assets across policies, then this behavior
continues to apply after the update.
Cancel a Microsoft SQL application agent protection

or restore job
You can cancel an application agent protection job from the PowerProtect Data Manager UI. The job must be in a queued or
running state. The protection job runs for a primary backup that is configured through an application agent protection policy.
About this task

You can perform two types of application agent job cancellations in the PowerProtect Data Manager UI:
● Cancellation of a job group that includes one or more asset jobs.
● Cancellation of an individual asset job.
NOTE:
When a job completes before the cancel request reaches the application host, the status of the canceled job transitions to
either success or failure.
You can also cancel a queued restore job. However, you cannot cancel a restore job that is in progress. The restore job
status transitions to either success or failure based on the restore status on the application host.
You can cancel many other types of jobs, in addition to protection and restore jobs. The PowerProtect Data Manager
Administrator Guide provides more information.
Perform the following steps to cancel an application agent protection job in the PowerProtect Data Manager UI.
Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Jobs > Protection Jobs.
The Protection Jobs window opens to display a list of protection jobs and job groups.
2. In the Protection Jobs window, perform the required type of job cancellation:
● To cancel a job group:
a. In the Protection Jobs window, select the required job group and click Cancel.
A job group warning prompt appears.
b. Click OK at the prompt.
You can monitor the job group cancellation in the Protection Jobs window. The job group status changes to Canceled
when the cancellation of all the asset jobs is complete.

To monitor the cancellation of individual asset jobs within the job group, click the job ID in the Protection Jobs window.
The Job ID Summary window opens, where you can view the status of each asset job.
● To cancel an asset job:
a. In the Protection Jobs window, click the job ID.
The Job ID Summary window opens to display the job details of the assets in the job group.
b. In the Job ID Summary window, select the required asset job and click Cancel.
A job warning prompt appears.
c. Click OK at the prompt.
You can monitor the asset job cancellation in the Job ID Summary window. The asset job status changes to Canceled
when the job cancellation is complete.
NOTE: When the cancel request for a job cannot be completed, an informational alert is displayed.
Edit the retention period for backup copies

You can edit the retention period of one or more backup copies to extend or shorten the amount of time that backups are
retained.
About this task

You can edit the retention period for all asset types and backup types.
Steps
1. Select Infrastructure > Assets.
2. From the Assets window, select the tab for the asset type for which you want to edit the retention period. If a policy has
been assigned, the table lists the assets that have been discovered, along with the associated protection policy.
3. Select a protected asset from the table, and then click View Copies. The Copy Locations pane identifies where the
backups are stored.
4. In the left pane, click to the right of the icon for the asset. The table in the right pane lists the backup copies.
5. Select one or more backup copies from the table, and click Edit Retention.
6. Select one of the following options:
● To select a calendar date as the expiration date for backups, select Retention Date.
● To define a fixed retention period in days, weeks, months, or years after the backup is performed, select Retention
Value. For example, you can specify that backups expire after 6 months.
NOTE: When you edit the retention period for copies that are retention locked, you can only extend the retention
period.
7. When satisfied with the changes, click Save.

The asset is displayed in the list with the changes. The Retention column displays both the original and new retention
periods, and indicates whether the retention period has been extended or shortened.
Delete backup copies

In addition to deleting backups after the retention period expires, PowerProtect Data Manager enables you to manually delete
backup copies from protection storage.
About this task

If you no longer require a backup copy and the retention lock is not enabled, you can delete backup copies prior to their
expiration date.
Starting with PowerProtect Data Manager version 19.6, you can perform a backup copy deletion that deletes only a specified
part of a backup copy chain, without impacting the ability to restore other backup copies in the chain. When you select a

specific backup copy for deletion, only that backup copy and the backup copies that depend on the selected backup copy are
deleted:
● When you select to delete a full backup copy, any other backup copies in the chain that depend on the full backup copy are
also deleted.
● When you select to delete a differential backup copy, only the differential backup copy is deleted because there are no other
dependent backup copies. The whole backup chain is not deleted.
● When you select to delete a log backup copy, any other log backup copies that depend on the selected log backup copy are
also deleted. The whole backup chain is not deleted.
● When you select to delete all log backup copies, the full and differential backup copies are automatically excluded from
deletion.
Regarding expired copy deletion for a backup chain, the full backup expires last. The differential and log backups that expire
earlier than the full backup can be deleted when their retention time expires:
● The full backup expires only when every other backup in the chain has expired.
● A differential backup expires when its retention time expires.
● A log backup expires only when all the log backups that depend on it have expired.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets.
2. From the Assets window, select the tab for the asset type for which you want to delete copies. If a policy has been
assigned, the table lists the assets that have been discovered, along with the associated protection policy.
backups are stored.
5. Select one or more copies from the table that you want to delete from the DD system, and then click Delete.
A preview window opens and displays the selected backup copies and all the backup copies that depend on the selected
backup copies.
NOTE: If you delete a backup copy, PowerProtect Data Manager deletes the specified backup copy and all backup
copies that depend on the specified backup copy.
6. For all asset types, you can choose to keep the latest backup copies or delete them. By default, PowerProtect Data Manager
keeps the latest backup copies. To delete the latest backup copies, clear the check box next to Include latest copies.
7. To delete the backup copies, in the preview window, click Delete.
NOTE: The delete operation may take a few minutes and cannot be undone.
An informational dialog box opens to confirm the copies are being deleted. To monitor the progress of the operation, click Go
to Jobs. To view the list of backup copies and their status, click OK.
When the job completes, the task summary provides details of each deleted backup copy, including the time that each copy
was created, the backup level, and the retention time. The time of copy creation and the retention time are shown in UTC.
An audit log is also generated and provides details of each deleted backup copy, including the time that each copy was
created, the backup level, and the retention time. The time of copy creation and the retention time are shown in UTC. Go to
Alerts > Audit Logs to view the audit log.
8. Verify that the copies are deleted successfully from protection storage. If the deletion is successful, the deleted copies no
longer appear in the table.
Retry a failed backup copy deletion

If a backup copy is not deleted successfully, you can manually retry the operation.
Steps
backups are stored.

5. Select one or more backup copies with the Deletion Failed status from the table, and then click Delete.
You can also filter and sort the list of backup copies by status in the Copy Status column.
The system displays a warning to confirm that you want to delete the selected backup copies.
6. Click OK.
An informational dialog box opens to confirm that the copies are being deleted. To monitor the progress of the operation,
click Go to Jobs. To view the list of backup copies and their status, click OK.
7. Verify that the copies are successfully deleted from protection storage. If the deletion is successful, the deleted copies no
longer appear in the table.
Export data for deleted Exchange, File System, Kubernetes, Block

Volume, and SQL backup copies
This option enables you to export results of deleted backup copies to a .csv file so that you can download an Excel file of the
data.
Steps
2. From the Assets window, select the tab for the asset type for which you want to export results of deleted backup copies. If
a policy has been assigned, the table lists the assets that have been discovered, along with the associated protection policy.
3. Select one or more protected assets from the table, and then select More Actions > Export Deleted Copies.
If you do not select an asset, PowerProtect Data Manager exports the data for deleted backup copies for all assets for the
specific asset type.
4. Specify the following fields for the export:
a. Time Range
The default is Last 24 Hours.
b. Copy Status
In order to export data for deleted backup copies, the backup copies must be in one of the following states:
● Deleted—The copy is deleted successfully from protection storage, and, if applicable, the agent catalog is deleted
successfully from the agent host.
● Deleting—Copy deletion is in progress.
● Deletion Failed—Copy deletion from protection storage is unsuccessful.
NOTE: You cannot export data for backup copies that are in an Available state.
5. Click Download.
If applicable, the navigation window appears for you to select the location to save the .csv file.
6. Save the .csv file in the desired location and click Save.
Remove Exchange, File System, Kubernetes, Block Volume, and

SQL backup copies from the PowerProtect Data Manager database
This option enables you to delete the backup copy records from the PowerProtect Data Manager database, but keep the backup
copies in protection storage.
About this task

For backup copies that could not be deleted from protection storage, you can remove the backup copies from the PowerProtect
Data Manager database. Removing the backup copies from PowerProtect Data Manager does not delete the copies in
protection storage.
Steps

backups are stored.
5. Select one or more backup copies with the Deletion Failed status from the table, and then click Remove from
PowerProtect.
The system displays a warning to confirm that you want to delete the selected backup copies.
6. Click OK.
An informational dialog box opens to confirm that the copies are being deleted. To monitor the progress of the operation,
click Go to Jobs. To view the list of backup copies and their status, click OK.
7. Verify that the copies are deleted from the PowerProtect Data Manager database. If the deletion is successful, the deleted
copies no longer appear in the table. The backup copies remain in protection storage.
Host CPU throttling

A user with an administrator or backup role can enable the host CPU throttling feature to reduce the amount of CPU utilization
by backups on the application agent host. The host CPU throttling can slow down the running backup jobs on the host and
prevent any new backup jobs from starting. This feature is useful when backups on the host use a significant amount of CPU
that adversely affects the existing production operations.
The user can enable the CPU throttling in the PowerProtect Data Manager UI and specify a host CPU utilization threshold or
limit. When CPU utilization on the host exceeds the limit, the running backups are slowed down and new backups are queued. As
a result, other processes on the same host can increase their CPU utilization and improve their response to critical tasks.
The host CPU throttling feature is supported for centralized and self-service backups with version 19.14 and later of the File
System agent, Microsoft SQL Server agent, and Oracle RMAN agent. By default, CPU throttling is not enabled on an application
agent host.
NOTE:
Use CPU throttling with care, on only specific hosts and in specific situations, as it can slow down the backup jobs by up
to 20 times. The slowdown can cause backup jobs to run longer than the execution time window and possibly affect the
compliance associated with the policies on the host.
The host CPU throttling feature is supported for Oracle Incremental Merge new backups. The feature is not supported for
Oracle Incremental Merge existing in-progress centralized backups, self-service backups, or stand-alone application agents.
You can enable CPU throttling for self-service Oracle RMAN agent backups through the following type of setting in the
RMAN script. The backups are then slowed down:
ALLOCATE CHANNEL C1 TYPE SBT TRACE 5 PARMS

'SBT_LIBRARY=/home/oracle/opt/dpsapps/rmanagent/lib/libddobk.so,
SBT_PARMS=(RMAN_AGENT_HOME=/home/oracle/opt/dpsapps/rmanagent/,
STORAGE_UNIT=/PLC-RAC-DG-blrv136g138-e8e4e, BACKUP_HOST=10.125.208.242,
ORACLE_HOME=/u02/software, SCHEDULED_BACKUP=TRUE, CPU_THROTTLE=90)';
For example, a user with an administrator or backup role enables the host CPU throttling and specifies the CPU utilization limit
of 90% on the application agent host. The effect on the backup jobs is as follows:
● When the host CPU utilization exceeds 90%:
○ Existing backup jobs are slowed down.
○ New backup jobs are queued on the host.
● When the host CPU utilization is reduced to 90% or less:
○ The slowed backup jobs resume their normal speed.
○ The queued backup jobs are started.
NOTE:
It is recommended that you keep the host CPU utilization limit above 85%. Setting a limit of 85% or less can significantly
slow down the backup operations. If all backup jobs become queued, then disable the CPU throttling or change the CPU
utilization limit as it was likely set too low.

Running backup jobs are not affected by a change to the host CPU utilization limit. A running backup continues to use the
limit value from the time that the backup job started. Backup jobs can be canceled when throttled or queued.
If the host CPU usage is consistently high without running backups, the CPU throttling feature will not be effective and backups
will likely never start after you set the CPU utlilization limit. In this case, reduce the load on the host first and then use the host
CPU throttling.
If the host includes pre-19.14 application agents or agents other than those for File System, Microsoft SQL Server, or Oracle
RMAN, host CPU throttling is enabled, and the CPU utilization limit is exceeded:
● New backup jobs are queued on the host.
● Running backup jobs are not throttled.
A user can change the CPU utilization limit setting on a host as long as the host has a supported application agent. When CPU
throttling is enabled on the host and then all the supported application agents are removed, the only available option for the user
is to disable the CPU throttling.
Enable the host CPU throttling

To set the CPU throttling at the host level, perform the following steps as a user with an administrator or backup role.
Starting with version 19.14, the lower table in the Application Agents window has two new columns that are related to host
CPU throttling:
● The Throttling Status column displays the status of backup throttling on the application agent host:
○ No Throttling—CPU throttling is not set for backups on the host.
○ Throttling—CPU throttling is set for backups on the host.
○ Unsupported—CPU throttling is unsupported because the host has only pre-19.14 application agents or application
agents other than the File System agent, Microsoft SQL Server agent, or Oracle RMAN agent.
● The CPU Throttling column displays the CPU utilization limit setting for backup throttling on the application agent
host. The displayed setting is either a double dash when throttling is not set or the CPU utilization limit as a percentage
between 1 to 99, inclusive.
By default, the CPU Throttling column is hidden. To display the column, click the icon on the lower left and then select
CPU Throttling from the Show/Hide Columns list.
View application agent details provides more information about the Application Agents window.
2. To enable the backup CPU throttling for the host and set the CPU utilization limit:
a. In the lower table in the Application Agents window, select the application agent host.
b. Select More Actions > Backup Throttling.
c. In the Set Backup Throttling dialog box, specify the following fields and click Save. A system job is then created for
the host CPU throttling configuration. When the CPU throttling limit is changed, an audit is also created:
● Backup Throttling—Set the value to Enabled.
● CPU Utilization Limit—Set the value to an integer between 1 and 99, inclusive. For example, set the value to 90 for
a 90% limit. It is recommended that you keep the CPU utilization limit above 85%.
The specified CPU utilization limit appears as a percent value in the CPU Throttling column in the table in the
Application Agents window.
When backup throttling occurs, a message appears in the step log that is available through the protection job "details" view. The
message states that the backup speed has slowed due to application agent throttling restrictions. When a backup job is queued
during CPU throttling, the following message appears in the step log:
Queued due to host backup throttling
On the Details tab in the protection job window, the value Yes appears after the Throttled field label when throttling has
occurred at some point during the backup job.

Enable the Microsoft application agent after Internet
Protocol change
PowerProtect Data Manager 19.12 introduced support for IPv6. When you modify the configured Internet Protocols after
updating to or installing PowerProtect Data Manager 19.12 on the Microsoft SQL Server host, the Microsoft application agent
must be enabled for backup and restore operations.
About this task

Supported Internet Protocol versions provides details about the IPv4 and IPv6 addresses that PowerProtect Data Manager and
its components support in specific configurations.
You must perform the required procedure to enable the Microsoft application agent operations in the following cases:
● With Microsoft application agent 19.11 or earlier on the Microsoft SQL Server host, you registered the host to PowerProtect
Data Manager. Then after updating to PowerProtect Data Manager 19.12, you want to use IPv6 in either a dual-stack or IPv6
configuration.
● With Microsoft application agent 19.12 newly installed on the Microsoft SQL Server host, you registered the host to
PowerProtect Data Manager. Then you want to change the network configuration to add or remove either IPv4 or IPv6.
In these cases, perform the following procedure to enable the Microsoft application agent backup and restore operations.
Steps
1. Delete the Microsoft SQL Server host:
a. Remove the assets from the protection policies. The PowerProtect Data Manager Administrator Guide provides details
on how to remove assets from PowerProtect Data Manager.
b. Delete the Microsoft SQL Server host according to Delete an asset source. This procedure unregisters the host from
PowerProtect Data Manager and removes the host assets after all the asset copies have expired.
2. Make the network configuration changes on the Microsoft SQL Server host:
a. Enable the IPv4 or IPv6 protocol in the network settings, and assign the required static address.
b. To configure a pure IPv4 or pure IPv6 environment, disable the required protocol in the network settings.
3. Run the installation wizard and select the Change option to reregister the Microsoft SQL Server host with the same
PowerProtect Data Manager server.
4. Add the required assets back into the protection policy.
Enable the Microsoft application agent after

hostname change
Perform the following steps to enable the Microsoft application agent operations after the hostname is changed.
About this task

Perform the following steps to enable the Microsoft application agent operations after the hostname is changed.
Steps
1. Change the FQDN of the Microsoft application agent host.
2. From the C:\Program Files\DPSAPPS\AgentService directory:
a. Unregister the Microsoft application agent from PowerProtect Data Manager by running unregister.bat.
b. Register the Microsoft application agent with PowerProtect Data Manager by running register.bat.
3. Delete the existing agents.clb* lockbox files in the directories C:\Program Files\DPSAPPS\common\lockbox and
C:\Program Files\DPSAPPS\AgentService\config.
NOTE: If the Microsoft application agent is installed to a non-default path, delete the agents.clb* files in the
lockbox and config subdirectories of the installation directory.
4. In the PowerProtect Data Manager UI, configure the lockbox:

a. In the left navigation pane, select Protection > Protection Policies.
b. On the Protection Policies page, select the applicable protection policy in the list and click Set Lockbox.
5. Ensure that scheduled backups and the restores from previous and latest backups are successful.
Enable the Microsoft application agent after host IP

address change
After the IP address (static IP) of the Microsoft application agent host is changed, you must reregister the Microsoft application
agent and verify the Microsoft application agent operations.
About this task

Perform the following steps to change the IP address of the Microsoft SQL Server host and enable the Microsoft application
agent operations.
Steps
1. Unregister the Microsoft application agent from PowerProtect Data Manager by running unregister.bat from the C:
\Program Files\DPSAPPS\AgentService directory on the Microsoft SQL Server host.
NOTE: If the IP address of the Microsoft application agent host is already changed, do not
unregister the Microsoft application agent. Instead, rename the ssl directory in the installation location
<installation_directory>\DPSAPPS\AgentService and go to step 3.
2. Change the IP address (static IP) of the Microsoft SQL Server host.
3. Register the Microsoft application agent with PowerProtect Data Manager by running register.bat from the C:
\Program Files\DPSAPPS\AgentService directory on the Microsoft SQL Server host.
4. Ensure that the scheduled Microsoft SQL Server backups and the restores from previous and current backups are
successful.
Enable the Microsoft application agent after reusing

IP address from a different host
You can migrate to a different Microsoft application agent host that reuses the IP address from a host that is either a Microsoft
SQL Server host or another type of host. For example, the new Microsoft application agent host reuses the IP address from an
Oracle RMAN agent host.
Steps
1. Delete the Microsoft SQL Server or other host by deleting the asset source according to Delete an asset source. This
procedure unregisters the host from PowerProtect Data Manager and removes the host assets after all the asset copies
have expired.
2. Reuse the IP address (static IP) from the previous host on the new Microsoft SQL Server host.
3. Run the Microsoft application agent installer and select the Change option to reregister the Microsoft SQL Server host with
the same PowerProtect Data Manager server.
4. Ensure that the centralized and self-service backups are successful with the new host.

migration to a different Microsoft SQL Server host
You can migrate to a different Microsoft SQL Server host and connect it with PowerProtect Data Manager by reusing the IP
address and hostname of the former host.
About this task

This procedure is applicable for the following use cases:
● Operating system upgrade of the application agent host
● Service pack update
The operating system version of the new application host can be the same as or different from the operating system version of
the former host. Perform the following steps to migrate the Microsoft application agent to a new host by reusing the same IP
address and hostname as the former host.
Steps
1. Delete the original Microsoft SQL Server host by deleting the asset source according to Delete an asset source. This
procedure unregisters the host from PowerProtect Data Manager and removes the host assets after all the asset copies
have expired.
2. Migrate the Microsoft SQL Server application from the original host to the new Microsoft SQL Server host. Ensure that the
new host has the same IP address and FQDN as the original host.
3. Run the Microsoft application agent installation on the new Microsoft SQL Server host and select the Change option to
register the new host with the same PowerProtect Data Manager server as the original host.
4. Run a manual discovery, backup, and restore on the new Microsoft SQL Server host. Ensure that the operations are
successful.

Microsoft SQL Server upgrade
Perform the following steps to enable the Microsoft application agent operations after a major version upgrade of the Microsoft
SQL Server on the Microsoft application agent host.
Prerequisites
Before you perform a Microsoft SQL Server major version upgrade:
● Ensure that no centralized or self-service backup jobs are running.
● Ensure that you update the Microsoft application agent according to Update the Microsoft application agent. This
prerequisite ensures that duplicate assets are not created in PowerProtect Data Manager.
About this task

NOTE: Microsoft SQL Server upgrades on the Microsoft application agent host are supported only with Microsoft
application agent version 19.13 or later.
On Windows, you can start, stop, or obtain the status of the PowerProtect agent service from the Services Manager, similar to
other Windows services. The name of the service in the Services Manager is PowerProtect Agent Services.
Steps
1. Disable the protection policies on the Microsoft SQL Server host.

2. Stop the PowerProtect agent service.
3. Upgrade the Microsoft SQL Server for stand-alone, cluster, and AAG environments.
NOTE: For cluster and AAG environments, upgrade all nodes in the cluster or AAG before you start the PowerProtect
agent service.
4. After the Microsoft SQL Server services are started, start the PowerProtect agent service.
5. Enable the protection policies that were disabled in step 1.
6. Perform a manual discovery of the Microsoft SQL Server hosts using PowerProtect Data Manager.
7. Ensure that assets have not been removed from the protection policies.
8. Run a protection policy backup.

operating system upgrade
Perform the following steps to enable the Microsoft application agent operations after an upgrade of the Windows operating
system on the application agent host.
Steps
1. If the impacted host is the only host in a protection policy, disable the protection policy.
2. Stop the PowerProtect agent service on the Microsoft SQL Server host.
3. Upgrade the Windows operating system on the Microsoft application agent host.
4. Start the Microsoft SQL Server services on the host.
5. Run the discovery of the Microsoft application agent host according to Discover a Microsoft SQL Server application host.
6. Enable the protection policy that was disabled in step 1.
NOTE: If you did not disable the protection policy, any associated assets that are protected by the protection policy are
removed automatically from the protection policy. Add the required assets back into the policy to continue protecting
the assets.
Manage the PowerProtect agent service

The PowerProtect agent service provides important functionality for the application agent operations with the PowerProtect
Data Manager.
Review the following topics to ensure that you enable and manage the PowerProtect agent service functionality as required for
application agent operations.
About the PowerProtect agent service

The PowerProtect agent service is a REST API based service that is installed by the application agent on the application host.
The agent service provides services and APIs for discovery, protection, restore, instant access, and other related operations.
The PowerProtect Data Manager uses the agent service to provide integrated data protection for the application assets.
This section uses <agent_service_installation_location> to represent the PowerProtect agent service installation
directory. By default, the agent service installation location is C:\Program Files\DPSAPPS\AgentService on Windows
and /opt/dpsapps/agentsvc on Linux. All files that are referenced in this section are the relative paths to the agent service
installation location.
The PowerProtect agent service performs the following operations:
● Addon detection—An addon integrates the application agent into the agent service. The agent service automatically detects
the addons on the system for each application asset type and notifies the PowerProtect Data Manager. While multiple
addons can operate with different asset types, only one agent service runs on the application host. Specific asset types can
coexist on the same application host.

● Discovery—The agent service discovers both stand-alone and clustered database servers (application systems), databases
and file systems (assets), and their backup copies on the application agent host. After the initial discovery, when the agent
service discovers any new application systems, assets, or copies, the agent service notifies the PowerProtect Data Manager.
● Self-service configuration—The agent service can configure the application agent for self-service operations by using
information that is provided by the PowerProtect Data Manager. When you add an asset to a protection policy for
self-service or centralized protection, or modify the protection policy, including changing the DD Boost credentials, the
PowerProtect Data Manager automatically pushes the protection configuration to the agents.
NOTE: If you change the DD Boost credentials to include \ in the password, the protection policy configuration will not
be pushed to the agents unless you also select the protection policy from the Protection Policies window, and then
click Set LockBox.
● Centralized backups—The agent service performs the centralized backups as requested by the PowerProtect Data
Manager.
● Centralized restores—The agent service performs the centralized restores as requested by the PowerProtect Data
Manager.
NOTE: In the current release, the centralized restores are only available for the File System agent, Microsoft SQL
Server agent, and Storage Direct agent.
● Backup deletion and catalog cleanup—The PowerProtect Data Manager deletes the backup files directly from the protection
storage when a backup expires or an explicit delete request is received and no dependent (incremental or log) backups exist.
The PowerProtect Data Manager goes through the agent service to delete the catalog entries from the database vendor's
catalog and the agent's local datastore.
NOTE:
Deletion of any backup copies manually or through the command line is not recommended. PowerProtect Data Manager
deletes all the expired copies as needed.
The agent service maintains SQLite database backups in the <install_directory>/dbs/v1/backups directory,
which is cleaned based on the retention time in the config.yml file. The agent service cleans up the backups only
when the backup count exceeds 10 (cleans up only extra backups after the 10th count).
The agent service is started during the agent installation by the installer. The agent service runs in the background as a service
and you do not interact with it directly.
The config.yml file contains the configuration information for the agent service, including several parameter settings that
you can change within the file. The config.yml file is located in the <agent_service_installation_location>
directory.
If the config.yml file becomes corrupted, you can run the following commands to restore the file and continue the protection
provided by the agent service:
● On Windows:
agentService.exe config=config.yml service=false restoreConfig=true
● On Linux and AIX:
agentService config=config.yml service=false restoreConfig=true
The agent service periodically starts subprocesses to perform the discovery jobs. You can see the type and frequency of these
jobs in the jobs: section of the config.yml file. The job interval unit is minutes.
The agent service maintains a datastore in the <agent_service_installation_location>/dbs/v1 directory, which
contains information about the application system, assets, and backups discovered on the system. The size of the datastore files
depends on the number of applications and copies on the host. The agent service periodically creates a backup of its datastore
in the <agent_service_installation_location>/dbs/v1/backups directory, as used to recover the datastore if
this datastore is lost.
NOTE: The size of each datastore backup is the same as the datastore itself. By default, a backup is created every hour.
To save space on the file system, you can reduce this datastore backup frequency for large datastores. By default, the
datastore backup is retained for one week. You can change the datastore backup frequency, retention period, and backup
location in the config.yml file.

Start, stop, or obtain the status of the PowerProtect agent service
The PowerProtect agent service is started during the agent installation by the installer. If needed, you can use the appropriate
procedure to start, stop, or obtain the status of the agent service.
On Windows, you can start, stop, or obtain the status of the PowerProtect agent service from the Services Manager, similar to
other Windows services. The name of the service in the Services Manager is PowerProtect Agent Service.
Troubleshooting PowerProtect agent service installations

A PowerProtect agent service installation might fail with the following error message:
Service 'PowerProtect Agent Service' (AgentService) could not be installed. Verify that
you have sufficient privileges to install system services.
Possible causes of the installation failure are as follows:

● The installation was attempted on a passive node of a Failover Cluster Instance (FCI).
● The installation was canceled and a rollback left some stale entries of PowerProtect agent services.
As a workaround, clean up the PowerProtect agent service entries, and retry the installation.
Troubleshooting PowerProtect agent service operations

To troubleshoot agent service operations, you can check the agent service log file OpAgentSvc-
<timestamp>.log, which is created in <agent_service_installation_location>\logs on Windows and
<agent_service_installation_location>/logs on AIX or Linux. To modify the log level and retention of temporary
files, you can modify specific parameter settings in the config.yml file.
About this task

To modify the log level and retention of temporary files, you can perform the following steps.
Steps
1. Stop the agent service by using the appropriate procedure from the preceding topic.
2. Open the config.yml file in an editor.
3. Modify the log-level settings in the following parameters, as required:
NOTE: These parameters are listed in order of decreasing number of messages in the debug information output. The
default log-level is INFO.
● DEBUG
● INFO
● WARNING
● ERROR
● CRITICAL
4. To retain the temporary files, set the keepTempFiles parameter to True in the config.yml file.
NOTE: The agent service and application agent communicate through the temporary files, which are typically deleted
after use but can be useful for troubleshooting purposes. Do not leave the keepTempFiles parameter set to True
permanently, or the temporary files can use excessive space on the file system.
5. Start the agent service by using the appropriate procedure from the preceding topic.

Register the PowerProtect agent service to a different server
address on Windows
The PowerProtect agent service is registered to a particular PowerProtect Data Manager server during the agent installation by
the installer. If needed, you can register the agent service to a different PowerProtect Data Manager server address. If there
are multiple agents installed on a host, all agents will be reregistered to the new PowerProtect server.
The agent service can only be registered to a single PowerProtect Data Manager server.
On Windows, perform the following steps to register the agent service to a different server address.
1. Delete the host from PowerProtect Data Manager:
a. In the PowerProtect Data Manager UI, select Infrastructure > Asset Sources.
b. Select the SQL tab.
c. Select the agent hostname and click Delete. At the confirmation prompt, click Delete Asset Source.
You can monitor the progress of the asset source deletion from the Jobs > System Jobs window.
2. To use the existing Microsoft application agent installation (without uninstalling) to connect to the new PowerProtect Data
Manager server:
a. Stop the PowerProtect agent service.
b. Delete the backups, log, and ssl folders under \<agent_service_installation_location>.
NOTE: The dbs and agent-id folders are removed after the deletion step.
3. Change the PowerProtect Data Manager server address by running the agent installer and selecting the Change option.
Change the PowerProtect Data Manager server address on the Configure Installation Options page.
4. Verify the agent registration status:
a. In the PowerProtect Data Manager UI, select Infrastructure > Application Agents.
b. In the Application Agents window, select the entry that contains the agent hostname and ensure that the status is
Registered.
5. To perform asset discovery for the agent:
a. In the PowerProtect Data Manager UI, select Infrastructure > Asset Sources.
b. Select the SQL tab.
c. Select the agent hostname and click Discover. At the confirmation prompt, click Yes.
When you select Infrastructure > Assets, the Assets window displays the discovered assets.
Recovering the PowerProtect agent service from a disaster

You can perform self-service restores of application assets by using a file system or application agent, regardless of the state of
the agent service or PowerProtect Data Manager. The information in this section describes how to bring the agent service to an
operational state to continue if a disaster occurs and the agent service datastore is lost.
The agent service periodically creates a backup of its datastore in the
<agent_service_installation_location>/dbs/v1/backups repository. If all of these backups are lost, the agent
service can still start. The agent service discovers all the application systems, assets, and backup copies on the system again,
and notifies PowerProtect Data Manager. Depending on when the failure occurred, the agent service might not be able to
find older backup copies for some asset types. As a result, the centralized deletion operations might fail when cleaning up the
database vendor catalog or removing older backups that are taken before the asset is added to PowerProtect Data Manager.
By default, the agent service backs up consistent copies of its datastore files to the local disk every hour and keeps the
copies for 7 days. Each time the agent service backs up the contents of the datastore, it creates a subdirectory under
the <agent_service_installation_location>/dbs/v1/backups repository. The subdirectories are named after the
time the operation occurred, in the format YYYY-MM-DD_HH-MM-SS_epochTime.
By default, the datastore repository is on the local disk. To ensure that the agent service datastore and its local backups are not
lost, it is recommended that you back up the datastore through file system backups. You can also change the datastore backup

location to a different location that is not local to the system. To change the datastore backup location, update the values in the
config.yml file.
Restore the PowerProtect Data Manager agent service datastore

Prerequisites
NOTE: Ensure that the agent service is powered off. Do not start the agent service until disaster recovery is complete.
About this task

You can restore the datastore from the datastore backup repository. If the repository is no longer on the local disk, restore the
datastore from file system backups first.
To restore the datastore from a backup in the datastore backup repository, complete the following steps:
Steps
1. Move the files in the <agent_service_installation_location>/dbs/v1 directory to a location for safe keeping.
NOTE: Do not move or delete any <agent_service_installation_location>/dbs/v1 subdirectories.
2. Select the most recent datastore backup.

The directories in the datastore backup repository are named after the time the backup was created.
3. Copy the contents of the datastore backup directory to the <agent_service_installation_location>/dbs/v1
directory.
After the copy operation is complete, the <agent_service_installation_location>/dbs/v1 directory should
contain the following files:
● copies.db
● objects.db
● resources.db
● sessions.db
4. Start the agent service.
Manage the cloud tier operations with PowerProtect

Data Manager for application agents
The PowerProtect Data Manager cloud tier feature works in tandem with the protection storage Cloud Tier feature. Cloud
tiering seamlessly and securely moves PowerProtect Data Manager backups from protection storage to the cloud for long-term
storage.
Use the PowerProtect Data Manager UI to configure cloud tiering and perform seamless recovery of these backups.
Cloud storage units must be pre-configured on the DD system before they are configured for cloud tier in the PowerProtect
Data Manager UI. The DDOS Administration Guide provides more information.
The following topics provide instructions to tier the backups and restore backups from the cloud tier.
Add a Cloud Tier objective to a Microsoft SQL protection policy

You can add a cloud tier schedule to a protection policy for Microsoft SQL Server centralized and self-service backups to cloud
tier.
Prerequisites
Ensure that a DD system is set up for cloud tiering.

About this task
Both Microsoft SQL Server centralized and self-service protection policies support cloud tiering. You can create the cloud tier
schedule from primary and replication objectives. Schedules must have a retention time of 14 days or more.
Cloud tiering happens at 00:00 UTC each day. Depending on your time zone, this time may be within business hours and thus
cloud tiering may impact available network bandwidth.
Steps
1. Log in to PowerProtect Data Manager with administrator credentials.
2. From the PowerProtect Data Manager UI, select Protection > Protection Policies, and then click Add.
The Add Policy wizard appears.
3. On the Type page, enter a name and description, select Microsoft SQL as the type of system to back up, and click Next.
4. On the Purpose page, select from the available options to indicate the purpose of the new protection policy, and then click
Next.
5. On the Assets page, select the assets to be protected with this policy, and then click Next.
6. On the Objectives page, click Add under Primary Backup if the primary backup schedule is not already created, and fill out
the fields in the Target and Schedules panes on the Add Primary Backup dialog.
NOTE: There is no minimum recurrence required for the cloud objective. However, the cloud tier schedule requires a
minimum retention period of 14 days in the Retain for field.
7. Click Cloud Tier next to Primary Backup or, if adding a cloud objective for a replication schedule that you have added,
click Cloud Tier under Replicate.
An entry for Cloud Tier is created to the right of the primary backup schedule, or below the replication schedule.
8. Under the entry for Cloud Tier, click Add.
The Add Cloud Tier Backup dialog appears, with summary schedule information for the parent node. This information
indicates whether you are adding this cloud tier objective for the primary backup schedule or the replication schedule.
9. In the Add Cloud Tier Backup dialog box, set the following parameters and then click Save:
● Select the appropriate storage unit from the Cloud Target list.
● For Tier After, set a time of 14 days or more.
The protection policy schedule is now enabled with cloud tiering.
10. Click Next to proceed with the remaining pages of the Add Policy wizard, verify the information, and then click Finish.
A new job is created, which you can view under the Jobs tab after the job completes.
Tier the PowerProtect Data Manager backups from DD to the cloud

Once you add the Microsoft SQL Server database assets to a protection policy that contains a cloud tier objective, you can
perform tiering of these assets by using the PowerProtect Data Manager UI.
Steps
1. Log in to PowerProtect Data Manager with administrator credentials.
2. Select Infrastructure > Assets > SQL.
3. On the Type Assets page, select the asset, and then click View Copies.
4. Select the DD system where the PowerProtect Data Manager backups for Microsoft SQL Server reside, and then select Full
protection copy which is older than 2 weeks.
5. Click Tier to tier the backups.
A new job is created, which you can view under the Jobs tab after the job completes. When you monitor the cloud tier
progress of backup copies for the asset job, the status remains in the running state until the data movement occurs from the
DD system.
6. Log in to the DD system, and obtain the storage unit details by running the command data-movement policy show.
For example:
# data-movement policy show
Mtree Target(Tier/Unit Name) Policy Value

----------------------------------------- ---------------------- ----------- -------
/data/col1/rman137-blrv136g140-840dd Cloud/ecs-unit app-managed enabled

/data/col1/rman134-copy-blrv136g138-61900 Cloud/ecs-unit app-managed enabled
/data/col1/rman-11-blrv136h010-7014f Cloud/ecs-unit app-managed enabled
7. Run the data-movement start mtrees command for the particular MTree. For example:
# data-movement start mtrees /data/col1/rman137-blrv136g140-840dd
After the successful data movement to the cloud, the cloud tier monitoring job completes. After some time, on the Assets >
View Copies page, the Location field of the protection backups changes to Cloud.
The DDOS Administration Guide provides more details about cloud tier data movement.
Restore the cloud tier backups to DD

Before you run a self-service restore of a backup that was performed through a centralized policy and moved to the cloud tier,
recall the backup to the active tier from PowerProtect Data Manager.
NOTE: Only Elastic Cloud Storage (ECS) supports a direct restore from the cloud tier.
Recall and re-tier the cloud tier backup

You can manually recall the backup from the cloud tier and restore the local copy:
NOTE: When a backup is recalled from the cloud tier to the active tier, the copy is removed from the cloud tier.
1. In the PowerProtect Data Manager UI, go to Infrastructure > Assets and select the SQL tab.
2. Select the required asset, and then click View Copies.
3. Select the backup in the cloud, click Recall, and then specify how long to keep the copy on the active tier.
A job is created to recall the backup copy from the cloud tier for the selected asset. The copy moves from the cloud tier, and
the status changes from Cloud to Local_Recalled. Then you can perform the restore from the Microsoft SQL Server host.
4. To re-tier the recalled copy, select the recalled copy and click Re-tier.
5. To change the retention period for the recalled copy, select the recalled copy and click Edit Recall Retention.

