Posted by Kevin Lim on August 30, 2008
Reporting
The following is a screen shot of the Reporting Tab in the DPM Console. Out of the box, there are several good reports available.
When selecting View, you see the following. The entries in the Available Reports were previously scheduled.
Example of a report as follows:
Technorati Tags: DPM Reporting
Posted in Data Protection Manager | Leave a Comment »
Posted by Kevin Lim on August 30, 2008
Microsoft has published the steps on how to manually install DPM agent. The information can be found at:- http://technet.microsoft.com/en-us/library/bb870935.aspx
Technorati Tags: Manual DPM Agent Installation
Posted in Security | Tagged: Manual DPM Agent Installation | Leave a Comment »
Posted by Kevin Lim on August 29, 2008
In Part 1, I have talked about how to create Disk Layout and System Volumes on XP1 machine. Now, let’s we explore how we recover a failure machine…
On DPM System Recovery Center, right click on XP1 machine:
The following screen captures look at the ability to recover the system. It’s termed Rollback.
The DPM System Recovery Tool Rollback Wizard
Select which Recovery Point to be restored
The available recovery sets
Disk to be recovered
Warning message for bare metal recovery on XP1 machine:
Let’s we turn off the XP1 machine first. The next is to perform bare metal recovery for XP1 machine.
Below is the screen capture for SRT boot client (discussed in Part 1) that run on a Virtual Machine (Microsoft Virtual PC)
The system is waiting for connection to begin the recovery process …
Progress of the recovery is shown as below on DPM System Recovery Tool Console.
Below is the screen capture on XP1, the recovery is in progress…
Below is the recovery status
Below is the rollback report for XP1 machine
The system has fully recovered…
Posted in Data Protection Manager | Tagged: DPM Bare Metal Recovery SRT | Leave a Comment »
Posted by Kevin Lim on August 28, 2008
Remote Desktop (mstsc.exe) is a handy tool to support remote user. Most important, it comes free and shipped with standard MS Windows operating system like MS Windows XP, 2003, Vista, etc.
Below is the screen shot for enabling Remote Desktop via My Computer –> System Properties
What is the way to enable this setting across the domain?
There is no standard setting can be configured via Group Policy.
Below is the command to enable Remote Desktop via registry setting. You may deploy this command via a logon script.
”reg add “HKEY_LOCAL_MACHINE\SYSTEM\Curre ntControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 0 /f”.
For Ad Hoc, you can connect to the remote computer via Registry Editor and add fDenyTSConnections (REG_DWORD) to the HKEY_LOCAL_MACHINE\SYSTEM\Curre ntControlSet\Control\Terminal Server with value of 0.
Posted in Miscellaneous | Tagged: Registry Key for Enabling Remote Desktop | Leave a Comment »
Posted by Kevin Lim on August 27, 2008
The DPM System Recovery Tool (SRT) is software provided with DPM to facilitate bare metal recovery for the DPM 2007 server and the computers that DPM protects. Microsoft recommend that you install DPM SRT on a separate server from the DPM server. However, if you are protecting a small number of computers, (no more than four or five) you can install DPM 2007 and DPM SRT on the same server.
When you install DPM SRT, you must specify the location for the primary file store, which will contain the DPM SRT Recovery Points. We recommend that you place the primary file store on a disk separate from the disk on which the operating system and DPM SRT are installed. If that is not possible, you can place the primary file store on a separate volume on the same disk.
DPM SRT is not included on the DPM 2007 product DVD. It must be installed separately from the DPM System Recovery tool CD. For more information about installing DPM SRT, see the topics under the “Installation” node in the DPM System Recovery Tool Help (the .chm file) on the DPM SRT CD.
The following screen shots were taken to illustrate the testing which were done in a virtual environment. More info can be found at http://technet.microsoft.com/en-us/library/bb808871(TechNet.10).aspx.
The following screen shows through the SRT Console the systems it found via Active Directory.
A SRT schedule is running.
The following show the properties of the schedule.
The following shows the Disk Layout and System Volumes are protected.
Creation of an SRT boot CD with the wizard
For systems that require special or additional disk or RAID controller, the driver is added in this screen.
Any additional or non-standard network drivers can be added in this window.
Stay tune for DPM Bare Metal Recovery with System Recovery Tool – Part 2!
Posted in Data Protection Manager | Tagged: DPM Bare Metal Recovery SRT | Leave a Comment »
Posted by Kevin Lim on August 27, 2008
Recently, Microsoft has released the System Center Data Protection Manager 2007 Feature Pack (x86). Below is the information obtained from Microsoft site:
Feature Bullet Summary:
Issues Fixed:
Features Added:
Note: Backup of SQL 2008 (Katmai) is not supported until the released version is publicly available.
