none
Is it possible to use DPM 2010 to backup client PCs that are not domain members securely over the Internet? RRS feed

  • Question

  • Hi,

    I have a number of remote computers that are not members of the corporate domain that we would like to backup using DPM 2010. The clients are remote computers and belong to a small client we have. Is it possible to provide these computers with backup and restore via the Internet with DPM 2010 and how could the communications be secured when the backups take place? I don't believe DirectAccess is a solution as the computers are not members of our domain and will not be joined to our domain or any other domain. We would consider our current DPM 2010 server to provide backup / resore to these computers if it can be sufficiently secured (we also have Forefron TMG) or consider provising a seperate DPM 2010 server for these clients.

    Any thoughts.

    Thanks,


    Microsoft Partner
    Tuesday, July 20, 2010 9:27 AM

Answers

  • I don't think so

    Internally you could encrypt all DPM traffic by IPSEC, but externally I doubt it.  Maybe you should find a specialist in Forefront for that but as said, I don't think so

    Cheers,

    Mike


    Visit System Center User Group Belgium @ http://scug.be and http://scug.be/blogs/scdpm
    Wednesday, July 21, 2010 11:02 AM
    Moderator
  • You can use any solutions that connects the DPM server and protected server over VPN which encrypts the data flowing through it, it should make DPM to treat the protected machine as just like any other machine in the network. Then its possible.
    Thanks, Praveen D [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, July 22, 2010 12:57 PM

All replies

  • Hey,

    Yes, this is possible, the same way you protect workgroup servers. 

    However, it will take a lot of configuration as the clients need to be able to resolve the DNS server and reach it.

    You will need to open quite some firewall ports and in many cases (think hotels or so) these ports won't be allowed

    In the end, you will have a lot of work configuring this but it is possible.

    Depending on the exact configuration, I would suggest placing a seperate DPM 2010 server, and maybe use your SCOM environment (if you have that) to monitor the DPM environment from them (through a gateway or so) in order to manage them.

    Just my 2 cents,

    Cheers,

    Mike


    Visit System Center User Group Belgium @ http://scug.be and http://scug.be/blogs/scdpm
    Tuesday, July 20, 2010 9:34 AM
    Moderator
  • So it isn't possible to encrypt the DPM traffic over SSL using Forefront TMG?
    Microsoft Partner
    Tuesday, July 20, 2010 4:12 PM
  • I don't think so

    Internally you could encrypt all DPM traffic by IPSEC, but externally I doubt it.  Maybe you should find a specialist in Forefront for that but as said, I don't think so

    Cheers,

    Mike


    Visit System Center User Group Belgium @ http://scug.be and http://scug.be/blogs/scdpm
    Wednesday, July 21, 2010 11:02 AM
    Moderator
  • You can use any solutions that connects the DPM server and protected server over VPN which encrypts the data flowing through it, it should make DPM to treat the protected machine as just like any other machine in the network. Then its possible.
    Thanks, Praveen D [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, July 22, 2010 12:57 PM