Chat now with support
Chat with Support

Rapid Recovery 6.1.2 - User Guide

Introduction to Rapid Recovery Core Console Core settings Repositories Encryption keys Protecting machines
About protecting machines with Rapid Recovery Support for dynamic and basic volumes Understanding the Rapid Recovery Agent software installer Deploying Agent to multiple machines simultaneously from the Core Console Using the Deploy Agent Software Wizard to deploy to one or more machines Modifying deploy settings Understanding protection schedules Protecting a machine About protecting multiple machines Settings and functions for protected Exchange servers Settings and functions for protected SQL servers
Managing protected machines Snapshots and recovery points Replication Events Reporting VM export Restoring data Bare metal restore
Bare metal restore for Windows machines Understanding boot CD creation for Windows machines Using the Universal Recovery Console for a BMR Performing a bare metal restore for Linux machines Viewing the recovery progress Starting a restored target server Troubleshooting connections to the Universal Recovery Console Repairing boot problems Performing a file system check on the restored volume
Managing aging data Archiving Cloud storage accounts The Local Mount Utility The Central Management Console Core Console references Command Line Management utility PowerShell module
Prerequisites for using PowerShell Working with commands and cmdlets Rapid Recovery PowerShell module cmdlets Localization Qualifiers
Scripting REST APIs About us Glossary

Unlocking an encryption key

Encryption keys may contain a state of unlocked or locked. An unlocked encryption key can be applied to a protected machine to secure the backup data saved for that machine in the repository. From a Rapid Recovery Core using an unlocked encryption key, you can also recover data from a recovery point.

When you import an encryption key into a Rapid Recovery Core, its default state is Locked. This is true regardless of whether you explicitly imported the key, or whether the encryption key was added to the Rapid Recovery Core either by replicating encrypted protected machines or by importing an archive of encrypted recovery points.

For encryption keys added to the Rapid Recovery Core by replication only, when you unlock a key, you can specify a duration of time (in hours, days, or months) for the encryption key to remain unlocked. Each day is based on a 24-hour period, starting from the time the unlock request is saved to the Rapid Recovery Core. For example, if the key is unlocked at 11:24 AM on Tuesday and the duration selected is 2 days, the key automatically re-locks at 11:24 AM that Thursday.

You can also lock an unlocked encryption key, ensuring that it cannot be applied to any protected machine until it is unlocked. To lock an encryption key with a state of Universal, you must first change its type to Replicated.

If an unlocked encryption key is currently being used to protect a machine in the Core, you must first disassociate that encryption key from the protected machine before you can lock it.

Complete the steps in this procedure to unlock a locked encryption key.

1.
Navigate to the Rapid Recovery Core.
The Encryption Keys page appears. The State column indicates which encryption keys are locked.

The Unlock Encryption Key dialog box appears.

Select the Until option.

Locking an encryption key

When an encryption key state is locked, it cannot be applied to any protected machine until it is unlocked. To lock an encryption key with a type of Universal, you must first change its type to Replicated.

Complete the steps in this procedure to lock an encryption key.

1.
Navigate to the Rapid Recovery Core.
The Encryption Keys page appears. The State column indicates which encryption keys are unlocked, and shows the type for each key.
The Change Encryption Key Type dialog box appears.

The Lock Encryption Key dialog box appears.

The dialog box closes, and the state of the selected encryption key is now locked.

Editing an encryption key

After an encryption key is defined, you can edit the name of the encryption key or the description of the key. These properties are visible when you view the list of encryption keys in the Encryption Keys pane.

Complete the steps in this procedure to edit the name or description of an existing unlocked encryption key.

CAUTION: After you edit the name or description an encryption key that is used to protect one or more machines, Rapid Recovery takes a new base image. That base image snapshot occurs for that machine upon the next scheduled or forced snapshot.
1.
Navigate to the Rapid Recovery Core.
The Encryption Keys page appears.

The Edit Encryption Key dialog box appears.

The dialog box closes, and the changes for the selected encryption key are visible on the Encryption Keys page.

Changing an encryption key passphrase

To maintain maximum security, you can change the passphrase for any existing encryption key. Complete the steps in this procedure to change the passphrase for an encryption key.

CAUTION: After you edit the passphrase for an encryption key that is used to protect one or more machines, Rapid Recovery Core captures an incremental snapshot for that machine upon the next scheduled or forced snapshot.
1.
Navigate to the Rapid Recovery Core.
The Encryption Keys page appears.
The Change Passphrase dialog box appears.
4.
In the dialog box, in the Passphrase field, enter the new passphrase for the encryption.
5.
In the Confirm passphrase field, re-enter the identical passphrase.
6.
Click OK.
CAUTION: Rapid Recovery uses AES 256-bit encryption in the Cipher Block Chaining (CBC) mode with 256-bit keys. Quest recommends that you record the passphrase in a secure location and keep this information updated. Quest Support cannot recover a passphrase. Without the passphrase, you cannot recover information from encrypted recovery points.
Related Documents