my personal blog about systemcenter

Archive for January, 2011

 

repost from : scug.dk

One of the features if DPM 2010 is the ability to easily protect machines in untrusted domains or workgroup setups, for this to work we need RPC access to the server and TCP 5718 and 5719 open as well as name resolution or a dns record from the workgroup based machine so it can resolve the DPM server this walkthrough have local firewall enabled but no network filtering between the two hosts.

http://technet.microsoft.com/en-us/library/ff399341.aspx TechNet reference for DPM firewall posts

 

image

 

We need to start installing the Data Protection Manager Agent on the workgroup server

 

image

Agent install successful as always Smile

 

image

as there is no name resolution we need to add the dpm server to the workgroup server host file

 

image

as there is no dns set in the workgroup we need to add a dns suffix to the host as this is a requirement for DPM

 

image

after the agent install there are no firewall rules configured  setdpmserver will configure the firewall rules when run.

 

On the workgroup server we need to set the dpm server name with setdpmserver.

run setdpmserver from a elevated prompt in %programfiles%Microsoft dataprotecion managerdpmbin”

with setpdpmserver –dpmservername demodpm01.demo.local –isnondomainserver –username dmz01 –productionserverdnssuffix dmz.local

this command will enable the firewall rules and create the user needed to authenticate with the DPM server , make sure to use a unique username so that you know what server uses what username/password (if you forget the password there is a updatepassword switch on setdpmserver

image

image

the setdpmserver create a the local user and adds it to the local dpm groups

image

at this point and until further testing I always set the “password never expire” to ensure that a policy wont enforce a password expire and stopping communication with DPM

image

and you can verify that the setdpmserver created the firewall changes needed for dpm to work

image

note that the firewall changes open for all hosts not just the DPM server , so verify that it will comply with your security policy or narrow it down and test

image

on the dpm server we need to add the dmz machine to the host file.

image

in Data Protection Manager we need to attach the agent

image

enter server name and credentials created with setdpmserver

 

image

Success.

image

and we see our workgroup server a agent ready for backup

image

and on the dpm server the user created on the workgroup machine will be added as a trued machine allowing backup

 

image

and then we can select our workgroup machine as a member when creating or modifying a protection group.

This was a “small” intro to protection workgroup machines once its been done a few times it’s a very fast operation  , but it leaves room for improvement for V.next but we can backup workgroup machines with almost no hassle