Security Considerations for Protecting Computers in Workgroups or Untrusted Domains

  • Article

Applies To: System Center Data Protection Manager 2010

The following table lists the security considerations when protecting computers on a workgroup or on untrusted domains.

Security Settings On protected computer in untrusted domain

Connection type: Control data
  • Protocol: DCOM

  • Default Port: 135

  • Authentication: NTLM, using credentials specified after DPM agent installation

Connection type: File transfers
  • Protocol: WINSOCK

  • Default Port: 5718 for agent coordinator; 5719 for protection agent.

  • Authentication: NTLM, using credentials specified after DPM agent installation

DPM account requirements

Local account without administrative rights on the production server.

Use NTLM v2 for secure communication between DPM and protected computer.

Agent installation

Requires local installation of the DPM agent on the protected computer and running SetDpmServer. After installing the agent, use the Install Agent Wizard to attach the production server to DPM.

Restrictions
  • SharePoint and disconnected client protection is not supported in DPM 2010.

  • DPM disaster recovery is not supported in DPM 2010.

  • Clustering/mirroring for Files/SQL Server/Exchange Server is not supported in DPM 2010.

  • Protection of perimeter network (DMZ) machines is not supported in DPM 2010.

Important

Make sure IPSEC does not block communication between DPM server and workgroup machines.