none
Secondary DPM 2010 Server in other location RRS feed

  • Question

  • I'm considering implementing backup solution based on DPM 2010.
    In my company there are plenty of server, all running Microsoft Windows 2008 / 2008 R2.

    I was thinking about automatically backup data from all of this servers to another location, to make them mach more secure for disaster in company's network.
    I've found information that there is possibility to implement secondary DPM server wich will secure the primary one.

    My question is is it possible to secure DPM server with another one when they are in different networks? Is forwarding of some TCP ports on our companys' firewall will be enough?  

    Thank you for any clues
    Thursday, July 26, 2012 7:45 AM

Answers

  • LCIXL,

    The secondary DPM server is more than just a backup for the primary, it can also take the place of the primary should it go belly up.  With that in mind, the secondary needs to have complete access to the protected servers just like the primary.  In other words, the secondary DPM server should be able to protect the systems in the main network just like a primary DPM server does.  If Secondary DPM server cannot communicate with the protected servers, then you will not be able to enable secondary protection.

    To enable secondary protection, on the secondary DPM server install an agent on the primary dpm server, once that is succesful, under the protection tab, make a new PG and expand out resources on the primary DPM server and you should see a "protected servers" tree with the protected servers under it.  You can expand those and select data sources to secondarily protect.  This assumes the network is working proprly.  


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, July 27, 2012 9:35 PM
    Moderator

All replies

  • Hi,

    as long as both DPM servers can communicate and that your DNS configuration is correct then you shouldn't be in trouble with this configuration.

    It works well by experience.

    This solution is the securest one.

    Thursday, July 26, 2012 10:30 AM
  • Jeremy,

    Thank you for your reply.

    How the secondary DPM secures the first DPM? Should I install agent on the first DPM, to make it act like a client machine?

    Or maybe there is other way to connect two DPM together? Is there any way to restore data from client machines that are secured by DPM #1 using directly DPM #2?

    Or the secondary DPM only stores image of first DMP server?

    Thursday, July 26, 2012 1:26 PM
  • LCIXL,

    The secondary DPM server is more than just a backup for the primary, it can also take the place of the primary should it go belly up.  With that in mind, the secondary needs to have complete access to the protected servers just like the primary.  In other words, the secondary DPM server should be able to protect the systems in the main network just like a primary DPM server does.  If Secondary DPM server cannot communicate with the protected servers, then you will not be able to enable secondary protection.

    To enable secondary protection, on the secondary DPM server install an agent on the primary dpm server, once that is succesful, under the protection tab, make a new PG and expand out resources on the primary DPM server and you should see a "protected servers" tree with the protected servers under it.  You can expand those and select data sources to secondarily protect.  This assumes the network is working proprly.  


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, July 27, 2012 9:35 PM
    Moderator
  • Mike, thank you for your clear explanation.
    Saturday, July 28, 2012 3:36 PM
  • Mike,

    Thanks your description I understand how secondary DPM should be implemented, but... it doesn't secure my data in way that I desire.

    Let's consider a scenario when some huge disaster destroys datacenter where my servers are running (my servers, and primary DMP server too, because it runs in the same network). In this case even secondary DPM would be useless.

    I would like to prevent my company's data from such situation. I would like to implement secondary DPM server in completely different location to be sure that I can restore my data, and even configuration of all servers.

    I can ensure communication between primary and the secondary DMP server (I can forward ports on my firewalls), but forwarding ports to all of my servers is what I can not do.

    Is there any way to protect my environment by backing up data to other location?

    Sunday, July 29, 2012 6:34 PM
  • Hi,

    If you cannot open the required ports http://technet.microsoft.com/en-us/library/ff399341.aspx - then you will need to attach a tape library on the primary DPM server and configure long term backup to tape on the primary and rotate the tapes offsite.

    For DPM 2012, Using certificates (CBA) reduces the port requirements, but CBA is not supported between primary and secondary DPM Servers.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Monday, July 30, 2012 2:43 PM
    Moderator