Today we are going to look into how to secure the data store into tape. To encrypt the data store in tape, you need to have a valid certificate. When configure tape select “Encrypt Data”
Below screenshot is the error message when you’re trying to backup data to tape. The job will fail because it did not detect certificate under DPMBackupStore Store under Certificate snap-in.
To resolve this issue, use any computer with IIS snap-in. Create a self signed certificate.
Below is the screenshot, on how to create a self signed certificate.
Provide a certificate name. Example: DPMCert
Once the self signed certificate has created, export the certificate and transfer to DPM 2012 Server.
In the DPM 2012 Server, open mmc snap-in and add Certificate snap-in. Import the certificate to DPMBackupStore Store. DPM will use these certificates to encrypt data. You can store multiple certificates there if you want DPM to create a key by using more than one certificate.
When your certificates expire, you must move them into the DPMRestoreStore folder in the Certificate Store. This ensures that you can recover the expired certificates from an encrypted tape by using a certificate that is no longer active.
After import the certificate, you can re-run the job to tape the tape and now you will be able to encrypt data to tape.
How do we ensure we can restore this data in an offsite disaster situation?
ReplyDeleteMake sure the certificate is transfer as well to destination DPM server
ReplyDeleteI don't want to have ISS on my DPM server. How can I use my Enterprise CA?
ReplyDeleteYou can issue a certificate based on the "Web Server" Template if you are using Windows CA.
ReplyDeleteStill not able to find clear instructions for creating tape encryption templates and certificates in Server 2012 for DPM 2012.
ReplyDelete- do we need the private key exported?
- what compatibility level do we need (2003, 2008, 2008R2 or 2012?)
- can we use anything other that Microsoft RSA?
- can we request the certificate directly from the backup store or do we have to request is from the Personal store and then do some fiddly import/export process?
- should we use the new (from 2008 I think) "Tape Backup" Application Policy?
Do we have to put the cert in both the Backup AND the Restore store to do a backup
Note that it is quite easy by trial and error to get a cert that will work for backup and restore on a single DPM server, but much harder to get one that will work on another DPM server in another domain (offsite DR situation).
Can anyone please help?
kate spade outlet
ReplyDeleteceline handbags
kate spade outlet
kate spade handbags
nike air max 90
montblanc pens
ralph lauren outlet
louis vuitton
hollister outlet
adidas shoes
nike running shoes for women
louis vuitton handbags
christian louboutin shoes
coach outlet store online
louis vuitton bags
rolex watches
coach outlet
instyler max
air huarache
louis vuitton outlet
coach outlet
louis vuitton outlet
toms outlet
michael kors outlet clearance
celine outlet
toms shoes
polo ralph lauren
michael kors
ralph lauren
nfl jerseys wholesale
coach outlet store online
longchamp le pliage
discount jordans
toms outlet
coach factory outlet
ray bans
ray ban sunglasses discount
michael kors handbags
louis vuitton outlet
longchamp handbags
20166.30linlinlin
michael kors handbags outlet
ReplyDeletemichael kors uk
cincinnati bengals jerseys
ralph lauren outlet
coach outlet
air jordan uk
oakley sunglasses
kate spade handbags
coach factory outlet
ray ban sunglasses