4
Performing Self-Service Application Direct
Backups of Microsoft SQL Server Databases
Topics:
• Performing self-service Microsoft SQL Server database backups
• Overview of Application Direct with Microsoft SQL Server backups
• Best practices to back up Microsoft SQL Server with Application Direct
• Naming conventions for backups with Application Direct
• Circumstances that promote Microsoft SQL Server backups to level full
• Scheduling backup jobs
• Performing manual backups
Performing self-service Microsoft SQL Server

database backups
To enable self-service protection, when you create the Microsoft SQL Server protection policy, select Self-Service
Protection.
When performing a self-service stand-alone backup of an AAG asset, the backups appear under the AAG asset.
The following topics provide instructions on how to perform a self-service Microsoft SQL Server backup.
Overview of Application Direct with Microsoft SQL

Server backups
The Microsoft application agent for Application Direct with Microsoft SQL Server module integrates with the Microsoft SQL
Server Virtual Device Interface (VDI).
The interface enables you to configure the module by using a SQL Server Management Studio plug-in.
The plug-in is similar to the Microsoft SQL Server native backup and restore graphical user interface (GUI). Database
administrators (DBAs) can use the Microsoft native tools to back up and restore the Microsoft SQL Server data.
NOTE: Self-service backups and restores are backups and restores that you perform through the SQL Server Management
Studio (SSMS), Transact-SQL (T-SQL) scripting, or the Microsoft application agent command-line interface.
For assets with single and multiple stripes, you might see a difference in the backup time reported in the Microsoft application
agent SSMS UI and the msdb of Microsoft SQL Server. The backup time difference is due to the Microsoft application agent
threading algorithm for striped backups:
● For a single stripe backup, the backup time reported in the SSMS UI corresponds to the backup_start_date of msdb.
The SSMS reported time may be slightly ahead of or equal to the msdb table reported time.
● For a multiple stripe backup, the backup time reported in the SSMS UI corresponds to the backup_end_date of msdb.
Application Direct backups to a DD system use the following components:
● The Application Direct library API enables the backup software to communicate with the DD system.
The DDBEA section of the E-Lab Navigator provides information about the supported versions of the Application Direct
library and the DDOS.
● The distributed segment processing component reviews the data that is already stored on the DD system, and sends only
unique data for storage. The distributed segment processing component enables the backup data to be deduplicated on the
Performing Self-Service Application Direct Backups of Microsoft SQL Server Databases 91

database or application host to reduce the amount of data transferred over the network. Distributed segment processing
provides information.
When the DD system restores data to a client, the system converts the stored data to its original non-deduplicated state before
sending it over the network.
Federated backups of Always On availability groups

You can use the Microsoft SQL Server Always On availability groups feature to place databases in an Availability Group for high
availability.
The database administrator can set backup preferences for the availability group and nominate a particular copy, which can be
either the primary copy or one of the secondary copies, to use for the backup.
The Microsoft application agent supports federated backups for Application Direct backups. During federated backups, the
Microsoft application agent detects the Microsoft SQL Server's backup preferences setting for the availability group, and then
performs the backup on the preferred node.
NOTE: On a secondary node, Microsoft SQL Server supports only copy-only backups of databases. If the preferred node is
a secondary node, the Microsoft application agent performs a copy-only backup of databases. Microsoft SQL Server does
not support differential backups on secondary Microsoft SQL Server replicas. However, you can perform transaction log
backups from either copies.
The following figure illustrates an overview of the process interactions during federated backups. In the figure, the backup
starts on Node A, but Node B is preferred.
Figure 3. Federated backup command and data flow
Distributed segment processing

Distributed segment processing uses the DD Boost library on the database server and the DD software on DD Replicator. The
Microsoft application agent loads the DD Boost library during backup and restore operations.
Distributed segment processing allows the Microsoft application agent to perform parts of the deduplication process, which
avoids sending duplicate data to the DD system that you configured as a storage server.
The distributed segment processing feature provides the following benefits:
● Increases throughput because the DD Boost library sends only unique data to the DD system. The throughput improvements
depend on the redundant nature of the data that you back up, the overall workload on the database server, and the database
server capability. In general, greater throughput is attained with higher redundancy, greater database server workload, and
greater database server capability.
● Decreases network bandwidth requirements by sending the unique data to the DD system through the network.
Manage distributed segment processing by using the ddboost command options. Use distributed segment processing if the
network connection is 1 Gb Ethernet. Configuring distributed segment processing provides information on how to configure the
distributed segment processing.
Distributed segment processing supports the following modes of operation for sending backup data to a DD system:
● Distributed segment processing enabled
92 Performing Self-Service Application Direct Backups of Microsoft SQL Server Databases

● Distributed segment processing disabled
Set the operation mode on the DD system. The Microsoft application agent negotiates with the DD system for the current
setting of the option and accordingly performs backups.
Distributed segment processing enabled mode

When you enable the distributed segment processing feature, the DD Boost library performs the following tasks:
1. Segments the data.
2. Computes IDs for the data segments.
3. Checks with the DD system for duplicate segments.
4. Compresses unique segments that the DD system does not contain.
5. Sends the compressed data to the DD system, which writes the unique data to disk.
You must configure the local compression algorithm that the DD Boost library uses on the DD system. The DDOS Administration
Guide provides more information about local compression and its configuration.
Distributed segment processing disabled mode

When you disable the distributed segment processing feature, the DD Boost library sends the data directly to the DD system
through the network. The DD system then segments, deduplicates, and compresses the data before writing it to the disk.
NOTE: You cannot disable the distributed segment processing feature on an Extended Retention DD system.
Configuring distributed segment processing

You must configure the distributed segment processing option on the DD system. The option setting applies to all the database
servers and all the software that uses DD Boost.
You can manage the distributed segment processing by using one of the following methods:
● The ddboost command.
● DD System Manager on the Data Management > DD Boost page.
The DDOS Administration Guide provides information.
To configure the distributed segment processing option, run the following command:
ddboost option set distributed-segment-processing {enabled | disabled}
Enabling or disabling the distributed segment processing option does not require a restart of the DD file system.
A host on which you have installed the DDOS release 5.2 or later enables the distributed segment processing feature by default.
If you update a host from DDOS release 5.0.x or 5.1.x to DDOS release 5.2 or later, the distributed segment processing option
remains in its previous state, that is, either enabled or disabled.
Best practices to back up Microsoft SQL Server with

Application Direct
Consider the best practices to back up Microsoft SQL Server by using Application Direct.
Configure backups to use the same DD path

To ensure the consistency of the backups on the DD system, configure all the backups of a Microsoft SQL Server instance to
use the same DD system and path.

Configure connection settings
DD Boost devices do not distinguish among Transmission Control Protocol (TCP)/Internet Protocol (IP), Fibre Channel (FC),
and LAN, WAN, and MAN network types. DD Boost devices can successfully operate where packet loss is strictly 0% and
latency is less than 20 ms.
Use supported characters

The Microsoft application supports locale-specific date and time processing and setting the date and time display language to
non-English characters. However, the database name, hostname, instance name, Windows cluster name, virtual server name,
and pathnames must be written in ASCII characters only. Naming conventions for backups with Application Direct provides more
information on supported characters for database and instance names.
Configure DD quota limits

The Microsoft application agent does not have a parameter to control the total size that it consumes. The quota limits can only
be set on the DD system on a per-MTree (storage unit) basis.
An MTree's quota limits are calculated based on the logical size, which is the size before compression and de-duplication of the
data.
The quota limits impact only backup operations.
Configuring usage limits of DD resources provides more information about quota limit, impact of exceeding the limits, and
configuring the usage limits.
Configure usage limits for DD streams

Configure a sufficient number of DD streams for better performance of backups and restores. The streams control backup and
restore parallelism for each database.
The Microsoft application agent requires one stream per save set that you back up or restore. When you perform striped
backups, each stripe requires one stream. The stripes are concurrently run for each database. Databases are sequentially backed
up and restored. When you use stripes, the number of streams must be equal to or more than the number of stripes.
The minimum number of streams for a non-stripe environment is 1.
Configuring usage limits of DD streams provides more information about streams limit, impact of exceeding the limits, and
Configuring usage limits of DD resources

Use the PowerProtect Data Manager UI to configure capacity quotas and stream limits for the DD system storage units that
are under the control of PowerProtect Data Manager. The PowerProtect Data Manager Administrator Guide provides more
information about working with storage units.
For other storage units, use either the DDOS commands or the DD Administration UI to set limits on usage of the following DD
resources:
● Capacity: The amount of hard drive capacity that the application agent uses on a DD host.
Capacity limits are based on the used logical space, which depends on the amount of data that is written to a storage unit
before deduplication. Logical capacity is the size of the uncompressed data. For example, when a 1 GB file is written twice to
the same empty storage unit, the storage unit has a logical size of 2 GB, but a physical size of 1 GB.
● Streams: The number of DD Boost streams that the application agent uses to read data from a storage unit or write data to
a storage unit on a DD host.
NOTE: The Microsoft application agent supports usage limits on DD resources for Application Direct operations only.
The term quota collectively describes the capacity soft and hard limits of a storage unit. Stream limits are called limits.
Both capacity and stream usage support soft and hard limits:

● When the Microsoft application agent exceeds a soft limit, the DD host generates an alert. If the administrator has
configured a tenant-unit notification list, the DD host sends an email to each address in the list. The Microsoft application
agent can continue to use more of the limited resource after a soft limit is exceeded.
● When the Microsoft application agent exceeds a hard limit, it cannot use any more of the limited resource.
The administrator must create (or ask to have created) a separate storage unit for each application agent host or set of hosts
that are limited.
For example, if there are 10 application agent hosts, the administrator must create at least 10 storage units to limit the storage
unit capacity that each application agent host uses. To use fewer storage units, the administrator must group the application
agent hosts and assign the group to a single storage unit. The application agent hosts in the group share this storage unit.
However, you cannot limit the consumption of a storage unit by each host. One application agent host can consume 100% of
the storage unit. The resources are consumed on the first-come, first-serve basis.
To determine the stream limits of a storage unit, run the following command:
msagentadmin.exe administration --listSU --config <full_path_to_the_configuration_file> [--
debug 9]
Example output of the command:
active write streams: 11

active read streams: 0
soft limit write streams: none
soft limit read streams: none
soft limit combined streams: 40
hard limit combined streams: 60
NOTE: Depending on the number and type of parallel operations that are performed at a given time, the stream usage
varies. To determine the exact usage of the streams, monitor the number of streams that the storage units use over a
period of time.
Impact of exceeding quota limits

At the start of a backup, the Microsoft application agent cannot determine how much capacity is required for the backup. The
Microsoft application agent can perform a requested backup only when the destination host has sufficient space or storage
capacity.
Exceeding the soft quota limit

When the Microsoft application agent exceeds the capacity soft limit:
● During a backup, if the storage unit is part of a tenant-unit with a notification list, the DD host sends an email to each
address in the list. The list can include the DD administrator and the application agent user.
● Alerts appear in the Current Alerts panel in the DD Administration GUI regardless of whether the storage unit is part of a
tenant-unit.
● The backup or restore operation continues without any adverse impact. The application agent does not generate any warning
or error message in its log file or operational output.
Exceeding the hard quota limit

When the Microsoft application agent exceeds the capacity hard limit during a backup, the Microsoft application agent cancels
the backup.
Check the client backup and restore logs for error messages related to insufficient space on the storage unit. The following
message shows an example:
145732:(pid 4584):Max DD Stream Count: 60

153003:(pid 4584): Unable to write to a file due to a lack of space.
The error message is: [5005] [ 4584] [984] Thu Apr 14 10:14:18 2016
ddp_write() failed Offset 163577856, BytesToWrite 524288, BytesWritten 0
Err: 5005-ddcl_pwrite failed (nfs: No space left on device)
86699:(pid 4584): Unable to write data into multiple buffers for save-set ID
'1460654052': Invalid argument (errno=22)

Configuring usage limits of DD quota
To configure capacity usage limits for the application agent, the DD administrator must set the hard capacity limit for the
storage unit that the application agent uses for backups:
Steps
1. Determine which application agent hosts use the storage unit.
2. Determine the amount of capacity to allow for the storage unit.
3. Create the storage unit, and then set the capacity quota by using either the GUI or the command prompt. The DD
documentation provides information.
4. Provide the DD hostname, storage unit name, username, and password of the storage unit to the application agent users to
use to perform backups.
The DD administrator can also set the soft capacity quota for the storage unit, which sends alerts and notifications, but does
not limit the capacity usage.
NOTE: When a storage unit is almost full and the capacity quota is decreased, the next backup can fail. DD
administrators must notify the Microsoft application agent users when they decrease a capacity quota, so that the
application agent users can evaluate the potential impact on backups.
Impact of exceeding the soft stream limit

When the Microsoft application agent exceeds the stream soft stream limit:
● During a backup, if the storage unit is part of a tenant-unit with a notification list, the DD host sends an email to each
address in the list. The list can include the DD administrator and the application agent user.
● Alerts appear in the Current Alerts panel in the DD Administration GUI regardless of whether the storage unit is part of a
tenant-unit.
● The backup or restore operation continues without any adverse impact. The application agent does not generate any warning
or error message in its log file or operational output.
Impact of exceeding the hard stream limit

When the Microsoft application agent exceeds the hard stream limit during an operation, the Microsoft application agent cancels
the operation.
Check the client backup and restore logs for error messages related to an exceeded stream limit. The following message shows
an example:
153004:(pid 4144): Unable to write to a file because the streams limit was exceeded.
Configuring usage limits of DD streams

A storage unit can have soft and hard limits for streams. The DD administrator can set individual soft limits for read, write, and
replication streams. The administrator can set a hard limit only for the total number of streams.
About this task

To configure a streams usage limit for a storage unit, the DD administrator must set the hard limit for the storage unit that the
application agent uses for backups:
Steps
1. Determine which application agent hosts use the storage unit.
2. Determine the number of backup streams to allow for the storage unit.
3. Create the storage unit.

The DD administrator can set the streams limit either as part of the ddboost storage-unit create command or after
creating the storage unit by using the ddboost storage-unit modify command. The DD documentation provides
information.
NOTE: The DD administrator cannot set a streams limit by using the DD Administration GUI.
4. Provide the DD hostname, storage unit name, username, and password of the storage unit to the application agent users to
use to perform backups.
The DD administrator can also set soft limits for the storage unit, which send alerts and notifications, but do not limit the
number of streams used.
The DD administrator can use the ddboost storage-unit modify command to modify the streams limits of storage
units. The DD documentation provides information.
CAUTION: The DD administrator must use caution when setting a streams hard limit. Setting the streams
limit to a low value can impact the backup and restore performance. Decreasing a streams limit can result in
a restore failure. The DD administrator must notify the application agent users when decreasing a streams
hard limit so that the application agent users can evaluate the potential impact on backups and restores.
Configure the database backup stripe level

Starting with version 19.6, you can modify the stripe level of a backup at the individual database level by using the following
procedures. You can set the stripe level through the following procedures only for self-service stand-alone Microsoft SQL
Server backups, not for centralized backups performed through PowerProtect Data Manager.
the PowerProtect Data Manager UI, as described in the next topic.
The backup stripe level configuration includes the following features:
● The backup stripe level setting for individual databases has a higher priority than the stripe level setting through the backup
command with the -S option.
● For any database, the minimum supported stripe level is 1 and the maximum supported stripe level is 32.
● In an FCI or AAG cluster, setting the backup stripe level of a database at any node reflects across all the nodes in the cluster.
To set the backup stripe level for any database, use either of the following procedures:
● Perform the following steps in the SQL Server Management Studio (SSMS):
1. Right-click the database name, and select Properties.
2. In the properties window, select Extended Properties from the left side pane.
3. Add the required property name and the backup stripe level value:
○ For a full backup, add the property name ppdmFullStripes and a value between 1 and 32.
○ For a differential backup, add the property name ppdmDiffStripes and a value between 1 and 32.
○ For a log backup, add the property name ppdmLogStripes and a value between 1 and 32.

Figure 4. Extended Properties page with backup stripe levels
● Run the following T-SQL statements to set the backup stripe level for any database:
USE <database_name>;
GO
@name = N'ppdmDiffStripes',
@value = '4';
@name = N'ppdmFullStripes',
@value = '8';
@name = N'ppdmLogStripes',
@value = '2';
Naming conventions for backups with Application

Direct
When naming Microsoft SQL Server instance, database, and filegroups, consider that the Microsoft application agent does not
distinguish the difference between upper and lowercase letters. The names are not case-sensitive.
Therefore, if there are two or more databases with the same name but with different capitalization, such as DB1 and db1, the
Microsoft application agent views these databases as the same and by default backs up only one of the databases.
The following table describes the special characters that are supported for naming database backups in Microsoft SQL Server
stand-alone, cluster, and Always On availability group configurations with Application Direct.
Table 14. Supported special characters

~ Tilde
` Accent grave

Table 14. Supported special characters (continued)
! Exclamation mark
@ At the rate
% Percentage
^ Caret
& Ampersand
( Open parenthesis
) Close parenthesis
- Hyphen
_ Underscore
{ Open curly bracket
} Close curly bracket
\ Backslash
. Period
' Apostrophe
NOTE: While Microsoft SQL Server supports naming instances with the hash symbol (#), the Microsoft application agent
does not. If an instance includes a hash symbol, backups of that instance will fail.
Circumstances that promote Microsoft SQL Server

backups to level full
Transaction log backups and differential backups are promoted to full backups in certain situations.
By default, transaction log backups and differential backups are promoted to level full in the following scenarios:
● When there is not an existing level full backup.
● When a log gap is detected.
● When the recovery model is changed.
● When the backup includes simple model databases, either the simple model databases are promoted to a full backup or the
simple model databases are skipped, depending on the backup settings.
● When the database has been newly restored.
Options to tune the behavior of automatic promotion are available while configuring a backup. The ddbmsqlsv -a
"BACKUP_PROMOTION" command flag and the Microsoft app agent for Application Direct SSMS plugin Backup Promotion
option both control backup promotion.

Scheduling backup jobs
You can schedule Microsoft SQL Server backup jobs by using either the SQL Server Agent or the Windows Task Scheduler.
Scheduling Microsoft SQL Server backups by using SQL Server

Agent
The SQL Server Agent is a job-scheduling agent which is contained in the Microsoft SQL Server package.
This section describes how to schedule Microsoft SQL Server backups by using the SQL Server Agent job for the CmdExec
and T-SQL subsystems. The SQL Server Agent, a job-scheduling agent within the Microsoft SQL Server package, consists of a
Windows service that runs jobs.
Each job can contain one or more job steps and each step can contain its own tasks. The Microsoft application agent uses
Microsoft SQL Server to store job information and can run jobs on a schedule in response to a specific event or in response to a
specific demand.
Configuring the SQL Server Agent to schedule jobs

Configuring the SQL Server Agent consists of the following tasks:
● Enabling the SQL Server Agent
● Configuring security
Enabling the SQL Server Agent

The SQL Server Agent is in disabled state, by default. To enable the SQL Server Agent:
1. Open SSMS, and then select View > Object Explorer.
2. Right-click SQL Server Agent, and then select Start.
Configuring security
To run the Microsoft application agent command prompt commands in the CmdExec subsystem, you must have administrator
privileges. You can either change the SQL Server Agent service login credentials to administrator or configure a proxy host to
the CmdExec subsystem.
Changing the SQL Server Agent service login credentials

Steps
1. From the Windows desktop, click Start > Run.
2. In the Run dialog box, in the Open field, type services.msc, and then click OK.
3. In the Services window, right-click SQL Server Agent Service, and then select Properties.
4. In the SQL Server Agent Service Properties dialog box:
a. On the Log On tab, select This account.
b. Type the administrator user credentials in the relevant fields.
You can also click Browse and select the user who has the administrator privileges.
c. Click OK.
Creating a proxy for the CmdExec subsystem
The SQL Server Agent uses proxies, which are objects that enable the SQL Server Agent to access stored credentials for
Windows users, to define the security context for job steps.
About this task

When you run a job step that is configured to use a proxy, the SQL Server Agent uses the credentials that are defined in the
proxy, and then uses the corresponding security context to run the job step.
Steps
2. Specify user credentials:
a. In the Object Explorer, expand Security, right-click Credentials, and then select Properties.
b. On the Credential Properties - EMC page, specify the following fields, and then click OK:
● Credential name: Type a name for the credential.
● Identity: Type the administrator username.
● Password: Type the password for the user that you specified in the Identity field.
● Confirm password: Retype the password that you specified in the Password field.
3. Create a proxy:
a. In the Object Explorer, expand SQL Server Agent, and then expand Proxies.
b. Right-click Proxies, and then select New proxy.
c. On the ‘EMC’ Proxy Account Properties page, specify the following fields, and then click OK:
● Proxy name: Type a name for the proxy.
● Credential name: Type the credential name that you specified in step 2b.
● Active to the following subsystems: Under this field, select Operating system (CmdExec).
NOTE: When you create a job step, you must select this proxy from the Run as list on the Job Step Properties
page.
Scheduling a CmdExec job

You can schedule a CmdExec job on either a single Microsoft SQL Server or multiple Microsoft SQL Servers.
Scheduling a CmdExec job on a single Microsoft SQL Server

Steps
2. In the Object Explorer, expand SQL Server Agent, right-click Jobs, and then select New job.
3. On the Job Properties window:
a. On the General page, type the appropriate information in the Name, Owner, and Description fields.
b. On the Steps page, click New to create a step.
c. In the Job Step Properties window, on the General page, specify the following fields:
● Step name: Type a name for the job step.
● Type: Select Operating system (CmdExec).
● Run as: According to your configuration, select either proxy or SQL Server Agent Service Account.
● Process execute exit code of a successful command: Type the process success exit code.
● Command: Specify the required command.
Perform backups with the Microsoft app agent for Application Direct SSMS plug-in provides information about how
to generate the command.
The generated command does not have a full path to the binary. When you specify the generated command in this
field, you must add the full path to the binary. If the binary path contains spaces, specify the path in the quotes.
For example:
"C:\Program Files\DPSAPPS\MSAPPAGENT\bin\ddbmsqlsv.exe" -D9 -c

NMMDB154.nmmdev.com -l full -a "NSR_DFA_SI_DD_HOST=10.31.192.14" -a
"NSR_DFA_SI_DD_USER=ddbma" -a "NSR_DFA_SI_DEVICE_PATH=/ddbma-sqlagent2"
"MSSQL:master"
d. On the Advanced page, specify the following fields:

● On success action: Select whether to proceed to the next job step or quit the current job step and report success,
after the current job step succeeds.
● Specify the other fields according to your requirements.
● Click OK.
e. On the Schedules page, click New to schedule a job.
f. In the Job Schedule Properties window, specify appropriate information in the corresponding fields, and then click OK.
g. On the Alerts page, click Add to create an alert that will perform a job when a certain event occurs.
h. In the New Alert window, on the General page, specify the following fields:
● Name: Type a name for the alert.
● Type: Select the type of the event.
● Specify the appropriate information in the other fields.
i. On the Response page, specify the following fields:
● Notify operators: Select this option to send a message to the operators about the job step status.
● New Operator: Click this button to add an operator to the Operator list.
j. On the Options page, configure a method, such as E-mail, Pager, or Net Send, to notify operators about the status of
the job step.
k. On the Notifications page, under Actions to perform when the job completes, select the appropriate notification
methods to notify operators about the status of the job step.
l. On the Targets page, select Target local server.
m. Click OK.
Scheduling a CmdExec job on multiple Microsoft SQL Servers

Scheduling jobs from one central location to multiple target Microsoft SQL Servers eases the database administrator’s job. To
configure this setup, you must install the Microsoft application agent on all target hosts, make one SQL Server Agent a primary,
and make the rest of the hosts targets.
Configuring primary and target SQL Server Agents

Steps
1. Open the Microsoft SSMS, and then select View > Object Explorer.
2. Right-click SQL Server Agent, and then select Multi Server Administrator > Make this a Master.
The Master Server Wizard appears.
3. On the Welcome to the Master Server Wizard page, click Next.

4. On the Master Server Operator page, type the appropriate information in the E-mail address, Pager address, and Net
send address fields to notify the operators about the status of the job, and then click Next.
5. On the Target Servers page:
a. Under the Registered servers panel, select the servers that you want to use as targets for the SQL Server Agent jobs,
and then click the right arrow to move them to the Target servers panel.
b. If you want to add servers to the Registered servers panel, click Add Connection.
c. In the Checking Server Compatibility dialog box, review the information, and then click Close.
The Master Server Login Credentials page appears.
6. Enable Microsoft SQL Server remote connectivity:

a. In SSMS, right-click the Microsoft SQL Server, and then click Properties.
b. In the Server Properties window, under the Select a page group, select Connections.
c. Select Allow remote connections to this server.
d. Click OK.
7. Specify general firewall exceptions on the Microsoft SQL Server.
8. If an SSL certificate does not exist, set the encryption level on the target hosts to 1 or 0 according to the security level you
need.
To set the encryption level, change the MsxEncryptChannelOptions registry entry to 1 or
0. The registry key is located in \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL
Server\<instance_name>\SQLServerAgent\.
9. On the Master Server Login Credentials page, click Next.
10. On the Complete the Wizard page, review the information, and then click Finish.
Running a job on the target servers

Steps
1. Open the SSMS, and then select View > Object Explorer.
3. On the Job Properties window:
a. On the General page, type the appropriate information in the Name, Owner, and Description fields.
b. On the Steps page, click New to create a step.
c. In the Job Step Properties window, complete the following steps:
i. On the General page, specify the following fields:
● Type: Select Operating system (CmdExec).
● Run as: According to your configuration, select either proxy or SQL Server Agent Service Account.
● Command: Specify the required command.
Perform backups with the Microsoft app agent for Application Direct SSMS plug-in provides information about
how to generate the command.
The generated command does not have a full path to the binary. When you specify the generated command in this
field, you must add the full path to the binary. If the binary path contains spaces, specify the path in the quotes.
For example:
"C:\Program Files\DPSAPPS\MSAPPAGENT\bin\ddbmsqlsv.exe" -D9 -c

NMMDB154.nmmdev.com -l full -a "NSR_DFA_SI_DD_HOST=10.31.192.14" -a
"NSR_DFA_SI_DD_USER=ddbma" -a "NSR_DFA_SI_DEVICE_PATH=/ddbma-sqlagent2"
"MSSQL:master"
ii. On the Advanced page, specify the following fields:

● On success action: Select whether to proceed to the next job step or quit the current job step and report
success, after the current job step succeeds.
● Click OK.
d. On the Schedules page, click New to schedule a job.
e. In the Job Schedule Properties window, specify appropriate information in the corresponding fields, and then click OK.
f. On the Alerts page, click Add to create an alert that will perform a job when a certain event occurs.
g. In the New Alert window:
i. On the General page, specify the following fields.
● Name: Type a name for the alert.
● Type: Select the type of the event.
● Specify the appropriate information in the other fields.
ii. On the Response page, specify the following fields:
iii. On the Options page, configure a method, such as E-mail, Pager, or Net Send, to notify operators about the status
of the job step.
iv. On the Notifications page, under Actions to perform when the job completes, select the appropriate notification
v. On the Targets page, from the Target multiple servers list, select the target servers.
h. Click OK.
Scheduling a T-SQL job

About this task
NOTE: T-SQL subsystem does not work under proxies.
Steps
1. Open the SSMS, and then select View > Object Explorer.
3. In the Job Properties window:
a. On the General page, specify the following fields:
● Name: Type a name for the job.
● Owner: Click the button beside the text box, and then complete the following steps:
i. In the Select Login dialog box, click Browse.
ii. In the Browse for Objects dialog box, under Matching objects, select NT SERVICE\SQLSERVERAGENT, and
then click OK.
iii. In the Select Login dialog box, click OK.
● Description: Type a description for the job.
b. On the Steps page, click New.
c. In the Job Step Properties window, on the General page, specify the following fields:
● Type: Select Transact-SQL script (T-SQL).
● Run as: Select SQL Server Agent Service Account.
● Command: Specify the required T-SQL command.
Perform backups with the Microsoft app agent for Application Direct SSMS plug-in provides information about how
to generate the T-SQL command.
You can run the generated T-SQL command by using the New Query menu option to check whether the operation
succeeds. If the command runs successfully, the scheduled backups will be successful.
If you want to use return codes in the generated T-SQL command, you must modify the command.
Consider the following example raw T-SQL command:
USE [master]
GO
DECLARE @returnCode int
EXEC @returnCode = dbo.emc_run_backup ' -c NMMDB154.nmmdev.com -l
full -a "NSR_DFA_SI_DD_HOST=10.31.192.14" -a "NSR_DFA_SI_DD_USER=ddbma" -a
"NSR_DFA_SI_DEVICE_PATH=/ddbma-sqlagent2" "MSSQL:Fabrics"'
PRINT @returnCode
GO
Consider the following example T-SQL command with return codes:

EXEC @returnCode = dbo.emc_run_backup ' -c NMMDA224.heroines.local -l
full -a "NSR_DFA_SI_DD_HOST=10.31.77.27" -a "NSR_DFA_SI_DD_USER=ost112" -a
"NSR_DFA_SI_DEVICE_PATH=/heroines" "MSSQL:CopyOftest_db_1" "MSSQL:db1"'
IF @returnCode <>0
BEGIN
RAISERROR ('Fail!', 16, 1)
END
If the return code is error, the job step fails.
NOTE: The last two parameters, 16 and 1 are necessary to raise an error if a job step fails.
d. On the Advanced page, specify the following fields:

● On success action: Select whether to proceed to the next job step or quit the current job step and report success,
after the current job step succeeds.
● Click OK.
● On the Schedules page, click New to schedule a job.
● In the Job Schedule Properties window, specify appropriate information in the corresponding fields, and then click
OK.
● On the Alerts page, click Add to create an alert that will perform a job when a certain event occurs.
● In the New Alert window:
On the General page, specify the following fields.
○ Name: Type a name for the alert.
○ Type: Select the type of the event.
○ Specify the appropriate information in the other fields.
e. On the Response page, specify the following fields:
f. On the Options page, configure a method, such as E-mail, Pager, or Net Send, to notify operators about the status of
the job step.
g. On the Notifications page, under Actions to perform when the job completes, select the appropriate notification
h. On the Targets page, select Target local server.
i. Click OK.
Next steps
To check the status of a job, either right-click the job and select View History or review the log files in the nsr/applogs/
folder.
Scheduling Microsoft SQL Server backups by using Windows Task

Scheduler
To schedule Microsoft SQL Server backups by using Windows Task Scheduler, perform the following steps:
Steps
1. On the Windows desktop, click Start > All Programs > Accessories > System Tools > Task Scheduler.
2. In the left pane of the Task Scheduler window, right-click Task Scheduler Library, and then select Create Basic Task.
The Create Basic Task Wizard wizard appears.
3. On the Create a Basic Task page, in the Name field, type a name for the task, and then click Next.
4. On the Task Trigger page, select the appropriate option to start the task, and then click Next.
The page that corresponds to the selected option appears.
5. Specify or select all the fields that you require to perform the task, and then click Next.
6. On the Action page, select Start a program, and then click Next.
7. On the Start a program page, browse for the .bat file and in the Program/script field, type the file path, and then click
Next.
8. On the Summary page, review the details of the task, and then click Finish.
The process creates the task and adds it to your Windows schedule.
Performing manual backups
The Microsoft application agent for Application Direct supports multiple tools to perform manual backups.
You can configure backups using the Microsoft application agent SQL Server Management Studio plug-in (GUI), Microsoft
application agent for Application Direct commands, or T-SQL scripts.
Perform backups with the Microsoft app agent for Application

Direct SSMS plug-in
The Microsoft application agent supports a user interface to perform backup operations through a SQL Server Management
Studio (SSMS) plug-in.
If the DD device is connected only on the backup LAN, and the Microsoft SQL Server host is multi-homed and has an interface
on the backup LAN, the backups to the DD device proceed over the backup LAN by default.
If both the DD device and the Microsoft SQL Server host are multi-homed, and are connected to the backup LAN, ensure that
the DD server name that you specify in the Microsoft app agent for Application Direct SSMS plug-in is the same as the backup
LAN IP address. The backups to the DD device proceed over the backup LAN.
To back up Microsoft SQL Server to a DD server over Fibre Channel (FC), you must first configure FC on the DD server.
The Script view is available in each page of the Backup tab, which generates a command prompt equivalent script. You can
use the script to create a .bat file to perform scheduled backups, automation, and other tasks. The following script options are
available:
● CLI Scripts: To generate the CLI script, which you can use to run a backup from the CLI.
● T-SQL Scripts: To generate a backup script in the T-SQL format.
Configure general backup settings

To configure Microsoft SQL Server backups with the Microsoft app agent for Application Direct SSMS plug-in, you must first
specify general backup options on the Backup > General page.
Steps
1. Open the Microsoft app agent for Application Direct window to the Backup > General page.
The General page appears as shown in the following figure.
Figure 5. Application Direct - Backup-General page
2. Leave the SQL Server Host as-is. The instance is populated by default.
3. In the SQL Server Instance field, select the name of the Microsoft SQL Server instance that contains the databases that
you want to back up.
4. In the Database Filter list, select one of the following options:
● All Databases: Displays the regular databases and the Always On availability group databases of the selected Microsoft
SQL Server instance in the database table, which is located below the Database Filter field.
This option is selected by default.
You can back up the Always On availability group databases as regular databases without considering the Always On
availability group preferences.
● Non AAG Databases: Displays only the regular databases of the selected Microsoft SQL Server instance in the database
table.
● A list of Always On availability groups if available: Selecting one of the Always On availability groups displays the
corresponding databases in the database table.
The Connections panel displays the name of the cluster that contains the Always On availability group and the backup
preference that specifies the preferred replica to perform the backup. You can configure the replica preference of the
Always On availability groups through the SSMS.
5. In the database table, select either all the databases by selecting the check box in the header row or only the individual
databases that you want to back up.
6. In the Backup type list, select the type of the backup that you want to perform such as, Full, Transaction log, or
Differential.
7. (Optional) To perform a copy-only backup, select Copy-only backup.
Copy-only backups do not disturb the Microsoft SQL Server backup chain or affect backup-level promotion and log
truncation. Copy-only backups are supported for level full or transaction log backups.
8. (Optional) To exclude databases from a Microsoft SQL Server instance-level backup, perform the following steps:
a. Click the Excluded Databases button.
The Exclude Databases window appears.
b. Select each database that you want to exclude from the backup.
c. Click OK.
The databases that are selected for exclusion appear grayed out in the list of databases and the number of excluded
databases is displayed.
9. In the Name field, type a name for the backup that you want to perform.
After the backup completes, the save set names of the backed-up databases will be in the following format:
<save_set_name>:<database>
For example, you select the databases db1 and db2, specify test as the backup or save set name, and then perform the
backup. After the backup completes, the save set names of the backed-up databases are test: db1 and test:db2.
NOTE: The number sign (#) character is not supported for save set names. If you use this character, backups fail.
10. In the Description field, type a description for the backup that you want to perform.
11. In the Expires after (days) field, select the number of days after which the backup must expire. The default value is 30.
12. Under Destination, to select the target DD server for the backup, perform the following steps:
a. Click the PowerProtect DD System browse button.
The PowerProtect DD System List & Lockbox Settings dialog box appears, as shown in the following figure.
Figure 6. DD system list and lockbox settings

b. In the Lockbox Folder field, type the path to lockbox, and then click Refresh.
The default path to the lockbox is C:\Program Files\DPSAPPS\common\lockbox.
The PowerProtect DD Systems list is refreshed.
c. In the PowerProtect DD Systems table, select the target DD server for the backup.
d. (Optional) To add or remove DD servers from the PowerProtect DD Systems table, perform one of the following
action sequences:
● To add a server, perform the following steps:
i. Click Add.
The Add PowerProtect DD System details dialog box appears as shown in the following figure.
Figure 7. Add DD system details
ii. In the PowerProtect DD System field, type the name of the server.
iii. In the Communication Protocol list, select either Ethernet or Fibre channel, the medium through which you
want to back up the database to the server. Ethernet is selected by default.
iv. If you have selected Fibre channel from the Communication Protocol list, type the name of the DD server as
the FC service name in the FC Service Name field.
v. In the Username field, type the username of the DD Boost user.
vi. In the Password field, type the password of the DD Boost user.
vii. In the Storage Unit field, type the name of the target storage unit for the backup.
DD Boost user credentials are verified before they are saved in the lockbox. Verification of the user credentials
requires some time to complete.
● To remove a DD server, select the server, and then click Remove.
● To add a virtual server to either back up databases to Microsoft SQL Server clustered instances or restore databases
from Microsoft SQL Server clustered instances, perform the following steps:
○ Select Edit LockBox Settings.
○ In the Enter Host Name field, type the FQDN of the virtual server.
○ Click OK.
● To remove a virtual server, select the FQDN of the virtual server from the Select Host Name list, and then click
Remove.
The PersistedSettings.xml file in the lockbox folder contains the information about DD servers. Adding a server to
a new lockbox creates the PersistedSettings.xml file. Adding a server to or removing a server from the lockbox
updates the PersistedSettings.xml file.
13. To start the backup operation, click Run.
Configure optional backup settings

When you configure Microsoft SQL Server backups with the Microsoft app agent for Application Direct SSMS plug-in, you can
specify optional backup settings on the Backup > Options page.
About this task

