Back up and restore workloads in workgroups and untrusted domains

 

Updated: August 1, 2016

Applies To: System Center 2012 SP1 - Data Protection Manager, System Center 2012 - Data Protection Manager, System Center 2012 R2 Data Protection Manager

System Center 2012 – Data Protection Manager (DPM) can protect computers that are in untrusted domains or workgroups. You can authenticate these computers using a local user account (NTLM authentication), or using certificates. You set up protection as follows:

  1. Install a certificate—If you want to use certificate authentication install a certificate on the DPM server and on the computer you want to protect.

  2. Install the agent—Install the agent on the computer you want to protect.

  3. Recognize the DPM server—Configure the computer to recognize the DPM server for performing backups. To do this you’ll run the SetDPMServer command.

  4. Attach the computer—Lastly you’ll need to attach the protected computer to the DPM server.

Before you started check the supported protection scenarios in the table below. Then follow the instructions depending which type of authentication you want to use:

Supported protection scenarios

Support
Files Workgroup: Supported

Untrusted: Supported

NTLM and certificate authentication for single server. Certificate authentication only for cluster.
System State Workgroup: Supported

Untrusted: Supported

NTLM authentication only
SQL Server Workgroup: Supported

Untrusted: Supported

Mirroring not supported.

NTLM and certificate authentication for single server. Certificate authentication only for cluster.
Hyper-V server Workgroup: Supported

Untrusted: Supported

NTLM and certificate authentication
Hyper-V cluster Workgroup: Supported

Untrusted: Supported

CSV is supported with certificate authentication.
Exchange Server Workgroup: Not applicable

Untrusted: Supported for single server only. Cluster not supported. CCR, SCR, DAG not supported. LCR supported.

NTLM authentication only
Secondary DPM server (For backup of primary DPM server Workgroup: Supported

Untrusted: Supported

Certificate authentication only
SharePoint Workgroup: Not supported

Untrusted: Not supported
Client computers Workgroup: Not supported

Untrusted: Not supported
Bare metal recovery (BMR) Workgroup: Not supported

Untrusted: Not supported
End-user recovery Workgroup: Not supported

Untrusted: Not supported

Network settings

Settings Computer in workgroup or untrusted domain
Control data Protocol: DCOM

Default port: 135

Authentication: NTLM/certificate
File transfer Protocol: Winsock

Default port: 5718 and 5719

Authentication: NTLM/certificate
DPM account requirements Local account without admin rights on DPM server. Uses NTLM v2 communication
Certificate requirements
Agent installation Agent installed on protected computer
Perimeter network Perimeter network protection not supported.
IPSEC Ensure IPSEC doesn’t block communications.