Search This Blog

Tuesday, February 21, 2012

Encrypt Data to Tape in DPM 2012


Today we are going to look into how to secure the data store into tape. To encrypt the data store in tape, you need to have a valid certificate. When configure tape select “Encrypt Data”


Below screenshot is the error message when you’re trying to backup data to tape. The job will fail because it did not detect certificate under DPMBackupStore Store under Certificate snap-in.


To resolve this issue, use any computer with IIS snap-in. Create a self signed certificate.

Below is the screenshot, on how to create a self signed certificate.


Provide a certificate name. Example: DPMCert


Once the self signed certificate has created, export the certificate and transfer to DPM 2012 Server.


In the DPM 2012 Server, open mmc snap-in and add Certificate snap-in. Import the certificate to DPMBackupStore Store. DPM will use these certificates to encrypt data. You can store multiple certificates there if you want DPM to create a key by using more than one certificate.


When your certificates expire, you must move them into the DPMRestoreStore folder in the Certificate Store. This ensures that you can recover the expired certificates from an encrypted tape by using a certificate that is no longer active.

After import the certificate, you can re-run the job to tape the tape and now you will be able to encrypt data to tape.