All settings on the Options page are optional.
Steps
1. From the left panel, click Options to specify optional backup settings.
The Options page appears as shown in the following figure.
Figure 8. Application Direct - Backup-Options page
2. To perform a checksum operation with the backup and save the information to the backup media, select Perform
checksum before writing to media.
The Microsoft application agent performs another checksum before a restore to ensure that the checksum matches the
backup.
3. To use a checksum to detect a partial backup or restore state, select Continue on error.
The Microsoft SQL Server verifies the checksum by calculating a local result and comparing the result with the stored value.
If the values do not match and you encounter errors, you can select this option to continue the backup or restore operation.
4. To truncate the transaction logs before a backup, select Truncate the transaction log.
The Microsoft application agent enables this option if you select transaction log as the backup type.
5. To perform a tail-log backup of the database and leave the database in the restoring state, select Backup the tail of the
log and leave database in restoring state.
6. Under Stripes, select Create a striped backup to create a striped backup. You can also specify the number of stripes. If
you specify a value greater than the maximum limit of 32, the value defaults to 32.
7. To promote backups of SIMPLE recovery model databases to level full, select Promote to full backup.
SIMPLE recovery model databases do not support transaction log backups. The Microsoft application agent enables this
option if you select the SIMPLE recovery model databases to back up, and transaction log as the backup type.
8. To omit SIMPLE recovery model databases from the backup, select Skip backup.
Microsoft application agent enables this option if you select the SIMPLE recovery model databases to back up, and
transaction log as the backup type. SIMPLE recovery model databases do not support transaction log backups.
9. To check the status of the selected databases and ignore the databases that are unready or unavailable for the backup,
select Skip databases that cannot be backed up at its current state.
If the status of the databases is ONLINE, the databases are ready or available for backups.
If the status of the databases is OFFLINE, EMERGENCY (SINGLE_USER Mode), SUSPECT, RESTORING, RECOVERING, or
RECOVERY_PENDING, the databases are unready or unavailable for backups.
10. To generate detailed logs, which you can use to troubleshoot backup issues, specify a number between 1 and 9 in the Select
a debug level field. The default value is 0 (zero).
11. To delete debug logs older than a certain number of days, in the Delete debug logs after field, specify the number of days
with a number between 1 and 32767 days. The default value is 0 and does not delete any debug logs.
Regularly deleting debug logs prevents the log folder on the installation drive from becoming too large.
NOTE: This option only deletes debug logs named in the default format and located in the logs folder at
<installation_path>\MSAPPAGENT\logs.
12. To
specify backup promotion options, select one of the following values from the Backup Promotion list:
●ALL: Enables backup promotion to occur in any applicable scenario.
●NONE: Disables all backup promotion.
●NONE_WITH_WARNINGS: Disables backup promotion, but logs a warning when backup promotion would normally
occur.
● SKIP_RECOVERY_MODEL: Disables database recovery model change detection. Backup promotion as a result of
recovery model change will not occur, but backup promotion in other scenarios will still occur.
● SKIP_RECOVERY_MODEL_WITH_WARNINGS: Enables database recovery model change detection, but if a recover
model change is discovered, logs a warning instead of promoting the backup. Backup promotion in other scenarios will
still occur.
13. To specify advanced backup options, use the Advanced Options field to select or type advanced options.
Separate multiple entries with a comma, for example:
BUFFERCOUNT=2, READ_WRITE_FILEGROUPS
The following advanced backup options are supported:
● BUFFERCOUNT=number_of_IO_buffers: Specifies the total number of IO buffers that can be used during the
backup operation.
● READ_WRITE_FILEGROUPS: Backs up only the read/write (active) filegroups within the database.
14. To start the backup operation, click Run.
Monitor the backup operation

After a backup operation is run from the Microsoft app agent for Application Direct SSMS plug-in, the Backup > Monitor page
displays the backup script and status.
The following figure shows the backup information and status as it appears on the Monitor page.
Figure 9. Application Direct - Backup-Monitor page
NOTE: For information about the success or failure of the backup operation, review the log files that are located in the
installation folder. The typical location of the log files is C:\Program Files\DPSAPPS\MSAPPAGENT\logs.
Back up Microsoft SQL Server with the Application Direct backup

command
Use the ddbmsqlsv command to configure backups of Microsoft SQL Server data from a command prompt.
NOTE: In the syntaxes, the options that are enclosed in square brackets, that is, [ and ] are optional.
To perform specific backup-related and restore-related operations, the Microsoft application agent also supports the
ddbmadmin.exe command besides the msagentadmin.exe command. However, the ddbmadmin.exe command is
deprecated.
Syntax for backups of a stand-alone server

Run the ddbmsqlsv command with the following syntax to back up a stand-alone Microsoft SQL Server:
ddbmsqlsv -c <client_name> -l {full | incr | diff} -a "NSR_DFA_SI_DD_HOST=<server_name>"

-a "NSR_DFA_SI_DEVICE_PATH=<storage_unit_name_and_path>" -a
"NSR_DFA_SI_DD_USER=<DD_Boost_user>" [<optional_parameters>] "<backup_path>"
where:
-c <client_name>
Specifies the Microsoft SQL Server hostname that contains the Microsoft SQL Server instance that you
want to back up.
-l {full | incr | diff}
Specifies the type of the backup to perform such as full (full), transaction log (incr), or differential
(diff). The default value is full.
-a "NSR_DFA_SI_DD_HOST=<server_name>"
Specifies whether the backup destination is a DD server.
-a "NSR_DFA_SI_DEVICE_PATH=<storage_unit_name_and_path>"
Specifies the name and the path of the storage unit where you want to direct the backup.
-a "NSR_DFA_SI_DD_USER=<DD_Boost_user>"
Specifies the username of the DD Boost user.
You must register the hostname and the DD Boost username in the lockbox to enable Microsoft
application agent to retrieve the password for the registered user.
<backup_path>
Specifies the backup path.
Type the backup path in one of the following formats:
● For a default instance, type the path in one of the following formats:
○ To back up the entire instance, type MSSQL:
○ To back up specific databases, type [MSSQL:]<database> [[MSSQL:]<database>
[...]]
For example: "MSSQL:database1" "MSSQL:database2"
● For a named instance, type the path in one of the following formats:
○ To back up the entire instance, type MSSQL$<Instance_Name>:
○ To back up specific databases, type MSSQL$<Instance_Name>:<database> [...]
For example: "MSSQL$SqlInst1:database1" "MSSQL$SqlInst1:database2"
Microsoft SQL Server stand-alone backup command
ddbmsqlsv.exe -c SQLX86.adesc.com -l full -a "NSR_DFA_SI_DD_HOST=10.31.196.90" -a

"NSR_DFA_SI_DD_USER=ost" -a "NSR_DFA_SI_DEVICE_PATH=/sqlserver" "MSSQL$INST2008:d2"
Syntax for backups of an Always On availability group

Run the ddbmsqlsv command with the following syntax to back up a stand-alone Microsoft SQL Server:
ddbmsqlsv -c <cluster_name> -A <virtual_server> -l {full

| incr | diff} -a "NSR_DFA_SI_DD_HOST=<server_name>"
Run the ddbmsqlsv command with the following syntax to back up a clusterless Always On availability group (AAG):
ddbmsqlsv -a "SKIP_CLIENT_RESOLUTION=TRUE" -c <AAG_name>_<AAG_GUID> -l

{full | incr | diff} -a "NSR_DFA_SI_DD_HOST=<server_name>"
NOTE: For a clusterless AAG, you must add the option -a "SKIP_CLIENT_RESOLUTION=TRUE" and specify
<AAG_name>_<AAG_GUID> with the -c option.
where:
-c <cluster_name>
Specifies the Windows cluster name that you want to back up.
-c <AAG_name>_<AAG_GUID>
Specifies the clusterless AAG that you want to back up, for example, -c AAG1_ef770eaf-ebe3-f5be-
bdff-3a7243ff1236.
-A <virtual_server>
Specifies the fully qualified domain name (FQDN) of the virtual server.
NOTE: The -A option does not apply to clusterless AAG backups.
-l {full | incr | diff}

Specifies the type of the backup to perform such as full (full), transaction log (incr), or differential
(diff). The default value is full.
Specifies the name of the DD server that contains the storage unit where you want to back up the
databases.
Specifies the name and the path of the storage unit where you want to direct the backup.
-a "SKIP_CLIENT_RESOLUTION=TRUE"
Specifies to skip the client resolution for <AAG_name>_<AAG_GUID>, as specified with the -c option.
Skipping the client resolution is required for a clusterless AAG backup.
"<backup_path>"
Specifies the path to the objects that you want to back up.
○ To back up the entire instance, type MSSQL#<aag_name>:
○ To back up specific databases, type [MSSQL#<aag_name>:]<database>
[[MSSQL#<aag_name>:]<database> [...]]
For example: For example: "MSSQL#aag1:database1" "MSSQL#aag1:database2"
○ To back up the entire instance, type MSSQL$<Instance_Name>#<aag_name>:
○ To back up specific databases, type MSSQL$<Instance_Name>#<aag_name>:<database>
[...]
For example: "MSSQL$SqlInst1#sql2012-aag3:database1"
"MSSQL$SqlInst1#sql2012-aag3:database2"
NOTE: The Microsoft application agent does not support backing up multiple Always On availability groups in the same
operation.
Microsoft SQL Server cluster backup command
The following command backs up databases in a Microsoft SQL Server cluster environment:
ddbmsqlsv.exe -c SQLcluster1.adesc.com -A SQLcluster1.adesc.com -l

full -a "NSR_DFA_SI_DD_HOST=10.31.196.90" -a "NSR_DFA_SI_DD_USER=ost" -a
"NSR_DFA_SI_DEVICE_PATH=/sqlserver" "MSSQL$SQ12INST4#sql2012-aag3:"
Backing up an Always On availability group when all instance names are the same
When the server nodes contain only default instances, or when the Microsoft SQL Server instance names are all the same in the
availability group, type the backup command in the following syntax:
NOTE:
For self-service backups, the retention time displayed in the SSMS plug-in does not match the retention time displayed in
PowerProtect Data Manager. The retention time in PowerProtect Data Manager is normalized and rounded off to midnight.
A retention setting in PowerProtect Data Manager overrides a retention setting specified by the -y option.
ddbmsqlsv.exe -c SQL2012clus3.brsvlab.local -S 4 -l full -y +30d -a

"NSR_DFA_SI_DD_HOST=ddve-01" -a "NSR_DFA_SI_DD_USER=sqlboost" -a "NSR_DFA_SI_PATH=/
sqlboost" -a "NSR_DFA_SI_DD_LOCKBOX_PATH=C:\Program Files\DPSAPPS\common\lockbox" -a
"NSR_SKIP_NON_BACKUPABLE_STATE_DB=TRUE" "MSSQL$SQ12INST4#sql2012-aag3:"
where:
● -c SQL2012clus3.brsvlab.local specifies the cluster name.
● "MSSQL$SQ12INST4#sql2012-aag3:" is the backup object name, where all the databases of the sql2012-aag3 Always
On availability group are backed up. The backup object name is made of the following components:
○ MSSQL is a mandatory term.
○ If you use named instances, $SQ12INST4 is the Microsoft SQL Server instance name.
If you use a default instance, do not specify $<Microsoft_SQL_Server_instance_name> in the backup object.
○ # indicates a federated backup.
○ sql2012-aag3 is the AlwaysOn Availability Group name.
Backing up an Always On availability group when there are multiple instance names
When you back up an Always On availability group where the nodes contain Microsoft SQL Servers with different instance
names, the backup command on each instance should reflect the available instance.
For example, consider the following scenario:
● There are two different instances:
○ SQ12INST4 resides on Node1.
○ SQ12INST5 resides on Node2
● Node1 is the primary replica.
● Node2 is the secondary replica.
● The Always On availability group backup preference is set to secondary.
In this scenario, the backup command on SQL2INST4 should specify the backup object as "MSSQL$SQL2INST4#sql2012-
aag3:", while backup command on SQL2INST5 should specify the backup object as "MSSQL$SQL2INST5#sql2012-
aag3:". After failover of Node1 and Node2, Node1 becomes secondary, and Node2 becomes primary. The backup command is
the same after failover.
NOTE: When browsing the backups for a restore operation, the save sets could be in either of the instances (SQL2INST4
or SQL2INST5). The save set depends on the instance that is used for the first backup.
Backing up multiple databases in an Always On availability group

To back up only certain databases in an Always On availability group, use "<save_set_name1>" "<save_set_name2>"
"<save_set_name3>"... to specify the database names as the backup objects.
Type the backup command with the following syntax:
NOTE:
ddbmsqlsv.exe -c SQL2012clus3.brsvlab.local -S 4 -l full -y +30d -a

"NSR_DFA_SI_DD_HOST=ddve-01" -a "NSR_DFA_SI_DD_USER=sqlboost" -a "NSR_DFA_SI_PATH=/
sqlboost" -a "NSR_DFA_SI_DD_LOCKBOX_PATH=C:\Program Files\DPSAPPS\common\lockbox"
-a "NSR_SKIP_NON_BACKUPABLE_STATE_DB=TRUE" "MSSQL$SQ12INST4#sql2012- aag3:database1"
"MSSQL$SQ12INST4#sql2012-aag3:database3" "MSSQL $SQ12INST4#sql2012-aag3:database8"
where:
● MSSQL$SQ12INST4#sql2012-aag3:database1, MSSQL$SQ12INST4#sql2012-aag3:database3, and
MSSQL$SQ12INST4#sql2012-aag3:database8 are the backup objects
● Only database1, database3, and database8 of the sql2012-aag3 Always On availability group are backed up.
Optional parameters for the ddbmsqlsv command

The following list describes the optional parameters that you can use with the ddbmsqlsv command:
-N <backup_set_name>
Specifies a name for the backup.
-b <backup_set_description>
Specifies a description for the backup.
-S <number_of_stripes>
Specifies to perform a striped backup using the number of stripes that you specify. If you specify a value
greater than a maximum limit of 32, the value defaults to 32.
-a "SKIP_SIMPLE_DATABASE={TRUE | FALSE}"
Specifies whether to ignore backing up SIMPLE recovery model databases. Use this option if you select
the SIMPLE recovery model databases for backup, and specify Transaction log as the backup type. The
SIMPLE recovery model databases do not support transaction log backups.
The default value is FALSE.
-a "NSR_SKIP_NON_BACKUPABLE_STATE_DB={TRUE | FALSE}"
Specifies whether to check the status of the selected databases and ignore the databases that are
unready or unavailable for the backup.
If the status of the databases is ONLINE, the databases are ready or available for backups.
If the status of the databases is OFFLINE, EMERGENCY (SINGLE_USER Mode), SUSPECT,
RESTORING, RECOVERING, or RECOVERY_PENDING, the databases are not ready or available for
backups.
The default value is TRUE.
-q
Displays ddbmsqlsv messages in the quiet mode, that is, the option displays summary information and
error messages only.
-v
Displays ddbmsqlsv messages in the verbose mode, that is, the option provides detailed information
about the progress of the backup operation.
-G
Specifies to perform a NO_LOG transaction log backup before backing up the database.
-R
Uses the NO_TRUNCATE option when backing up transaction logs.
-T
Performs a TRUNCATE_ONLY transaction log backup before backing up the database.
-k
Specifies to perform a checksum before backing up the data to the device.
-u
Specifies to perform a checksum before the backup but to proceed with the backup operation even in
the case of errors.
-y +<integer>{d | w | m | y}
Specifies the period of time after which the backup must expire. For example:
-y +20d
NOTE:
For self-service backups, the retention time displayed in the SSMS plug-in does not match the
retention time displayed in PowerProtect Data Manager. The retention time in PowerProtect Data
Manager is normalized and rounded off to midnight.
A retention setting in PowerProtect Data Manager overrides a retention setting specified by the -y
option.
You can specify any positive integer, followed by one of the following units of time:
● d for day
● w for week
● m for month
● y for year
The maximum possible retention date is 2/7/2106.
If you omit this option or specify 0, the default value of 30 days is used.
-h "<databases_to_omit>"
Specifies databases to omit from the backup. You can use this option to specify exact database names
or use wildcard characters.
Two wildcard characters are supported:
● Question mark (?): Matches any single character
● Asterisk (*): Matches zero to unlimited characters
When you use wildcard characters you must enclose the database name in square brackets, for
example, [“DB?”].
For example, consider the following scenarios:
● To exclude only DB_1 and DB_2 from the backup, add -h “DB_1” -h “DB_2” to the backup
command.
● To exclude all databases named with the format of DB_x, such as DB_9 and DB_a, add -h
[DB_?”] to the backup command.
● To exclude all databases with names ending in DB, add -h [“*DB”] to the backup command.
-O {BUFFERCOUNT | READ_WRITE_FILEGROUPS}
Specifies advanced backup options.
You can specify the following advanced backup options:
● BUFFERCOUNT=<number_of_IO_buffers>: Specifies the total number of IO buffers that can be used
during a backup operation.
● READ_WRITE_FILEGROUPS: Specifies to back up only the read/write (active) filegroups within the
database.
If you are specifying multiple options, separate each argument with a comma. The syntax is as follows:
-O "Option1, Option2, Option3"
-D <debug_level_1_through_9>
Generates detailed logs that you can use to troubleshoot backup issues. The default value is 0 (zero).
-a "DELETE_DEBUG_LOG_DAYS=<days>"
Specifies to delete debug log files that are older than the specified number of days. The valid range is
between 1 and 32767. By default, debug logs are not deleted. Regularly deleting debug logs prevents the
log folder on the installation drive from becoming too large.
This parameter only deletes debug logs named in the default format and located in the logs folder at
-a "NSR_COPY_ONLY={TRUE | FALSE}"
Performs a copy-only backup from a Microsoft SQL Server. The copy-only backups do not disturb the
Microsoft SQL Server backup chain and do not affect backup-level promotion and log truncation. The
default value is FALSE.
This option applies only if you specify either full or incr as the backup type with the -l parameter.
Copy-only transaction log backups are generally required only to perform online restores.
-a "NSR_ENABLE_FC={TRUE | FALSE}"
Enables or disables backing up the databases to the DD server through Fibre Channel. The default value
is FALSE.
-a "NSR_FC_HOSTNAME=<fibre_channel_server>
Specifies the hostname of the Fibre Channel. Use this option with the -a "NSR_ENABLE_FC=TRUE"
parameter.
-a "NSR_INCLUDE_AAG_DATABASE=None”
Specifies to omit Always On availability group databases from an instance-level backup operation.
-a "NSR_DFA_SI_DD_LOCKBOX_PATH=<full_path_to_lockbox>"
Specifies the folder that contains the lockbox file, which contains encrypted information about the
registered hosts and the corresponding usernames in pairs. Each pair is associated with a password that
backups use.
If you do not specify a value, the path defaults to lockbox path in the default installation path, which is
C:\Program Files\DPSAPPS\common\lockbox.
-a "SKIP_SYSTEM_DATABASE={TRUE | FALSE}"
Specifies whether to skip the system databases during instance-level transaction log backups. The
default value is FALSE.
-a "BACKUP_PROMOTION={ALL | NONE | NONE_WITH_WARNINGS | SKIP_RECOVERY_MODEL |
SKIP_RECOVERY_MODEL_WITH_WARNINGS}"
Specifies backup promotion options. The following values are valid:
● ALL (Default): Enables backup promotion to occur in any applicable scenario.
● NONE: Disables all backup promotion.
● NONE_WITH_WARNINGS: Disables backup promotion, but logs a warning when backup promotion
would normally occur.
● SKIP_RECOVERY_MODEL: Disables database recovery model change detection. Backup promotion
as a result of recovery model change will not occur, but backup promotion in other scenarios will still
occur.
● SKIP_RECOVERY_MODEL_WITH_WARNINGS: Enables database recovery model change detection,
but if a recover model change is discovered, logs a warning instead of promoting the backup. Backup
promotion in other scenarios will still occur.
The setting specified with this option applies to every database in the Microsoft SQL Server instance
when this setting is specified along with a Microsoft SQL Server instance-level backup path.
Similarly, the setting specified with this option applies only to specified databases when this setting is
specified with a database level backup path.
Perform backups with T-SQL scripts

The Microsoft application agent for Application Direct enables you to generate a SQL-CLR script that you can use to back up
Microsoft SQL Server.
The SQL-CLR backup command, emc_run_backup, uses the Microsoft application agent for Application Direct with Microsoft
SQL Server backup command prompt options. You must also provide VARCHAR parameters to this command.
To use this command, you must have a detailed knowledge of the Microsoft application agent for Application Direct with
Microsoft SQL Server backup command prompt options. Back up Microsoft SQL Server with the Application Direct backup
command provides information about the Microsoft application agent for Application Direct with Microsoft SQL Server backup
command prompt options.
Sample T-SQL backup script

The following SQL-CLR script is an example of a backup script:
NOTE:
USE [master]
GO
8 -l full -N "Set1" -y +0d -a "NSR_DFA_SI_DD_HOST=10.31.192.10" -a
"NSR_DFA_SI_DD_USER=ost" -a "NSR_DFA_SI_DEVICE_PATH=/ddsub7" -a
"NSR_SKIP_NON_BACKUPABLE_STATE_DB=TRUE" "MSSQL:"'
IF @returnCode <> 0
BEGIN
END
You can use any Microsoft SQL Server standard interfaces, such as the SSMS Query window and OSQL command line tool, to
run the SQL-CLR scripts.
You can use the SQL-CLR script to schedule Microsoft SQL Server backups by using the SQL Server Agent. Scheduling
Microsoft SQL Server backups by using SQL Server Agent provides information.
Best practices to back up Microsoft SQL Server with Application Direct provides guidelines for better performance of Microsoft
SQL Server backups by using the Microsoft application agent for Application Direct SQL-CLR scripts.
Performing Microsoft SQL Server push backups by using the Microsoft

application agent for Application Direct T-SQL scripts
About this task
To back up either all databases or only the specific databases of a Microsoft SQL Server instance from a source host to a DD
device by using a different host, perform the following steps:
Steps
1. Start SSMS on a different host that you use to perform the backup.
2. Connect to the source Microsoft SQL Server instance on the source host.
3. In the SSMS window on the different host, click New Query.
4. In the New Query window, run the T-SQL script to perform the backup.
Results
You can either generate the T-SQL script by using the Microsoft application agent GUI on the source host and copy it to
the New Query window on the different host or write the T-SQL script in the New Query window. Perform backups with the
Microsoft app agent for Application Direct SSMS plug-in and Perform backups with T-SQL scripts provide information.
T-SQL push backup script
NOTE:
USE [master]
GO
EXEC @returnCode = dbo.emc_run_backup ' -c CLUST-SQL-02.contoso.com -A
CLUST-SQL-02.contoso.com -l full -y +0d -a "NSR_DFA_SI_DD_HOST=nmmddtwo.sp2010.com" -
a "NSR_DFA_SI_DD_USER=ost" -a "NSR_DFA_SI_DEVICE_PATH=/ddbmav2b75" -a
"NSR_SKIP_NON_BACKUPABLE_STATE_DB=TRUE" "MSSQL$Inst1:Clus-SQL-01-DB01"
"MSSQL$Inst1:CLUST-SQL-02-DB01" "MSSQL$Inst1:CLUST-SQL-02-DB02" "MSSQL
$Inst1:CLUST-SQL-02-DB03"'
IF @returnCode <> 0
BEGIN
END
where:
● CLUST-SQL-02.contoso.com is the source host that has the source Microsoft SQL Server instance that you want to
back up.
● Inst1 is the source Microsoft SQL Server instance, to which you must connect from the different host to perform the
backup.
● Clus-SQL-01-DB01, CLUST-SQL-02-DB01, CLUST-SQL-02-DB02, and CLUST-SQL-02-DB03 are the databases
that you have selected in the Inst1 instance to back up.
Performing federated backups of SQL Always On availability group

databases by using T-SQL scripts
To perform federated backups, use the same backup command and options that Perform backups with T-SQL scripts describes,
but with the following modifications:
● Specify the Windows cluster name for <client_name> in -c <client_name>.
● Specify the backup object name for <save_set_name> in -N <save_set_name>.
● Specify #<AlwaysOn_Availability_Group_name> in the backup object name.
The options in the following sample scripts indicate these modifications.
NOTE:
The Microsoft application agent does not support backing up multiple Always On availability groups in the same operation.
Sample T-SQL script to back up an entire Always On availability group
USE [master]
GO
EXEC @returnCode = dbo.emc_run_backup '-c SQL2012clus3.brsvlab.local
-S 4 -l full -y +30d -a "NSR_DFA_SI_DD_HOST=ddve-01"
-a "NSR_DFA_SI_DD_USER=sqlboost" -a "NSR_DFA_SI_PATH=/sqlboost"
-a "NSR_DFA_SI_DD_LOCKBOX_PATH=C:\ProgramFiles\DPSAPPS\common\lockbox"
-a "NSR_SKIP_NON_BACKUPABLE_STATE_DB=TRUE"
-N "MSSQL$SQ12INST4#sql2012-aag3:" "MSSQL$SQ12INST4#sql2012-aag3:"'
IF @returnCode <> 0
BEGIN
END
Sample T-SQL script to back up multiple databases (a subset of databases) of an Always On availability group
USE [master]
GO
EXEC @returnCode = dbo.emc_run_backup '-c SQL2012clus3.brsvlab.local -
S 4 -l full -y +30d -a "NSR_DFA_SI_DD_HOST=ddve-01"
-N "MSSQL$SQ12INST4#sql2012-aag3:DB" "MSSQL$SQ12INST4#sql2012-aag3:database1"
"MSSQL$SQ12INST4#sql2012-aag3:database3" "MSSQL$SQ12INST4#sql2012-aag3:database8"'
IF @returnCode <> 0
BEGIN
END
Sample T-SQL script to back up a specific database of an Always On availability group
USE [master]
GO
EXEC @returnCode = dbo.emc_run_backup '-c SQL2012clus3.brsvlab.local -
S 4 -l full -y +30d -a "NSR_DFA_SI_DD_HOST=ddve-01"
-N "MSSQL$SQ12INST4#sql2012-aag3:database1" "MSSQL$SQ12INST4#sql2012-aag3:database1"'
IF @returnCode <> 0
BEGIN
END
5
Performing Self-Service Application Direct
Restores of Microsoft SQL Server Databases
Topics:
• Restoring a Microsoft SQL Server application host
• Best practices to restore Microsoft SQL Server with Application Direct
• Restoring Microsoft SQL Server databases
• Performing table-level recovery
• Performing Microsoft SQL Server disaster recovery
Restoring a Microsoft SQL Server application host

You can use the Microsoft application agent to restore the database or table-level backups directly to the Microsoft SQL Server
application host.
NOTE: The Microsoft application agent does not support the quick recovery feature with PowerProtect Data Manager. The
PowerProtect Data Manager Administrator Guide provides more information about the quick recovery feature.
The following topics provide instructions on how to restore an application-aware Microsoft SQL Server backup.
Best practices to restore Microsoft SQL Server with

Application Direct
Consider the best practices to restore Microsoft SQL Server using Application Direct.
Configure connection settings

DD Boost devices do not distinguish among Transmission Control Protocol (TCP)/Internet Protocol (IP), Fibre Channel (FC),
and LAN, WAN, and MAN network types. DD Boost devices can successfully operate where packet loss is strictly 0% and
latency is less than 20 ms.
Enable instant file initialization

For better restores, enable the instant file initialization feature on Microsoft SQL Server. The Microsoft SQL Server initialization
procedure writes zeros to the portion of the disk that contains the data and the log files. Enabling the instant file initialization
feature does not enable zeroing of the disk for the data files.
Configure usage limits for DD streams

Configure a sufficient number of DD streams for better performance of backups and restores. The streams control backup and
restore parallelism for each database.
The Microsoft application agent requires one stream per save set that you back up or restore. When you perform striped
backups, each stripe requires one stream. The stripes are concurrently run for each database. Databases are sequentially backed
up and restored. When you use stripes, the number of streams must be equal to or more than the number of stripes.
The minimum number of streams for a non-stripe environment is 1.
122 Performing Self-Service Application Direct Restores of Microsoft SQL Server Databases
Configuring usage limits of DD streams provides more information about streams limit, impact of exceeding the limits, and
Restoring Microsoft SQL Server databases

The Microsoft application agent for Application Direct with Microsoft SQL Server supports multiple tools to recover databases.
You can recover databases using the Microsoft application agent SQL Server Management Studio plug-in (GUI), Microsoft
application agent for Application Direct commands, or T-SQL scripts.
Prerequisites
Learn about prerequisites for database restores.
Prerequisites for restoring a database to a remote server

Learn how to restore a database to a remote Microsoft SQL Server instance.
The Microsoft application agent supports browsing and restoring backups to a remote server.
Restore operations to a remote server are supported through the Application Direct SQL Server Management Studio (SSMS)
plug-in only.
The Microsoft application agent and Application Direct SSMS plug-in must be installed on the Microsoft SQL Server where you
will configure the restore operation. Using the SSMS plug-in, you can browse Microsoft SQL Server backups from any server on
the DD storage unit and set the target destination to the remote server where you want to restore the data.
Prerequisites
Ensure that your environment meets the following requirements:
● The Microsoft application agent must be installed on the target remote instance.
● Configure the same lockbox on the target remote instance as the lockbox on the instance where you configure the restore
operation.
For example, if the instance where you are running the restore has a lockbox with DataDomain1 and StorageUnit1, you must
create the same lockbox with DataDomain1 and StorageUnit1 on the target remote instance.
● The SQL Server Agent must be running on the target remote instance.
If the remote instance is on the same domain as the server where you are configuring the restore operation, the Microsoft
application agent starts the SQL Server Agent automatically during the restore operation. If the remote server is on a
different domain, then you must launch the SQL Server Agent on the target server manually.
● You should be able to connect with the remote instance using the Connect to Server option in the SQL Server
Management Studio.
If you cannot connect to the remote instance, the restore will fail.
Prerequisite to restore a database in an Always On availability group

To restore a database that is part of an Always On availability group, before you start the restore operation, you must remove
the database from the Always On availability group.
Re-add the database to the availability group after the restore operation is complete.
Performing Self-Service Application Direct Restores of Microsoft SQL Server Databases 123
Restore a database with the Microsoft app agent for Application
Direct plug-in
The Microsoft application agent supports a user interface to perform restore operations through a SQL Server Management
Studio (SSMS) plug-in.
The Microsoft application agent caches Microsoft SQL Server restore settings. The Microsoft application agent automatically
loads the information from the last recovery operation and populates restore settings. Caching saves time by eliminating the
need to reselect the settings each time you run a restore operation. To clear the cached settings, click Clear Cache.
The Script option is available in each page of the Database Restore tab, which generates a command prompt equivalent
script. You can use the script to create a .bat file to perform automation and other tasks. The following script options are
available:
● CLI Scripts: To generate the command script, which you can use to run a restore from the command prompt.
● T-SQL Scripts: To generate a restore script in the T-SQL format.
Launching the Microsoft application agent for Application Direct SSMS

plug-in
To launch the Microsoft application agent for Application Direct SSMS plug-in, perform the following steps.
1. From the Windows Start menu, select Microsoft SQL Server Management Studio.
2. In the Microsoft SQL Server Management Studio, in the Connect to Server window, specify the server information and
credentials, and then click Connect.
3. On the toolbar, click Microsoft App Agent (Application Direct).
NOTE: If the Microsoft App Agent (Application Direct) button is not on the toolbar, the plug-in may be unable to
register. In this scenario, you can launch the plug-in directly from the Start menu. From the Windows Start menu, select
DDBMA Plugin for SQL Server Management Studio.
Configure general restore settings

To configure Microsoft SQL Server restores with the Microsoft app agent for Application Direct SSMS plug-in, you must first
specify general restore options on the Database Restore > General page.
Steps
1. Open the Microsoft app agent for Application Direct window to the Database Restore > General page.
Figure 10. Application Direct - Database Restore-General page
The Microsoft application agent automatically loads the information from the last recovery operation and populates all of the
fields under Sources. To clear the cached settings, click Clear Cache.
2. In the PowerProtect DD System field, select the DD server that contains the backup.
NOTE: When you want to restore a replicated backup from a secondary DD server, select the secondary server. The DD
user on the secondary DD server must be in the same group as the primary server.
3. From the SQL Server host list, select the Microsoft SQL Server host that is the source of the backup. Select the Windows
cluster name in the case of federated backups.
4. From the SQL Server Instance list, select the Microsoft SQL Server instance that contains the databases that you want to
restore.
The databases located on the Microsoft SQL Server instance appear in the database table below the SQL Server Instance
field.
5. From the database table, select either the entire Microsoft SQL Server instance by selecting the check box in the header
row or select only the required databases to restore.
The save sets on the Microsoft SQL Server instance that are available for recovery appear in the save sets table below the
Browse time field.
By default, the restore process selects the most recent backup timestamp for each selected database. If you have selected a
single database, you can perform a point-in-time (PIT) restore.
6. (Optional) To perform a point-in-time restore of a single database, perform the following steps:
a. From the Browse time list, select a date and time, and click Show Versions.
All of the backups that were performed within the specified timeline appear in the save sets table.
b. From the save sets table, select the save set with the timestamp that you want to restore.
Click < < Older or Newer > > to browse additional save sets.
NOTE: You cannot perform a PIT restore of multiple databases.
7. (Optional) To select the backup timestamp, perform the following steps

By default, the most recent timestamp is used.
a. Click Timeline.
The Backup Timeline dialog box appears, as shown in the following figure.
Figure 11. Specifying the restore point

b. Select the backup timestamp, and then click OK.
8. Choose the location where the backup is restored to:
● To perform a recovery directly to the database, perform the following steps:
a. Select Restore to SQL Server.
b. From the Instance list, select the instance where you want to restore the database.
You can restore the database to the source instance or an alternate instance.
If you are restoring the database to an instance on a remote Microsoft SQL Server that is not listed, perform the
following steps:
i. From the Instance list, select Browse for more.
The Connect to Server window appears.
ii. In the Connect to Server window, beside Server Name, click ... to load the Microsoft SQL Server Instances on
the network.
iii. In the Server Name field, type the instance name or select the name from the list.
iv. From the Authentication list, select one of the following authentication modes to connect to the Microsoft SQL
Server:
○ Select Windows Authentication when you are restoring to a host in the same domain.
○ Select SQL Server Authentication when you are restoring to a host in a different domain
v. Type the login credentials in the Login and Password fields.
vi. To access the SQL Agent Service with a proxy user, under Proxy User Of SQL Agent, type the login credentials
in the User Name and Password fields. You must type the username in the format of Domain Name\User
Name.
Specify the proxy user credentials if the SQL Agent Service user does not have sufficient permissions to perform
a restore operation or if you want to perform restore as a different user.
If the SQL Agent Service on the target server uses a Windows Domain account and you select Windows
Authentication, the proxy user credentials are optional.
vii. Click OK.
c. From the Database list, select the database where the backup will be recovered to.
● To perform a flat-file recovery, perform the following steps:
a. Select Restore backups as files.
b. In the Folder field, specify the destination for the files. The Folder field is populated with the default destination
path.
9. To start the restore operation, click Run.
Configure files and filegroup restore settings
When you configure Microsoft SQL Server restores with the Microsoft app agent for Application Direct SSMS plug-in, you
change the default destination folders of the database files (.mdf and .ndf) and log files (.ldf) on the Database Restore >
Files/Filegroups page.
About this task

All settings on the Files/Filegroups page are optional.
NOTE: Settings on the Files/Filegroups page are disabled when you configure a restore to a remote server, including
changing the restore path.
Steps
1. From the left panel, click Files/Filegroups.
The Files/Filegroups page appears as shown in the following figure.
Figure 12. Application Direct - Database Restore-Files page
2. Under Filegroup Options, to display the corresponding database files of the databases that you have selected on the
General page, from the Select Filegroup to restore list, select one of the following options:
● All Files: Displays the database files of all the selected databases.
● PRIMARY: Displays the database files of the selected databases that belong to the PRIMARY filegroup only.
● Custom filegroup name: Displays the database files of the selected databases that belong to the selected custom
filegroup name only. In the figure, the custom filegroup names are sec and third.
3. Under Relocation Options, to change the destination restore paths, perform one of the following action sequences:
● To change the destination paths of all of the data and log files, perform the following steps:
a. Select Relocate all files to folder.
b. Click the Data file folder browse button to specify a location for the data files, or click inside the field to type the
folder path.
c. Click the Log file folder browse button to specify a location for the log files, or click inside the field to type the
folder path.
● To change the destination path for each individual data or log file, perform one of the following actions in the files table:
○ To browse for a destination path, click the browse button to the right of each data or log file. A window appears
where you can browse and select the file path.
○ To type a new destination path, in the Restore As column, click the appropriate cell and type a destination path. If
the path does not exist, a dialog box appears asking if you want to create the folder.
NOTE: The settings under Relocation Options are disabled if you have selected the Restore backups as files option
on the General page.
Configure optional database restore settings

When you configure Microsoft SQL Server database restores with the Microsoft app agent for Application Direct SSMS plug-in,
you can specify optional restore settings on the Database Restore > Options page.
About this task

