none
Restrict Laptop Agent to certain Network Connections RRS feed

  • Question

  • Is it possible to restrict the laptop client to certain network connections?

    Most of the time our laptop clients are on the network via wired ethernet, mostly gigabit. So the transfers are quick and don't consume enough bandwidth for anyone to notice. However it's not uncommon for the laptops to be on our wireless network, or connected via VPN, and I would very much prefer if the Laptop Agent wasn't trying to push an elephant through a hula-hoop.

    Our VPN client software creates a "new" VPN NIC when it's active. The easiest way I can think to accomplish this is to restrict the Laptop Agent to the wired Ethernet NIC. Is this possible to do (without resorting to blocking the program at the firewall)?

    • Moved by Praveen D [MSFT] Monday, July 19, 2010 6:40 AM Moving to DPM Laptop Protection Forum (From:Data Protection Manager)
    Wednesday, June 23, 2010 1:36 PM

Answers

  • Christopher,

    I understand you don't want to address this any further unless it becomes a more serious issue for you, but wanted to point out one item. If you were able to create separate subnets for the wired and wireless networks then you could configure the wired network to be the backupnetwork with a sequence number of 1 and NOT configure the wireless network to be a backnetwork at all. In this case when the laptop is not on the wired network it will not use the wireless network, but instead DPM jobs will fail because DPM is only configured to utilize the wired net which is unavailable. As an example in the "Note" at the bottom of the referenced Technet article it discusses the need to add the primary network with a Sequence of 2 so it can be used as a failback network in case the backup network is down. If this step is not taken and the backup network goes down, the primary network won't be used by DPM.

    Hope this helps!

    Thanks,

    Marc 

    Tuesday, July 20, 2010 5:29 PM
    Moderator

All replies

  • probably you can use backup LAN to specify which network you want to use for DPM to transfer the data. Please find more details at: http://technet.microsoft.com/en-us/library/cc964298.aspx

    Thanks, Praveen D [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.
    Tuesday, June 29, 2010 7:29 AM
  • The wired and wireless networks are on the same IP subnet. Also, I can't dedicate all the wired Ethernet connections to be a backup network as described in the article.

    It would really have to be a configuration change to the client machine only, restricting traffic to the wired Ethernet port.

    Tuesday, June 29, 2010 3:34 PM
  • Hey Christopher,

    I'm afraid it is not possible what you want to do with DPM.  For that I advice to create specific profiles so that you block this traffic on another way.

    However, I really would advise you to try it out.  I'm running a DPM agent on my laptop and perform my backups all the time over VPN connections because I rarely get to the office.  This works like a charm and never gives me speed issues or performance issues.  It is true that it can take some time before the 'backup cycle' is completed but I never have issues with my connections or speed

    Just my 2 cents

    Cheers,

    Mike Resseler


    Visit System Center User Group Belgium @ http://scug.be and http://scug.be/blogs/scdpm
    Tuesday, July 20, 2010 9:21 AM
    Moderator
  • Mike,

    I've been using it on my work laptop for a month now. It's been working quite well; and I'm planning on rolling it out to our more technology-tollerant users soon.

    1. I've already solved the VPN issue with a more elegant solution than blocking the traffic. The problem was that RDP traffic would get noticable laggy when DPM was synchronizing. I've since added a QoS rule to prefer RDP traffic; problem solved.
    2. There are several wireless networks in our area, and wireless bandwidth comes at a bit of a premium. I would very much rather not 'clog' it with backup traffic if I can avoid it. I could (should) look at QoS for this one as well, but it wouldn't be as easy as the VPN connection.

    Tuesday, July 20, 2010 2:10 PM
  • Christopher,

    Just to be clear, when you create a backup network as suggested by Praveen (http://technet.microsoft.com/en-us/library/cc964298.aspx), you are not dedicating that network to only backup traffic. You are just making it the priority network for backups. Non backup traffic can and will use this network still per the normal IP routing tables. The only problem is that you have placed your wireless and wired networks on the same subnet. My recommendation is to change your subnetting to separate these two networks then configure DPM to prefer the wired network following the steps in the article above.

    Tuesday, July 20, 2010 3:11 PM
    Moderator
  • Marc,

    You are correct, I can not configure a 'Backup Network' because the wired and wireless are on the same IP subnet. Changing this would require an inordinate amount of work, and is simply not woth the time required. This still would not 'solve' the issue; as you said DPM would still synchronize over the wireless network when the wired network is not available. The computers are already configured to disable their wireless connection when connected via wire, it's not an issue of connecting on the 'wrong' NIC.

    If this ever becomes a more serious issue I'll look into separating the networks, implementing the backup network, and/or advanced throttling. For now, it's a non-issue (and considering I seem to be the only one, it'll probably never become a serious issue).

    Thank you!

    Tuesday, July 20, 2010 3:27 PM
  • Christopher,

    I understand you don't want to address this any further unless it becomes a more serious issue for you, but wanted to point out one item. If you were able to create separate subnets for the wired and wireless networks then you could configure the wired network to be the backupnetwork with a sequence number of 1 and NOT configure the wireless network to be a backnetwork at all. In this case when the laptop is not on the wired network it will not use the wireless network, but instead DPM jobs will fail because DPM is only configured to utilize the wired net which is unavailable. As an example in the "Note" at the bottom of the referenced Technet article it discusses the need to add the primary network with a Sequence of 2 so it can be used as a failback network in case the backup network is down. If this step is not taken and the backup network goes down, the primary network won't be used by DPM.

    Hope this helps!

    Thanks,

    Marc 

    Tuesday, July 20, 2010 5:29 PM
    Moderator