The overall steps for how Encryption at Rest is enabled and used in QoreStor are described below.
- Enabling encryption.
Encryption is disabled by default on QoreStor. An administrator can enable encryption by using the GUI or CLI.
Encryption is set at the storage group level.
- Setting a passphrase and setting the mode.
When defining encryption for a storage group, a passphrase is set. This passphrase is used to encrypt the content encryption keys, which adds a second layer of security to the key management. At this time, the mode is also set. The default key management mode is “internal” mode, in which key rotation happens periodically as specified by the set key rotation period.
- Encryption process.
After encryption is enabled, the data in the storage group that gets backed up is encrypted and is kept encrypted until it is expired and cleaned by the system cleaner. Note that the encryption process is irreversible.
- Encryption of pre-existing data.
Any pre-existing data will also be encrypted using the currently set mode of key management. This encryption occurs as part of the system cleaner process. Encryption is scheduled as the last action item in the cleaner workflow. You must launch the cleaner manually using the maintenance command to reclaim space. It then encrypts all pre-existing unencrypted data. The cleaner can also be scheduled as per the existing pre-defined cleaner schedule.
|
|
NOTE: The cleaner can take some time to start the encryption process if the system is nearing full system capacity. Encryption starts only after the cleaner processes data slated for cleaning and the related logs. This ensures that space reclamation is prioritized when free space is low and also ensures that data stores are not redundantly encrypted. |
Refer to theQoreStor Command Line Interface Reference Guide for information about the CLI commands used for encryption.
Using the QoreStor CLI, you can configure email notifications that are sent when a QoreStor Alert occurs. The email alert service is disabled by default, and must be properly configured before the service can be enabled.
To begin using email alerts, perform the actions below :
- Configure the email alerts service using the command email_alerts --configure.
- To configure email alerts, you will need to have:
- The SMTP Relay FQDN or IP address
- The sender's name
- A list of email recipients' email addresses.
- [Optional] a list of email addresses to be CC'ed
- Optional] a list of email addresses to be BCC'ed
- Enable the email alerts service using the command email_alerts --enable.
|
|
NOTE: Refer to the QoreStor Command Line Reference Guide for more information on using the CLI. |
This topic introduces the Recycle Bin feature and related concepts and tasks. Refer to the subsequent topics and procedures in this section for more information.
Recycle Bin is a process whereby any data that is deleted from a compromised backup solution can be retrieved from an immutable Recycle Bin by a QoreStor administrator. Data in the Recycle Bin is not visible through client protocols such as NFS and CIFS. You can set a retention period of between 7 and 30 days after which the files are automatically removed permanently from QoreStor.
Recycle Bin is a property of a container in QoreStor. Recycle Bin can be enabled on a container when you create the container or any time later. Only files that are deleted after enabling Recycle Bin are retained in it.
Recycle Bin activation is permanent After you enable Recycle Bin for a container, it cannot be removed from the container configuration.
You cannot delete a container until the container and Recycle Bin associated with it are empty.
|
|
NOTE: When you delete a file, you cannot create a file with the same name and location until the deleted file is permanently removed from Recycle Bin.
NOTE: Enabling Recycle Bin does not allow Linux hardlinks to be used. |
Compatibility
Recycle Bin is supported with NFS, CIFS, RDA, and OST containers. For more information, see the Quest QoreStor Interoperability Guide.