Steps
1. From the left panel, click Options to specify optional restore settings.
Figure 13. Application Direct - Database Restore-Options page
2. To overwrite the existing database with the restored data, select Overwrite the existing database (WITH REPLACE).
The database is overwritten only if the database name is unchanged.
If you selected the Restore backups as files option, this option is disabled.
NOTE: After you perform a system database rebuild in the Microsoft SQL Server, you must specify the WITH
REPLACE option with the ddbmsqlrc.exe command when you restore the system databases, including master,
model, and msdb.
3. To specify a recovery state, select one of the following options in the Recovery state field:
● RESTORE WITH RECOVERY: To leave the database in the ready-to-use state by rolling back uncommitted
transactions, and disable the ability to restore the most recent or additional transaction logs.
● RESTORE WITH NORECOVERY: To leave the database in the non-operational state by not rolling back uncommitted
transactions, and enable the ability to restore the most recent or additional transaction logs.
● RESTORE WITH STANDBY: To enable the ability to undo committed transactions, save the undo actions in a standby
file that enables you to reverse the restore effects, and put the database in the read-only mode. If you select this option,
specify the Standby file field by clicking the button that is located on the right of the field, browsing for the file, and
then selecting it.
4. To perform a verify only operation, select Verify only.
A verify only operation verifies that the restore process meets the following requirements without performing the restore
operation:
● The backup set that you want to restore is complete and all volumes are readable
● Header fields, such as database page IDs are ready to write data
● Whether the checksum is proper if the backup was performed by selecting the Perform checksum before writing to
media option
● Whether the destination host has sufficient space to restore data
NOTE:
○ The Verify only option requires sufficient space on the client host to operate.
○ If you select the Restore backups as files option, this option is disabled.
5. To compress the restore contents and transport them from the DD Replicator to the application host, select PowerProtect
DD System Boost compressed restore.
This option reduces the impact on network bandwidth.
6. To generate detailed logs, which you can use to troubleshoot any restore issues, specify a number between 1 and 9 in the
Select a debug level field. The default value is 0 (zero).
7. To delete debug logs older than a certain number of days, in the Delete debug logs after field, specify the number of days
with a number between 1 and 32767 days. The default value is 0 and does not delete any debug logs.
8. To restore all the backups that were performed during or after a specified start time and up until the time of the backup that
is being restored, select Specify a start time for restore.
Specify the start date and time in the corresponding fields beside the Specify a start time for restore field. The start date
and time must be before the backup time of the save set that is being restored.
9. To specify advanced recovery options, use the Advanced options field to select or type advanced recovery options.
Separate multiple entries with a comma, for example:
BUFFERCOUNT=2, KEEP_CDC, KEEP_REPLICATION
The following advanced recovery options are supported:
● BUFFERCOUNT=buffer_number: Specifies the total number of IO buffers that can be used during recovery.
● KEEP_CDC: Enables change data capture (CDC) recovery.
When restoring a database with CDC enabled, the recover operation works differently depending on the recovery
destination.
Use the KEEP_CDC option to:
○ Recover the CDC enabled database on the same Microsoft SQL Server instance by overwriting an existing database.
In this scenario, KEEP_CDC is optional.
○ Recover the CDC enabled database with a different name on the same Microsoft SQL Server instance.
In this scenario, KEEP_CDC is required.
○ Recover the CDC enabled database on a different Microsoft SQL Server instance.
● KEEP_REPLICATION: Preserves the replication when recovering a published database. This option is required if a
database was replicated when the backup was created.
10. To edit the number of save sets or versions that the Microsoft application agent cache retrieves, specify a number in the
Number of entries to retrieve field.
You can specify a value of 1 through 10000. The default value is 50.
11. To perform a tail-log backup of the data before performing a restore operation, select Take tail-log backup before
restore.
A tail-log backup ensures that the Microsoft application agent backs up the data that has changed since the previous
backup.
NOTE:
● The Microsoft application agent for Application Direct does not support tail-log backups of multiple databases.
● This option is disabled if the Restore backups as files or Verify only options are selected.
12. To ensure exclusive access to the database during the restore operation if multiple connections exist, select Close existing
connections to destination database.
Monitor the restore operation
After a database restore operation is run from the Microsoft app agent for Application Direct SSMS plug-in, the Database
Restore > Monitor page displays the restore script and status.
The following figure shows the restore information and status as it appears on the Monitor page.
Figure 14. Application Direct - Database Restore-Monitor page
NOTE: For information about the success or failure of the restore operation, review the log files that are located in the
Perform database restores with the Microsoft application agent for

Application Direct recover command
Use the ddbmsqlrc command to configure a restore of Microsoft SQL Server databases from a command prompt.
NOTE: In the syntaxes, the options that are enclosed in square brackets, that is, [ and ] are optional.
To perform specific backup-related and restore-related operations, the Microsoft application agent also supports the
ddbmadmin.exe command besides the msagentadmin.exe command. However, the ddbmadmin.exe command is
deprecated.
Syntax to restore databases on a stand-alone server
Run the following command to restore databases in a stand-alone environment:
ddbmsqlrc.exe -c <client_name> -S {normal | norecover | standby:<filepath>\undo.ldf}

-a "NSR_DFA_SI_DD_HOST=<server_name>" -a "NSR_DFA_SI_DD_USER=<DD_Boost_user>"
-a "NSR_DFA_SI_DEVICE_PATH=<storage_unit_name_and_path>" [<optional_parameters>]
"<restore_path>"
where:
-c <client_name>
Specifies the Microsoft SQL Server hostname, to which you want to restore the required databases.
A Microsoft SQL Server host contains the backed-up stand-alone or clustered Microsoft SQL Server
instances and the corresponding databases.
-S {normal | norecover | standby:<filepath>\undo.ldf}
Performs one of the following tasks:
● normal: Enables you to roll back uncommitted transactions and use the database to restore the
most recent or additional transaction logs.
● norecover: Disables your ability to roll back uncommitted transactions and use the database to
restore the most recent or additional transaction logs.
● standby:<filepath>\undo.ldf: Enables you to undo committed transactions, saves the undo actions
in a standby file that enables you to reverse the restore effects, and puts the database in the
read-only mode.
Specifies the name of the DD server that contains the backup.
When you have a remote (secondary) DD server that has replicated databases to restore, type the name
of the secondary server. A DD user on the secondary DD server must be in the same group as the
primary server.
Specifies the name and the path of the storage unit that contains the backup.
"<restore_path>"
Specifies the path to the backup objects that you want to restore.
Type the restore path in one of the following formats:
○ To restore backups of the entire instance, type MSSQL:
○ To restore backups of specific databases, type [MSSQL:]<database>
[[MSSQL:]<database> [...]]
○ To restore backups of the entire instance, type MSSQL$<Instance_Name>:
○ To restore backups of specific databases, type MSSQL$<Instance_Name>:<database>
[...]
Microsoft SQL Server stand-alone restore command
ddbmsqlrc.exe -c sqlx86.adesc.com -t "Monday, November 11, 2013 1:05:47 PM"

-S normal -a "NSR_DFA_SI_DD_HOST=10.31.77.27" -a "NSR_DFA_SI_DD_USER=arti1" -a
"NSR_DFA_SI_DEVICE_PATH=/artrep2" "MSSQL$SQL2K8:testddr1"
Syntax to restore databases in an Always On availability group
Run the following command to restore databases in an Always On availability group environment:
ddbmsqlrc.exe -c <cluster_name> -A <virtual_server> -S

{normal | norecover | standby:<filepath>\undo.ldf} -a
"NSR_DFA_SI_DD_HOST=<server_name>" -a "NSR_DFA_SI_DD_USER=<DD_Boost_user>"
"<restore_path>"
Run the following command to restore databases in a clusterless Always On availability group (AAG) environment:
ddbmsqlrc.exe -a "SKIP_CLIENT_RESOLUTION=TRUE" -c <AAG_name>_<AAG_GUID>

-S {normal | norecover | standby:<filepath>\undo.ldf} -a
"NSR_DFA_SI_DD_HOST=<server_name>" -a "NSR_DFA_SI_DD_USER=<DD_Boost_user>"
"<restore_path>"
NOTE: For a clusterless AAG, you must add the option -a "SKIP_CLIENT_RESOLUTION=TRUE" and specify
<AAG_name>_<AAG_GUID> with the -c option.
where:
-c <client_name>
Specifies the Windows cluster name for the restore.
To perform a redirected restore, specify a Microsoft SQL Server host that is not the current host.
-c <AAG_name>_<AAG_GUID>
Specifies the clusterless AAG for the restore, for example, -c AAG1_ef770eaf-ebe3-f5be-
bdff-3a7243ff1236.
-A <virtual_server>
Specifies the virtual server FQDN to restore the databases from the Microsoft SQL Server clustered
instance.
NOTE: The -A option does not apply to clusterless AAG restores.
-S {normal | norecover | standby:<filepath>\undo.ldf}

Performs one of the following tasks:
● normal: Enables you to roll back uncommitted transactions and use the database to restore the
most recent or additional transaction logs.
● norecover: Disables your ability to roll back uncommitted transactions and use the database to
restore the most recent or additional transaction logs.
● standby:<filepath>\undo.ldf: Enables you to undo committed transactions, saves the undo actions
in a standby file that enables you to reverse the restore effects, and puts the database in the
read-only mode.
primary server.
Specifies to skip the client resolution for <AAG_name>_<AAG_GUID>, as specified with the -c option.
Skipping the client resolution is required for a clusterless AAG restore.
"<restore_path>"
○ To restore backups of the entire instance, type MSSQL#<aag_name>:
○ To restore backups of specific databases, type [MSSQL#<aag_name>:]<database>
[[MSSQL#<aag_name>:]<database> [...]]
For example: "MSSQL#aag1:database1" "MSSQL#aag1:database2"
○ To restore backups of the entire instance, type MSSQL$<Instance_Name>#<aag_name>:
○ To restore backups of specific databases, type
MSSQL$<Instance_Name>#<aag_name>:<database> [...]
For example: "MSSQL$SqlInst1#sql2012-aag3:database1"
"MSSQL$SqlInst1#sql2012-aag3:database2"
Microsoft SQL Server Always On availability group restore command
ddbmsqlrc.exe -c sqlcluster1.adesc.com -A sqlcluster1.adesc.com -t "Monday,

November 11, 2013 1:05:47 PM" -S normal -a "NSR_DFA_SI_DD_HOST=10.31.77.27" -a
"NSR_DFA_SI_DD_USER=arti1" -a "NSR_DFA_SI_DEVICE_PATH=/artrep2" "MSSQL$SqlInst1#sql2012-
aag3:database2"
Microsoft SQL Server clusterless Always On availability group restore command
ddbmsqlrc.exe -a "SKIP_CLIENT_RESOLUTION=TRUE" -c
clusterlessa_6f27c29c-5d83-0062-8301-357210660ac6 -S normal -a
"NSR_DFA_SI_DD_HOST=10.31.140.154" -a "NSR_DFA_SI_DD_USER=ost"
-a "NSR_DFA_SI_DEVICE_PATH=/aru" -a "NSR_DFA_SI_DD_LOCKBOX_PATH=C:
\Program Files\DPSAPPS\common\lockbox" -C "'ClusterlessADB01'='H:
\MSSQL14.MSSQLSERVER\MSSQL\DATA\ClusterlessADB01.mdf', 'ClusterlessADB01_log'='H:
\MSSQL14.MSSQLSERVER\MSSQL\DATA\ClusterlessADB01_log.ldf'" -f -d MSSQL:ClusterlessADB01
MSSQL:ClusterlessADB01
Optional parameters for the ddbmsqlrc command

You can use the following optional parameters with the ddbmsqlrc command.
-a "NSR_DFA_SI_DD_LOCKBOX_PATH=<full_path_to_lockbox>"
backups use. If you do not specify a value, the path defaults to the installation path, which is typically
-t "<backup_time_stamp>"
Specifies the backup time stamp that you want to restore.
-a "NSR_ENABLE_FC={TRUE | FALSE}"
Enables database restoration to the DD server through Fibre Channel. The default value is FALSE.
-a "NSR_FC_HOSTNAME=<DD_Fibre_Channel_server_name>"
Specifies the hostname of the Fibre Channel.
-a "FLAT_FILE_RECOVERY={TRUE | FALSE}"
Performs a flat file restore to files, that is, restores a save set that has a full backup and multiple
transaction log and differential backups to files.
To know the order in which multiple transaction log backup files are restored, use the save times that
are present in the filenames.
-a "FLAT_FILE_RECOVERY_DIR=<folder_path>"
Specifies the folder, in which the flat file restore files are generated.
You can see the generated files in the
<flat_file_recovery_folder>\<client_name>\<instance_name> location.
-a "DDBOOST_COMPRESSED_RESTORE={TRUE | FALSE}"
Compresses the restore contents and transports them from the DD Replicator to the application host.
This option saves network bandwidth.
-a "RESTORE_START_TIME=<start_date_and_time>"
Restores all the backups that were performed at or after a specified backup time (start date and time)
and up to the backup time of the selected save set, that is, -t <Last_Backup_Time_Stamp>.
Specify the start date and time in the <mm>/<dd>/<yyyy> <hr>:<mins>:<secs> {AM | PM} format.
The start date and time must not be after the backup time of the selected save set, that is, -t
<Last_Backup_Time_Stamp>.
-a "RESTORE_TO_SOURCE_PATH=TRUE"
Ensures that the backup is restored to the original source path by default. The -a
"RESTORE_TO_SOURCE_PATH=TRUE" option is overridden if the -C or -H relocation options are used.
-a "CLOSE_SQL_CONNECTIONS={TRUE | FALSE}”
Specifies whether to enable exclusive access to the target database by changing the database to single
user mode during the restore operation to ensure a successful recovery.
-$ <instance>
Specifies the target Microsoft SQL Server instance that contains the target databases that you want to
restore. The default value is the instance where the backup was taken.
Type the value in one of the following formats:
● For the default instance, type MSSQL
● For a named instance, type MSSQL$<instance_name>
-d <destination_database>
Specifies the target database, to which you want to restore the backup.
Type the value in one of the following formats:
● <destination_database_name>
● MSSQL:<destination_database_name>
● MSSQL$<instance_name>:<destination_database_name>
-C file=path,file2=path2,...
Relocates the database files (.mdf, .ndf, and .ldf) to a different folder.
You cannot use the -C parameter and the -H parameter in the same operation.
-H " '<source_path>';'<destination_path>'"
Relocates file paths and all files contained in a path to a different location during a restore operation.
The -H command option can be used to relocate multiple file paths in the same command line.
The -H option is supported on standard and redirected restores, which includes the following:
● Normal restore—Same server and same instance.
● Different instance restore—Same server and different instance.
● Restore to different database file.
● Different server restore.
To relocate individual files, see the table entry for the -C option.
You cannot use the -C option and the -H option in the same operation.
-f
Overwrites the existing database with the current database that you restore if the names of both the
databases are same.
NOTE: After you perform a system database rebuild in the Microsoft SQL Server, you must specify
the WITH REPLACE option with the ddbmsqlrc.exe command when you restore the system
databases, including master, model, and msdb.
-q
Displays ddbmsqlsv messages in the quiet mode, that is, the option displays summary information and
error messages only.
-k
Specifies to perform a checksum before restoring the data.
-u
Specifies to perform a checksum before the restore operation but to proceed with the operation even in
the case of errors.
-D <debug_level_1_through_9>
Generates detailed logs that you can use to troubleshoot backup issues. The default value is 0 (zero).
-a "DELETE_DEBUG_LOG_DAYS=<days>"
Specifies to delete debug log files that are older than the specified number of days. The valid range is
between 1 and 32767. By default, debug logs are not deleted. Regularly deleting debug logs prevents the
log folder on the installation drive from becoming too large.
This parameter only deletes debug logs named in the default format and located in the logs folder at
-V
Verifies whether the restore process meets the following requirements:
● The backup set that you want to restore is complete and all volumes are readable
● Header fields, such as database page IDs, are ready to write data
● Whether the backup was performed by using the checksum option
● Whether the destination host has sufficient space to restore data
-l incr
Restores from the last transaction log backup.
When you use the -l incr option, you must restore the backup chain in order. For example, consider
the following backup history:
● A full backup taken at 1:31:49PM
● A logs only backup taken at 1:32:42PM
To restore this backup chain, perform the following steps:
1. Type the following command to restore up to the second last transaction log backup:
ddbmsqlrc.exe -a NSR_DFA_SI_DD_HOST=10.34.156.120 -a
NSR_DFA_SI_DD_USER=ost -a NSR_DFA_SI_DEVICE_PATH=/msappstu4 -a
NSR_DFA_SI_DD_LOCKBOX_PATH=C:\Program Files\DPSAPPS\common\lockbox
-c mars-jupiter.planets.com -a SKIP_CLIENT_RESOLUTION=TRUE -f -t
09/06/2017 01:34:03 PM -S norecover MSSQL$TESTDB02:info3
2. Type the following command to restore the last transaction log backup with -l incr:
ddbmsqlrc.exe -a NSR_DFA_SI_DD_HOST=10.34.156.120 -a
NSR_DFA_SI_DD_USER=ost -a NSR_DFA_SI_DEVICE_PATH=/msappstu4 -a
NSR_DFA_SI_DD_LOCKBOX_PATH=C:\Program Files\DPSAPPS\common\lockbox -c
mars-jupiter.planets.com -a SKIP_CLIENT_RESOLUTION=TRUE -f -l incr -S
normal MSSQL$TESTDB02:info3
-O "<option1>, <option2>, ..."

Specifies advanced recovery options. Separate each option with a comma.
The following table describes the advanced recovery options that are available:
● BUFFERCOUNT=<number>: Specifies the total number of IO buffers that can be used during a
recovery operation.
● KEEP_CDC: Enables change data capture (CDC) recovery.
● KEEP_REPLICATION: Preserves the replication when you recover a published database. This option
is required if a database was replicated when the backup was created.
● READ_WRITE_FILEGROUPS: Recovers only the read/write (active) filegroups from the
backup. This option can only be used to recover backups performed with the
READ_WRITE_FILEGROUPS option. You cannot specify filegroup or file-level recover targets with
the READ_WRITE_FILEGROUPS option.
If you are relocating multiple filegroups during the restore, you can use the -H option for global
relocation.
After you restore a backup with the READ_WRITE_FILEGROUPS option, any read-only filegroups in
the database will enter the recovery pending state and the rest of the filegroups will go online.
There are two different scenarios to recover cumulative incremental READ_WRITE_FILEGROUPS
backups:
○ If you have taken a full READ_WRITE_FILEGROUPS backup prior to the cumulative incremental
backup, the Microsoft application agent will chain together the two backups in the correct order
and complete the restore.
○ If you have not taken a full READ_WRITE_FILEGROUPS backup but want to use a normal
full backup as the differential base for the cumulative incremental READ_WRITE_FILEGROUPS
backup, you must first restore the full backup normally and leave the database in no recovery
mode, and then apply the READ_WRITE_FILEGROUPS differential backup with the -z option.
-z
Enables implementation of a recovery plan in independent command line operations. Normally the
Microsoft application agent builds the recovery plan, ensuring that all the required backups are available
and that they run in the proper order and with the proper options. The -z option removes safety checks.
This option is used in more complex recoveries. The following example commands use the following
backup history:
● savetime 1:00 - full backup
● savetime 2:00 - txnlog backup
● savetime 3:00 - txnlog backup
To recover multiple backups and restore a database in a single command, run the following command:
ddbmsqlrc ... -t "savetime 3:00" ...
This command recovers the entire recovery chain, from the first full backup to the last logs-only backup.
To recover this recovery chain and restore a database in a series of independent commands, run the
following commands:
ddbmsqlrc ... -z -S norecover -t "savetime 1:00" ...
ddbmsqlrc ... -z -S norecover -t "savetime 2:00" ...
ddbmsqlrc ... -z -S normal -t "savetime 3:00" ...
These three commands recover each backup individually.

The -z option disables building the recovery plan and recovers only the specified backup. This command
is required for all backups except for level full backups.
Use the -S norecover option with the -z option to prepare the database for more restores. This
command is required for all except the last recovery command. The final command recovers the last
logs-only backup and brings the database online.
NOTE: A point-in-time restore within the final txnlog can be specified by replacing the save time.
For instance, in the previous example, you can replace 3:00 with 2:45. The database is not available
for general use until after the final recovery completes. Any missing, incorrect, or out-of-order save
times result in Microsoft SQL Server reporting errors.
Starting with Microsoft application agent 19.2, you can specify the ddbmsqlrc command option
-S norecover when you restore a read-write (active) filegroup, which leaves the database in the
recovering mode. In this mode, you can then apply subsequent transaction logs to complete a point-in-
time restore of the active filegroup, for example, when backups are configured as in the following
example. The following example commands use the following backup history:
● savetime 6/21/2019 12:10:35 PM - full read/write filegroup backup with -O
"READ_WRITE_FILEGROUPS" option
● savetime 6/21/2019 12:21:30 PM - txnlog backup
● savetime 6/21/2019 12:25:34 PM - txnlog backup
To perform a point-in-time restore of the active filegroup, run the following commands:
1. Restore the filegroup backup in norecover mode:
ddbmsqlrc ... -z -f -t "06/21/2019 12:10:35 PM" -S norecover -O

"READ_WRITE_FILEGROUPS" ...
2. Restore the second last log backup in norecover mode:
ddbmsqlrc ... -z -f -t "06/21/2019 12:21:30 PM" -S norecover ...
3. Complete the point-in-time restore in normal mode to a time before the final log backup:
ddbmsqlrc ... -z -f -t "06/21/2019 12:25:34 PM" -S normal ...
Perform database restores with T-SQL scripts

The Microsoft application agent for Application Direct enables you to generate a SQL-CLR script that you can use to restore
Microsoft SQL Server databases.
The SQL-CLR restore command, emc_run_restore uses the Microsoft application agent for Application Direct with
Microsoft SQL Server restore CLI options. You must also provide VARCHAR parameters to this command. To use this command,
you must have a detailed knowledge of the Microsoft application agent for Application Direct with Microsoft SQL Server restore
CLI options. Perform database restores with the Microsoft application agent for Application Direct recover command provides
information about the Microsoft application agent for Application Direct with Microsoft SQL Server restore CLI options.
Sample T-SQL restore script

The following SQL-CLR script is an example of a restore script:
USE [master]
GO
EXEC @returnCode = dbo.emc_run_restore ' -c win8sqlsp.sharepoint.com -f
-t "02/03/2015 04:04:36 AM" -S normal -a "NSR_DFA_SI_DD_HOST=10.31.192.10"
-a "NSR_DFA_SI_DD_USER=ost" -a "NSR_DFA_SI_DEVICE_PATH=/ddsub7" -d
"MSSQL:dbtest" "MSSQL:db100"'
IF @returnCode <> 0
BEGIN
END
You can use any Microsoft SQL Server standard interfaces, such as the SSMS Query window and OSQL command prompt tool,
to run the SQL-CLR scripts.
Best practices to back up Microsoft SQL Server with Application Direct provides guidelines for better performance of Microsoft
SQL Server restores by using the Microsoft application agent for Application Direct SQL-CLR scripts.
Performing Microsoft SQL Server push restores by using the Microsoft

application agent for Application Direct T-SQL scripts
About this task
To restore either all databases or only the specific databases of a Microsoft SQL Server instance from a DD device to a
destination host by using a different host, perform the following steps.
NOTE: When the data to be restored exists in a Cloud Tier, perform a recall operation prior to the push restore operation.
Steps
1. Start SSMS on a different host that you use to perform the restore.
2. Connect to the destination Microsoft SQL Server instance on the destination host.
3. In the SSMS window on the different host, click New Query.
4. In the New Query window, run the T-SQL script to perform the restore.
Results
You can either generate the T-SQL script by using the Microsoft application agent SSMS plug-in GUI on the destination host
and copy it to the New Query window on the different host or write the T-SQL script in the New Query window. Restore a
database with the Microsoft app agent for Application Direct plug-in and Perform database restores with T-SQL scripts provide
information.
T-SQL push restore script
Consider the following example T-SQL push restore script:
USE [master]
GO
EXEC @returnCode = dbo.emc_run_restore ' -c clust-sql-01.contoso.com
-A clust-sql-02.contoso.com -f -t "06/22/2015 02:38:48 PM" -S normal
-a "NSR_DFA_SI_DD_HOST=nmmddtwo.sp2010.com" -a "NSR_DFA_SI_DD_USER=ost"
-a "NSR_DFA_SI_DEVICE_PATH=/ddbmav2b75" -d "MSSQL$Inst1:CLUST-SQL-02-
DB02" "MSSQL$Inst1:CLUST-SQL-02-DB01"'
IF @returnCode <> 0
BEGIN
END
where:
● clust-sql-01.contoso.com is the source host from which the backup was performed.
● Inst1 is the destination Microsoft SQL Server instance, to which you must connect from the different host to perform the
restore.
● CLUST-SQL-02-DB02 is the destination database.
● CLUST-SQL-02-DB01 is the database that was backed up from the source host.
Restoring Always On availability groups by using T-SQL scripts

To restore databases from federated backups, use the same restore command and options that Perform database restores with
T-SQL scripts describes, but for <client_name> in -c <client_name>, specify the Windows cluster name.
The options in the following example scripts indicate the modification.
Sample T-SQL script to restore a federated backup to the source database
USE [master]
GO
EXEC @returnCode = dbo.emc_run_restore '-a
"NSR_DFA_SI_DD_HOST=ddve-01" -a "NSR_DFA_SI_DD_USER=sqlboost" -a
"NSR_DFA_SI_DEVICE_PATH=/sqlboost" -a "NSR_DFA_SI_DD_LOCKBOX_PATH=C:
\Program Files\DPSAPPS\common\lockbox" -c sql2012clus3.brsvlab.local -
C" 'testdb1_Data'='E:\sql2012_data\ database1.mdf', 'testdb1_Log'='F:
\sql2012_log\database1_log.LDF'" -f -S normal -$ "MSSQL$SQ12INST4:" -d
"MSSQL$SQ12INST4:database1" "MSSQL$SQ12INST4:database1"'
IF @returnCode <> 0
BEGIN
END
Sample T-SQL script to restore a federated backup to a different instance and database (redirected restore)
USE [master]
GO
C" 'testdb1_Data'='E:\sql2012_data\database1.mdf', 'testdb1_Log'='F:
\sql2012_log\database1_log.LDF'" -f -S normal -$ "MSSQL$SQ12INST4:" -d
"MSSQL$SQ12INST5:copy-database1" "MSSQL$SQ12INST4:database1"'
IF @returnCode <> 0
BEGIN
END
Sample T-SQL script to restore multiple databases of a federated backup

NOTE: When you restore multiple databases, do not use the -C and -d options with the T-SQL restore command. If you do,
the restore fails.
USE [master]
GO
f -S normal -$ "MSSQL$SQ12INST4:database1" "MSSQL
$SQ12INST4:database2"'
IF @returnCode <> 0
BEGIN
END
Performing table-level recovery

The Microsoft application agent supports table-level recovery of Microsoft SQL Server data using the Microsoft app agent for
Application Direct SSMS plug-in.
The Microsoft application agent does not support the Script option to perform table restores using a command prompt or
T-SQL scripts.
Table-level restore workflow

When you install the Microsoft application agent, you must install ItemPoint to perform table-level restores. Otherwise, the
Table Restore tab does not appear in the Microsoft app agent for Application Direct SSMS plug-in. During the Microsoft
application agent installation, you can select the provided check box to install ItemPoint.
NOTE: ItemPoint 8.6.1 as integrated with the Microsoft application agent now supports the Microsoft SQL Server
Transparent Data Encryption (TDE). However, only the AES_128, AES_192, and AES_256 encryption algorithms are
supported.
To perform table-level restores, you must first mount the backup images and specify mount options by using the Microsoft app
agent for Application Direct SSMS plug-in. Once the backup is mounted, use ItemPoint for Microsoft SQL Server to complete
the table restore.
CAUTION: In the scenario where you have large databases where a large amount of data is recently committed
to the databases, a table restore may not be appropriate.
Committed data is represented as outstanding transactions when there are Microsoft SQL Server full and incremental backups
on the database. When you perform table-level recovery, ItemPoint must load all the outstanding transactions that are present
in a backup.
To load large databases, ItemPoint requires a few hours to read the data because of poor Virtual File System performance. This
problem occurs while ItemPoint loads the database and ItemPoint may appear to stop responding while reading the backup. If
you observe this problem, an alternative to using Microsoft SQL Server table-level recovery is to restore the backup as flat files
to a server where you have enough space, and then use ItemPoint to restore the files on the local disk.
Launching the Microsoft application agent for Application Direct
SSMS plug-in
To launch the Microsoft application agent for Application Direct SSMS plug-in, perform the following steps.
3. On the toolbar, click Microsoft App Agent (Application Direct).
NOTE: If the Microsoft App Agent (Application Direct) button is not on the toolbar, the plug-in may be unable to
register. In this scenario, you can launch the plug-in directly from the Start menu. From the Windows Start menu, select
DDBMA Plugin for SQL Server Management Studio.
Configure general table restore settings

To configure Microsoft SQL Server table-level restores with the Microsoft app agent for Application Direct SSMS plug-in, you
must first specify general table restore options on the Database Restore > General page.
Steps
1. Open the Microsoft app agent for Application Direct window to the Table Restore > General page.
Figure 15. Application Direct - Table Restore-General page
The Microsoft application agent caches Microsoft SQL Server restore settings. The Microsoft application agent
automatically loads the information from the last recovery operation and populates restore settings. Caching saves time
by eliminating the need to reselect the settings each time you run a restore operation. To clear the cached settings, click
Clear Cache.
2. Use the PowerProtect DD System field to select the DD server and the storage unit to restore the data. A storage unit
contains the backed-up Microsoft SQL Server hosts.
NOTE: When you want to restore a replicated backup from a secondary DD server, select the relevant server. The DD
user on the secondary DD server must be in the same group as the primary DD server.
3. From the SQL Server host list, select the Microsoft SQL Server host that contains the backup. Select the Windows cluster
name in the case of federated backups.
To perform a redirected restore, select the Microsoft SQL Server host where you want to restore the backup to.
4. From the SQL Server Instance list, select the Microsoft SQL Server instance that contains the backup.
5. From the Database list, select the database that you want to restore.
The corresponding save sets appear in the save sets table that is located below the Browse time field.
6. To select the backup that you want to restore, perform either of the following actions:
● Select a save set in the save sets table that is located below the Browse time field. Use the backup timestamp to
choose the backup.
● To browse for a backup that is not listed, perform the following steps:
○ From the Browse time list, select a date and time, and then click Show Versions.
○ From the save sets table, select the save set with the timestamp that you want to restore.
Click < < Older or Newer > > to browse additional save sets.
7. To mount the backup and proceed with the table restore, click Run.
Results
The backup is mounted and the ItemPoint for Microsoft SQL Server GUI appears.
Configure optional table restore settings

When you configure Microsoft SQL Server backups with the Microsoft app agent for Application Direct SSMS plug-in, you can
specify optional backup settings on the Table Restore > Options page.
About this task

Steps
1. From the left panel, click Options.
Figure 16. Application Direct - Table Restore-Options page
2. In the Mount Folder field, specify the location to mount the backup images.
NOTE: The location (folder or drive) to mount the backup images must be empty. Otherwise, the mount operation fails.
To mount the backup as a drive, specify an unused drive letter. The restore operation, after completion, deletes the
mount location.
3. In the Mount Expire list, specify the number of hours, after which the mounted backup image must be dismounted. The
default value is 8. The valid range is between 1 and 24 hours.
4. To select the level of information recorded in the logs which can be used in troubleshooting recovery issues, select Select a
debug level.
Levels range 0-9, with 0 representing no information and 9 representing the most amount of information. The default value
is 0 (zero).
5. To change the restore parallelism setting, type or select a value in the Parallelism field.
Parallelism controls the number of recovery sessions the NWFS process uses while mounting a backup. The default and
maximum value is 31.
Results
The backup is mounted and the ItemPoint for Microsoft SQL Server GUI appears.
Monitor the table restore mount operation
After a table-level restore mount operation is run from the Microsoft app agent for Application Direct SSMS plug-in, the Table
Restore > Monitor page displays the mount script and status.
The following figure shows the mount information and status as it appears on the Monitor page.
Figure 17. Application Direct - Table Restore-Monitor page
Restore table-level data using ItemPoint

After the backup images are mounted using the Microsoft application agent SSMS plug-in, complete the table-level restore
using ItemPoint for Microsoft SQL Server.
Prerequisites
Configure and run the table level restore operation with the Table Restore tab in the Microsoft application agent SSMS plug-in.
supported.
About this task

Once the table level restore is configured and run through the Microsoft application agent SSMS plug-in, ItemPoint launches.
If you select Do not run ItemPoint after mounting the backup images when you configure the table level restore, you must
manually launch ItemPoint, and then launch the Data Wizard.
Steps
1. On the Select Source page, select the source backup files from the mounted volume that contains the Microsoft SQL
Server backup data as shown in the following figure, and then click Next.
Figure 18. ItemPoint Data Wizard: select the source files
2. On the Select Target Server page, specify the details and login credentials for the target Microsoft SQL Server and
database. The following figure shows the ItemPoint Data Wizard Select Target Server page.
Figure 19. ItemPoint Data Wizard: select the target server
NOTE: When you want to connect to a Microsoft SQL Server instance with a non-English name, you can use the
workaround that connects using the port number. On the Select Target Server page, you must add a space and the
port number after the name in the SQL Server Name field. The following figure shows the required type of field entry.
Figure 20. ItemPoint Data Wizard: non-English instance name
3. Click Finish.
The Data Wizard closes and ItemPoint loads the tables contained in the source backup files.
4. Use ItemPoint to browse and restore the individual tables.
NOTE: The PowerProtect ItemPoint for Microsoft SQL Server User Guide provides more information on using ItemPoint
for Microsoft SQL Server to restore table-level data.
5. To dismount the mounted backup images, exit ItemPoint for Microsoft SQL Server.
NOTE: If you select Leave backup images mounted after ItemPoint exits or Do not run ItemPoint after
mounting the backup images when you configure the mount operation, the backup image remains mounted for 4
hours. To dismount the backup manually, use the msagentadmin command.
Performing Microsoft SQL Server disaster recovery

When a disaster scenario occurs, the Microsoft application agent supports disaster recovery of data located on both a DD
server and Cloud Tier.
Perform Microsoft SQL Server disaster recovery

The Microsoft application agent for Application Direct supports disaster recovery.
Steps
1. Create a target Windows host with the same name as the source hostname.
2. Install a Microsoft SQL Server instance with the same name as the source instance name.
3. Install the Microsoft application agent on the target Windows host.
4. Browse the backups of the source instance by selecting the appropriate storage unit.
5. Restore the Microsoft SQL Server system databases, such as databases named master, model, msdb, and so on, to the
target instance.
6. Restore all the user databases to the target instance.
Perform disaster recovery from the Cloud Tier
The Microsoft application agent provides a command line tool to complete disaster recovery of save sets that are located in a
Cloud Tier.
After an MTree is recovered according to the disaster recovery procedure described in Perform Microsoft SQL Server disaster
recovery, you must restore the backup indexes from the Cloud Tier.
When the Microsoft application agent moves a backup to the cloud, the index files are maintained on the active tier. A copy of
the index files is created and moved to the cloud tier for long-term retention.
After an MTree is restored during a disaster recovery, all the files that resided only on the active tier are lost and unavailable.
Only the files that were moved to the cloud are available.
In this case, you must run msagentadmin administration with the --dr-recall or -M flag to restore the indexes.
After the indexes are recalled to the active tier, the data save sets for the same time range are also recalled unless you type n
when prompted with Continue with the recall of the found save sets [y/n]. If you choose to not recall the
save sets, you can manually recall the save sets later.
Type the msagentadmin administration command with the following syntax to recall the indexes to the active tier:
msagentadmin administration --dr-recall --ddhost "<DD_server_name>" --ddpath

"<storage_unit_name_and_path>" --dduser "<DD_Boost_username>" --appID "mssql"
where:
--dr-recall
Specifies an operation to recall save sets for disaster recovery.
You can use the -M alias for the --dr-recall parameter.
--ddhost "<DD_server_name>"
Specifies the name of the DD server that contains the storage unit, to which you backed up the
databases.
--ddpath "<storage_unit_name_and_path>"
Specifies the name and the path of the storage unit, to which you backed up the databases.
--dduser "<DD_Boost_username>"
--appID "mssql"
Specifies the application ID (namespace) to locate backups.
You can use the -n alias for the --appID parameter.
Consider the following example commands to perform disaster recovery of Microsoft SQL Server with data located on a Cloud
Tier device:
Cloud tier disaster recovery recall command without a configuration file
msagentadmin administration --dr-recall --tier --after 1481104962 --before 1481105533 --

appID mssql --ddhost "10.70.102.111" --ddpath "/mt1" --dduser "ost" --confirm --client
SQLX86.adesc.com --debug 9
Cloud tier disaster recovery recall command with a configuration file
msagentadmin administration --dr-recall --tier --after 1481104962 --before 1481105533 --

appID mssql --confirm --config c:\temp\config_pp.txt --debug 9
6
Performing Centralized Restores of
Application Direct Backups
Topics:
• Centralized restores of Microsoft SQL Server Application Direct backups
• Considerations for centralized Microsoft SQL Server Application Direct restores
• Centralized restore of Microsoft SQL Server system databases
• Centralized restore of a Microsoft SQL Server stand-alone database
• Centralized restore of a Microsoft SQL Server AAG database
• Centralized restore of multiple Microsoft SQL Server databases
Centralized restores of Microsoft SQL Server

