my personal blog about systemcenter

Deploying Data Protection Manager in a dedicated domain

You are here: Home / Deploying Data Protection Manager in a dedicated domain
June 21, 2016
Categories: Active Directory, Data Protection Manager, Disaster Recovery, DPM, Hyper-V

Data Protection and the ability recover data is key to keeping your job and your company alive.

The demo setup thats is going to be used in this post are

  • PROTECTDC01 Domain Controller in the PROTECT Forest
  • PROTECTDC02 Domain Controller in the PROTECT Forest
  • PROTECTDDPM01 Data Protection Manager Server in the PROTECT Forest
  • FABRICDC01 Domain Controller in the FABRIC Forest
  • FABRICDC02 Domain Controller in the FABRIC Forest
  • FABRICHV01-04 Hyper-V HyperConverged Instal
  • FABRICHVC01 Hyper-V Cluster with member FABRICHV01-04
  • WORKLOAD01-05 Virtual Workload in the FABRIC Hyper-V Cluster

As this is a test enviroment everything are stuck on one box.

For the real world deployment the FABRIC and PROTECT domain must be seperated , the whole point in this post will be if you for some reason get compromised in your FABRIC domain , you will still have access to the PROTECT domain and maintain the ability to recover your data.

This also means that in a larger enviroment you can easier seperate the roles so one team wont have access to both source and target of backup data

We do in the example log in interative on the fabric domain , so if the host is compromised before agent install the protect domain is going down the same path , so there is still some work to be done but beats having everything in one domain.

image

On the PROTECT domain setup DNS forwarders to the FABRIC domain

image

And in Reverse to get name resolution up and running up between the two forests

image

Setting up the trust

image

Setting up the trust

image

for this test forest-wide is used , tighter security can be used with selective authentication

image

On the 4 Hyper-V Hosts we add the DPM account from the protect domain


image

We then add the DPM agent to all Hyper-V hosts and run the

SetDPMServer –dpmservername protectdpm01.protect.azurestack.coffee  , this connects the Hyper-V host to the remote DPM server

image

On the data protection manager , we use Attach Agents

image

And we add the 4 Hyper-V hosts manually

image

And we now have all 4 servers

image

use credentials in the fabric domain or the dpm account to attach the agent


image

Sucess

image

Create a protection group browse to the VM’s and add them

And we can now backup from a dedicated domain from the Fabric domain



Related Posts:

Recent Posts
Tag Cloud
2552 10102 16060 Active Directory ALWAYS Amazon Azure BloodHound Certficate Cloud Data Protection Manager 2012 dcpromo Demo DHCP;Failover Documentation Edge FAS FileStreamer Glacier Google HA Hardware HTTP HTTPS HyperV Install Integration LDAP Lumia Microsoft Defender MSATP Nokia ONTAP OpsLogix Passwords PowerShell Santa Security SP1 SQL SQL Server 2012 StorWize VMM VMM2012 Whitelist
Archives