Open topic with navigation

Configuring archiving security

Before you can use Double-Take Backup archiving, you must establish a specific security configuration. This is a six step process.

1. Confirm Double-Take Backup is installed on both the source and repository server.
2. Create a new service account. (A service account is a user account that is created explicitly to provide security context for a service.) Follow steps a through f to create a new service account.

1. From Active Directory Users and Computers, create a new user.
2. Enter a descriptive name for the first and last name and modify the full name as desired.
3. Specify a User logon name.
4. Specify and confirm a Password for the account.
5. Specify your password settings. The settings you select may be dependent on your company’s security policies. Keep in mind the following caveats for password settings for a service account.

• User must change password at next logon—The Double-Take Software recommendation is to disable this setting. The Double-Take Recall service will not be able to start if this option is enabled because the service will be waiting on the required logon change.
• User cannot change password—The Double-Take Software recommendation is to enable this setting. If this setting is enabled, you will not have to worry about updating the credentials in the Double-Take Recall service. If you cannot select this option because of company security policies and the password on the account is changed, the Double-Take Recall service will no longer have valid credentials. File recalls will not function until the Double-Take Recall service credentials are updated to the new password.
• Password never expires—The Double-Take Software recommendation is to enable this setting. If this setting is enabled, you will not have to worry about updating the credentials in the Double-Take Recall service. If you cannot select this option because of company security policies and the password on the account expires, the Double-Take Recall service will no longer have valid credentials. File recalls will not function until the account is reset and the Double-Take Recall service credentials are updated.
• Account is disabled—The Double-Take Software recommendation is to disable this setting. Because the word disable is part of the option name, the recommendation can be confusing. You want to enable the account, which means this option should not have a checkmark. If the option does have a checkmark, meaning the account would be disabled, file recalls will not function.

6. Finish the account creation wizard.

3. Add the new service account to the local Administrators group on the source and repository server.
4. Add the new service account to the local Double-Take Recall group on the source and repository server.
5. Modify the Double-Take Recall service on the source and repository server to use the new service account.

1. From the services applet (Administrative Tools, Services) right-click the Double-Take Recall service and select Properties.
2. On the Log On tab, select This account and specify the new user and the password.
3. On the General tab, select Startup type, and select Automatic.
4. Click OK to save the changes.

6. Start the Double-Take Recall service on the source and repository server. If the service is already running, you must stop and restart it so that it uses the user account and group modifications you just made.

Note

If you have an active Double-Take Backup job, you can validate your security configuration using the Replication Console. Open the Replication Console by selecting Start, Programs, Double-Take, Double-Take Replication Console. Double-click your source machine in the left pane of the Replication Console to log on to it. With the source highlighted in the left pane, locate in the right pane the Double-Take protection job in the Replication Set column. The name will be created from the source and repository server names and the keyword Protection or Data Protection. Right-click the protection job in the right pane of the Replication Console and select Connection Manager.   Select the Archive Options tab. Click Validate. The validation checks to see if the correct service is running and if it has an account in the correct security group. It also confirms if the repository server has shared the archive bin correctly and if network communications are functioning properly. Any success or failure messages will be included in the Double-Take Backup log file on the source.

Related Topics