Back up and restore workloads in workgroups and untrusted domains
Updated: August 1, 2016
Applies To: System Center 2012 SP1 - Data Protection Manager, System Center 2012 - Data Protection Manager, System Center 2012 R2 Data Protection Manager
System Center 2012 – Data Protection Manager (DPM) can protect computers that are in untrusted domains or workgroups. You can authenticate these computers using a local user account (NTLM authentication), or using certificates. You set up protection as follows:
Install a certificate—If you want to use certificate authentication install a certificate on the DPM server and on the computer you want to protect.
Install the agent—Install the agent on the computer you want to protect.
Recognize the DPM server—Configure the computer to recognize the DPM server for performing backups. To do this you’ll run the SetDPMServer command.
Attach the computer—Lastly you’ll need to attach the protected computer to the DPM server.
Before you started check the supported protection scenarios in the table below. Then follow the instructions depending which type of authentication you want to use:
Supported protection scenarios
| Support | |
|---|---|
| Files | Workgroup: Supported Untrusted: Supported NTLM and certificate authentication for single server. Certificate authentication only for cluster. |
| System State | Workgroup: Supported Untrusted: Supported NTLM authentication only |
| SQL Server | Workgroup: Supported Untrusted: Supported Mirroring not supported. NTLM and certificate authentication for single server. Certificate authentication only for cluster. |
| Hyper-V server | Workgroup: Supported Untrusted: Supported NTLM and certificate authentication |
| Hyper-V cluster | Workgroup: Supported Untrusted: Supported CSV is supported with certificate authentication. |
| Exchange Server | Workgroup: Not applicable Untrusted: Supported for single server only. Cluster not supported. CCR, SCR, DAG not supported. LCR supported. NTLM authentication only |
| Secondary DPM server (For backup of primary DPM server | Workgroup: Supported Untrusted: Supported Certificate authentication only |
| SharePoint | Workgroup: Not supported Untrusted: Not supported |
| Client computers | Workgroup: Not supported Untrusted: Not supported |
| Bare metal recovery (BMR) | Workgroup: Not supported Untrusted: Not supported |
| End-user recovery | Workgroup: Not supported Untrusted: Not supported |
Network settings
| Settings | Computer in workgroup or untrusted domain |
|---|---|
| Control data | Protocol: DCOM Default port: 135 Authentication: NTLM/certificate |
| File transfer | Protocol: Winsock Default port: 5718 and 5719 Authentication: NTLM/certificate |
| DPM account requirements | Local account without admin rights on DPM server. Uses NTLM v2 communication |
| Certificate requirements | |
| Agent installation | Agent installed on protected computer |
| Perimeter network | Perimeter network protection not supported. |
| IPSEC | Ensure IPSEC doesn’t block communications. |