Back up and restore workloads in workgroups and untrusted domains

 

Updated: August 1, 2016

Applies To: System Center 2012 SP1 - Data Protection Manager, System Center 2012 - Data Protection Manager, System Center 2012 R2 Data Protection Manager

System Center 2012 – Data Protection Manager (DPM) can protect computers that are in untrusted domains or workgroups. You can authenticate these computers using a local user account (NTLM authentication), or using certificates. You set up protection as follows:

  1. Install a certificate—If you want to use certificate authentication install a certificate on the DPM server and on the computer you want to protect.

  2. Install the agent—Install the agent on the computer you want to protect.

  3. Recognize the DPM server—Configure the computer to recognize the DPM server for performing backups. To do this you’ll run the SetDPMServer command.

  4. Attach the computer—Lastly you’ll need to attach the protected computer to the DPM server.

Before you started check the supported protection scenarios in the table below. Then follow the instructions depending which type of authentication you want to use:

Support
FilesWorkgroup: Supported

Untrusted: Supported

NTLM and certificate authentication for single server. Certificate authentication only for cluster.
System StateWorkgroup: Supported

Untrusted: Supported

NTLM authentication only
SQL ServerWorkgroup: Supported

Untrusted: Supported

Mirroring not supported.

NTLM and certificate authentication for single server. Certificate authentication only for cluster.
Hyper-V serverWorkgroup: Supported

Untrusted: Supported

NTLM and certificate authentication
Hyper-V clusterWorkgroup: Supported

Untrusted: Supported

CSV is supported with certificate authentication.
Exchange ServerWorkgroup: Not applicable

Untrusted: Supported for single server only. Cluster not supported. CCR, SCR, DAG not supported. LCR supported.

NTLM authentication only
Secondary DPM server (For backup of primary DPM serverWorkgroup: Supported

Untrusted: Supported

Certificate authentication only
SharePointWorkgroup: Not supported

Untrusted: Not supported
Client computersWorkgroup: Not supported

Untrusted: Not supported
Bare metal recovery (BMR)Workgroup: Not supported

Untrusted: Not supported
End-user recoveryWorkgroup: Not supported

Untrusted: Not supported
SettingsComputer in workgroup or untrusted domain
Control dataProtocol: DCOM

Default port: 135

Authentication: NTLM/certificate
File transferProtocol: Winsock

Default port: 5718 and 5719

Authentication: NTLM/certificate
DPM account requirementsLocal account without admin rights on DPM server. Uses NTLM v2 communication
Certificate requirements
Agent installationAgent installed on protected computer
Perimeter networkPerimeter network protection not supported.
IPSECEnsure IPSEC doesn’t block communications.
Show: