Encryption keys list one of two possible types on the Encryption Keys pane: Universal or Replication. The type indicates the likely origin of the encryption key, and determines whether you can change its details or passphrase. You can modify these attributes only if the type is Universal. If you need to modify these attributes for a key with Replicated type, you must change its type to Universal using this procedure. When you change the type of an encryption key to Universal, it is unlocked manually and can be used to encrypt other protected machines.
|
NOTE: You must know the passphrase to change the type from Replicated to Universal. |
Encryption keys also have two possible states: Locked or Unlocked. The state controls your ability to apply an encryption key to a protected machine, or to restore data from a recovery point with encryption. You can change the type of an encryption key manually only if the state is Unlocked.
When you first create an encryption key, its type is Universal, and its state is Unlocked. You can use such a key immediately (for example, to encrypt backups for a protected machine). However, a Universal key type cannot be locked manually. If you want to manually lock an encryption key with a type of Universal, you must change the type to Replicated using this procedure.
You cannot change an encryption key type if it is already in use encrypting recovery points for one or more protected machine.
Follow this procedure to change an encryption key type.
- Navigate to the Rapid Recovery Core Console.
- On the icon bar, click (More) and then select Encryption Keys.
The Encryption Keys page appears. Any encryption keys accessible to the Core appear in a summary table. Each lists a type of Universal or Replicated.
- Locate the encryption key you want to update.
- If you want to change a Universal encryption key to Replication, do the following:
- Click its drop-down menu , and select Change the type to Replicated.
The Change Encryption Key Type dialog box appears. You see a message confirming that you want to change the type to Replicated.
- In the dialog box, confirm that you want to change the type to Replication.
The dialog box closes, and the encryption key type updates to Replication.
- If you want to change a Replication encryption key to Universal, do the following:
- Click its drop-down menu , and select Change the type to Universal
The Change Encryption Key Type dialog box appears. You see a message confirming that you want to change the type to Universal.
- In the dialog box, in the Passphrase text box, enter the passphrase and then click OK to confirm that you want to change the type to Universal.
The dialog box closes, and the encryption key type updates to Universal.
This section describes the Credentials Vault feature of Rapid Recovery.
Topics include:
Credentials Vault is a usability feature of Rapid Recovery release 6.6 and later that manages account login credentials used within the Rapid Recovery Core Console. Use of this feature is optional.
When performing operations such as adding a machine or cluster to protection, setting up virtual export or replication, connecting to a repository, archiving or restoring archived recovery points, and so on, you are prompted to enter account credentials. For each user account, credentials include the user name, password, and a description field to identify the account. After you enter your credentials, if you choose to, you can add them to the Credentials Vault.
Thereafter, the next time you want to perform an operation in the Core Console that uses the same account, instead of manually entering your user name and password, you can select the account from a drop-down menu.
The Credentials Vault simplifies management of your passwords. For example, if your organization has a security policy mandating password changes at frequent intervals, one visit to the Credentials Vault page can let you easily update your password for each user account accessed from the Rapid Recovery Core Console.
The Credentials Vault is unobtrusive. Sections of the Core Console UI that are enabled for the Credentials Vault include a + sign next to the User name field when prompted for credentials.
As its name implies, the Credentials Vault includes security features. For example:
- Credential information in the vault is encrypted.
- Once entered and saved, passwords are not displayed. This reduces the chance of exposure of individuals' passwords when multiple users access the Core.
- By design, Cloud credentials are managed separately in the Core Console.
At any time, you can open the Credentials Vault page in the Core Console to view and manage accounts saved in the Credentials Vault. If no accounts have been entered yet, optionally, you can add them directly from this page.
- For information on adding accounts to the vault, see Adding accounts to the Credentials Vault.
- For more information on viewing and modifying account credentials held in the vault, see Viewing or changing accounts.
- For information on using account credentials saved in the vault, see Using credentials from the vault.
Command Line and PowerShell scripts exist to support this feature. For more information about the Credentials Vault, see the most recent edition of the Rapid Recovery Commands and Scripting Reference Guide.
You can add accounts to the Credentials Vault from the Credentials Vault page, or from practically any Rapid Recovery Core Console window or wizard in which account credentials are requested.
Follow this procedure to add accounts to the Credentials Vault.
- Do one of the following:
- If you are on the Credentials Vault page of the Core Console, click + Add New Account.
- If you are viewing a Credentials Vault-enabled wizard page, window, or dialog box in the Rapid Recovery Core Console, next to the User name field, click +.
The Add New Account dialog box opens.
If you already entered your account user name and password, those fields are populated. By default, the Description field populates with the current system date and time.
- In the User name field, if required, enter the user name for this account.
- In the Password field, i required, enter the password for this account.
- In the Description field, enter a meaningful text description of this account. Do not skip this step.
|
Caution: Replace the default text with a unique text string that clearly describes the account it represents. |
Quest strongly recommends adding well-planned descriptions for accounts held in the vault. Consider the following points:
- Some users will have two or more accounts saved to the Credentials Vault with the same user name. Particularly in these cases, it is the description field that lets you identify the correct account in the vault.
- For security purposes, passwords saved to the vault are never displayed.
- Since passwords are not displayed, you cannot rely on the combination of user name and password to later identify the purpose of the account.
- If you add the same credential to the vault, you can later merge them.
- When satisfied with your selections, click OK.
The Add New Account dialog box closes, and your account credentials information is saved securely to the vault.