Application Direct backups
When Microsoft SQL Server data is backed up as part of an Application Direct protection policy in PowerProtect Data Manager,
you can recover the Microsoft SQL Server Application Direct backups by using the centralized restore functionality in the
You can perform the following types of centralized restores of Microsoft SQL Server Application Direct backups, depending on
the type of database assets:
● Centralized restore of a system database
● Centralized restore of a stand-alone database
● Centralized restore of an Always On availability group (AAG) database
● Centralized restore of a Failover Cluster Instance (FCI) database
● Centralized restore of an Always On Failover Cluster Instance (AAG over FCI) database
NOTE: You cannot perform the centralized restore of a Microsoft SQL Server Application Direct backup and the centralized
restore of a Microsoft SQL Server virtual machine backup at the same time.
You can restore single or multiple databases from the same Microsoft SQL Server host and instance. You can restore the
databases either to the original Microsoft SQL Server host or to an alternate Microsoft SQL Server host with the following
requirements:
● The alternate host must be a Microsoft SQL Server Application Direct machine.
● The Microsoft application agent software must be installed and configured on the alternate host, as described in Application
agent manual installation and configuration.
● You cannot restore a system database to an alternate host or Microsoft SQL Server instance.
You must perform all centralized restores from the Restore > Assets > SQL window in the PowerProtect Data Manager UI.
You can perform a centralized restore of a full, differential, or transaction log backup to a specified Microsoft SQL Server host
and instance. Select one of the following restore options to specify the file system location where the databases are restored:
● Original file location (location at backup time)—Restores the backup data to the file directory that was used during the
backup and overwrites the existing contents.
NOTE: If the directory path cannot be created during the centralized restore, the restore fails.
● Default file location as set by Microsoft SQL Server—Restores the backup data to the default file directory as used by
the Microsoft SQL Server.
● User-specified file location—Restores the backup data to file directories that you specify for the database files and log
files.
The following topics describe the considerations, prerequisites, and procedures for the supported types of centralized restores
of Microsoft SQL Server Application Direct backups.
148 Performing Centralized Restores of Application Direct Backups

Considerations for centralized Microsoft SQL Server
Application Direct restores
Ensure that you review the following information before you perform the centralized restores of Microsoft SQL Server
Application Direct backups.
The centralized restore of multiple Microsoft SQL Server databases supports the following use cases:
● Performing disaster recovery of the original Microsoft SQL Server instance.
● Performing a restore rehearsal by restoring a Microsoft SQL Server instance database to an alternate host to validate the
backups.
For disaster recovery to the original host, you can select all the databases for the Microsoft SQL Server instance. Once the
restore job starts, the application agent automates the disaster recovery procedures as outlined by Microsoft. The disaster
recovery includes a restart of the Microsoft SQL Server instance in single user mode to restore the master database.
For disaster recovery to an alternate host, ensure that the alternate host is a Microsoft SQL Server Application Direct host that
is a discovered asset of PowerProtect Data Manager.
NOTE: During the centralized restore to an alternate host, if the alternate host is not included in the list of available hosts,
follow the instructions to install and configure the Microsoft application agent. The Microsoft SQL Server host must be
registered to the same PowerProtect Data Manager server.
PowerProtect Data Manager applies the following concurrency rules for jobs associated with either a single-database or
multi-database centralized restore, including any backup, restore, and manual agent installation jobs that you run on the same
host:
● If an asset backup is in progress, the Microsoft SQL Server restore against the same asset is queued.
● If the Microsoft SQL Server restore against an asset is in progress, the backup against the same asset is queued.
Application agent manual installation and configuration

When you want to restore to a host that is not part of a protection policy, you must manually install and configure the Microsoft
application agent on the target host of the restore.
Ensure that the target host meets the following prerequisites:
● A Windows OS is running.
● The Microsoft SQL Server is installed and running.
● The SYSTEM account has the same security configuration as required for backup.
● The network ports are configured as required for backup.
Before you manually install and configure the application agent, ensure that the Windows account credentials are set at the
asset level, not the protection policy level.
To set the credentials at the asset level, select Infrastructure > Assets > SQL, select the required asset, and select More
Actions > Set Credential.
Centralized restore of Microsoft SQL Server system

databases
You can perform a centralized restore of a full backup of a Microsoft SQL Server system database in the PowerProtect Data
Manager UI.
Steps
1. In the PowerProtect Data Manager UI, select Restore > Assets and select the SQL tab.
The Restore window displays all the databases that are available for restore.
You can click or on the top right of the window to switch between the hierarchical (tree) view and list view.
The hierarchical view uses a tree view to show the hierarchical relationships of the Microsoft SQL Server hosts, their
application servers or instances (including Failover Cluster Instances (FCIs)), stand-alone database assets, and any Always
Performing Centralized Restores of Application Direct Backups 149

On availability groups (AAGs) with their database assets. When you expand the hierarchical view, you can see all the assets
and AAGs within a host and instance. When you select a host or instance container, all the contained assets and objects are
also selected. You can also select individual assets or a group of assets within the host or instance container.
In the list view, to filter the displayed list of assets if needed, you can click in the column heading Name, Status,
Protection Policy, Host/Cluster/Group Name, Host Type, Application Name, Protection Type, Last Copy, or
Network:
● The Name column lists the Microsoft SQL Server database asset names.
● The Status column lists the status as Available, Deleted, or Not Detected.
● The Protection Policy column lists the names of the protection policies for the assets.
● The Host/Cluster/Group Name column lists the hostnames.
● The Host Type column lists the host types as AAG, FCI, or Standalone.
● The Application Name column lists the Microsoft SQL Server instance names.
● The Protection Type column lists the Application Direct or VM Direct protection type for each asset.
● The Last Copy column lists the dates and times of the backup copies within the specified date and time range.
● The Network column lists the networks that are available under the selected host or cluster.
NOTE: Only the assets that have backup copies are displayed. You can select assets only from the same Microsoft SQL
Server host and instance.
2. Select the check box next to the Microsoft SQL Server master, model, or msdb database, and click Restore.
The restore wizard opens on the Copy Selection page, which provides a life cycle roadmap that displays all the backup
copies available for each selected storage system.
3. On the Copy Selection page, select the backup copy that you want to restore, and then click Next.
To filter the displayed list of backup copies if needed, you can click in the column heading Copy Type, Create Time,
Copy Status, Location, or Storage Unit:
● The Copy Type column lists the backup copy types as Differential, Full, or Cumulative.
● The Create Time column lists the dates and times when the backup copies were created.
● The Copy Status column lists the backup copy status as Available, Deleting, Deletion Failed, Deletion Failed (Agent
Catalog), Cloud Tiering, Cloud Recalling, Replicating, Restoring, or Ready for Cloud Tiering.
● The Location column lists the backup copy locations as Local or Local_Recalled.
● The Storage Unit column lists the storage units of the backup copies.
4. On the Scope page, the default selection Restore to Microsoft SQL Server Instance cannot be changed.
NOTE: You cannot restore a system database to an Always On availability group.
Click Next to continue.
5. On the Location page, select Restore to Original.

NOTE: You can only restore a system database to the original host and instance, overwriting the source database.
6. On the Select File Location page, select one of the following options for Restore database files to, and then click Next:
● Original file location (location at backup time)
NOTE: If the directory path cannot be created on the target host during the centralized restore, the restore fails.
● Default file location as set by Microsoft SQL Server
● User-specified file location
NOTE:
When you select this option, you must specify the restore file directories for the database files and log files.
To restore a database to a different name, ensure that you specify a custom destination directory that is different
from the directory that contains the source mdf and ldf files.
7. On the Options page, select any the following options, and then click Next:
NOTE: The tail-log backup option is not supported for a system database.

● Overwrite Databases WITH REPLACE—Overwrites the existing databases during the restore operation.
NOTE:
When a database exists but the Overwrite Databases WITH REPLACE option is not selected, the restore fails.
After you perform a system database rebuild in the Microsoft SQL Server, you must specify the WITH REPLACE
option when you restore the system databases, including master, model, and msdb.
● Compressed Restore—Uses DD Boost compression for the restore operation.
● Disconnect Users—Disconnects the database users before the restore operation.
● Restore State—Select one of the following options:
○ RESTORE WITH RECOVERY—Leaves the database ready to use by rolling back the uncommitted transactions.
Additional transaction logs cannot be restored.
○ RESTORE WITH NO RECOVERY—Leaves the database nonoperational and does not roll back the uncommitted
transactions. Additional transaction logs can be restored.
● Troubleshooting mode—To enable troubleshooting logging, click the toggle button to change the setting to Enabled.
Then the Log level option field appears.
● Log level—If you enabled troubleshooting mode, select the preferred debug log level:
○ Info—Includes information such as status changes. This is the default log level for scheduled backups and restores.
○ Debug—Additional information that helps with problem diagnosis.
○ Trace—The most detailed amount of information for complex problem diagnosis.
8. On the Summary page:
a. Review the Select Copy, Scope, Location, File Location, and Options information to ensure that the restore details
are correct.
NOTE: When the specified database name matches the name of an existing database, the restore overwrites the
existing database.
b. Click Restore.
The restore operation starts. Then the Go to Jobs informational dialog box appears with a link to the Jobs page where
you can monitor the restore job.
Centralized restore of a Microsoft SQL Server stand-

alone database
You can perform a centralized restore of a full, differential, or transaction log backup of a Microsoft SQL Server stand-alone
database in the PowerProtect Data Manager UI. The following procedure restores a single database.
Steps
Network:

2. Select the check box next to the stand-alone database, and click Restore.
4. On the Scope page, select one of the following options, and then click Next:
● Restore to Microsoft SQL Server Instance—Restores the database backup to a single server instance.
● Restore to Always On Availability Group—Restores the database backup to a database in an AAG.
During the restore, the database is removed from the AAG. After the restore, the database is added back to the AAG.
5. On the Location page, select one of the following options, and then click Next:
● Restore to Original—Restores and overwrites the selected database.
NOTE: If you selected to restore the database to an AAG, the Restore to Original option is unavailable. Stand-
alone or FCI databases cannot be restored to the original AAG location.
● Restore to Alternate—Restores the selected database to an alternate database or restores the selected database as a
new database on the same instance or a different instance.
Click or above the table to see the list of available databases. In the hierarchical view, you must expand the list
to see all the databases. The hierarchical view displays the databases for each instance on each available Microsoft SQL
Server host. A refresh icon next to each hostname enables you to request the rediscovery of all instances and databases
on a host:
○ To restore to an alternate database, select the alternate database from the database list.
○ To restore as a new database on the same instance or a different instance, click Restore as new database next
to the required instance name. In the Restore as new database dialog, type the name of the new database in the
Database Name field.
NOTE:
The database name must have 128 or fewer characters. Do not specify a Microsoft SQL Server system database
name such as master, model, msdb, or tempdb.
After the new database name is added to the database list, you can optionally delete the name from the list, if
needed, by clicking Remove next to the name.
NOTE:

NOTE:
● Tail Log—Performs a tail-log backup.
NOTE: The tail-log backup option is displayed when the destination is the same as the host. This option is selected
by default.
are correct.
existing database.
b. Click Restore.
Centralized restore of a Microsoft SQL Server AAG

database
You can perform a centralized restore of a full, differential, or transaction log backup of a Microsoft SQL Server Always On
availability group (AAG) database in the PowerProtect Data Manager UI. The following procedure restores a single database.
Steps

Network:
2. Select the check box next to the AAG database, and click Restore.
on a host:
NOTE:

NOTE: For a database restore to an AAG, all the AAG nodes require the same path structure. If all the AAG nodes do
not have the same path structure, select the option Default file location as set by Microsoft SQL Server and select
the Restore to all replicas option on the Options page in the next step. These selections ensure that the restore
occurs in the default data and logs locations, which are set during the Microsoft SQL Server installation for all the
replicas.
NOTE:
7. On the Options page, select the required options and then click Next:
NOTE:
NOTE:
The tail-log backup option is supported only when the source and destination nodes are the same. When you restore
the database to all the nodes of the AAG by selecting Restore to all replicas, the credentials used for the restore
must provide access on all the nodes of the AAG.
When the tail-log backup is enabled, the backup is performed only on the primary node, irrespective of the backup
preference settings in the AAG group.
● Select the required option as follows, depending on your previous selection on the Scope page:
○ If you selected Restore to Microsoft SQL Server Instance on the Scope page:
Restore State—Select one of the following options:
￭ RESTORE WITH RECOVERY—Leaves the database ready to use by rolling back the uncommitted transactions.
￭ RESTORE WITH NO RECOVERY—Leaves the database nonoperational and does not roll back the uncommitted
○ If you selected Restore to Always On Availability Group on the Scope page:
Restore Replica—Select one of the following options:
￭ Restore to all replicas—Restores the database to all the nodes of the AAG.
NOTE: A centralized AAG database restore using the Restore to all replicas option displays minimal restore
job steps on the Step Log tab in the details section of the Job ID Summary window. The job steps are
currently limited to "Database restore" and "Database postrestore".
￭ Restore to primary—Restores the database to only the primary node of the AAG.

are correct.
existing database.
b. Click Restore.
Centralized restore of multiple Microsoft SQL Server

databases
You can perform a centralized restore of the full, differential, or transaction log backups of multiple Microsoft SQL Server
databases in the PowerProtect Data Manager UI.
Prerequisites
Before you perform a multi-database restore, review the Considerations for centralized Microsoft SQL Server Application Direct
restores.
About this task

The centralized restore of multiple databases includes the following restrictions:
● A multi-database restore can restore only the most recent database backups.
If you need to restore older backup copies of multiple databases, then perform a single database restore of each older
backup copy, one at a time.
● A multi-database restore can restore only to the original database names.
If you need to restore multiple databases and rename the databases, then perform a single database restore of each backup
copy, one at a time.
● A multi-database restore does not support the tail-log backup option.
● You can select only multiple stand-alone databases or a single AAG database for restore, not multiple AAG databases.
Multiple databases are restored serially (one at time).
A multi-database restore also supports partial success:
● If a given database exists on the target host and the overwrite option is not specified, the database restore is not attempted
and the next database restore is attempted.
● If the restore fails for a given database, the next database restore is attempted.
Steps
Network:

2. Select the check box next to each database that you want to restore, and then click Restore.
The restore wizard opens on the Copy Selection page, which includes a notification that the multi-database restore uses
the latest backup copies on the storage target.
3. On the Copy Selection page, click Next to continue.
NOTE: A multi-database restore can restore only to the original database names.

● Restore to Alternate—Restores the selected database to the instance that you select from the table, where the
original instance is disabled.
Click or above the table to see the list of available instances. In the hierarchical view, you must expand the list to
see all the instances on each available Microsoft SQL Server host.
NOTE:
NOTE: The tail-log backup option is not supported for a multi-database restore.
NOTE:

a. Review the Select Copy, Location, File Location, and Options information to ensure that the restore details are
correct.
NOTE: When any of the selected database names match the names of existing databases, the restore overwrites
the existing databases.
b. Click Restore.

7
Performing Self-Service Restores of Virtual
Machine Backups
Topics:
• Restoring a Microsoft SQL Server virtual machine backup
• Overview of Microsoft SQL Server virtual machine restore operations
• Prerequisites
• Restoring Microsoft SQL Server databases to a virtual machine
• Performing Microsoft SQL Server table-level recovery to a virtual machine
• Performing an instant access recovery
Restoring a Microsoft SQL Server virtual machine

backup
You can use the Microsoft application agent to restore the Microsoft SQL Server databases that are backed up with an
application-aware VM protection policy.
NOTE: The Microsoft application agent does not support the quick recovery feature with PowerProtect Data Manager. The
PowerProtect Data Manager Administrator Guide provides more information about the quick recovery feature.
The following topics provide instructions on how to restore a Microsoft SQL Server virtual machine backup.
Overview of Microsoft SQL Server virtual machine

restore operations
Use the Microsoft application agent tools to restore full and transaction log backups created by a PowerProtect virtual machine
application-aware protection policy. The backups are restored to a Microsoft SQL Server hosted on a VMware virtual machine.
When you add a Microsoft SQL Server virtual machine asset to a PowerProtect Data Manager virtual machine application-aware
protection policy, the Microsoft application agent and ItemPoint are silently installed on the protected Microsoft SQL Server.
The Microsoft application agent automatically stores the DD host and login information from the protection settings that are
configured in the PowerProtect Data Manager protection policy. This automatic configuration occurs when the Microsoft SQL
Server virtual machine asset is added to the PowerProtect Data Manager protection policy.
You can use the Microsoft app agent for VM Direct SQL Server Management Studio (SSMS) plug-in or the command prompt to
perform the restore operations. T-SQL scripts are not supported with VM Direct.
The Microsoft application agent can perform a database restore, table-level restore, or database instant access restore to the
source virtual machine or an alternate virtual machine. To perform restores to an alternate virtual machine, that virtual machine
must be an asset of PowerProtect Data Manager. However, instance-level restores can only be performed to the original source
instance.
The Microsoft application agent supports both full backups and transaction log backups for a Microsoft SQL Server Always On
availability group (AAG). The AAG databases are indexed against the AAG cluster name. Full backups index the AAG database
for all the AAG cluster nodes for one cycle of backup. Transaction log backups occur only on the preferred node. You may
restore the AAG database to any copy. When you restore an AAG database for the purpose of adding back into the AAG, you
may restore to any AAG database copy but first remove the database from the AAG, as required by Microsoft. Once the restore
is complete, you must add the database back into the AAG and re-seed the replicas.
Performing Self-Service Restores of Virtual Machine Backups 159

Prerequisites
An environment must meet the following requirements for application-aware virtual machine restore operations:
● vCenter 6.7 and VMware ESXi 6.7 or later must be installed.
● VMware Tools version 11 or later must be installed and running on the Microsoft SQL Server host (virtual machine).
● The UUID attribute must be enabled in the vSphere Client (disk.EnableUUID=TRUE).
The following VMware Knowledge Base article provides instructions:
https://kb.vmware.com/s/article/52815
NOTE: After you set disk.EnableUUID to TRUE, ensure that you reboot the virtual machine.
● The virtual machine must use SCSI disks only and the number of available SCSI slots must match the number of disks at a
minimum.
For example, a virtual machine with 7 disks requires one SCSI controller but a virtual machine with 8 disks requires 2 SCSI
controllers.
● The Microsoft SQL Server instance must be up and running on the virtual machine.
● The Microsoft SQL Server must be a stand-alone instance or part of a clustered or clusterless Always On availability group
that is configured with file share witness.
● The SQL writer service must be running.
● The full computer name and FQDN for the Microsoft SQL Server virtual machine that are added in the application-aware
protection policy must be identical and have the DNS resolve.
● The user account that is configured in the PowerProtect Data Manager protection policy must have access to perform
backup and recovery operations.
To configure the required permissions, perform the following steps on each protected Microsoft SQL Server instance:
1. Create a SQL Login with the user account configured in the PowerProtect Data Manager protection policy.
2. Add the user the sysadmin Microsoft SQL Server role.
● The Microsoft SQL Server to which the data will be restored must be hosted on a virtual machine that is a discovered asset
of PowerProtect Data Manager.
NOTE: If you are restoring data to an alternate location to a Microsoft SQL Server virtual machine that is not protected
in PowerProtect Data Manager, you must manually install the Microsoft application agent on the target virtual machine
before you can restore the data. The PowerProtect Microsoft Application Agent Installation Guide provides instructions
to install the Microsoft application agent for VM Direct. When you configure the restore operation, you must manually
register the DD server, PowerProtect Data Manager appliance, and lockbox details.
Restoring Microsoft SQL Server databases to a virtual

machine
Learn how to restore Microsoft SQL Server database backups taken in a PowerProtect Data Manager virtual machine
application-aware protection policy.
You can restore database full and transaction log backups from the primary DD system or from the secondary DD system
if replication is enabled for the PowerProtect Data Manager protection policy. However, when you are restoring from the
secondary DD system, the tail-log backup option is not supported.
Restoring a backup that was moved to the cloud using Cloud Tier
An application-aware workflow supports application-aware full backups that are tiered to the cloud using Cloud Tier. This
support is available for Amazon Web Services (AWS) and Elastic Cloud Storage (ECS) profiles.
For a Microsoft SQL Server database recovery from backups that have been tiered using an application-aware workflow, the
backups must be recalled to the active tier before you perform the recovery.
When you try to restore a backup after an associated full backup has been moved to the cloud using Cloud Tier, the restore
operation fails with the following error message:
160 Performing Self-Service Restores of Virtual Machine Backups

"reason" : "Missing or invalid value specified for property 'copyId'"
This error occurs when you try to restore either a full backup that has been tiered to the cloud or a tail-log backup when the
associated full backup has been tiered to the cloud. For example, the following full and tail-log backups are performed at the
specified times:
● FULL1: 10:00 a.m. (in cloud tier)
● TLOG1: 10:30 a.m.
● TLOG2: 11:00 a.m.
● FULL2: 11:15 a.m. (in active tier)
● TLOG4: 11:30 a.m.
● TLOG5: 12:00 p.m.
In this case, the restore of the FULL1, TLOG1, or TLOG2 backup fails with the error message because the FULL1 backup has
been tiered to the cloud. The restore of the FULL2, TLOG4, or TLOG5 backup succeeds because the FULL2 backup is in the
active tier.
To resolve this issue, contact the PowerProtect Data Manager administrator to recall the associated full backup (FULL1 in this
example) from the cloud tier to the active tier, and then perform the restore.
Restore Microsoft SQL Server databases with the VM Direct SSMS

plug-in
Learn how to perform a VM Direct Microsoft SQL Server database restore operation using the Microsoft app agent for VM
Direct SSMS plug-in.
Launching the Microsoft application agent for VM Direct SSMS plug-in

About this task
Steps
3. On the toolbar, click Microsoft App Agent (VM Direct).
The Microsoft app agent for VM Direct window appears.
NOTE: If the Microsoft App Agent (VM Direct) button is not on the toolbar, the plug-in may be unable to register. In
this scenario, you can launch the plug-in directly from the start menu. From the Windows Start menu, select DDBMA
Plugin for SQL Server Management Studio and select Run as administrator for UAC enabled environments.
Configure general database restore settings

To configure Microsoft SQL Server restores with the Microsoft app agent for VM Direct SSMS plug-in, you must first specify
general restore options on the Database Restore > General page.
Steps
1. Open the Microsoft app agent for VM Direct window to the Database Restore > General page.

Figure 21. VM Direct: Database Restore General page
2. Beside PowerProtect DD System, click ...

The PowerProtect DD System List & Lockbox Settings window appears and lists the DD server and lockbox that is
configured in the PowerProtect Data Manager protection policy. If the protection policy is configured for replication, the
secondary DD server and storage unit also appear.
3. In the PowerProtect DD System List & Lockbox Settings window, select the DD server that contains the backup, and
then click OK.
NOTE: If you are restoring the backup to an alternate virtual machine that is not protected in a PowerProtect Data
Manager protection policy, contact the PowerProtect Data Manager administrator to retrieve the DD host details for the
protection policy associated with the original virtual machine. You must also request the PowerProtect Data Manager
administrator to perform either of the following actions:
● Approve the Microsoft application agent on the target virtual machine.
● Provide the DD storage unit login credentials.
The SQL Server host field is updated with the client backups that are available on the selected DD server storage unit.
4. From the SQL Server host list, select the Microsoft SQL Server host that is the source of the backup.
If you are restoring an AAG database, you must select the Windows cluster name, which enables you to browse the list of
AAGs hosted on this cluster.
If you are restoring a clusterless AAG database, you must select the AAG group name, which enables you to browse the list
of AAGs hosted on the clusterless AAG group. In the case of a clusterless AAG, the AAG name plus GUID is displayed.
5. Use the Start browsing from list to select a backup save time, and then click Show Versions.
The SQL Server Instance field and save sets table are updated with the backups that are within the specified browse time.
If no level full backups are found in the specified time range, you are prompted for confirmation to load the latest full backup.

NOTE: If you selected a cluster name or AAG group name with GUID in the preceding step, then the list of AAGs in the
cluster or the list of AAGs in the AAG group named with GUID is displayed instead of the list of Microsoft SQL Server
instances.
restore.
field.
row or select only the required databases to restore.
The corresponding save sets appear in the save sets table that is below the databases table.
8. For single database restores, from the save sets table, select the database backup and timestamp that you want to restore.
By default, the most recent backup is selected.
NOTE: This step only applies to single database restores. For multiple database and instance-level restores, the most
recent backup is restored.
9. (Optional) To restore the database to a specific point-in-time, perform the following steps:
a. Under Destination, click Timeline.
The Backup Timeline dialog box appears as shown in the following figure.
Figure 22. Specifying the restore point

b. Specify the backup date and time, and then click OK.
10. Specify the restore destination by performing one of the following action sequences:
● To perform a recovery directly to a database, perform the following steps:
a. Select Restore to SQL Server.
b. From the Instance list, select the Microsoft SQL Server instance where you want to restore the backup.
NOTE:
If you are restoring the backup to an alternate instance, the data and log files are automatically relocated to the
target Microsoft SQL Server instance default data and log path. You can change the file destination settings on
the Files page.
If you are restoring an AAG database, select the target instance that is part of the AAG for the restore. You must
remove the database from the AAG first. You can add the database back to the AAG after the restore completes.
c. From the Database list, select or type the name of the database where the backup will be restored to.
If the database exists, the operation prompts you for confirmation to overwrite the database.
● To recover the database as flat-files, perform the following steps:
a. Select Restore backups as files.
b. In the Folder field, specify the destination for the files. The Folder field is populated with the default destination
path.
To perform a redirected restore, change the destination path by clicking ... beside the Folder field, and specifying the
required destination.
NOTE:
Ensure that the destination path is not a root drive, for example, E:\.

Full backups are restored as .mdf, .ndf, and .ldf files. Transaction log backups are restored as .bak files.
Next steps
Specify the PowerProtect Data Manager server details and additional restore options on the Options page. Also, to change the
file destination settings, use the Files page.
Configure file destination settings

View and change the default destination folders of the database files that are data files (.mdf and .ndf) and log files (.ldf)
from the Database Restore > Files page.
About this task

All settings on the Files page are optional.
File information on the Files page is shown only when a single database and a backup version is selected on the General
page. If you select multiple databases or do not select a backup version, file information does not appear and the databases are
restored to the latest backup.
NOTE:
If you are restoring the backup to an alternate instance, the data and log files are automatically relocated to the target
Microsoft SQL Server instance default data and log path. You can change the file destination settings on the Files page.
Ensure that the Microsoft SQL Server administrative account for the target Microsoft SQL Server instance has access to
the selected path so that it can access the database files once they are mounted.
Steps
1. From the left panel, click Files.
The Files page appears as shown in the following figure.

Figure 23. VM Direct: Database Restore Files page
The table on the page displays the source locations of the database files.
2. To change the destination paths of all of the data and log files, perform the following steps:
a. Select Relocate all files to folder.
b. Click the Data file folder browse button to specify a location for the data files, or click inside the field to type the folder
path.
c. Click the Log file folder browse button to specify a location for the log files, or click inside the field to type the folder
path.
3. To change the destination path at the file group level, perform one of the following actions in the table:
● To browse for a destination path, click the browse button to the right of each file group.
A window appears where you can browse and select the file path.
● To type a new destination path, in the Restore To column, click the appropriate cell and type a destination path.
If the path does not exist, a dialog box appears asking if you want to create the folder.
NOTE: Ensure that the destination paths are not root drives, for example, E:\.
Next steps
Specify the PowerProtect Data Manager server details and additional restore options on the Options page.

Configure database restore options
When you configure Microsoft SQL Server database restores with the Microsoft app agent for VM Direct SSMS plug-in, you
can specify additional restore options on the Database Restore > Options page.
About this task

NOTE: If you want to restore an AAG database, you must remove the database from the AAG first. You can add the
database back to the AAG after the restore completes. If you have not removed the database from the AAG before you
start the restore, the restore UI displays a prompt about the requirement.
Steps
Figure 24. VM Direct: Database Restore Options page

2. In the Recovery state list, select one of the following options, as required:
Option Description
RESTORE WITH (Default) To leave the database in the ready-to-use state by rolling back uncommitted
RECOVERY transactions, and disable the ability to restore the latest or additional transaction logs.
RESTORE WITH To leave the database in the non-operational state by not rolling back uncommitted
NORECOVERY transactions, and enable the ability to restore the latest or additional transaction logs.
3. To compress the restore contents and transport them from the DD Replicator to the application host, select PowerProtect
DD System Boost compressed restore.
This option reduces network bandwidth.

4. To generate detailed logs, which you can use to troubleshoot the restore issues, select Select a debug level, and then
specify a value of 1 through 9. The default value is 0 (zero).
5. To delete debug logs older than a certain number of days, select Delete debug logs after, and then specify the number of
days with a number between 1 and 32767 days. The default value is 0 and does not delete any debug logs.
6. To enable advanced restore options, type or select one of the following options in the Advanced options list:
Option Description
KEEP_REPLICATION Preserves the replication when recovering a published database. This option is required if a
database was replicated when the backup was created.
KEEP_CDC Enables change data capture (CDC) recovery. When restoring a database with CDC enabled, the
recover operation works differently depending on the recovery destination. Use the to KEEP_CDC
option to:
● Recover the CDC enabled database with a different name on the same Microsoft SQL Server
instance.
● Recover the CDC enabled database on a different Microsoft SQL Server instance.
● Recover the CDC enabled database on the same Microsoft SQL Server instance by overwriting
an existing database.
In this scenario, KEEP_CDC is optional.
Separate multiple advanced options with a comma.
7. To limit the backup history of the databases on the General page to a set number of days, type or select a number in the
Days of backup history field.
The default value is 7 days.
8. Exclude client name resolution is selected by default, as required to use the client name that is provided as is without
converting it to the fully qualified domain name (FQDN).
Use this option when you restore to a virtual machine in a different domain that does not have name resolution for the
source client, or when the source host is no longer available.
Unselect the option to resolve the source FQDN during restore.
9. To perform a transaction log backup of the data before performing restore, select Take tail-log backup before restore.
The tail-log backup ensures that the Microsoft application agent backs up the transaction logs that has changed from the
previous backup. The restore operation does not restore the logs of the previous tail-log backup.
NOTE:
The tail-log backup feature through the SSMS plug-in is not supported for AAG. Only scheduled transaction log backups
through a PowerProtect protection policy may be performed.
Tail-log backup is not supported in the following scenarios:
● When you select Restore backups as files on the General page.

● When the PowerProtect Data Manager protection policy has DD MTree replication enabled and you select the
secondary DD system as the backup source.
The Microsoft application agent does not support tail-log backups of multiple databases.
10. To specify the PowerProtect Data Manager appliance, perform the following steps:

a. Beside Appliance Host, click ...
The PowerProtect Data Manager List & Lockbox Settings window appears.
When you restore a backup to the original virtual machine, the details for the PowerProtect Data Manager appliance that
protects the Microsoft SQL Server in a protection policy automatically appear.
b. If you do not see the PowerProtect Data Manager appliance that you want to use for the restore operation, click Add,
and then in the Add PowerProtect Data Manager details dialog box, perform one of the following actions:
● To add a PowerProtect Data Manager with credential-based authentication, specify the appliance hostname and the
login credentials.
Contact the PowerProtect Data Manager administrator to retrieve the PowerProtect Data Manager appliance host
and login details.
● To add a PowerProtect Data Manager with certificate-based authentication, specify only the appliance hostname. Do
not specify the username and password fields.
To use certificate-based authentication, the PowerProtect Data Manager administrator must approve the target
Microsoft application agent.
When you add a virtual machine to a protection policy, that virtual machine is approved with a certificate that expires
after one day. If you are restoring to an alternate virtual machine that is an asset of PowerProtect Data Manager but
not a member of a protection policy, the PowerProtect Data Manager administrator must approve the target virtual
machine.
The PowerProtect Data Manager administrator can approve the target Microsoft application agent on the
PowerProtect Data Manager Infrastructure > Application Agents page.
c. Select the PowerProtect Data Manager appliance that will mount the backup, and then click OK.
Monitor the database restore operation

After a database restore operation is run from the Microsoft app agent for VM Direct SSMS plug-in, the Database Restore >
Monitor page displays the restore script and status.
The following figure shows the restore information and status as it appears on the Monitor page.

Figure 25. VM Direct: Database Restore Monitor page
installation folder. The location of the log files when the Microsoft application agent is installed in the default path is
C:\Program Files\DPSAPPS\MSAPPAGENT\logs.
Restore a Microsoft SQL Server database with the VM Direct

recover command
Learn how to perform a VM Direct Microsoft SQL Server database restore operation using the command line.
Syntax to restore a database with a level full backup

Run the following command to restore databases with VM Direct:
msagentrc.exe -A VM_DIRECT=TRUE -A "DM_PORT=<PowerProtect_appliance_port_number>"

-A "NSR_RESTORE_TYPE=regular" -c <client_or_hostname> -A
"NSR_DFA_SI_DD_HOST=<server_name>" -A "NSR_DFA_SI_DD_USER=<DD_Boost_user>"
-A "NSR_DFA_SI_DEVICE_PATH=<storage_unit_name_and_path>"
-A "NSR_DFA_SI_DD_LOCKBOX_PATH=<full_path_to_lockbox>" -A
"DM_HOST=<PowerProtect_appliance_hostname>" -A RESTORE_FROM_DD_ONLY=YES -A
EXCLUDE_CLIENT_NAME_RESOLUTION=TRUE [<optional_parameters>] -I -
-t <save_time> <restore_path>
where:
-A VM_DIRECT=TRUE

Specifies to use the VM Direct workflow for the recover operation.
-A "DM_PORT=<PowerProtect_appliance_port_number>"
Specifies the port number to communicate with the PowerProtect Data Manager server. The default
value is 8443.
-A "NSR_RESTORE_TYPE=regular"
Specifies to perform a database level restore.
-c <client_or_hostname>
Specifies the client name that was used for the backup.
-A "NSR_DFA_SI_DD_HOST=<server_name>"
primary server.
-A "NSR_DFA_SI_DD_USER=<DD_Boost_user>"
-A "NSR_DFA_SI_DEVICE_PATH=<storage_unit_and_path>"
-A "NSR_DFA_SI_DD_LOCKBOX_PATH=<full_path_to_lockbox>"
backups use. If you do not specify a value, the path defaults to the installation path, which is typically
-A "DM_HOST=<PowerProtect_appliance_hostname>"
Specifies the PowerProtect Data Manager appliance hostname or IP address.
-A RESTORE_FROM_DD_ONLY=YES
Specifies to restore from the DD server.
-A EXCLUDE_CLIENT_NAME_RESOLUTION=TRUE
Specifies to use the client name that is provided as-is without converting it to the fully qualified domain
name (FQDN).
-t <save_time>
Specifies the save time of the backup. Specify this parameter along with the restore path for each
database in the restore operation. The application pauses for you to input this option line by line. Press
Enter to move to the next line. A blank line indicates completion of the list.
<restore_path>
○ To restore a backup of the entire instance, type APPLICATIONS:
\SqlServerWriter\<backup_client_name>
○ To restore a backup of specific databases, type APPLICATIONS:
\SqlServerWriter\<backup_client_name>\<database_name>\ [...]\
For example: "APPLICATIONS:\SqlServerWriter\LEDMF158\dbtest3"
○ To restore a backup of the entire instance, type APPLICATIONS:\SqlServerWriter\<URL-
encoded_SQL_instance_name>
○ To restore a backup of specific databases, type APPLICATIONS:\SqlServerWriter\<URL-
encoded_SQL_instance_name>\<database_name>\ [...]\
The <URL-encoded_SQL_instance_name> is typically
<backup_client_name>%5C<SQL_instance_name>

For example: "APPLICATIONS:\SqlServerWriter\LEDMF158%5Cinst1\dbtest3"
Example VM Direct level full database restore commands
msagentrc.exe -A VM_DIRECT=TRUE -A DM_MOUNT_TIMEOUT=240 -A

DM_HOST=10.125.2.17 -A DM_PORT=8443 -c blrv016b102.vmdirect.com -A
NSR_DFA_SI_DD_HOST=10.125.2.34 -A NSR_DFA_SI_DD_USER=SQLite102-blrv016c017-d94a3 -A
NSR_DFA_SI_DEVICE_PATH=/SQLite102-blrv016c017-d94a3 -A "NSR_DFA_SI_DD_LOCKBOX_PATH=C:
\Program Files\DPSAPPS\common\lockbox" -A RESTORE_FROM_DD_ONLY=YES -A
EXCLUDE_CLIENT_NAME_RESOLUTION=TRUE -A NSR_RESTORE_TYPE=regular -I -
-t 1603971364 APPLICATIONS:\SqlServerWriter\BLRV016B102%5CSQL2017A\sqldatabasename\
msagentrc.exe -A VM_DIRECT=TRUE -A DM_MOUNT_TIMEOUT=240 -A DM_HOST=12.34.222.184

-A DM_PORT=8443 -c win-appvm-000.appsvm.com -A NSR_DFA_SI_DD_HOST=host.lss.emc.com
-A NSR_DFA_SI_DD_USER=POLICY-PROTECTION-USER -A NSR_DFA_SI_DEVICE_PATH=/POLICY-
PROTECTION-154 -A "NSR_DFA_SI_DD_LOCKBOX_PATH=C:\Program Files\DPSAPPS\common\lockbox"
-A RESTORE_FROM_DD_ONLY=YES -A NSR_RESTORE_TYPE=regular -I -
-t 1543513971 APPLICATIONS:\SqlServerWriter\WIN-APPVM-191\ReportServerTempDB\
-t 1543513971 APPLICATIONS:\SqlServerWriter\WIN-APPVM-191\master\
-t 1543513971 APPLICATIONS:\SqlServerWriter\WIN-APPVM-191\model\
-t 1543513971 APPLICATIONS:\SqlServerWriter\WIN-APPVM-191\msdb\
-t 1543513971 -A ADDITIONAL_RESTORES=yes APPLICATIONS:\SqlServerWriter\WIN-
APPVM-191\ReportServer\
APPVM-191\data1\
APPVM-191\data10\
APPVM-191\data11\
Syntax to restore a database with a transaction log backup

Use the ddbmsqlrc command to restore a transaction log from the command prompt for VM Direct workflow backups. This
command may be used if the database full backup was restored in the NORECOVERY state.
Run the following command to restore database transaction logs in a stand-alone environment with VM Direct:
ddbmsqlrc.exe -a VM_DIRECT=TRUE -a
"NSR_DFA_SI_DD_HOST=<server_name>" -a "NSR_DFA_SI_DD_USER=<DD_Boost_user>" -a
"NSR_DFA_SI_DEVICE_PATH=<storage_unit_name_and_path>" -c <client_or_hostname> [-a
"SKIP_CLIENT_RESOLUTION=TRUE"] -C <database_files> -t <last_backup_time_stamp> -S normal
-a "RESTORE_START_TIME= <start_date_and_time>" <restore_path>
where:
-A VM_DIRECT=TRUE
primary server.

