Quest has been named as an ASP "Ten Best Web Support Sites" award winner. Learn more.

Rapid Recovery 6.0.2 - User Guide

*** Legend Introduction to Dell Data Protection | Rapid Recovery Understanding the Rapid Recovery Core Console Working with repositories Managing Rapid Recovery Core settings Using custom groups Working with encryption keys Protecting machines using the Rapid Recovery Core Working with Microsoft Exchange and SQL Servers Protecting server clusters Exporting protected data to virtual machines Managing protected machines Understanding replication Managing events Generating and viewing reports Restoring data Understanding bare metal restore for Windows machines Retention and archiving Managing cloud accounts Working with Linux machines Understanding the Local Mount Utility Central Management Console Understanding the Rapid Recovery Command Line Management utility Understanding the Rapid Recovery PowerShell module
Prerequisites for using PowerShell Working with commands and cmdlets Rapid Recovery PowerShell module cmdlets Localization Qualifiers
Extending Rapid Recovery jobs using scripting Rapid Recovery APIs Glossary

Applying an encryption key from the Machines page

Once an encryption key has been added to a Rapid Recovery Core, it can be used for any number of protected machines.

If you select an encryption key during the initial protection of one or more machines, that key is automatically applied to any machines you protect using that wizard. In such cases, this procedure is not required.

Perform this procedure:

  • If you want to apply an existing, universal, unlocked encryption key to any protected machine in your Core.
  • If you just added a new encryption key using the process described in the topic Adding an encryption key and want to apply that key to a protected machine.
  • If encryption is already applied to a protected machine in your Core, but you want to change the key to a different universal, unlocked key available in your Core.
CAUTION:
After you apply an encryption key to a protected machine, Rapid Recovery takes a new base image for that machine upon the next scheduled or forced snapshot.
  1. Navigate to the Rapid Recovery Core and click Protected Machines.

    The Protected Machines page appears, listing all the machines protected by this Core. An open lock [Unlocked] appears for any machine that does not have an encryption key applied. A closed lock [Locked] indicates that a protected machine has encryption applied.

  2. In the Protected Machines pane, click the lock icon for the protected machine you want to configure.

    The Encryption Configuration dialog box appears.

  3. Do one of the following:
    • If you want to apply an existing encryption key to this machine, select Encrypt data using Core-based encryption with an existing key, and from the drop-down menu, select the appropriate key. Click OK to confirm.
    • If you want to change an existing encryption key to a different universal, unlocked key, select Encrypt data using Core-based encryption with a new key, and from the drop-down menu, select the appropriate key. Click OK to confirm.
    • If you want to create a new encryption key and apply it to this protected machine, select Encrypt data using Core-based encryption with a new key. Then enter the details for the key as described in the following table.
      Table 1. New encryption key details
      Text Box Description
      Name Enter a name for the encryption key.

      Encryption key names must contain between 1 and 64 alphanumeric characters. Do not use prohibited characters or prohibited phrases.

      Description Enter a comment for the encryption key. This information appears in the Description field when viewing encryption keys from the Configuration tab of the Rapid Recovery Core Console. Descriptions may contain up to 254 characters.

      Best practice is to avoid using prohibited characters and prohibited phrases.

      Passphrase Enter a passphrase used to control access.

      Best practice is to avoid using prohibited characters.

      Record the passphrase in a secure location. Dell Support cannot recover a passphrase. Once you create an encryption key and apply it to one or more protected machines, you cannot recover data if you lose the passphrase.

      Confirm Passphrase Re-enter the passphrase. It is used to confirm the passphrase entry.
  4. Click OK.

    The dialog box closes. The encryption key you specified has been applied to future backups for this protected machine, and the lock now appears as closed.

    Optionally, if you want the encryption key applied immediately, force a snapshot. For more information, see Forcing a snapshot.

    CAUTION:
    Rapid Recovery uses AES 256-bit encryption in the Cipher Block Chaining (CBC) mode with 256-bit keys. While using encryption is optional, Dell recommends that you establish an encryption key, and that you protect the passphrase you define. Store the passphrase in a secure location as it is critical for data recovery. Without a passphrase, data recovery is not possible.

Was this topic helpful?

[Select Rating]



Disassociating an encryption key from a protected machine

Once an encryption key is applied to a protected machine, all subsequent snapshot data stored in the Rapid Recovery Core is encrypted.

You can disassociate an encryption key from a protected machine. This action does not decrypt the existing backup data, but does result in a new base image for that machine at the time of the next scheduled or forced snapshot.

Note: If you want to remove an encryption key from the Core, as described in the topic Removing an encryption key, you must first disassociate that encryption key from all protected machines.

Perform this procedure to disassociate an encryption key from a specific protected machine.

  1. Navigate to the Rapid Recovery Core and click Protected Machines.

    The Machines tab appears, listing all the machines protected by this Core. An open lock [Unlocked] appears for any machine that does not have an encryption key applied. A closed lock [Locked] indicates that a protected machine has encryption applied.

  2. In the Protected Machines pane, click the [Locked] Encrypted icon for the protected machine you want to configure.

    The Encryption Configuration dialog box appears.

  3. Select Encrypt data using Core-based encryption with an existing Key, and from the drop-down menu, select (None) and then click OK.
  4. If you want to remove this encryption key from the Rapid Recovery Core, first repeat this procedure for all protected machines using this key. Then perform the procedure described in the topic Removing an encryption key.

