repost from : scug.dk
One of the features if DPM 2010 is the ability to easily protect machines in untrusted domains or workgroup setups, for this to work we need RPC access to the server and TCP 5718 and 5719 open as well as name resolution or a dns record from the workgroup based machine so it can resolve the DPM server this walkthrough have local firewall enabled but no network filtering between the two hosts.
http://technet.microsoft.com/en-us/library/ff399341.aspx TechNet reference for DPM firewall posts
We need to start installing the Data Protection Manager Agent on the workgroup server
Agent install successful as always
as there is no name resolution we need to add the dpm server to the workgroup server host file
as there is no dns set in the workgroup we need to add a dns suffix to the host as this is a requirement for DPM
after the agent install there are no firewall rules configured setdpmserver will configure the firewall rules when run.
On the workgroup server we need to set the dpm server name with setdpmserver.
run setdpmserver from a elevated prompt in %programfiles%Microsoft dataprotecion managerdpmbin”
with setpdpmserver –dpmservername demodpm01.demo.local –isnondomainserver –username dmz01 –productionserverdnssuffix dmz.local
this command will enable the firewall rules and create the user needed to authenticate with the DPM server , make sure to use a unique username so that you know what server uses what username/password (if you forget the password there is a updatepassword switch on setdpmserver
the setdpmserver create a the local user and adds it to the local dpm groups
at this point and until further testing I always set the “password never expire” to ensure that a policy wont enforce a password expire and stopping communication with DPM
and you can verify that the setdpmserver created the firewall changes needed for dpm to work
note that the firewall changes open for all hosts not just the DPM server , so verify that it will comply with your security policy or narrow it down and test
on the dpm server we need to add the dmz machine to the host file.
in Data Protection Manager we need to attach the agent
enter server name and credentials created with setdpmserver
and we see our workgroup server a agent ready for backup
and on the dpm server the user created on the workgroup machine will be added as a trued machine allowing backup
and then we can select our workgroup machine as a member when creating or modifying a protection group.
This was a “small” intro to protection workgroup machines once its been done a few times it’s a very fast operation , but it leaves room for improvement for V.next but we can backup workgroup machines with almost no hassle