.png)
Certificate-Based Authentication for Computers in Untrusted Domains
Updated: January 15, 2013
Applies To: System Center 2012 - Data Protection Manager, System Center 2012 SP1 - Data Protection Manager
System Center Data Protection Manager 2010 supports protection of computers in workgroups and untrusted domains using local accounts and NTLM. However, in scenarios where an organization does not allow creation of local accounts, this solution does not work.
System Center 2012 – Data Protection Manager (DPM) allows you to use certificates to authenticate computers in workgroups or untrusted domains.
Currently, DPM supports the following data sources for certificate-based authentication when they are not in trusted domains:
-
File server
-
Hyper-V
DPM also supports these data sources in clustered deployments.
The following data sources are not supported:
-
DPM
-
SQL Server
-
Exchange Server
-
Client computers
-
SharePoint Server
-
Bare Metal Recovery
-
System State
DPM supports protecting DPM servers that are in untrusted domains if the primary and secondary DPM servers are in domains that trust each other or if they are in the same domain.
 Note |
|---|
| DPM also supports using certificate-based authentication for computers in trusted domains. |
Prerequisites
-
Microsoft .NET Framework 3.5 Service Pack 1 (SP1) on the protected computer
-
Each machine (virtual machines included) must have their own certificate.
Certification Requirements
-
X.509 V3 certificates
-
Enhance Key Usage should have client authentication and server authentication.
-
Key length should be at least 1024 bits.
-
Key type should be Client/Server Authentication.
-
DPM does not support self-signed certificates.
In This Section
-----
For additional resources, see Information and Support for System Center 2012.
Tip: Use this query to find online documentation in the TechNet Library for System Center 2012. For instructions and examples, see Search the System Center 2012 Documentation Library.
-----