Was this topic helpful?

[Select Rating]



Managing encryption keys

To manage encryption keys for the Rapid Recovery Core, from the icon bar, click [More] (More) and then select Encryption Keys. The Encryption Keys page appears. For each encryption key added to your Rapid Recovery Core (if any have been defined yet), you see the information described in the following table.

Table 1. Information about each encryption key
UI Element Description
Select Item For each encryption key, you can select the checkbox to perform actions from the list of menu options above the table.
Name The name associated with the encryption key.
Thumbprint This parameter is a 26-character alphabetic string of randomly generated English upper and lower case letters that helps uniquely identify each encryption key.
Type Type describes the origin point of an encryption key and its ability to be applied. An encryption key can contain one of two possible types:

Universal. Universal type is the default condition when you create an encryption key. A key with a type of Universal, combined with a state of Unlocked, indicates that the key can be applied to a protected machine. You cannot manually lock a universal key type; instead, you must first change its type as described in the procedure Changing encryption key types.

Replication. When a protected machine in a source Core has encryption enabled, and recovery points for that machine are replicated in a target Core, any encryption keys used in the source appear automatically in the target Core with a type of Replication. The default state after receiving a replicated key is locked. You can unlock an encryption key with a type of Replication by providing the passphrase. If a key has a type of Unlocked, you can manually lock it. For more information, see the topic Unlocking an encryption key.

State The state indicates whether an encryption key can be used. Two possible states include:
  • Unlocked. An Unlocked state indicates that the key can be used immediately. For example, you can encrypt snapshots for a protected machine, or perform data recovery from a replicated recovery point on the target Core.
  • Locked. A Locked state indicates that the key cannot be used until it is unlocked by providing the passphrase. Locked is the default state for a newly imported or replicated encryption key.

If the state of an encryption key is locked, it must be unlocked before it can be used.

If you previously unlocked a locked encryption key, and the duration to remain unlocked has expired, the state changes from unlocked to locked. After the key locks automatically, you must unlock the key again in order to use it. For more information, see the topic Unlocking an encryption key.

Description The description is an optional field that is recommended to provide useful information about the encryption key such as its intended use or a passphrase hint.

At the top level of the Encryption Keys pane, you can add an encryption key or import a key using a file exported from another Rapid Recovery Core. You can also delete keys selected in the summary table.

Once an encryption key exists for a Core, you can manage the existing keys by editing the name or description properties; changing the passphrase; unlocking a locked encryption key; or removing the key from the Rapid Recovery Core. You can also export a key to a file, which can be imported into another Rapid Recovery Core.

When you add an encryption key from the Encryption Keys page, the key appears in the list of encryption keys, but is not applied to a specific protected machine. For information on how to apply an encryption key you create from the Encryption Keys pane, or to delete a key entirely from the Rapid Recovery Core, see Applying or removing encryption from a protected machine.

From the Encryption Keys pane, you can manage security for the backup data saved to the Core for any protected machine in your repository by doing the following:


Was this topic helpful?

[Select Rating]



Adding an encryption key

Rapid Recovery uses AES 256-bit encryption in the Cipher Block Chaining (CBC) mode with 256-bit keys. While using encryption is optional, Dell recommends that you establish an encryption key, and that you protect the passphrase you define.

CAUTION:
Store the passphrase in a secure location. Without a passphrase, you cannot recover data from encrypted recovery points.

After an encryption key is defined, you can use it to safeguard your data. Encryption keys can be used by any number of protected machines.

This step describes how to add an encryption key from the Rapid Recovery Core Console. This process does not apply the key to any machines currently being protected on the Core. You can also add an encryption key during the process of protecting a machine. For more information on adding encryption as part of protecting one machine, see Protecting a machine. For more information on adding encryption to two or more machines while initially protecting them, see About protecting multiple machines.

Complete the steps in this procedure to add an encryption key.

  1. Navigate to the Rapid Recovery Core Console.
  2. On the icon bar, click [More] (More) and then select Encryption Keys.
    The Encryption Keys page appears.
  3. Click Add Encryption Key.

    The Create Encryption Key dialog box appears.

  4. In the Create Encryption Key dialog box, enter the details for the key as described in the following table.
    Table 1. Create encryption key details.
    Text Box Description
    Name Enter a name for the encryption key.

    Encryption key names must contain between 1 and 64 alphanumeric characters. Do not use prohibited characters or prohibited phrases.

    Description Enter a comment for the encryption key.

    This information appears in the Description field when viewing encryption keys from the Core Console. You can enter up to 254 characters.

    Best practice is to avoid using prohibited characters and prohibited phrases.

    Passphrase Enter a passphrase used to control access.

    Best practice is to avoid using prohibited characters.

    CAUTION:
    Record the passphrase in a secure location. Dell Support cannot recover a passphrase. Once you create an encryption key and apply it to one or more protected machines, you cannot recover data if you lose the passphrase.
    Confirm passphrase Re-enter the passphrase. It is used to confirm the passphrase entry.
  5. Click OK.

    The dialog box closes and the encryption key you created is visible on the Encryption Keys page.

  6. If you want to apply the encryption key to a protected machine, see Applying an encryption key from the Machines page.

Was this topic helpful?

[Select Rating]



Related Documents