To download, please go to http://www.microsoft.com/downloads/details.aspx?FamilyID=e9e1fe35-b175-40a8-8378-2f306ccc9e28&displaylang=en
Posted in Data Protection Manager | Tagged: Data Protection Manager 2007 Feature Pack, DPM Feature Pack | Leave a Comment »
Posted by Kevin Lim on August 27, 2008
Potentially one of the most exciting areas is protecting virtualized workloads on MS Virtual Server. DPM is also capable to protect Hyper-V on Windows Server 2008 x64. To protect Windows Server 2008, please download and apply System Center Data Protection Manager 2007 Feature Pack (x86) from http://www.microsoft.com/downloads/details.aspx?FamilyID=e9e1fe35-b175-40a8-8378-2f306ccc9e28&displaylang=en
One can protect a server at the host level where each virtual image is seen as a file and also within the virtual image. Below is the Virtual Server instances that seen in DPM:-
Virtual Servers in the DPM Protected Group:-
Posted in Data Protection Manager | Tagged: DPM Protecting MS Virtual Server | Leave a Comment »
Posted by Kevin Lim on August 25, 2008
Often, people thoughts enable WPA-PSK on their wireless network is good enough. Is that true? WPA-PSK is as weak as WEP as well. There are many tools are widely available on the Internet for cracking WEP and WPA-PSK networks. Those tools are very easy to use. Recently, I have a customer plan to setup a wireless network in his company’s network. I have shared with the customer there are some security concerns on putting up wireless network. I also shared with him a WPA cracking tutorial that posted on the YouTube. If a wireless network is required, do plan and design it properly. Ensure all security countermeasure is in place to mitigate the security risks. Considering to disallow SSID broadcast and restrict access by MAC address. For maximum security, do use encryption protocol like IPSEC, TLS, VPN. Below is the WPA cracking tutorial:-
WPA Cracking Tutorial
Posted in Security | Tagged: WPA-PSK Security | Leave a Comment »
Posted by Kevin Lim on August 25, 2008
What TCP/IP port need to be opened on perimeter firewall or desktop firewall (i.e. Windows Firewall)?
Windows Firewall
Windows Firewall is included with Windows Server 2003 SP1. If you enable Windows Firewall on the DPM server before you install DPM, DPM Setup will properly configure the firewall for DPM. If you enable Windows Firewall on the DPM server after you install DPM, you must configure the firewall manually to permit communication between the DPM server and protected computers. Configure Windows Firewall on a DPM server by opening port 135 to TCP traffic and specifying the DPM service (Microsoft DPM/bin/MsDPM.exe) and the protection agent (Microsoft DPM/bin/Dpmra.exe) as exceptions to the Windows Firewall policy.
Perimeter Firewall
|
Protocol |
Port |
Details |
|
DCOM |
135/TCP |
The DPM control protocol uses DCOM. DPM issues commands to the protection agent by invoking DCOM calls on the agent. The protection agent responds by invoking DCOM calls on the DPM server. TCP port 135 is the DCE endpoint resolution point used by DCOM. By default, DCOM assigns ports dynamically from the TCP port range of 1024 through 65535. However, you can configure this range by using Component Services. For more information, see Using Distributed COM with Firewalls (http://go.microsoft.com/fwlink/?LinkId=46088). |
|
TCP |
5718/TCP |
The DPM data channel is based on TCP. Both DPM and the protected computer initiate connections to enable DPM operations such as synchronization and recovery. DPM communicates with the agent coordinator on port 5718 and with the protection agent on port 5719. |
|
DNS |
53/UDP |
Used between DPM and the domain controller, and between the protected computer and the domain controller, for host name resolution. |
|
Kerberos |
88/UDP 88/TCP |
Used between DPM and the domain controller, and between the protected computer and the domain controller, for authentication of the connection endpoint. |
|
LDAP |
389/TCP |
Used between DPM and the domain controller for queries. |
|
NetBIOS |
137/UDP |
Used between DPM and the protected computer, between DPM and the domain controller, and between the protected computer and the domain controller, for miscellaneous operations. Used for SMB directly hosted on TCP/IP for DPM functions. |
Posted in Data Protection Manager | Tagged: DPM Ports and Firewall | Leave a Comment »
Posted by Kevin Lim on August 25, 2008
Here is an excellent link to obtain System Requirements for DPM
Posted in Data Protection Manager | Tagged: DPM System Requirements | Leave a Comment »