(Optional) Specifies to use the client name as it is exactly entered with the -c option and to skip the
FQDN lookup to automatically resolve the client name.
-C <database_files>
Specifies the database and log files for the restore operation.
-t "<last_backup_time_stamp>"
Specifies the backup time stamp that you want to restore.
-S normal
Enables you to roll back uncommitted transactions and use the database to restore the most recent or
additional transaction logs.
-a "RESTORE_START_TIME=<start_date_and_time>"
Restores all the backups that were performed at or after a specified backup time (start date and time)
and up to the backup time of the selected save set, that is, -t <Last_Backup_Time_Stamp>.
Specify the start date and time in the <mm>/<dd>/<yyyy> <hr>:<mins>:<secs> {AM | PM} format.
The start date and time must not be after the backup time of the selected save set, that is, -t
<Last_Backup_Time_Stamp>.
"<restore_path>"
Type the restore path in one of the following formats:
○ To restore backups of the entire instance, type MSSQL:
○ To restore backups of specific databases, type [MSSQL:]<database>
[[MSSQL:]<database> [...]]
○ To restore backups of the entire instance, type MSSQL$<Instance_Name>:
○ To restore backups of specific databases, type MSSQL$<Instance_Name>:<database>
[...]
Example VM Direct transaction logs database restore commands
ddbmsqlrc.exe -a NSR_DFA_SI_DD_HOST=mars.jupiter.emc.com -a NSR_DFA_SI_DD_USER=POLICY-

PROTECTION-USER -a NSR_DFA_SI_DEVICE_PATH=/POLICY-PROTECTION-123456 -a
"NSR_DFA_SI_DD_LOCKBOX_PATH=C:\Program Files\DPSAPPS\common\lockbox" -c appvm-
sql.appvmdc.com -a "SKIP_CLIENT_RESOLUTION=TRUE" -C "'DB1'='C:\Program
Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\DATA\DB1.mdf', 'DB1_log'='C:
\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\DATA\DB1_log.ldf'" -t
"11/12/2018 08:54:53 AM" -S normal -a "RESTORE_START_TIME=11/12/2018 08:26:25 AM" -a
VM_DIRECT=TRUE MSSQL:DB1
ddbmsqlrc.exe -a NSR_DFA_SI_DD_HOST=host.lss.emc.com -a NSR_DFA_SI_DD_USER=POLICY-

PROTECTION-USER -a NSR_DFA_SI_DEVICE_PATH=/POLICY-PROTECTION-154 -a
"NSR_DFA_SI_DD_LOCKBOX_PATH=C:\Program Files\DPSAPPS\common\lockbox" -c win-
appvm-191.appsvm.com -a "SKIP_CLIENT_RESOLUTION=TRUE" -C "'ReportServer'='C:\Program
Files (x86)\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\DATA\ReportServer.mdf',
'ReportServer_log'='C:\Program Files (x86)\Microsoft SQL
Server\MSSQL11.MSSQLSERVER\MSSQL\DATA\ReportServer_log.ldf'" -S normal -a
"RESTORE_START_TIME=11/29/2018 09:52:52 AM" -a VM_DIRECT=TRUE MSSQL:ReportServer
Optional parameters for VM Direct database-level restores

You can use the following optional parameters with the msagentrc.exe command.
-A "DM_USER=<PowerProtect_appliance_user>"
Specifies the username to use for the PowerProtect Data Manager connection.

This parameter is mandatory only for credential-based access to the PowerProtect Data Manager
appliance. You are not required to specify this parameter when the Microsoft application agent is
approved by PowerProtect Data Manager.
When you add a virtual machine to a protection policy, that virtual machine is approved with a certificate
that expires after one day. The PowerProtect Data Manager administrator can approve the target
Microsoft application agent on the PowerProtect Data Manager Infrastructure > Agents page.
-A "DM_LOG_LEVEL={WARNINGS | INFO | TRACE | DEBUG}"
Specifies the PowerProtect Data Manager log level, with WARNINGS providing the least amount of
detail, and DEBUG providing the most amount of detail.
-A "DM_LOG_TAG=<PowerProtect_log_tag>"
Specifies the PowerProtect Data Manager log tag.
-A "ADDITIONAL_RESTORES={yes | no}"
Specifying yes disables the ability to roll back uncommitted transactions and uses the database to
restore the latest or additional transaction logs. The default value is no.
-A "RENAME_TO=<new_database_name>"
Specifies the new name for the destination database. The selected database will be restored to the
new database. The new name of the database must be a valid Microsoft SQL Server database name. If
the destination contains a database with the same name as the database that you have specified, the
restore operation overwrites the existing database.
The database files that are data files (.mdf and .ndf) and log file (.ldf) will be restored to their source
locations only. If the source database exists, its files can be in use. So, to avoid conflicts for using a new
database name, use the -A RELOCATE_TO option along with the -A RENAME_TO option.
-A "INSTANCE_TO=<hostname>\<instance>"
Performs a redirected restore operation to a Microsoft SQL Server instance that is different from the
source instance where the backup was taken.
NOTE: The target instance must reside on the same system where the restore operation is
configured. You cannot restore the backup to an instance on a remote host.
-A "RELOCATE_TO='<source_file-1>'='destination_folder-1', '<source_file-2>'='destination_folder-2',[...]"
Performs redirected restores of the database files that are data files (.mdf and .ndf) and log file (.ldf).
You can rename or change only the destination folders, but not the filenames.
Ensure that the destination paths are not root drives, for example, E:\.
-A "NSR_SQL_RECOVER_MODE=<alternate_location_path>"
Performs a redirected restore to the specified path.
-A "NSR_SQL_TARGET_DIR=<destination_folder_path>"
Specifies the destination path, to which you want to copy the restored files. You can then manually
either move the files to the required folder or attach the files to a Microsoft SQL Server instance.
Ensure that the destination path is not a root drive, for example, E:\.
-D <debug_level>
Generates detailed logs that you can use to troubleshoot the restore issues. The supported debug levels
are 1 through 9.
-A "DELETE_DEBUG_LOG_DAYS=<number_of_days>"
Deletes debug log files that are older than the specified number of days. The valid range is between 1
and 32767. By default, debug logs are not deleted. Regularly deleting debug logs prevents the log folder
on the installation drive from becoming too large.
NOTE: This parameter only deletes debug logs named in the default format and located in the logs
folder at <installation_path>\MSAPPAGENT\logs.

Performing Microsoft SQL Server table-level recovery
to a virtual machine
To recover table-level data, you can use the SSMS plug-in to first mount the backup, and then use ItemPoint for Microsoft SQL
Server to browse and restore the tables.
NOTE: You can only mount and restore tables from the level full backups.
Table-level restore operations mount the application-aware virtual machine image backup on the target virtual machine.
The Microsoft application agent sends a request to the PowerProtect Data Manager appliance to mount the selected backup.
When the backup is mounted, the VMDK images from the virtual machine image backup are added to the target-virtual machine
and assigned mount points.
The backup is mounted with the PowerProtect Data Manager appliance for 4 hours by default. The valid range for the mount
timeout is between 1 and 24 hours, after which the mounted backup must be dismounted.
NOTE: When backup images are mounted, you cannot start a new session of backup, database restore, table-level restore,
or instant access.
Restore Microsoft SQL Server tables with the VM Direct SSMS

plug-in
Learn how to perform a VM Direct Microsoft SQL Server table-level restore operation using the Microsoft app agent for VM

About this task
Steps
3. On the toolbar, click Microsoft App Agent (VM Direct).
The Microsoft app agent for VM Direct window appears.
NOTE: If the Microsoft App Agent (VM Direct) button is not on the toolbar, the plug-in may be unable to register. In
this scenario, you can launch the plug-in directly from the start menu. From the Windows Start menu, select DDBMA
Plugin for SQL Server Management Studio and select Run as administrator for UAC enabled environments.
Configure general table restore settings

To configure Microsoft SQL Server table-level restores with the Microsoft app agent for VM Direct SSMS plug-in, you must
first specify general table restore options on the Table Restore > General page.
Steps
1. Open the Microsoft app agent for VM Direct window to the Table Restore > General page.

Figure 26. VM Direct: Table Restore General page

then click OK.
The SQL Server host field is updated with the client backups that are available on the selected DD server.
instances.
restore.

field.
7. From the databases table, select the database that contains the tables that you want to restore.
The corresponding save sets appear in the save sets table.
8. In the save sets table, select the save set that contains the tables that you want to restore.
Next steps
Specify the PowerProtect Data Manager server details and additional restore options on the Options page.
Configure table restore options

When you configure Microsoft SQL Server table-level restores with the Microsoft app agent for VM Direct SSMS plug-in, you
can specify additional restore options on the Table Restore > Options page.
Steps
Figure 27. VM Direct: Table Restore Options page
2. Under Mount, specify the following fields as required:

● The Mount Folder field specifies the location where backup images are mounted. You cannot edit the value in this field.
● In the Mount Timeout list, specify the number of hours, after which the mounted backup image must be dismounted.
The default value is 4, and the value cannot be more than 24 hours.

● To prevent ItemPoint from launching after you run the mount operation, select Do not run ItemPoint after mounting
the backup images.
Selecting this option disables the Leave backup images mounted after ItemPoint exits option, and enables you to
perform manual table-level restores.
● To leave the backup images in the mounted state after you close ItemPoint, select Leave backup images mounted
after ItemPoint exits.
This option is enabled only if you have not selected the Do not run ItemPoint after mounting the backup images
option.
3. To generate detailed logs, which you can use to troubleshoot the restore issues, select Select a debug level, and then
source client.
7. To specify the PowerProtect Data Manager appliance, perform the following steps:
When you restore a backup to the original virtual machine, the details for the PowerProtect Data Manager appliance that
protects the Microsoft SQL Server in a protection policy automatically appear.
b. If you do not see the PowerProtect Data Manager appliance that you want to use for the restore operation, click Add,
● To add a PowerProtect Data Manager with credential-based authentication, specify the appliance hostname and the
login credentials.
and login details.
● To add a PowerProtect Data Manager with certificate-based authentication, specify only the appliance hostname. Do
not specify the username and password fields.
When you add a virtual machine to a protection policy, that virtual machine is approved with a certificate that expires
after one day. If you are restoring to an alternate virtual machine that is an asset of PowerProtect Data Manager but
not a member of a protection policy, the PowerProtect Data Manager administrator must approve the target virtual
machine.

Monitor the table restore mount operation
After a table-level restore mount operation is run from the Microsoft app agent VM Direct SSMS plug-in, the Table Restore >
Monitor page displays the mount script and status.
The following figure shows the mount information and status as it appears on the Monitor page.
Figure 28. VM Direct: Table Restore Monitor page

After the backup images are mounted using the Microsoft application agent SSMS plug-in, complete the table-level restore
using ItemPoint for Microsoft SQL Server.
Prerequisites
Configure and run the table level restore operation with the Table Restore tab in the Microsoft application agent SSMS plug-in.
supported.
About this task

Once the table level restore is configured and run through the Microsoft application agent SSMS plug-in, ItemPoint launches.

If you select Do not run ItemPoint after mounting the backup images when you configure the table level restore, you must
manually launch ItemPoint, and then launch the Data Wizard.
Steps

3. Click Finish.
5. To dismount the mounted backup images, exit ItemPoint for Microsoft SQL Server.
NOTE: If you select Leave backup images mounted after ItemPoint exits or Do not run ItemPoint after
mounting the backup images when you configure the mount operation, the backup image remains mounted for 4
hours. To dismount the backup manually, use the msagentadmin command.
Restore Microsoft SQL Server tables with the VM Direct recover

command
Learn how to perform a VM Direct Microsoft SQL Server table-level restore operation using a command prompt.
Mount VM Direct backups for table-level recovery using the command

prompt
Use the msagentrc.exe command with the -A NSR_RESTORE_TYPE=mount parameter to mount backups for table-level
recovery.
Type the recover command with the following syntax to mount VM Direct backup images:
msagentrc.exe -A VM_DIRECT=TRUE -c <client_or_hostname> [-

A "SKIP_CLIENT_RESOLUTION=TRUE"] -A NSR_RESTORE_TYPE=mount -A
"NSR_DFA_SI_DD_HOST=<server_name>" -A "NSR_DFA_SI_DD_USER=<DD_Boost_username>"
-A "DM_HOST=<PowerProtect_appliance_hostname>" [-
A "DM_USER=<PowerProtect_appliance_tenant_user>"] [-
A "DM_PORT=<PowerProtect_appliance_port_number>"] [-
A "DM_MOUNT_TIMEOUT=<number_of_minutes>"] [-A
"NSR_DFA_SI_DD_LOCKBOX_PATH=<full_path_to_lockbox>"] -I -
-t <save_time> <restore_path>

where:
-A VM_DIRECT=TRUE
-A "SKIP_CLIENT_RESOLUTION=TRUE"
(Optional) Specifies to use the client name as it is exactly entered with the -c option and to skip the
FQDN lookup to automatically resolve the client name.
-A NSR_RESTORE_TYPE=mount
Specifies a mount operation
-A "NSR_DFA_SI_DD_HOST=<server_name>"
primary server.
-A "NSR_DFA_SI_DD_USER=<DD_Boost_username>"
-A "DM_HOST=<PowerProtect_appliance_hostname>"
-A "DM_USER=<PowerProtect_appliance_user>"
(Optional) Specifies the username to use for the PowerProtect Data Manager connection.
This parameter is mandatory only for credential-based access to the PowerProtect Data Manager
appliance. You are not required to specify this parameter when the Microsoft application agent is
approved by PowerProtect Data Manager.
When you add a virtual machine to a Lifecycle group, that virtual machine is approved with a certificate
that expires after one day. The PowerProtect Data Manager administrator can approve the target
Microsoft application agent on the PowerProtect Data Manager Infrastructure > Agents page.
-A "DM_PORT=<PowerProtect_appliance_port_number>"
(Optional) Specifies the port number to communicate with the PowerProtect Data Manager server. The
default value is 8443.
-A "DM_MOUNT_TIMEOUT=<number_of_minutes>"
(Optional) Specifies the amount of time in minutes until the mount times out. The default value is 4
hours (240 minutes).
-A "NSR_DFA_SI_DD_LOCKBOX_PATH=<full_path_to_lockbox>"
(Optional) Specifies the folder that contains the lockbox file, which contains encrypted information
about the registered hosts and the corresponding usernames in pairs. Each pair is associated with a
password that backups use. If you do not specify a value, the path defaults to the installation path,
which is typically C:\Program Files\DPSAPPS\common\lockbox.
-t <save_time>
Specifies the save time of the backup. Specify this parameter along with the restore path for each
database in the restore operation. The application pauses for you to input this option line by line. Press
Enter to move to the next line. A blank line indicates completion of the list.
<restore_path>
Specifies the path to the objects that you want to restore.
○ To restore a backup of the entire instance, type APPLICATIONS:
\SqlServerWriter\<backup_client_name>

○ To restore a backup of specific databases, type APPLICATIONS:
\SqlServerWriter\<backup_client_name>\<database_name>\ [...]\
For example: "APPLICATIONS:\SqlServerWriter\LEDMF158\dbtest3"
○ To restore a backup of the entire instance, type APPLICATIONS:\SqlServerWriter\<URL-
encoded_SQL_instance_name>
○ To restore a backup of specific databases, type APPLICATIONS:\SqlServerWriter\<URL-
encoded_SQL_instance_name>\<database_name>\ [...]\
The <URL-encoded_SQL_instance_name> is typically
<backup_client_name>%5C<SQL_instance_name>
For example: "APPLICATIONS:\SqlServerWriter\LEDMF158%5Cinst1\dbtest3"

Steps
1. Launch the command prompt.
2. Run the following command:
C:\Program Files (x86)\DPSAPPS\MSAPPAGENT\ItemPoint\Sql\EMCIPSQL.exe
The ItemPoint for Microsoft SQL Server appears.

3. Launch the Data Wizard.
The Data Wizard appears to the Select Source page.

6. Click Finish.
Next steps
Dismount the backups using the msagentadmin.exe command.

Dismount the backup images
You must dismount the backup images after the table-level restore operation is complete.
To dismount the backup images, run the following command:
msagentadmin dismount --ddhost "<server_name>" --ddpath "<storage_unit_name_and_path>"

--dduser "<DD_Boost_username>" --dmhost "<PowerProtect_appliance_hostname>" -–dmport
“<PowerProtect_appliance_port>” [--lockbox <path>]
where:
dismount
Specifies an operation to dismount backups.
--ddhost "<server_name>"
Specifies the name of the DD server that contains the storage unit, to which you backed up the
databases.
--ddpath "<storage_unit_name_and_path>"
Specifies the name and the path of the storage unit, to which you backed up the databases.
--dduser "<DD_Boost_username>"
---dmhost "<PowerProtect_appliance_hostname>"
--dmport “<PowerProtect_appliance_port>”
Specifies the port number to communicate with the PowerProtect Data Manager server. The default
value is 8443.
--lockbox <path>
(Optional) Specifies the folder that contains the lockbox file, which contains encrypted information
about the registered hosts and the corresponding usernames in pairs. Each pair is associated with a
password that backups use. If you do not specify a value, the path defaults to the installation path,
which is typically C:\Program Files\DPSAPPS\common\lockbox.
Example VM Direct dismount command
msagentadmin.exe dismount --ddhost mars.jupiter.emc.com --ddpath /POLICY-

PROTECTION-123456 --dduser POLICY-PROTECTION-USER --dmhost 11.22.333.44 --dmport 8443 --
lockbox "C:\Program Files\DPSAPPS\common\lockbox"
Performing an instant access recovery

An instant access recovery enables you to quickly bring a database online from a point-in-time by running the database directly
on protection storage, which is added to the host through a backup image mount.
Instant access recovery overview

Instant access recovery enables you to access a live-mounted Microsoft SQL Server database from protection storage without
restoring the virtual machine or Microsoft SQL Server database.
This type of operation is useful for database administrators who must use or query a Microsoft SQL Server database before
restoring the database due to time and resource constraints.
This feature also supports the migration of mounted disks containing live mounted databases from protection storage to
production datastore.
When you initiate instant access recovery, the operation locates the corresponding backup virtual disks and mounts them from
the DD protection storage. The operation locates the Microsoft SQL Server database selected by the database administrator
from mounted disks and connects the database to the Microsoft SQL Server instance. If transaction logs were selected, the
transaction logs are replayed against the instant access database.

Instant access recovery use cases
Instant access recovery to a Microsoft SQL Server database is useful in a number of cases, including ad hoc queries, health
checks, disaster recovery, and development tests.
Ad hoc queries
When you need a history of changes, perform an instant access restore to mount Microsoft SQL Server databases for browsing
and finding historical data.
With Microsoft SQL Server instant access recovery, you can browse the history of changes in specific rows or tables quickly by
running the SQL queries on the mounted database. You can also run the SQL queries to move data from a mounted database to
a live Microsoft SQL Server database.
Health checks
You can validate the Microsoft SQL Server database health by running health check queries on the live mounted database.
By performing health checks on the mounted database instead of the live database in the production environment, you can
reduce the impact on production resources while checking the health status.
Disaster recovery
During a disaster recovery, Microsoft SQL Server instant access recovery provides temporary access to Microsoft SQL Server
data while the database is down.
You can connect the live mounted database to a Microsoft SQL Server instance for urgent queries.
Development tests
Merging changes to the production database is an operation with a risk of breaking applications.
With Microsoft SQL Server instant access recovery, you can use a replica of the database to test changes before you upload
them to the live production database.
Perform an instant access restore with the VM Direct SSMS plug-

in
Learn how to perform a VM Direct Microsoft SQL Server instant access restore operation using the Microsoft app agent for VM

To launch the Microsoft application agent for VM Direct SSMS plug-in, perform the following steps:
3. On the toolbar, click Microsoft app agent for VM Direct.
NOTE: If the Microsoft App Agent (VM Direct) button is not on the toolbar, the plug-in may be unable to register. In this
scenario, you can launch the plug-in directly from the Start menu. From the Windows Start menu, select DDBMA Plugin
for SQL Server Management Studio.

Configure general instant access settings
To configure Microsoft SQL Server restores with the Microsoft app agent for VM Direct SSMS plug-in, you must first specify
general restore options on the Instant Access > General page.
Steps
1. Open the Microsoft app agent for VM Direct window to the Instant Access > General page.
Figure 35. VM Direct: Instant Access General page

then click OK.
The SQL Server host field is updated with the client backups that are available on the selected DD server.

instances.
mount for instant access.
field.
row or select only the required databases to mount for instant access.
The corresponding save sets appear in the save sets table that is below the databases table.
NOTE: The Microsoft application agent does not support instant access for system databases. The system databases
do not appear in the database table.
8. For single database instant access, from the save sets table, select the database backup and timestamp that you want to
mount for instant access.
By default, the most recent backup is selected.
NOTE: This step only applies to single database instant access. For multiple database and instance-level operations, the
most recent backup is mounted and the most recent transaction logs for the browse time are restored.
9. (Optional) To access the database from a specific point-in-time, perform the following steps:
a. Under Access by time, click Timeline.
The Backup Timeline dialog box appears as shown in the following figure.
Figure 36. Specifying the access point

b. Specify the backup date and time, and then click OK.
10. Under Destination, specify the details for the mount operation:
a. From the Instance list, select the target Microsoft SQL Server instance to mount the backup.
b. From the Database list, select the name of the Microsoft SQL Server database for instant access.
When you select a single database, you can specify a new name for the database. For instant access, a default name
is generated, by appending the text "InstantAccess" and a date/time stamp to the original database name. For a single
database restore, you may change this name. For a multiple database restore, you may not change the database name
and the default database name is used.
Configure optional instant access settings

When you configure Microsoft SQL Server database instant access restores with the Microsoft app agent for VM Direct SSMS
plug-in, you can specify optional settings on the Instant Access > Options page.
About this task

Steps
1. From the left panel, click Options to specify optional instant access settings.
Figure 37. VM Direct: Instant Access Options page
2. Under Mount:
● The Mount Folder field specifies the location where backup images are mounted.
NOTE:
The value in the Mount Folder field is the default mount location under the config directory of the Microsoft
application agent installation path, for example, C:\Program Files\DPSAPPS\MSAPPAGENT\config\mount.
Ensure that the Microsoft SQL Server administrative account for the target Microsoft SQL Server instance has
access to this path so that it can access the database files once they are mounted.
● In Mount Timeout, specify the number of days after which the mounted backup image must be dismounted. The default
value is 7 days.
NOTE: The maximum mount timeout setting is 7 days but can be extended up to 7 more days. After the mount
starts, you can extend the mount timeout on the Instant Access > Active Mounts page by specifying the number
of days in the Change mount timeout field and clicking Change. The specified number of days are added to
the initial timeout value that was set during the mount. Dismount the mounted database provides more details. To
preserve any changes that you make to the database during the instant access active time, you can vMotion the
database.
3. To generate detailed logs, which you can use to troubleshoot the mount issues, select Select a debug level, and then

source client.
7. To specify the PowerProtect Data Manager appliance, under Mount Method, perform the following steps:
The details for the PowerProtect Data Manager appliance that protects the Microsoft SQL Server in a protection policy
automatically appear.
b. If you do not see the PowerProtect Data Manager appliance that you want to use for the mount operation, click Add,
● To add an PowerProtect Data Manager with credential-based authentication, specify the appliance hostname and the
login credentials.
and login details.
● To add an PowerProtect Data Manager with certificate-based authentication, specify only the appliance hostname.
Do not specify the username and password fields.
8. To mount the database for instant access, click Mount.
Monitor the instant access mount operation

After an instant access mount operation is run from the Microsoft app agent for VM Direct SSMS plug-in, the Instant Access
> Monitor page displays the restore script and status.
NOTE: For information about the success or failure of the mount operation, review the log files that are located in the
Change the mount timeout

After the mount starts, you can change the mount timeout on the Instant Access > Active Mounts page by specifying the
number of days in the Change mount timeout field and clicking Change. The mount timeout is changed by the specified
number of days.
About this task

Starting with the Microsoft application agent 19.2, a msagentadmin process runs in the background with a
keep_mount_alive option to keep the mount session active for the number of days specified by the user. When the user-

specified mount period expires, the msagentadmin process removes the Microsoft SQL Server databases and dismounts the
instant access session. After a machine reboot, the Microsoft application agent restarts the mount monitoring process to ensure
that the user-specified mount period is maintained. For example, the following monitoring process runs in the background:
msagentadmin.exe keep_mount_alive --mountperiod <minutes> --dmhost <IP_address> --dmport

<port_number> --lockbox "C:\Program Files\DPSAPPS\common\lockbox"
Steps
1. From the left panel, click Active Mounts.
The Active Mounts page appears as shown in the following figure.
Figure 38. VM Direct: Instant Access Active Mounts page
2. Use the Change mount timeout control to select the number of days by which you want to change the mount time.
3. Click Change.
A confirmation dialog box appears.
4. Click OK.
Results
The mount timeout is modified as shown in the following figure.

Dismount the mounted database

After you mount a database for instant access, you can use the Instant Access > Active Mounts page to dismount the
mounted database.
About this task

All settings on the Instant Access > Active Mounts page are optional. If you do not manually dismount the database, the
database will be dismounted when the mount timeout period passes, as specified on the Instant Access > Options page.
Steps

The Active Mounts table displays the details for each active mount session.
2. From the Active Mounts table, select the backup that you want to dismount.
NOTE: All changes to the database will be lost. To preserve the changes, select to vMotion the database instead or
extend the mount timeout.
3. Click Dismount.
The backup is dismounted.
Configure vMotion data movement

After you mount a database for instant access, use the Instant Access > Active Mounts page configure vMotion data
movement.
About this task
NOTE: Once vMotion is started, you cannot cancel the vMotion data movement.
Steps

2. To update the table and list available datastores, click Show datastores.
3. Select the datastore to which you want the virtual disk to be migrated.
The vdisks will be allocated from the selected datastore. Ensure that the database administrator checks with the data center
administrator or backup administrator about the appropriate datastore to select.
4. In the Disk Provisioning field, select the vdisk provisioning mode to be used for the vMotion operation.
5. Click Migrate.
Results
The virtual disk is migrated to the selected datastore by using storage vMotion. You can observe the progress in the Monitor
window. Once the vMotion is complete, the mount is removed from the Active Mounts page as the databases are then on
permanent VMDKs on the vCenter datastore.

8
Performing Centralized Restores of Virtual
Machine Backups
Topics:
• Centralized restores of Microsoft SQL Server virtual machine backups
• Considerations for centralized Microsoft SQL Server application-aware restores
• Centralized restore of Microsoft SQL Server system databases
• Centralized restore of a Microsoft SQL Server stand-alone database
• Centralized restore of a Microsoft SQL Server AAG database
• Centralized restore of multiple Microsoft SQL Server databases
Centralized restores of Microsoft SQL Server virtual

machine backups
When Microsoft SQL Server data is backed up as part of a virtual machine application-aware protection policy in PowerProtect
Data Manager, you can restore the Microsoft SQL Server virtual machine backups by using the centralized restore functionality
in the PowerProtect Data Manager UI.
You can perform the following types of centralized restores of Microsoft SQL Server virtual machine backups, depending on the
type of database assets:
● Centralized restore of a system database
● Centralized restore of a stand-alone database
● Centralized restore of an Always On availability group (AAG) database
NOTE:
You cannot perform the centralized restore of a Microsoft SQL Server virtual machine backup and the centralized restore
of a Microsoft SQL Server Application Direct backup at the same time.
The Microsoft SQL Server application-aware backups cannot be restored to a Windows or CIFS shared path by using either
a centralized restore or a restore through the VM Direct SQL Server Management Studio (SSMS) UI plug-in.
You can restore single or multiple databases from the same Microsoft SQL Server host and instance. You can restore the
databases either to the original Microsoft SQL Server host or to an alternate Microsoft SQL Server host with the following
requirements:
● The alternate host must be a Microsoft SQL Server virtual machine.
● The Microsoft application agent software must be installed and configured on the alternate host, as described in Application
agent manual installation and configuration.
NOTE: When you install the Microsoft application agent to perform a restore of a Microsoft SQL Server virtual machine
backup to an alternate Microsoft SQL Server host, ensure that the host was not previously registered to PowerProtect
Data Manager as an Application Direct host.
● You cannot restore a system database to an alternate host or Microsoft SQL Server instance.
You must perform all centralized restores from the Restore > Assets > SQL window in the PowerProtect Data Manager UI.
You can perform a centralized restore of a full or transaction log backup to a specified Microsoft SQL Server host and instance.
Select one of the following restore options to specify the file system location where the databases are restored:
● Original file location (location at backup time)—Restores the backup data to the file directory that was used during the
backup and overwrites the existing contents.
194 Performing Centralized Restores of Virtual Machine Backups

● Default file location as set by Microsoft SQL Server—Restores the backup data to the default file directory as used by
the Microsoft SQL Server.
● User-specified file location—Restores the backup data to file directories that you specify for the database files and log
files.
The following topics describe the considerations, prerequisites, and procedures for the supported types of centralized restores
of Microsoft SQL Server virtual machine backups.
Considerations for centralized Microsoft SQL Server

application-aware restores
Ensure that you review the following information before you perform the centralized restores of Microsoft SQL Server
application-aware virtual machine backups.
The centralized restore of multiple Microsoft SQL Server databases supports the following use cases:
● Performing disaster recovery of the original Microsoft SQL Server instance.
● Performing a restore rehearsal by restoring a Microsoft SQL Server instance database to an alternate host to validate the
backups.
For disaster recovery to the original host, you can select all the databases for the Microsoft SQL Server instance. Once the
restore job starts, the application agent automates the disaster recovery procedures as outlined by Microsoft. The disaster
recovery includes a restart of the Microsoft SQL Server instance in single user mode to restore the master database.
For disaster recovery to an alternate host, ensure that the alternate host is a Microsoft SQL Server virtual machine that is a
discovered asset of PowerProtect Data Manager.
NOTE: During the centralized restore to an alternate host, if the alternate host is not included in the list of available hosts,
follow the instructions in Application agent manual installation and configuration to ensure that the application agent is
properly installed and configured.
PowerProtect Data Manager applies the following concurrency rules for jobs associated with either a single-database or
multi-database centralized restore, including any backup, restore, and manual agent installation jobs that you run on the same
virtual machine, VM1:
● If an agent installation for VM1 is in progress, the VM1 backup is queued and the Microsoft SQL Server restore against target
VM1 is queued.
● If a VM1 backup is in progress, the agent installation for VM1 is queued and the Microsoft SQL Server restore against target
VM1 is queued.
● If the Microsoft SQL Server restore against target VM1 is in progress, the agent installation for VM1 is queued and the VM1
backup is queued.
Application agent manual installation and configuration

NOTE:
Ensure that the Microsoft SQL Server host was not previously registered to PowerProtect Data Manager using the
Application Direct option.
Direct during a Microsoft application agent installation, the protection type for that host may not be changed to VM Direct,
even if the Microsoft application agent is uninstalled.
In either of the following cases, you must manually install and configure the Microsoft application agent on the target virtual
machine host of the restore:
● The PowerProtect Data Manager has been updated.
NOTE: If PowerProtect Data Manager has been updated from a pre-19.6 version, then you must use the following steps
to manually install and configure the application agent. You must install the application agent on all the client machines.
● You want to restore to a virtual machine that is not part of a protection policy.
Ensure that the target virtual machine meets the following prerequisites:
● A Windows OS is running.
Performing Centralized Restores of Virtual Machine Backups 195

● The VMware Tools are installed at the same version as required for backup.
● The Microsoft SQL Server is installed and running.
● The SYSTEM account has the same security configuration as required for backup.
● The network ports are configured as required for backup.
Perform the following steps to manually install and configure the application agent:
1. Ensure that the Windows account credentials for the virtual machine are set at the virtual machine asset level, not the
protection policy level.
To set the credentials at the asset level, select Infrastructure > Assets > Virtual Machine, select the virtual machine, and
select More Actions > Set Credential.
2. To install the application agent, select Infrastructure > Assets > Virtual Machine, select the virtual machine, and select
More Actions > Install Agent.
After you confirm to start the installation, you can monitor the installation job status on the Jobs page.
Centralized restore of Microsoft SQL Server system

databases
You can perform a centralized restore of a full backup of a Microsoft SQL Server system database in the PowerProtect Data
Manager UI.
Steps
You can click or on the top right of the window to switch between the hierarchical (tree) view and list view. The
hierarchical view uses a tree view to show the hierarchical relationships of the Microsoft SQL Server hosts, their application
servers or instances, stand-alone database assets, and any Always On availability groups (AAGs) with their database assets.
When you expand the hierarchical view, you can see all the assets and AAGs within a host and instance. When you select a
host or instance container, all the contained assets and objects are also selected. You can also select individual assets or a
group of assets within the host or instance container.
Network:
● The Host Type column lists the host types as AAG or Standalone.
2. Select the check box next to the Microsoft SQL Server master, model, or msdb database, and click Restore.
● The Copy Type column lists the backup copy types as Full.

4. On the Scope page, the default selection Restore to Microsoft SQL Server Instance cannot be changed.
NOTE: You cannot restore a system database to an Always On availability group.
5. On the Location page, select Restore to Original.

NOTE: You can only restore a system database to the original host and instance, overwriting the source database.
NOTE: If the directory path cannot be created on the target host during the centralized restore, the restore fails.
NOTE: When you select this option, you must specify the restore file directories for the database files and log files.
NOTE: The tail-log backup option is not supported for a system database.
NOTE:
are correct.
existing database.
b. Click Restore.

Centralized restore of a Microsoft SQL Server stand-
alone database
You can perform a centralized restore of a full or transaction log backup of a Microsoft SQL Server stand-alone database in the
PowerProtect Data Manager UI. The following procedure restores a single database.
Steps
Network:
2. Select the check box next to the stand-alone database, and click Restore.
● The Copy Type column lists the backup copy types as Full or Log.
alone databases cannot be restored to the original AAG location.

on a host:
NOTE:
NOTE:
NOTE: The tail-log backup option is displayed when the destination is the same as the host. This option is selected
by default.
are correct.
existing database.
b. Click Restore.

Centralized restore of a Microsoft SQL Server AAG
database
You can perform a centralized restore of a full or transaction log backup of a Microsoft SQL Server Always On availability group
(AAG) database in the PowerProtect Data Manager UI. The following procedure restores a single database.
About this task
NOTE: A centralized restore of multiple AAG databases to an AAG is not supported.
Steps
Network:
2. Select the check box next to the AAG database, and click Restore.
● The Copy Type column lists the backup copy types as Full or Log.

on a host:
NOTE:
7. On the Options page, select the required options and then click Next:
NOTE: When a database exists but the Overwrite Databases WITH REPLACE option is not selected, the restore
fails.
NOTE: The tail-log backup option is supported only when the source and destination nodes are the same. When you
restore the database to all the nodes of the AAG by selecting Restore to all replicas, the credentials used for the
restore must provide access on all the nodes of the AAG.
● Select the required option as follows, depending on your previous selection on the Scope page:
○ If you selected Restore to Microsoft SQL Server Instance on the Scope page:
Restore State—Select one of the following options:
￭ RESTORE WITH RECOVERY—Leaves the database ready to use by rolling back the uncommitted transactions.
￭ RESTORE WITH NO RECOVERY—Leaves the database nonoperational and does not roll back the uncommitted
○ If you selected Restore to Always On Availability Group on the Scope page:
Restore Replica—Select one of the following options:
￭ Restore to all replicas—Restores the database to all the nodes of the AAG.
￭ Restore to primary—Restores the database to only the primary node of the AAG.

are correct.
existing database.
b. Click Restore.
Centralized restore of multiple Microsoft SQL Server

databases
You can perform a centralized restore of the full or transaction log backups of multiple Microsoft SQL Server databases in the
Prerequisites
Before you perform a multi-database restore, review the Considerations for centralized Microsoft SQL Server application-aware
restores.
About this task

The centralized restore of multiple databases includes the following restrictions:
● A multi-database restore can restore only the most recent database backups.
If you need to restore older backup copies of multiple databases, then perform a single database restore of each older
backup copy, one at a time.
● A multi-database restore can restore only to the original database names.
If you need to restore multiple databases and rename the databases, then perform a single database restore of each backup
copy, one at a time.
● A multi-database restore does not support the tail-log backup option.
● You can select only multiple stand-alone databases or a single AAG database for restore, not multiple AAG databases.
Multiple databases are restored serially (one at time).
A multi-database restore also supports partial success:
● If a given database exists on the target host and the overwrite option is not specified, the database restore is not attempted
and the next database restore is attempted.
● If the restore fails for a given database, the next database restore is attempted.
Steps
Network:

2. Select the check box next to each database that you want to restore, and then click Restore.
The restore wizard opens on the Copy Selection page, which includes a notification that the multi-database restore uses
the latest backup copies on the storage target.
3. On the Copy Selection page, click Next to continue.
NOTE: A multi-database restore can restore only to the original database names.

