fredag 23 september 2011

Backing up cross domains

Using DPM in your environment you’re able to backup other DPM servers cross different domain and forests. This could be used for example in the scenario that a company A made an acquisition of another company B. Company A will be responsible for managing the disaster recovery scenario for company B’s data using Data Protection Manager.

Using DPM to backup other servers or DPM servers across domain and forests boarders there are some prerequisites that must be fulfilled:

  • You must have network access between the domain or forests servers. Use ping to verify

  • You must define conditional forwarders for the domains so your DNS will be aware of the other domain’s DNS information

  • You must have a two-way trust relationship. For domain two-way trust minimum requirements are 2003 domain. For forest trust you must have Windows Server 2008 Forest mode.

  • An account in both domains that are domain admin used for domain trusts or enterprise admin used for forests trusts.

First you must verify your network access. Ping the other network to verify that you have connectivity between the sites.
Second you need to setup a conditional forwarder. I will demonstrate this in 2008R2.
Go to your domain controller in your domain. Open your DNS MMC. Right click on the Conditional Forwarder and choose New Conditional Forwarder.

You will now be prompted with the New Conditional Forwarder window.

In the field DNS Domain you type in the domain name of the domain you want to have DNS information about. Now you must enter the IP addresses of the DNS servers in that domain, you will enter those in the IP addresses of the master servers. Enter the IP addresses and your DNS server will try to resolve it, this could take some time. At the bottom you’ll have the option to Store this conditional forwarder in Active Directory… check this and choose to replicate to all DNS servers in the forests. Now you’re done, click on OK. Now you must do the same operation in the other domains DNS servers and typing in your domain name and DNS servers IP addresses. After this you will be able to ping the resources in the other domain using FQDN.
Now we will make the trust between the domains. You’ll need an account that is a member of the domain administrator group in the domain you want to create a trust with.
Open Active Directory Domains and Trusts. Right click your domain name and choose properties.

Click on the Trust tab.

Click in the New Trust… button in the bottom. The New Trust Wizard will appear. Click Next.

Now you need to enter the Trust Name. Type in the DNS name of the domain you want to make a trust with. For example

Next you will decide what kind of trust type you will use, in this example you will use an Forest Trust.

Now choose the Direction of Trust. DPM must have a Two-way trust.

Next you will choose the Sides of Trust. Choose the option Both this domain and the specified domain. This option will create a trust in your domain and the domain your will trust.

You’ll be prompted for credentials of an domain admin account in the domain you’ll trust.

Now define the Outgoing Trust Authentication Level-Local Forest option. Choose Forest-wide authentication. Click Next.

You’ll now define the Outgoing Trust Authentication Level-Specified Forest option. Choose Forest-wide authentication. Click Next.

The Trust Selection Complete windows will now show. Click Next to create the Trust relationship.

A summary window appear regarding the status of the creation of the trust.

You’ll now have the option to Confirm Outgoing Trust. Do this.

Also Confirm incoming Trust.

Now the trust is done and your able to protect workloads in the other domain.

In the DPM console you attach the servers with their FQDN and your able to protect them

Inga kommentarer:

Skicka en kommentar