● Restore to Alternate—Restores the selected database to the instance that you select from the table, where the
original instance is disabled.
Click or above the table to see the list of available instances. In the hierarchical view, you must expand the list to
see all the instances on each available Microsoft SQL Server host.
NOTE: The tail-log backup option is not supported for a multi-database restore.
NOTE:

a. Review the Select Copy, Location, File Location, and Options information to ensure that the restore details are
correct.
NOTE: When any of the selected database names match the names of existing databases, the restore overwrites
the existing databases.
b. Click Restore.

9
Protecting Virtual Machines Using the
Transparent Snapshots Data Mover
Topics:
• Overview of Transparent Snapshots Data Mover
• vSphere Installation Bundle monitoring and management
• Transparent snapshots data mover system requirements
• Prerequisites to virtual machine protection with the Transparent Snapshots Data Mover
• Configuring Microsoft SQL Server application-aware protection with TSDM
• Transparent Snapshots Data Mover unsupported features and limitations
• Transparent Snapshots Data Mover performance and scalability
• Migrating assets to use the Transparent Snapshots Data Mover
Overview of Transparent Snapshots Data Mover

Transparent Snapshots Data Mover (TSDM) is a protection mechanism designed to replace the VMware vStorage API for
Data Protection (VADP) protection mechanism for crash-consistent virtual machine protection and Microsoft SQL Server
application-aware protection.
The advantages of using the TSDM protection mechanism for virtual machine data protection include the following:
● Eliminates the latency and performance impact on the production virtual machine during the protection policy life cycle.
● Reduces the CPU, storage, and memory consumption required for backups. After the initial full backup, only incremental
backups using the immediate previous snapshot will be performed.
● An external VM Direct Engine is not required. The VM Direct Engine embedded with PowerProtect Data Manager is
sufficient.
● Automatic scaling.
vSphere Installation Bundle monitoring and

management
The vSphere Installation Bundle (VIB) is a software package that is bundled with the PowerProtect Data Manager OVA and
update package. The VIB is installed automatically on a vSphere ESXi 7.0 U3c and later host during the PowerProtect Data
Manager deployment or update, and is required to enable the transparent snapshot data mover (TSDM) for virtual machines.
NOTE: Automatic vSphere Installation Bundle (VIB) management is performed primarily within the PowerProtect Data
Manager UI. If any issues occur with the automatic VIB management, you can use commands from the ESXi host as
required to manage the following operations:
● VIB upload
● VIB install
● VIB update
● VIB uninstall
The section "vSphere Installation Bundle management options outside of PowerProtect Data Manager" in the PowerProtect
Data Manager Virtual Machine User Guide provides details.
Protecting Virtual Machines Using the Transparent Snapshots Data Mover 205
Prerequisites to VIB installation and update
The VIB package is installed or updated when the following requirements are met:
● The hosting ESXi Server is version 7.0 U3c or later.
● The managing vCenter Server is version 7.0 U3c or later.
● The installation can be performed on all eligible hosts of the cluster and all hosts that are added to the cluster.
● Automatic VIB management is enabled on the vCenter server asset source. The PowerProtect Data Manager Virtual
Machine User Guide provides more information.
Monitor the VIB installation

You can use the Transparent Snapshot Data Movers tab in the Protection Engines window of the PowerProtect Data
Manager UI to monitor the installation of the VIB. This window provides a vCenter hierarchy view which is based on the asset
sources that are enabled in PowerProtect Data Manager. If an ESXi host is not eligible or available for the VIB installation, the
status displays as Not Eligible in the Protection Engines window.
During the VIB installation:
● A VIB file (approximately 4 MB) is uploaded to the ESXi datastore.
● An entry for the job Performing Host Configuration appears in the PowerProtect Data Manager UI.
● If the host is in a cluster configuration, entries for the tasks Start service and Update service activation policy appear
for each host in the vCenter UI.
● Information for the vCenter and ESXi host is detected to verify that the supported versions are installed.
NOTE: The VIB cannot be deployed until virtual machine assets from an ESXi cluster are added to a protection policy. It is
recommended that you perform an installation precheck before the backup of any TSDM-enabled protection policies.
You can use the PowerProtect Data Manager UI to apply TSDM as the data mover for virtual machine assets.
Transparent snapshots data mover system

requirements
The following software is required to automatically enable use of the Transparent Snapshots Data Mover (TSDM) for virtual
machine data protection operations.
Table 15. Software requirements

Software required Version supported Notes
vCenter server 7.0 U3c and later ● vCenter and ESXi 7.0 U3c is the minimum
version that is required to use TSDM. Until this
ESXi server 7.0 U3c and later version is deployed in the environment, TSDM is
not used for virtual machine protection policies.
● TSDM for virtual machine protection also
requires that the protection policy quiescing and
swap file exclusion options be disabled.
● For virtual machine crash-consistent policies,
protection of encrypted virtual machines with
TSDM requires PowerProtect Data Manager
version 19.13 or later and vCenter/ESXi version
8.0b or later. Encrypted virtual machines
protected in PowerProtect Data Manager 19.12
or earlier must also be migrated from the VADP
protection mechanism to TSDM.
206 Protecting Virtual Machines Using the Transparent Snapshots Data Mover
Prerequisites to virtual machine protection with the
Transparent Snapshots Data Mover
Review the following recommendations for use of the Transparent Snapshots Data Mover (TSDM) protection mechanism for
virtual machine protection.
Additional privileges required for a dedicated vCenter user account

to use Transparent Snapshot Data Mover
You can use the vSphere Client to specify the required privileges for the dedicated vCenter user account, or you can use the
PowerCLI, which is an interface for managing vSphere.
The following table includes the additional privileges required to use the Transparent Snapshot Data Mover (TSDM) for virtual
machine protection operations. All of the privileges required for the dedicated vCenter user account are provided in the
PowerProtect Data Manager Virtual Machine User Guide.
Table 16. Minimum required vCenter user account privileges

Setting vCenter 7.0.3 and later required privileges PowerCLI equivalent required privileges
Datastore ● Datastore > Browse datastore
$privileges = @(
● Datastore > Low level file operations 'Host.Config.Patch',
Host ● Configuration > Image configuration 'Host.Config.Image',
'Host.Config.NetService',
● Configuration > Security profile and firewall 'Datastore.FileManagement',
● Configuration > Query patch 'Datastore.Browse',
NOTE: These privileges are required for 'vSphereDataProtection.Protectio
n',
vSphere Installation Bundle (VIB) install,
'vSphereDataProtection.Recovery'
update, and uninstall operations. If Auto VIB ,
management is enabled in the Infrastructure 'System.Read',
> Protection Engines window, operations 'Task.Create',
'Task.Update'
might be inconsistent.
)
System ● System > Read New-VIRole -Name 'PowerProtect'
-Privilege
Tasks ● Tasks > Create task (Get-VIPrivilege -Id
$privileges)
● Tasks > Update task
vSphere Data ● Protection
Protection ● Recovery
Creating VMkernel ports for Transparent Snapshots Data Mover

For backup and restore of virtual assets from the ESXi hosts and their respective virtual machines using the Transparent
Snapshots Data Mover (TSDM) protection engine, It is strongly recommended that you create a dedicated VMkernel port for all
ESXi hosts in the cluster to facilitate data transfer.
Before you begin:
● For optimal data transfer between ESXi hosts and protection storage, use the same network subnet that is used for backup
storage.
● For each ESXi host in the cluster, it is recommended to use a 10G physical network adapter port for TSDM backup traffic.
● Plan a unique network subnet to use exclusively for TSDM protection engine that does not overlap with any other existing
network subnets. This subnet must contain the following:
○ An IP address for each VMkernel port in each ESXi host.
○ An IP address for each port in protection storage target interfaces.
Complete Create a VMkernel port for a standard vSwitch configuration or Create a VMkernel port for a distributed vSwitch
configuration. Use the switch and IP settings recommended above.
Create a VMkernel port for a standard vSwitch configuration
For each ESXi host in the cluster:
Steps
1. In the vSphere Client, navigate to the ESXi host and select the host.
2. Right-click the host and select Add Networking.
3. Select VMkernel Network Adapter, and then click Next.
4. Create a new switch, or choose an existing one.
When creating a new switch, assign the NIC adapter to Active Adapters.
5. In the Port Properties settings IP settings, select either IPv4 or IPv6, and clear all other check boxes under Available
services.
6. In the IP settings, specify the VMkernel IP settings.
Create a VMkernel port for a distributed vSwitch configuration

Steps
1. On the vSphere Client home page, click Networking, and then navigate to and select a distributed port group.
2. From the Actions menu, select Add VMkernel Adapters.
3. On the Select hosts page, click Attached hosts, select from the hosts that are associated with the distributed switch, and
then click OK.
4. Click Next.
5. On the Configure VMkernel adapter page, select either IPv4 or IPv6, and clear all other check boxes under Available
services.
6. In the IP settings, specify the VMkernel IP settings.
Configuring Microsoft SQL Server application-aware

protection with TSDM
Complete the following steps to configure the Microsoft SQL Server application-aware protection with the transparent
snapshot data mover (TSDM).
NOTE: TSDM SQL application-aware protection is not supported on dynamic disks.
The PowerProtect Data Manager Virtual Machine User Guide provides more details about each of the following steps.
1. Ensure that the vCenter Server is enabled as an asset source in the PowerProtect Data Manager UI.
2. Add and register the vCenter Server asset source. From the left navigation pane, select Infrastructure > Asset Sources
and click Add on the vCenter tab.
After the successful discovery of the vCenter asset source, the virtual machine assets in the vCenter server are displayed in
the Infrastructure > Assets window on the Virtual Machine tab.
3. Ensure that the required application-aware protection policy is created for the Microsoft SQL Server application-aware
backups.
To create the protection policy, follow the procedure under "Add a protection policy" in the PowerProtect Data Manager
Virtual Machine User Guide:
a. On the Add Policy > Type page, select the Virtual Machine type.
b. On the Add Policy > Purpose page, select Application Aware.
c. On the Add Policy > Options page, select the Transparent Snapshots protection mechanism.
NOTE: On the Options page, VADP is the other available protection mechanism option.
After you finish creating the protection policy, system jobs are created for the virtual machine policy configuration.
NOTE: For TSDM SQL application-aware backups, with the firewall enabled, you must add a firewall exception for the
vflragentd process.
Transparent Snapshots Data Mover unsupported
features and limitations
Review the following unsupported features and limitations for the Transparent Snapshots Data Mover (TSDM) in PowerProtect
Data Manager.
TSDM only available for virtual machine crash-consistent policies and SQL
application-aware policies
Use of the TSDM protection mechanism is only supported for crash-consistent virtual machine protection policies and SQL
application-aware protection policies. Also, if the policy is a virtual machine crash consistent policy, the Exclude swap files
from backup or Enable guest file system quiescing must be disabled.
NOTE: TSDM SQL application-aware protection is not supported on dynamic disks.
Unsupported virtual machine platforms and configurations

TSDM virtual machine protection is not supported for the following virtual machines, configurations, and platforms:
● Physical RDMs
● Virtual RDMs
● Fault Tolerant virtual machines
● Azure VMware Solution (AVS) on Microsoft Azure
● Google Cloud VMware Engine (GCVE) on Google Cloud Platform (GCP)
● VMware Cloud (VMC) on Amazon Web Services (AWS)
● Virtual machines with Site Recovery Manager enabled.
● Virtual machines with more than 40 disks.
VADP virtual machine protection is not supported for virtual machines with shared SCSI controllers or disks.
NOTE: This configuration is not supported even if the protection policy only includes disks that are not shared.
Full synchronization performed under certain conditions

The following conditions will result in a full synchronization operation for TSDM-enabled virtual machine protection policy
backups:
● PowerProtect Data Manager is updated from a previous release.
NOTE: The full backup completes successfully but with exceptions to indicate that the backup was forced to maintain
the integrity of the data in the backup chain.
● The full synchronization is scheduled as part of a PowerProtect Data Manager protection policy.
● A manual backup is performed of the protection policy using Backup Now in the PowerProtect Data Manager UI.
● The most recent virtual machine backup has been deleted.
● Disks were added to the virtual machine.
● Disks that were previously marked as excluded are added to the protection policy backup.
● The VMware DPD service was removed and then readded to the virtual machine. This can occur, for example, when the
virtual machine is removed from a TSDM-enabled policy and then added to the same or a different TSDM policy, or when the
virtual machine protection mechanism is manually changed from TSDM to VADP and then back to TSDM.
● The ESXi host, virtual machine, or daemon becomes unresponsive and crashes.
● The vSphere version is updated to 8.0 or later on the vCenter/ESXI hosts.
● A restore to a managed snapshot.
● The virtual machine encryption/decryption setting is changed.
NOTE: A full synchronization is not required after vMotion operations.
Manual removal of lastSdmDiskBackupPath.json file required before
deleting the storage unit of the virtual machine backup
During a TSDM-enabled virtual machine backup, a file named lastSdmDiskBackupPath.json, which contains snapshot
metadata, is created in the virtual machine. This file is required to perform in-place backups of the virtual machine, but does not
get automatically removed when the virtual machine is no longer included in the protection policy. As a result, the storage unit
containing these virtual machine backups cannot be deleted.
When deleting the storage unit where the virtual machine backups are located, ensure that you manually remove the
lastSdmDiskBackupPath.json file.
Site Recovery Manager unsupported for TSDM-protected virtual

machines
Enabling of VMware's Site Recovery Manager (SRM) for virtual machines that are protected in PowerProtect Data Manager
with TSDM is not supported. Ensure that you disable SRM protection for any virtual machines that use the TSDM protection
mechanism, or manually configure any SRM-enabled virtual machines to use the VADP data mover instead.
NOTE: Array-based replication for SRM is also unsupported.
Asset copy size reported differently for TSDM backups with thin-
provisioned disks
An increase in the asset copy size of TSDM backups with thin-provisioned disks might be observed due to the manner in which
asset copy size is reported in PowerProtect Data Manager. For thin-provisioned disks, the asset copy size now reflects the
capacity (provisioned size) of the disks instead of the used size. No actual increase in size has occurred.
VADP restore of TSDM backup restores disks as thick-provisioned in some

circumstances
If VADP data path is used to restore a virtual machine that was backed up using the TSDM protection mechanism, the disks are
restored as thick-provisioned instead of thin-provisioned. PowerProtect Data Manager uses VADP data path for restores in the
following circumstances:
● The virtual machine is restored in a vSphere environment running with a version previous to 7.0 U3.
● The virtual machine is restored to an ESXi host that does not have the TSDM vSphere Installation Bundle (VIB) installed.
● The virtual machine is restored directly to the ESXi host, since the vCenter server is not used for a Direct Restore to ESXi.
Virtual Machine Disk (VMDK) limit for virtual machines protected with
TSDM
TSDM-based protection supports a maximum of 40 VMDKs per virtual machine. If this limit is exceeded, backups fail with the
error Unable to back up the asset … because the included number of … disks exceeds maximum
supported disks of 40 by transparent snapshot datamover.
For virtual machines with more than 40 VMDKs, you can override the protection mechanism at the asset level to use VADP. The
section Migrating assets to use the Transparent Snapshots Data Mover provides more information.
Size of thin provisioned files created by vSphere during TSDM operations
does not reflect the true size written to file system (fixed in vSphere 7.0
U3f and later)
VMware vSphere creates files that are displayed as two times larger than the VMDK files of the virtual machines that are
protected by TSDM. The names of these files end in -flat.ses, and the files are located in the same VMFS volume and
directory as the VMDK files of the protected virtual machines. These are thin-provisioned files and part of normal TSDM
operations.
To determine the real amount of data that is written to the file system, use the du command, or update to vSphere version 7.0
U3f or later.
vMotion of TSDM protected virtual machines

vSphere disables the vMotion migration of virtual machines to an ESXi host version previous to 7.0 U3 when the virtual machine
is protected with TSDM. In order to migrate the TSDM protected virtual machine to an ESXi version that does not support
TSDM, you must disable the VMware DPD service that is attached to the virtual machine during the initial protection policy
configuration. To disable the filter, remove the virtual machine from the TSDM protected virtual machine protection policy.
Once the virtual machine is removed from the policy, a job is automatically initiated to disable the filter.
Once the vMotion completes, you can re-add the virtual machine to the protection policy. This virtual machine is then protected
by the VADP protection mechanism, since the new ESXi/cluster host version is lower than the version required by TSDM.
Removal of managed snapshots required before configuring virtual

machine protection policies to use TSDM
A PowerProtect Data Manager virtual machine protection policy cannot be configured to use the TSDM protection mechanism
when the virtual machine already contains managed snapshots. When a managed snapshot already exists on the virtual machine,
TSDM and the DPD service cannot be enabled or disabled. Verify that no managed snapshots exist for the virtual machine, and
then retry the configuration job from the System Jobs window of the PowerProtect Data Manager UI.
Once a virtual machine has been configured for TSDM protection, you can create managed snapshots on the virtual machine
with no impact to data protection operations.
Transparent Snapshots Data Mover performance and

scalability
Review the following information related to performance considerations to scale your environment.
NOTE: As a VMware infrastructure best practice, it is recommended that you spread the workload across ESXi servers as
much as possible. With the Transparent Snapshots Data Mover (TSDM) protection mechanism, you can move backup data
in streams from multiple ESXi servers.
Table 17. Scalability limits for the vCenter and ESXi server
Component Maximum limit
Number of protected virtual machines per ESXi server Unlimited
Number of protected VMDKs per ESXi server 1,000
Number of protected VMDKs per virtual machine 40
Size of VMDK 64 TB
TSDM virtual machine backups Embedded VM Direct Engine: up to 3,000 virtual machine backups,
and up to 180 concurrent virtual machine backups.
Table 17. Scalability limits for the vCenter and ESXi server (continued)
Component Maximum limit
External VM Direct Engine: up to 5,000 virtual machine backups, and

up to 300 concurrent virtual machine backups.
NOTE: An external VM Direct Engine is not required when using

TSDM as the protection mechanism for crash-consistent virtual
machine protection and SQL application-aware protection.
Table 18. TSDM maximum concurrent protection operations and memory consumption
Component Maximum limit Notes
Number of concurrent virtual machine 18 To obtain the maximum concurrent operations, the ESXi
backups per ESXi host (ESXi and vCenter hosting the protected virtual machines must be version
7.0 U3d and later) 7.0 U3d or later. This maximum is based on improvements
to TSDM performance that result in faster processing
Number of concurrent virtual machine 16 of these sessions, and will vary based on the type of
restores per ESXi host (ESXi and vCenter operations being performed (for example, single disk vs
7.0 U3d and later) multiple disk virtual machine backups).
NOTE: A lower number of concurrent streams helps to
avoid over-subscription to the ESXi host memory.
Total number of concurrent virtual 20

machine backups and restores per ESXi
host (ESXi and vCenter 7.0 U3d and later)
Number of concurrent virtual machine 10 This maximum is based on improvements to TSDM
backups per ESXi host (ESXi and vCenter performance that result in faster processing of these
7.0 U3c) sessions. Also, a lower number of concurrent streams helps
to avoid over-subscription to the ESXi host memory.
Number of concurrent virtual machine 10
restores per ESXi host (ESXi and vCenter
7.0 U3c)
Concurrent VMDK backups Up to 28 disks A full synchronization uses 29 MB/disk; a delta
synchronization uses 9 MB/disk.
256 MB/9 MB per disk=up to 28 VMDK backups in parallel.
For a single virtual machine, as an example, there might

be a maximum of four parallel VMDKs per virtual machine
during a full synchronization, and a maximum of 10 parallel
VMDKs per virtual machine during a delta synchronization.
NOTE: Depending on the combination of full and

delta synchronizations and their respective memory
consumption, 28 parallel VMDK backups is not always
possible.
Total TSDM memory consumption on ESXi Up to 768 MB 256 MB/9 MB per disk=up to 28 VMDK backups in parallel.
host
TSDM memory consumption on ESXi host Up to 256 MB A full synchronization uses 29 MB/disk; a delta
for DD streams synchronization uses 9 MB/disk.
Up to 28 streams
256 MB/9 MB per stream=up to 28 DD streams in parallel.
NOTE: Depending on the combination of full and

delta synchronizations and their respective memory
consumption, 28 streams is not always possible.
Migrating assets to use the Transparent Snapshots
Data Mover
You can manually migrate individual virtual machine assets from the VMware vStorage API for Data Protection (VADP)
protection mechanism to the Transparent Snapshots Data Mover (TSDM) protection mechanism by using the Infrastructure
> Assets window of the PowerProtect Data Manager UI. For virtual machine crash-consistent protection policies, TSDM
is used by default when vCenter and ESXi version 7.0 U3c or later are deployed in the environment. For SQL application
aware-protection policies, the default protection mechanism is VADP.
NOTE: You can also migrate assets at the policy level. Refer to the instructions for adding a protection policy.
Before assets are migrated to use TSDM, the vSphere Installation Bundle (VIB) is required. This installation occurs automatically,
unless the use of TSDM is disabled on the vCenter server asset source. Go to Infrastructure > Protection Engines, select
the Transparent Snapshot Data Movers pane, and verify that the VIB is enabled on the vCenter server. You can also expand
the vCenter hierarchy view to confirm that the VIB installation has occurred on the vSphere hosts.
Migrate assets to Transparent Snapshots

To migrate VADP virtual machine assets to use TSDM in the PowerProtect Data Manager UI:
1. Go to Infrastructure > Assets and select the Virtual Machine tab.
2. Filter the view to display the Protection Mechanism column.
3. Select one or more virtual machine assets with the VADP protection mechanism.
4. Select More Actions > Protection Mechanism > Migrate to Transparent Snapshots.
Migrating assets to use the TSDM protection mechanism forces a new, full backup of these assets. This backup may take
several minutes.
Circumstances where VADP is used instead of TSDM

In some circumstances, PowerProtect Data Manager might determine that TSDM cannot be used to protect some assets. In
these cases, VADP is automatically used as the protection mechanism instead of TSDM, even if TSDM is enabled.
For example, PowerProtect Data Manager defaults to using the VADP protection mechanism when one or more of the following
conditions are true:
● The ESXi host and vCenter server versions are earlier than 7.0 U3c.
● The protection policy is a crash-consistent policy that is configured with Exclude swap files from backup and Enable
guest file system quiescing enabled.
● Fault Tolerance is enabled for the virtual machine.
● The virtual machine has virtual or physical Raw Device Mappings (RDM).
● The virtual machine has more than 40 virtual machine disks (VMDKs).
A
Microsoft SQL Server Best Practices and
Troubleshooting
Before troubleshooting issues with Microsoft application agent, review VM Direct limitations.
Topics:
• Troubleshooting storage units
• Troubleshooting installation and operation
• Troubleshooting backups
• Troubleshooting restores
Troubleshooting storage units

Review the following issues related to storage units in PowerProtect Data Manager.
Creating storage unit fails when maximum MTree and Users count on DD
system reached
When you add a protection policy or create a storage unit in PowerProtect Data Manager, storage unit creation fails if you reach
the maximum MTree and Users count on the selected DD system. PowerProtect Data Manager enables you to finish adding
a protection policy without a storage unit. However, if you subsequently run a backup with this protection policy, the backup
process is suspended indefinitely with no error message.
To continue backup operations, you must perform a cleanup on the DD system.
Discrepancy between storage unit capacity reported in PowerProtect

Data Manager and DD Virtual Edition
Due to differences in space calculation (physical capacity vs. logical capacity), there is a discrepancy between storage unit
capacity reported in PowerProtect Data Manager and DD Virtual Edition. For example, the DD storage unit capacity displayed
in the Protection > Storage > Manage Storage window of the PowerProtect Data Manager UI might be greater than the
amount displayed in DDVE.
To determine storage unit capacity, use DDVE instead.
Troubleshooting installation and operation

You might encounter the following issues during installation or operation.
Agent registration
On Windows, if the agent fails to establish a connection with the PowerProtect Data Manager server, agent registration might
fail with the following error message:
During a network connectivity test, the agent is unable to reach the PowerProtect Data
Manager server by using ping.
1. If the ping command is blocked in the environment, the agent registration can
214 Microsoft SQL Server Best Practices and Troubleshooting

still complete successfully.
Review the agent service logs at INSTALL_DIR\DPSAPPS\AgentService\logs to verify that
the registration is successful. If the registration is successful, the status of the
agent host indicates Registered in the PowerProtect Data Manager UI.
2. If the ping command is not blocked in the environment, the agent registration
might not complete successfully because a network connection cannot be started. If this
occurs, complete the following steps to troubleshoot the issue:
On Linux or AIX, if the agent fails to establish a connection with the PowerProtect Data Manager server, agent registration
might fail with the following error message:
During a network connectivity test, the agent is unable to reach the PowerProtect Data
Manager server by using ping and curl.
1. If the ping command is blocked in the environment and curl is not installed, the
agent registration can still complete successfully.
Review the agent service logs at /opt/dpsapps/agentsvc/logs to verify that the
registration is successful. If the registration is successful, the status of the agent
host indicates Registered in the PowerProtect Data Manager UI.
2. If the ping command is not blocked in the environment, the agent registration
might not complete successfully because a network connection cannot be started. If this
occurs, complete the following steps to troubleshoot the issue:
If agent registration fails with these error messages, complete the following operation:
1. Use any network packet tracing tool to trace the packets from the agent system to PowerProtect Data Manager.
2. Start the packet tracing between the source IP of the agent system and the destination IP of PowerProtect Data Manager.
3. Start the network traffic between the agent system and PowerProtect Data Manager.
Wait 10 to 15 seconds.
4. Analyze the captured packets.
5. Look for SYN and SYN_ACK packets to see if a 3-way handshake is being performed.
Determine whether the source agent or the destination PowerProtect Data Manager is blocking the connection.
If network traffic is blocked, contact your network security team to resolve the port communication issue.
Agent host is registered with short name instead of FQDN

Application agent registration using the short name of the agent host is not supported after updating to PowerProtect Data
Manager 19.11 or later versions.
If the agent host was previously registered with the short name, and you attempt to reregister the host with the short name
after updating PowerProtect Data Manager to version 19.11 or a later version, registration fails with the following error:
Unable to register the agent host <hostName> because short name is not allowed for agent
registration.
To resolve the issue, do not remove the host. Configure the host with the Fully Qualified Domain Name (FQDN), and then retry
the registration.
If you try to register a new host with the short name after updating PowerProtect Data Manager to version 19.11 or a later
version, registration fails with the following error:
Unable to register the agent host <hostName> because short name is not allowed for agent
registration.
To resolve this issue, remove the application agent host in the PowerProtect Data Manager UI:
1. Go to Infrastructure > Application Agents.
2. Select the entry for the application agent host and click Remove.
After the removal, the host is in a "Deleted" state.
NOTE: The application agent host is automatically removed from the Application Agents window within 24 hours after
the deletion.
3. After the removal process is complete, configure the host with the Fully Qualified Domain Name (FQDN), and then retry the
registration.
Microsoft SQL Server Best Practices and Troubleshooting 215

PowerProtect agent service operations
To troubleshoot PowerProtect agent service operations, you can check the PowerProtect agent service log file OpAgentSvc-
<timestamp>.log, which is created in <agent_service_installation_location>\logs on Windows and
<agent_service_installation_location>/logs on AIX or Linux. To modify the log level and retention of temporary
files, you can modify specific parameter settings in the config.yml file.
To modify the log level and retention of temporary files, you can perform the following steps:
1. Stop the agent service.
2. Open the config.yml file in an editor.
3. Modify the log-level settings in the following parameters, as required:
● DEBUG
● INFO
● WARNING
● ERROR
● CRITICAL
NOTE: These parameters are listed in order of decreasing number of messages in the debug information output. The
default log-level is INFO.
4. To retain the temporary files, set the keepTempFiles parameter to True in the config.yml file.
NOTE: The agent service and application agent communicate through the temporary files, which are typically deleted
after use but can be useful for troubleshooting purposes. Do not leave the keepTempFiles parameter set to True
permanently, or the temporary files can use excessive space on the file system.
5. Start the agent service.
PowerProtect Data Manager UI display of localhost.localdomain hostname

In the PowerProtect Data Manager UI, the Application Agents, Asset Sources, and Protection Jobs windows might list the
asset primary hostname as localhost.localdomain instead of the expected FQDN.
The display of localhost.localdomain as the hostname in the PowerProtect Data Manager UI windows might occur when you
specify the host's actual FQDN setting for the loopback address in the /etc/hosts file. For example, when you add the
following settings in the /etc/hosts file, the first setting value, localhost.localdomain, appears as the hostname in the
PowerProtect Data Manager UI windows, instead of the actual FQDN:
127.0.0.1 localhost.localdomain localhost6 localhost6.localdomain6

127.0.0.1 blrv027d233.blr.lab.dell.com blrv027d233
Ensure that the host's actual FQDN is not specified for the loopback address and do not specify hostnames that start with
"local" in the /etc/hosts file.
PowerProtect agent service installation failures

A PowerProtect agent service installation might fail with the following error message:
Service 'PowerProtect Agent Service' (AgentService) could not be installed. Verify that
you have sufficient privileges to install system services.
Possible causes of the installation failure are as follows:

● The installation was attempted on a passive node of a Failover Cluster Instance (FCI).
● The installation was canceled and a rollback left some stale entries of PowerProtect agent services.
As a workaround, clean up the PowerProtect agent service entries, and retry the installation.
Failure of PowerProtect agent service to start on Windows

After the application agent is installed, the PowerProtect agent service might fail to start on the Windows operating system.

Check for the following timeout error messages in the event viewer logs:
A timeout was reached (30000 milliseconds) while waiting for the PowerProtect Agent
Service service to connect.
The PowerProtect Agent Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
If these error messages appear in the event viewer logs, apply the following workaround: https://support.microsoft.com/en-in/
help/922918/a-service-does-not-start-and-events-7000-and-7011-are-logged-in-window
Asset discovery failure causes databases to not appear in PowerProtect

Data Manager UI
Asset discovery by PowerProtect Data Manager might fail with the following error message, which causes the Microsoft SQL
Server databases to not appear in the PowerProtect Data Manager UI:
agent-id is missing in the Agentsvc logs
As a workaround, confirm whether the agent-id.yml file exists under the \DPSAPPS\AgentService\ directory and then
perform the appropriate action:
● If the agent-id.yml file does not exist under the \DPSAPPS\AgentService\ directory, run the Microsoft application
agent installation with the Change option and then run a discovery operation.
● If the agent-id.yml file exists under the \DPSAPPS\AgentService\ directory, run a manual discovery operation on
the Microsoft SQL Server hosts. Then if the databases still do not appear in the PowerProtect Data Manager UI:
1. Delete the existing agent-id.yml file.
2. Run the Microsoft application agent installation with the Change option.
3. Run a discovery operation on the Microsoft SQL Server hosts.
Asset discovery failure in an FCI environment

If reverse DNS lookup is not configured for the Microsoft SQL Server virtual server name used in a Failover Cluster Instance
(FCI), asset discovery can fail and leave the assets unprotected.
As a workaround, configure the reverse DNS lookups for the Microsoft SQL Server virtual server names used in all Failover
Cluster Instances.
Error during configuration of Microsoft SQL Server application-aware

protection
When you configure the support for Microsoft SQL Server application-aware protection, the configuration job might fail with the
following error message:
Unable to register PowerProtect Agent Service. SSL certificates are not present.
After this error message is displayed, restart the configuration job.
Deletion compliance for SLA validation job marked as "Failed" in

PowerProtect Data Manager UI
Due to a cancel request and create-new-copy deletion request occurring simultaneously, deletion compliance for an SLA
validation job is incorrectly shown as "Failed" in the UI, even though the copy deletion has succeeded. This issue can occur if
replication copies exist, but the corresponding backup copy has been deleted. In this case, the retention time of the replication
copies is greater than the retention time of the backup copy. Once the replication copies expire or are manually deleted, it
triggers the catalog deletion request, which marks the copy as "Deleted."

Deletion compliance for SLA validation job marked as "Failed" due to copy
deletion delay
When the deletion of backup copies is delayed, the deletion compliance for an SLA validation job might be shown as "Failed" in
the PowerProtect Data Manager UI. The following error message also appears:
One or more copies have exceeded their Retention Window.
This issue can occur when the deletion of specific backup copies is delayed due to a large number of backup copies being
deleted at the same time. As a result, when the compliance check job runs at a preset time, the specific backup copies are not
yet deleted. You can ignore the error message, and confirm at a later time that the specific backup copies have been deleted.
Issue with trailing spaces in Microsoft SQL Server database names

Due to a VSS limitation, you cannot use trailing spaces within the names of Microsoft SQL Server databases protected by an
application-consistent data protection policy.
Incorrect database size in PowerProtect Data Manager UI

If a file stream Microsoft SQL Server database is offline, the database size might be displayed incorrectly in the PowerProtect
Data Manager UI.
The incorrect database size is displayed when you go to Infrastructure > Assets in the PowerProtect Data Manager UI and
select the SQL tab.
If the database comes online later, the database size is displayed correctly after the next assets discovery operation.
Uninstallation issue in a UAC enabled environment

In a UAC enabled environment, an issue occurs when a domain user or local user that is added in the "Administrators" Active
Directory group performs a manual uninstallation of the VM Direct agent. The User Account Control window appears with the
following prompt about the XXXXXX.msi program:
Do you want to allow the following program to update software on this computer?
This prompt message can be ignored.
Exit of agent service register.bat with error code 2

When you try to add a host to an existing virtual machine application-aware protection policy, the agent service
register.bat script might exit with error code 2:
Unable to register PowerProtect Agent Service. Registration script returned with exit
code 2.
To resolve this issue, complete the following steps.

1. Edit the PowerProtect Data Manager protection policy, and remove the Microsoft SQL Server client.
2. On the Microsoft SQL Server client, uninstall the Microsoft application agent and VM Direct agent:
● To uninstall the Microsoft application agent, refer to the uninstallation topics in Enabling the Microsoft Application Agent
for Microsoft SQL Server.
● To uninstall the VM Direct agent, complete the following steps:
a. Select Control Panel > Programs > Programs and Features.
b. Right-click Dell VM Direct Agent in the list, and select Uninstall.
3. Rename the DPSAPPS and VM Direct installation directories. The VM Direct installation directory is C:\Program Files
(x86)\EMC\vProxy FLR Agent.

4. Complete the following Microsoft instructions to change the default control manager timeout limit to 120000 (about 2
minutes):
https://support.microsoft.com/en-in/help/922918/a-service-does-not-start-and-events-7000-and-7011-are-logged-in-
window
5. Reboot the Microsoft SQL Server client.
6. In the PowerProtect Data Manager UI, edit the protection policy, add the Microsoft SQL Server client to the policy, and wait
for the configuration job to finish.
7. Confirm that the PowerProtect agent service is running on the Microsoft SQL Server client. Check the PowerProtect agent
service status from the Services Manager.
VM Direct support issue with an AAG cluster in an IPv6 environment

In an IPv6 environment, registration with PowerProtect Data Manager might fail for a node in a clustered Always On availability
group (AAG) that is configured for VM Direct operations. The following error message might be displayed:
Unable to register PowerProtect Agent Service. Registration script returned with exit
code 13.
In an IPv6 environment with VMware Tools version pre-12.0.5, Microsoft SQL Server VM Direct operations are not supported
for an AAG cluster that is configured with file share witness in PowerProtect Data Manager.
As a workaround, upgrade the VMware Tools to version 12.0.5 or later and then register the clustered AAG node with
Multiple virtual networks (MVLANs) for Microsoft SQL Server application-

aware protection
PowerProtect Data Manager cannot automatically configure a virtual network connection between an agent in a virtual machine
and PowerProtect Data Manager when PowerProtect Data Manager is configured with multiple virtual network connections.
If you use multiple virtual networks, the virtual machine asset must have a connection to the default interface for PowerProtect
Data Manager. Manually configure the VLAN to provide access to the virtual machine before you add the virtual machine to the
protection policy.
Edit Retention button is disabled for asset copies

On the Infrastructure > Assets page > Asset <asset name> page, the Edit Retention button is disabled.
The Edit Retention button is enabled only when the copy status of the asset source is Available. In detail, if deleting a copy
of a protected asset fails, the Copy Status will be updated to another state from Available, and the Edit Retention button is
disabled.
Workarounds are:
● Edit the retention period of an asset copy if its status is Available.
● Do not try deleting an asset copy before its retention period.
Non-English asset names appear as question marks

On an English OS, when you add databases with non-English names as assets in PowerProtect Data Manager, the asset names
appear as question marks (??) in the PowerProtect Data Manager UI. The asset names appear in the Infrastructure > Assets
> SQL window.
As a workaround, ensure that the OS and the asset names that you create in Microsoft SQL Server are of the same language.

Troubleshooting an error about lockbox stable value threshold after
major system update
When a host first accesses a stand-alone or shared lockbox, certain System Stable Values (SSVs) are stored in the lockbox
for the host. The Microsoft application agent requires a specific number of the SSVs to be matched for the host for each
subsequent lockbox access.
When a major update of the host system causes multiple SSVs to change, the required number of SSVs might not match when
the host tries to access the lockbox during a backup or restore operation. In this case, the host's attempt to access the lockbox
might produce the following error:
The Lockbox stable value threshold was not met because the system fingerprint has
changed. To reset the system fingerprint, open the Lockbox using the passphrase.
If you encounter this error, you can complete the following operation to enable the lockbox access for the host:
● In a stand-alone system, re-create the lockbox for the host and perform the registration again.
● In a high-availability system with a shared lockbox:
1. Revoke the lockbox access of the host by running the msagentadmin administration -R command from another
host.
2. Grant the lockbox access to the host by running the msagentadmin administration -G command from another
host.
NOTE: To update the lockbox configuration on a host, run the msagentadmin administration -U command on that
host. This operation ensures that the lockbox is continuously accessible to the host.
The following msagentadmin administration commands perform the lockbox operations:
msagentadmin administration -G [-a LOCKBOX_PATH=<lockbox_dir_pathname>] [-a

LOCKBOX_REMOTE_HOST=<hostname_to_add>] [-a VIRTUAL_HOST={yes|no}] [-D 9]
msagentadmin administration -R [-a LOCKBOX_PATH=<lockbox_dir_pathname>] [-a

LOCKBOX_REMOTE_HOST=<hostname_to_delete>] [-D 9]
msagentadmin administration -U [-a LOCKBOX_PATH=<lockbox_dir_pathname>] [-D 9]
msagentadmin administration -U -a LOCKBOX_IMPORT=TRUE -a

LOCKBOX_PATH=<nondefault_lockbox_directory> [-D 9]
msagentadmin administration -U -a SET_LOCKBOX_PASSPHRASE=TRUE -a

LOCKBOX_PATH=<lockbox_dir_pathname> [-D 9]
You can optionally set and use a customized passphrase that enables you to reset the lockbox or regain access for a host when
the lockbox becomes inaccessible. This feature is useful when a nonshared lockbox becomes inaccessible on an occasional basis.
Set and use a customized passphrase for lockbox access provides details about setting a customized passphrase.
You can also use a lockbox security option to select either a default level or custom level for the lockbox security. The default
security level is recommended. The custom security level can enable easier access to the lockbox after a major OS update.
However, the custom level has potential security concerns, so the setting and use of a customized passphrase is recommended.
Reset the lockbox security level provides more details about setting the lockbox security level.
Set and use a customized passphrase for lockbox access

You can optionally set a customized passphrase that enables you to reset the lockbox or regain access for a host when the
lockbox becomes inaccessible. This feature is useful when a host frequently loses access to a nonshared lockbox due to reasons
such as OS updates. In this case, it is useful to set a customized passphrase when the lockbox is still accessible, so that when
any access issue occurs, the lockbox can be reset by the host.
A customized passphrase must meet the following passphrase requirements:
● Minimum of nine characters.
● Minimum of one uppercase letter.
● Minimum of one lowercase letter.
● Minimum of one special character, such as % or $.
● Minimum of one numeric character.

To set a customized passphrase for the lockbox, run the following command as the root user or administrative user and type the
passphrase at the prompts:
msagentadmin administration -U -a SET_LOCKBOX_PASSPHRASE=TRUE -a

LOCKBOX_PATH=<lockbox_directory_pathname>
Enter a passphrase (refer to the administration guide for passphrase complexity

requirements):
Confirm the passphrase:
The passphrase for the lockbox 'agents.clb' in the directory '/opt/lockbox' has been
updated.
NOTE: Treat the customized lockbox passphrase with care, and guard it against use by unauthorized persons. If a person
learns the passphrase and obtains a copy of the lockbox files, the person can access the lockbox.
After you set a customized passphrase, you can use the passphrase to reset the lockbox or regain access to the lockbox. For
example, if the lockbox becomes inaccessible, run the following command as the root user or administrative user and type the
customized passphrase at the prompt:
msagentadmin administration -U -a USE_LOCKBOX_PASSPHRASE=TRUE -a

Enter a previously set passphrase:

The lockbox 'agents.clb' in the directory '/opt/lockbox' has been reset.
Reset the lockbox security level

You can optionally select a default level or custom level for the lockbox security. The custom security level is not recommended
due to potential security concerns. However, the custom level might be useful when you do not want to set a customized
passphrase for lockbox inaccessibility issues. The custom security level reduces the frequency at which the lockbox becomes
inaccessible after major OS updates, but it does not guarantee that the inaccessibility will not recur.
Setting and using a customized passphrase ensures that the lockbox is always accessible, and does not have any security
implications.
To set the lockbox security level, run the following command as the root user or administrative user:
msagentadmin administration -U -a SET_LOCKBOX_SECURITY={"custom"|"default"} -a

For example, the following command sets the custom level of lockbox security:
msagentadmin administration -U -a SET_LOCKBOX_SECURITY="custom" -a LOCKBOX_PATH=/opt/

lockbox
The lockbox 'agents.clb' in the directory '/opt/lockbox' has been reset with the custom
security level.
Note that with a lower security level, the lockbox is more vulnerable to external
threats. If you are not sure whether you want a lower security, we recommend using
LOCKBOX_SECURITY="default" for regular usage.
Troubleshooting backups
You might encounter the following issues while performing backups.
Backups fail when credentials include a backslash character (\)

When you enter credentials that include a backslash character (\) for an application agent in the PowerProtect Data Manager
UI, the backups fail.

For example, when you enter a password for the operating system or database user that includes the backslash character,
subsequent backups fail with the following error message:
systemErr: Unable to log in.
This error might occur when updating the password for a storage unit.
To resolve this issue, type \\ (double backslash) instead of \ (single backslash) when you enter the credentials for an
application agent in the PowerProtect Data Manager user interface.
Application-aware backup failure after interactive session using service

account
A Microsoft SQL Server application-aware full or log backup might fail after an administrator uses a service account to complete
an interactive session on the Microsoft SQL Server virtual machine. The administrator uses the service account to log in to the
Microsoft SQL Server virtual machine, completes an interactive session, and then logs out. If the administrator then runs an
application-aware full or log backup, the backup might fail with the following message in the log file:
Illegal operation attempted on a registry key that has been marked for deletion.
COM: Intermittent error 800703fa: Illegal Operation attempted on a registry key
Other COM related errors.
As a workaround, complete the following steps:

1. Ensure that you do not log in to the Microsoft SQL Server virtual machine for an interactive session by using a service
account.
2. Disable the related Windows User Profile service:
a. Open the Group Policy Editor gpedit.msc on the affected server.
b. Open the UserProfiles folder by selecting Computer Configuration > Administrative Templates > System >
UserProfiles.
c. Change the Do not forcefully unload the user registry at user logoff setting to Enabled.
Application-aware backup failure after software update

After you perform an update of the Microsoft application agent to the latest version, a Microsoft SQL Server application-aware
backup might fail due to an issue with the software update.
After the software update completes, confirm that the Microsoft application agent was updated to the latest version. If the
software version was not updated as expected, you must manually uninstall the Microsoft application agent and then manually
install the latest version of the agent software.
Once the manual uninstall and install procedures are completed, you can rerun the Microsoft SQL Server application-aware
backup.
Application-aware log backup failure for AAG database on secondary

replica with Microsoft SQL Server 2016 or 2017
With Microsoft SQL Server 2016 or 2017, when you perform an application-aware log backup for an AAG database on a
secondary replica, the log backup might fail with the following error message:
Log backup for database "<database_name>" on a secondary replica failed because a

synchronization point could not be established on the primary database. Either locks
could not be acquired on the primary database or the database is not operating as part
of the availability replica. Check the database status in the SQL Server error log of
the server instance that is hosting the current primary replica. If the primary database
is participating in the availability group, retry the operation. (Error: 35294)
As a workaround:
1. Install the latest cumulative update on the Microsoft SQL Server 2016 or 2017 system:
● For Microsoft SQL Server 2016, install the cumulative update version 13.0.2216.0.

● For Microsoft SQL Server 2017, install the cumulative update version 14.0.3456.2.
2. Rerun the application-aware log backup for the AAG database on the secondary replica.
Application-aware backup failure in multiple VLAN environment

In a Microsoft SQL Server environment of multiple virtual networks (VLANs) where each application client has access to only
one network interface, an application-aware backup fails with the following error message:
PowerProtect agent for Microsoft Applications: Unable to update persisted settings for
PowerProtect Data Manager host '<IP_address>': Exception 'Timeout was reached' occurred
while sending Certificate Signing Request.
A Microsoft SQL Server application-aware backup is not supported in this type of multiple virtual network environment.
In a multiple virtual network environment, ensure that the Microsoft SQL Server application-aware host has network
connectivity to both the management network and data network. The "Virtual networks (VLANs)" section in the PowerProtect
Data Manager Administrator Guide provides more details.
Application-aware backup failure with persisted settings message

An application-aware virtual machine backup performed through a protection policy might fail with the following error message,
where xx.xx.xx.xx is the PowerProtect Data Manager IP address:
PowerProtect agent for Microsoft Applications: Unable to update persisted settings for
PowerProtect Data Manager host 'xx.xx.xx.xx': Unable to log in to PowerProtect Data
Manager host 'xx.xx.xx.xx'. Received the HTTP code 400 and response 'Invalid FQDN'.
As a workaround, when the Microsoft SQL Server host is a member of a workgroup but is assigned an IP address that is DNS
resolvable by PowerProtect Data Manager, if the DNS resolution is only available for FQDN, ensure that the Microsoft SQL
Server host adds the same domain suffix to the Advanced TCP/IP parameters DNS settings.
In the System Properties dialog box:
1. On the Computer Name tab, click Change and then click More.
2. In Primary DNS suffix of this computer field, specify the PowerProtect Data Manager resolvable FQDN of the Microsoft
SQL Server virtual machine domain name.
3. Click OK.
Rename the lockbox folder in C:\Program Files\DPSAPPS\common on the Microsoft SQL Server client, and retry the
virtual machine configuration job.
Application-aware backup failure with msagentcon message

An application-aware backup might fail in the PowerProtect Data Manager UI, with the following error message in the
msagentcon log file:
msagentcon PowerProtect Data Manager info Unable to retrieve lockbox password

:'Error encountered while retrieving information from the lockbox 'C:\Program
Files\DPSAPPS\common\lockbox\agents.clb' for the device host '10.125.196.91': The
Lockbox contains no entries. The drive that contains the lockbox might be full, causing
possible corruption of the lockbox. Try the operation again after you reconfigure the
lockbox.
To resolve this issue, free up disk space on the C:\ drive and reconfigure the policy for the Microsoft SQL Server asset so that
the lockbox is updated.
Application-aware backup failure with ABV0030 error

An application-aware virtual machine backup might fail with the following error message:

ABV0030: VM Direct engine … is unable to back up the virtual machine … on vCenter …
because the vCenter snapshot was unsuccessful.
To resolve this issue, confirm the following, and then retry the backup:
● The vCenter server is not busy
● There is enough free space on the datastore to perform the operation
● If this is a quiesced backup, the virtual machine is not busy
If this does not resolve the issue, perform a manual quiesced snapshot of the virtual machine and look in the datastore location
of the virtual machine for a VSS_manifest_zip file. If there is no file, contact VMware support. If there is a file, contact
Customer Support.
Memory or paging issues during Microsoft SQL Server backups

When the Microsoft application agent is integrated with the PowerProtect Data Manager, Microsoft SQL Server backups that
are initiated by a protection policy might fail with the following types of error messages:
ddbmsqlsv: BackupVirtualDeviceSet::SetBufferParms: Request large buffers failure

on backup device 'EMC#6f1e7adf-678f-4ceb-88fb-248211218add'. Operating system error
0x8007000e (Not enough storage is available to complete this operation.).
ddbmsqlsv SYSTEM critical Unable to allocate memory: Not enough space

ddbmsqlsv PowerProtect Data Manager critical BackupVirtualDeviceSet::SetBufferParms:
Request large buffers failure on backup device
'EMC#77002120-0a31-4f53-98b1-3311f997e8ac'. Operating system error 0x800705af (The
paging file is too small for this operation to complete.).
To prevent or resolve these backup issues, use any of the following procedures:
● Increase the RAM size on the Microsoft SQL Server host.
● Increase the virtual paging value (swap size) on the Microsoft SQL Server host by completing the following steps:
1. Select Control Panel > System and Security > System.
2. Select Advanced system settings to display the system properties of the Microsoft SQL Server host.
3. In the System Properties dialog box, select the Advanced tab.
4. Under Performance, select Settings.
5. In the Performance Options dialog box, select the Advanced tab.
6. Under Virtual memory, select Change.
7. In the Virtual Memory dialog box:
a.
Clear the default setting, Automatically manage paging file size for all drives.
b.
Select the drive for which you want to change the paging file size.
c.
Select Custom size.
d.
Set the Initial size to the same value as the Currently allocated size.
e.
Set the Maximum size required for the paging file, based on the recommended size for the Microsoft SQL Server
host system. To ensure system stability, Windows restricts the paging file size to three times the value of the installed
RAM.
● On the Infrastructure > Assets page in the PowerProtect Data Manager UI, reduce the stripe value for all databases.
Enable multi-stream backups for Microsoft SQL Server protection policy provides details about how to set the stripe value.
NOTE: If the stripe value is decreased to 1, full and differential backups can take longer to complete, depending on the
size of the database.
● If the backup schedule results in overlapping backups that run at the same time, such as concurrent FULL and LOG backups,
modify the backup schedule to prevent the overlapping backups.
● If possible, create multiple protection policies with fewer databases that have non-overlapping schedules.
NOTE: A Microsoft SQL Server database asset may be included in only one protection policy.

Missing duration value for centralized backup
A centralized Microsoft SQL Server backup succeeds, but the backup job duration at the asset level appears as 0 ms on the
Step Log tab and Details tab in the PowerProtect Data Manager UI.
The Step Log tab and Details tab appear in the Job ID Summary window, which you can access by selecting Jobs >
Protection Jobs and clicking the job ID next to the job name.
As a workaround, view the correct backup duration in the Duration column in the left pane that has a grid format.
TLOG backup issue with mirrored database configuration

When you use a mirrored database configuration with Microsoft SQL Server 2012 or later, a TLOG backup is promoted to a full
backup and the following type of error message appears:
Unable to determine the status of mirror partner backups for database DBA_TEST.
Promoting the backup level full database backup.
With Microsoft SQL Server 2012 or later, use of an Always On availability group (AAG) is recommended. A mirrored database
configuration is not supported with Microsoft SQL Server 2012 or later.
Self-service T-SQL backups with an I/O error message

When the Microsoft application agent is integrated with the PowerProtect Data Manager, a successful self-service Transact-
SQL (T-SQL) backup might display the following error message:
IO error: Permission denied
To prevent this error message during self-service T-SQL backups, ensure that the Microsoft SQL Server instance service runs
as the OS/Microsoft SQL Server user, instead of NT SERVICE\<instance_name>.
Expired imported backup copies are not deleted

PowerProtect Data Manager does not delete any Microsoft SQL Server backup copies that are imported but not associated
with a protection policy, even when the backup copies are expired.
When you try to delete such copies by using the ddbmexptool or msagentadmin tool, you receive the following error
message:
Write and delete operations are not supported on the storage unit
'<storage_unit_pathname>' because the storage unit is managed by the PowerProtect Data
Manager system.
To delete the expired backup copies, you can use the following procedures from the PowerProtect Data Manager UI or
Microsoft SQL Server host:
● From the PowerProtect Data Manager UI, select the expired backup copies and delete the backup copies by clicking the
Delete button.
● From the Microsoft SQL Server host, perform the following steps:
1. Open the <installation_path>\Settings\.app.settings file for editing. The file content is in XML format,
for example:
<?xml version="1.0" encoding="utf-8"?>

<?xml version="1.0" encoding="utf-8"?>
<settings>
<credentials>
<credential>
<ddHostName>10.31.140.153</ddHostName>
<devicePath>sql_rc-5b2bbffe443d-6451a</devicePath>
<ddUser>sql_rc-5b2bbffe443d-6451a</ddUser>
<type>PROTECTION</type>
<protocol>DDBOOST</protocol>

<encryptionOverWire>false</encryptionOverWire>
<retentionLock>false</retentionLock>
<retentionPeriod>86400</retentionPeriod>
<configName>sql_rc</configName>
<sources>
<name>INST1_SQL2012::dell1</name>
<name>INST1_SQL2012::dell2</name>
<name>MSSQLSERVER::dell_1</name>
<name>MSSQLSERVER::dell_2</name>
</sources>
</credential>
</credentials>
</settings>
2. In the <installation_path>\Settings\.app.settings file, locate the section between the <credential> and
</credential> tags that contains the <ddHostName>, <devicePath>, <ddUser>, and <type> tags for the DD or MTree
where the backup copies are generated and imported to PowerProtect Data Manager.
3. Delete that section in the <installation_path>\Settings\.app.settings file.
CAUTION: Delete only the tags <ddHostName>, </ddHostName>, <devicePath>, </devicePath>,
<ddUser>, </ddUser>, <type>, and </type> and the information between those tags. Do not delete any
other tags or information in the file, which contain the DD details that the PowerProtect Data Manager
generates.
Backup failure during FCI cluster failover

While the failover of a Microsoft SQL Server Failover Cluster Instances (FCI) cluster is in process, Microsoft SQL Server
backups that are initiated by a protection policy fail.
As a workaround, wait until the failover process is complete and then perform the Microsoft SQL Server backup.
Microsoft SQL Server databases skipped during virtual machine

transaction log backup
If a transaction log backup is not appropriate for a database, the database is automatically skipped. Databases are skipped for
the reasons outlined in the following table.
Table 19. Microsoft SQL Server skipped database cases and descriptions
Case Description
Database has been When a database has been restored, this database is skipped during a transaction log backup because
restored there is no backup promotion.
System database System databases are automatically skipped during a transaction log backup.
Database state The database is not in a state that allows a backup. For example, the database is in the NORECOVERY
state.
Recovery model The database is in the SIMPLE recovery model, which does not support a transaction log backup.
Other backup The most recent backup for the database was performed by a different backup product.
product
New database The database was created after the most recent full backup.
Backup failure The database was in a state that allows a backup, and a backup was tried, but the backup failed.
All skipped databases are backed up as part of the next full backup. Also, a skipped database does not result in a failure.
The only instance in which a transaction log backup job would potentially fail is if all Microsoft SQL Server instance databases
failed to be backed up or were skipped.

Microsoft SQL Server application-aware backup error about
disk.EnableUUID variable
A Microsoft SQL Server application-aware virtual machine backup succeeds but displays the following error when the
disk.EnableUUID variable for the virtual machine is set to TRUE:
VM '<asset_name>' configuration parameter 'disk.EnableUUID' cannot be evaluated. Map item
'disk.EnableUUID' not found. (1071)
To resolve this issue, set the disk.EnableUUID variable to TRUE and then reboot the virtual machine.
Troubleshooting restores
You might encounter the following issues while performing restores.
Troubleshooting restores of multiple databases from multiple policies

During a centralized restore of multiple databases from multiple policies, with the backup copies located on separate DD
systems, the Select Copy page displays the following message for one of the databases:
No copies are available for the listed assets. The restore operation will not include
these assets.
You also cannot perform the centralized restore of multiple databases from multiple policies when the backup copies are located
on separate storage units in the same DD system.
As a workaround, perform the centralized restore of each database separately.
Troubleshooting centralized Microsoft SQL Server Application Direct

restore operations
You can use the following information to troubleshoot issues with the centralized Microsoft SQL Server Application Direct
restore operations.
● Inspect the ADM logs in /var/log/brs/adm/adm.log in PowerProtect Data Manager.
● Inspect the Microsoft application agent logs in C:\Program Files\DPSAPPS\MSAPPAGENT\logs.
● Enable advanced debugging output for the PowerProtect agent service by setting the DEBUG parameter in the file
config.yml in the agent service installation directory.
● Enable advanced debugging output for the Microsoft application agent by setting the debug option in the PowerProtect
Data Manager restore wizard. The preceding topics about how to perform the centralized restores describe how you can set
the Troubleshooting option, which causes the application agent to generate the diagnostic logs.
Remove option fails to remove a new database name during centralized

restore to new database
During a centralized database restore to a new database, the Remove option does not remove the new database name that you
add for the restore in the PowerProtect Data Manager UI.
During the centralized restore, you select Restore to Alternate on the Location page. After you click Restore as new
database next to the required instance name and add a new database name, clicking Remove next to the new database name
does not remove the name. The Next button is disabled as expected on the Location page, but the new database name is still
listed in the UI.
As a workaround, collapse and expand the parent node of the new database name, which removes the database name.

Application Direct self-service restore jobs are missing in Asset Jobs
window
In the PowerProtect Data Manager UI, Application Direct self-service restore jobs are not displayed in the Jobs > Asset Jobs
window. The Application Direct self-service restore jobs are displayed in the Jobs > Protection Jobs window and in the
Restore Jobs Summary report in the Reports > Report Browser window.
Troubleshooting centralized Microsoft SQL Server Application Direct

restore of backup tiered to the cloud
During a centralized restore of a Microsoft SQL Server Application Direct backup that is tiered to the cloud, the full backup copy
is not browsable in the PowerProtect Data Manager UI. However, the backup copy is browsable in the SQL Server Management
Studio (SSMS) UI.
This issue applies to both Amazon Web Services (AWS) and Elastic Cloud Storage (ECS) tiered copies.
As a workaround, perform a manual recall of the cloud tiered backup copies in the PowerProtect Data Manager UI, and then
perform the centralized restore operation.
Centralized Microsoft SQL Server virtual machine restore failure after VM

Direct update
If registration fails during a VM Direct update, the silent installation completes (it is not rolled back) and an error message is
recorded in the installation log. A subsequent centralized restore might fail.
To resolve this issue, configure the Microsoft SQL Server host by using the Install Agent option in the PowerProtect Data
Manager UI, and then restart the centralized restore.
Centralized Microsoft SQL Server virtual machine restore failure to

Windows or CIFS shared path
A centralized restore of a Microsoft SQL Server virtual machine backup to a Windows or CIFS shared path fails with
To resolve this issue, perform a self-service restore to the Windows or CIFS shared path by using either the SQL Server
Management Studio (SSMS) UI or the restore command on the command line.
VM Direct SSMS restore failure with enabled UAC

A VM Direct self-service restore might fail with the following error message when you use the SQL Server Management Studio
(SSMS) plug-in to perform the restore as a domain or local user with enabled UAC and vmtools 11.x or later. This error message
appears for a database restore, table restore, or instant access restore operation when you do not launch the SSMS plug-in by
selecting Run as administrator:
Unable to initialize the generic information context: Cannot create shared memory
mapping, permission denied: ERROR_ACCESS_DENIED.
As a workaround, launch the SSMS plug-in by selecting Run as administrator and rerun the self-service restore operation.
VM Direct SSMS restore failure after PowerProtect Data Manager server

update
After an update of the PowerProtect Data Manager server, if no protection policy operations have run since the update, a VM
Direct restore of an old backup through the SQL Server Management Studio (SSMS) UI might fail. The restore failure produces
the following type of message in the error logs:

158905:msagentrc: A failure occurred trying to mount the backup images: (Failed to
login, please check your configuration and/or credentials).
102437:msagentrc: Recovery operation failed. Refer to log file(s) and Windows event
logs for details.
As a workaround, perform at least one successful protection policy operation after the update of the PowerProtect Data
Manager server. Then perform the VM Direct restore of an old backup through the SSMS UI.
Troubleshooting VM Direct centralized restore of replicated AAG log

backup
In an AAG replica configuration, when you perform a centralized restore of a replicated log backup for an AAG database to the
original file location, the restore might fail with the following error message:
ddbmsqlrc PowerProtect Data Manager critical The file '<file_name>' cannot be moved by
this RESTORE operation.
The centralized restore is configured in the PowerProtect Data Manager UI by selecting Restore > Assets and the SQL tab.
Proceeding through the restore wizard screens, the option Restore to Original is selected on the Location screen and the
option Original file location is selected on the Select File Location screen.
As a workaround, check whether the replica's file location is different on the two AAG nodes. For example, the file location
C:\data of Node1\Instance1 is different from the file location D:\data of Node2\Instance2. If the replica's file location is
different on the AAG nodes, then reconfigure the centralized restore by selecting one of the following options on the Select
File Location screen in the PowerProtect Data Manager UI restore wizard:
Troubleshooting VM Direct SSMS restore of replicated log backup

In a federated configuration, you can create replication backups on a secondary DD by replicating the VM Direct Microsoft SQL
Server full and transaction log backups located on a primary DD. When you try to restore the replicated backups by using the
SQL Server Management Studio (SSMS) UI, the SSMS UI displays only the replicated full backup, not the replicated transaction
log backup.
You cannot restore the replicated VM Direct transaction log backup on the secondary DD by using the SSMS UI.
As a workaround, you can perform a centralized restore of the replicated transaction log backup in the PowerProtect Data
Manager UI.
SSMS UI crash after switch from table restore to database restore tab
During a restore using the SQL Server Management Studio (SSMS) UI, the SSMS UI might crash after you perform the
following sequence of operations in the UI:
1. You select a database on the database restore tab.
2. You select a different storage unit on the table restore tab.
3. You switch quickly to the database restore tab to try to check a preloaded database.
The SSMS UI crashes when the switch from table restore tab to database restore tab occurs so quickly that the database list
has not yet been updated before you try to check the preloaded database. An Assertion Failed exception message window is
displayed.
As a workaround, clear the SSMS cache and retry the operation.

Troubleshooting centralized Microsoft SQL Server virtual machine
restore operations
You can use the information in the following topics to troubleshoot issues with the centralized Microsoft SQL Server virtual
machine restore operations.
Troubleshooting the PowerProtect agent service registration

With a virtual machine that is part of a protection policy, the failure of the PowerProtect agent service registration causes the
virtual machine asset configuration to also fail. Despite these failures:
● The protection policy backups continue to run.
● The virtual machine configuration job continues to run if the virtual machine asset configuration did not fail for other
reasons.
You can perform the following steps to troubleshoot these failures:
1. Review the job details for the virtual machine configuration in PowerProtect Data Manager.
2. Enable the Microsoft application agent debugging on the client. Run the following command on the command line, where
<n> is the debug level from 1 to 9. The default debug level is 0:
msagentcon --administration --debug=<n>
When you set the debug level to a value from 1 to 9, the Microsoft application agent generates the debug logs on the virtual
machine when the PowerProtect protection group runs. To deactivate the debug logs, set the debug level to 0.
3. After the next failed job, inspect the following logs:
● Microsoft application agent diagnostic logs in C:\Program
Files\DPSAPPS\MSAPPAGENT\bin\msagentcon.XXXXX.log
● Agent service log in agentsvc.log in the agent service home directory on the Microsoft SQL Server host
● ADM log from PowerProtect in C:\Program Files\DPSAPPS\AgentService\logs\OPAgentSVC.xxx.log
Troubleshooting the PowerProtect Data Manager restores

You can perform the following tasks to troubleshoot issues with the PowerProtect Data Manager restores:
● Inspect the ADM logs in /var/log/brs/adm/adm.log in PowerProtect Data Manager.
● Inspect the Microsoft application agent logs in C:\Program Files\DPSAPPS\MSAPPAGENT\logs.
● Enable advanced debugging output for the PowerProtect agent service by setting the DEBUG parameter in the file
config.yml in the agent service installation directory.
● Enable advanced debugging output for the Microsoft application agent by setting the debug option in the PowerProtect
Data Manager restore wizard. The preceding topics about how to perform the centralized restores describe how you can set
the Troubleshooting option, which causes the application agent to generate the diagnostic logs.

Glossary
This glossary provides definitions of acronyms used across the product documentation set.
A
AAG: Always On availability group
ACL: access control list
AD: Active Directory
AKS: Azure Kubernetes Service
API: application programming interface
ARM: Azure Resource Manager
AVS: Azure VMware Solution
AWS: Amazon Web Services
AZ: availability zone
B
BBB: block-based backup
C
CA: certificate authority
CBT: Changed Block Tracking
CDC: change data capture
CIFS: Common Internet File System
CLI: command-line interface
CLR: Common Language Runtime
CN: common name
CPU: central processing unit
CR: custom resource
CRD: custom resource definition
CSI: container storage interface
CSV: Cluster Shared Volume
D
DAG: database availability group
DBA: database administrator
Glossary 231
DBID: database identifier
DDMC: DD Management Center
DDOS: DD Operating System
DDVE: DD Virtual Edition
deploy
At Dell, virtual machines are deployed to virtual environments, while software components and hardware devices are
installed. Both PowerProtect Data Manager and DDVE are virtual machines that are deployed. If you are searching this
software guide for instances of install and not finding anything appropriate, search for deploy instead.
DFC: DD Boost over Fibre Channel
DNS: Domain Name System
DPC: Data Protection Central
DR: disaster recovery
DRS: Distributed Resource Scheduler
DSA: Dell security advisory
E
EBS: Elastic Block Store
EC2: Elastic Compute Cloud
eCDM: Enterprise Copy Data Management
ECS: Elastic Cloud Storage
EFI: Extensible Firmware Interface
EKS: Elastic Kubernetes Service
ENI: Elastic Network Interface
EULA: end-user license agreement
F
FC: Fibre Channel
FCD: first class disk
FCI: failover cluster instance
FETB: front-end protected capacity by terabyte
FLR: file-level restore
FQDN: fully qualified domain name
FTP: File Transfer Protocol
232 Glossary
G
GB: gigabyte
At Dell, this is 2 30 bytes.
Gb/s: gigabits per second

At Dell, this is 2 30 bits per second.
GCP: Google Cloud Platform
GCVE: Google Cloud Virtual Edition
GID: group identifier
GLR: granular-level restore
GUI: graphical user interface
GUID: globally unique identifier
H
HA: High Availability
HANA: high-performance analytic appliance
HTML: Hypertext Markup Language
HTTP: Hypertext Transfer Protocol
HTTPS: Hypertext Transfer Protocol Secure
I
IAM: identity and access management
IDE: Integrated Device Electronics
IP: Internet Protocol
IPv4: Internet Protocol version 4
IPv6: Internet Protocol version 6
K
KB: kilobyte
L
LAC: License Authorization Code
LAN: local area network
M
MB: megabyte
Glossary 233
ms: millisecond
MTU: maximum transmission unit
N
NAS: network-attached storage
NBD: network block device
NBDSSL: network block device over SSL
NDMP: Network Data Management Protocol
NFC: Network File Copy
NFS: Network File System
NIC: network interface card
NTFS: New Technology File System
NTP: Network Time Protocol
O
OS: operating system
OSS: open-source software
OVA: Open Virtualization Appliance
P
PCS: Protection Copy Set
PDF: Portable Document Format
PEM: Privacy-enhanced Electronic Mail
PIN: personal identification number
PIT: point in time
PKCS: Public Key Cryptography Standards
PSC: Platform Service Controller
PVC (cloud computing): private virtual cloud
PVC (Kubernetes): Persistent Volume Claim
R
RAC: Real Application Cluster
RAM: random-access memory
RBAC: role-based access control
234 Glossary
ReFS: Resilient File System
REST API: representational-state transfer API
RHEL: RedHat Enterprise Linux
RMAN: Recovery Manager
RPO: recovery-point objective
RSA: Rivest-Shamir-Adleman
S
S3: Simple Storage Services
SaaS: software as a service
SAP: System Analysis Program Development

From the SAP website (2022), "the name is an initialism of the company's original German name: Systemanalyse
Programmentwicklung, which translates to System Analysis Program Development. Today the company's legal corporate name
is SAP SE - SE stands for societas Europaea, a public company registered in accordance with the European Union corporate
law."
SCSI: Small Computer System Interface
SDDC: software-defined data center
SELinux: Security-Enhanced Linux
SFTP: Secure File Transfer Protocol
SLA: service-level agreement
SLES: SuSE Linux Enterprise Server
SLO: service-level objective
SPBM: Storage Policy Based Management
SQL: Structured Query Language
SRS: Secure Remote Services
SSD: solid-state drive
SSH: Secure Shell
SSL: Secure Sockets Layer
SSMS: SQL Server Management Studio
SSVs: System Stable Values
T
TB: terabyte
TCP: Transmission Control Protocol
TDE: Transparent Data Encryption
Glossary 235
TLS: Transport Layer Security
TPM: Trusted Platform Module
TSDM: Transparent Snapshots Data Mover
T-SQL: Transact-SQL
U
UAC: user account control
UDP: User Datagram Protocol
UI: user interface
UID: user identifier
update
At Dell, software is updated and hardware is upgraded. If you are searching this software guide for instances of upgrade
and not finding any, search for update instead.
UTC: Coordinated Universal Time

From Wikipedia (2022), "this abbreviation comes as a result of the International Telecommunication Union and the International
Astronomical Union wanting to use the same abbreviation in all languages. English speakers originally proposed CUT (for
'coordinated universal time'), while French speakers proposed TUC (for 'temps universel coordonné')."
V
VADP: VMware vStorage API for Data Protection
VBS: virtualization-based security
VCF: VMware Cloud Foundation
vCLS: vSphere Cluster Service
vCSA: vCenter Server Appliance
VCSA: vCenter Server Appliance
VDI: Virtual Device Interface
vDisk: virtual disk
vDS: virtual distributed switch
vFRC: Virtual Flash Read Cache
VGT: Virtual Guest Tagging
VIB: vSphere Installation Bundle
VLAN: virtual LAN
VM: virtual machine
VMC: VMware Cloud
VMDK: virtual machine disk
VNet: virtual network
236 Glossary
VPC: virtual private cloud
vRSLCM: vRealize Suite Lifecycle Manager
VST: Virtual Switch Tagging
vTPM: Virtual Trusted Platform Module
VVD: VMware Validated Design
vVol: virtual volume
W
WAN: wide area network
Glossary 237

Manual47350010 Powerprotect Data Manager 19 14 Microsoft SQL Server User Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Manual47350010 Powerprotect Data Manager 19 14 Microsoft SQL Server User Guide

Uploaded by

Copyright:

Available Formats

PowerProtect Data Manager 19.

Chapter 1: PowerProtect Data Manager for Microsoft Application Agent Overview...................... 15

Chapter 3: Managing Storage, Assets, and Protection................................................................. 47

Chapter 4: Performing Self-Service Application Direct Backups of Microsoft SQL Server

Chapter 5: Performing Self-Service Application Direct Restores of Microsoft SQL Server

Chapter 6: Performing Centralized Restores of Application Direct Backups............................... 148

Chapter 7: Performing Self-Service Restores of Virtual Machine Backups................................. 159

Chapter 8: Performing Centralized Restores of Virtual Machine Backups...................................194

Appendix A: Microsoft SQL Server Best Practices and Troubleshooting.................................... 214

1 Extended Properties page with backup stripe levels...................................................................................... 37

Table 1. Revision history

Table 2. Related documentation

Table 3. Style conventions

Where to get support

To review an open service request:

How to provide feedback

PowerProtect Data Manager overview

Introducing the Microsoft application agent

PowerProtect Data Manager for Microsoft Application Agent Overview 15

Configure VM Direct with IPv4 and IPv6

About this task

16 PowerProtect Data Manager for Microsoft Application Agent Overview

It is recommended to use stripes only for large databases.

Supported Internet Protocol versions

Table 4. Supported configurations

PowerProtect Data Manager for Microsoft Application Agent Overview 17

VM Direct, TSDM, and Search IPv4 only or IPv6 only

● Oracle RMAN IPv4, IPv6, or both

SupportAssist IPv4, IPv6, or both

The following limitations and considerations apply.

Communication with components

18 PowerProtect Data Manager for Microsoft Application Agent Overview

Network-attached storage and DD-system storage units

Search Engine indexing and adding IPv6 to an IPv4-only system

Storage Policy Based Management

PowerProtect Data Manager for Microsoft Application Agent Overview 19

Uncompressed IPv6 formatting

PowerProtect Data Manager new deployment

3. Deploy PowerProtect Data Manager from the download file.

20 PowerProtect Data Manager for Microsoft Application Agent Overview

PowerProtect Data Manager existing deployment

2. Deploy PowerProtect Data Manager from the download file.

PowerProtect Data Manager for Microsoft Application Agent Overview 21

22 PowerProtect Data Manager for Microsoft Application Agent Overview

Microsoft SQL Server data protection and replication

Enabling the Microsoft Application Agent for Microsoft SQL Server 23

● Operational log for centralized restore:

● Operational log for self-service backup:

● Operational log for self-service restore:

Example logs for VM Direct operations:

● Operational log for centralized TLOG backup:

● Operational log for centralized full restore:

● Operational log for centralized TLOG restore:

● Operational log for tail log backup:

● Operational log for self-service full restore:

● Operational log for self-service TLOG restore:

● Operational log for TSDM full backup:

24 Enabling the Microsoft Application Agent for Microsoft SQL Server

Debug logs are deleted after 30 days.

Protecting a stand-alone Microsoft SQL Server

Protecting Microsoft SQL Server clustered

About this task

Enabling the Microsoft Application Agent for Microsoft SQL Server 25