Once an encryption key is applied to a protected machine, all subsequent snapshot data stored in the Rapid Recovery Core is encrypted.
NOTE: If you want to remove an encryption key from the Core, as described in the topic Removing an encryption key, you must first disassociate that encryption key from all protected machines. |
Perform this procedure to disassociate an encryption key from a specific protected machine.
1. |
The Protected Machines page appears, listing all the machines protected by this Core. An open lock appears for any machine that does not have an encryption key applied. A closed lock
indicates that a protected machine has encryption applied.
2. |
In the Protected Machines pane, click the |
The Encryption Configuration dialog box appears.
3. |
Select Encrypt data using Core-based encryption with an existing Key, and from the drop-down menu, select (None) and then click OK. |
4. |
If you want to remove this encryption key from the Rapid Recovery Core, first repeat this procedure for all protected machines using this key. Then perform the procedure described in the topic Removing an encryption key. |
To manage encryption keys for the Rapid Recovery Core, from the icon bar, click (More) and then select Encryption Keys. The Encryption Keys page appears. For each encryption key added to your Rapid Recovery Core (if any have been defined yet), you see the information described in the following table.
Universal. Universal type is the default condition when you create an encryption key. A key with a type of Universal, combined with a state of Unlocked, indicates that the key can be applied to a protected machine. You cannot manually lock a universal key type; instead, you must first change its type as described in the procedure Changing encryption key types. Replication. When a protected machine in a source Core has encryption enabled, and recovery points for that machine are replicated in a target Core, any encryption keys used in the source appear automatically in the target Core with a type of Replication. The default state after receiving a replicated key is locked. You can unlock an encryption key with a type of Replication by providing the passphrase. If a key has a type of Unlocked, you can manually lock it. For more information, see the topic Unlocking an encryption key. | |||||
The state indicates whether an encryption key can be used. Two possible states include:
If the state of an encryption key is locked, it must be unlocked before it can be used. If you previously unlocked a locked encryption key, and the duration to remain unlocked has expired, the state changes from unlocked to locked. After the key locks automatically, you must unlock the key again in order to use it. For more information, see the topic Unlocking an encryption key. | |||||
At the top level of the Encryption Keys pane, you can add an encryption key or import a key using a file exported from another Rapid Recovery Core. You can also delete keys selected in the summary table.
Once an encryption key exists for a Core, you can manage the existing keys by editing the name or description properties; changing the passphrase; unlocking a locked encryption key; or removing the key from the Rapid Recovery Core. You can also export a key to a file, which can be imported into another Rapid Recovery Core.
When you add an encryption key from the Encryption Keys page, the key appears in the list of encryption keys, but is not applied to a specific protected machine. For information on how to apply an encryption key you create from the Encryption Keys pane, or to delete a key entirely from the Rapid Recovery Core, see Applying or removing encryption from a protected machine.
From the Encryption Keys pane, you can manage security for the backup data saved to the Core for any protected machine in your repository by doing the following:
Rapid Recovery uses AES 256-bit encryption in the Cipher Block Chaining (CBC) mode with 256-bit keys. While using encryption is optional, Quest recommends that you establish an encryption key, and that you protect the passphrase you define.
This step describes how to add an encryption key from the Rapid Recovery Core Console. This process does not apply the key to any machines currently being protected on the Core. You can also add an encryption key during the process of protecting a machine. For more information on adding encryption as part of protecting one machine, see Protecting a machine. For more information on adding encryption to two or more machines while initially protecting them, see About protecting multiple machines.
Complete the steps in this procedure to add an encryption key.
1. |
2. |
3. |
The Create Encryption Key dialog box appears.
4. |
In the Create Encryption Key dialog box, enter the details for the key as described in the following table. |
Enter a name for the encryption key. Encryption key names must contain between 1 and 64 alphanumeric characters. Do not use prohibited characters or prohibited phrases. | |||
Enter a comment for the encryption key. Best practice is to avoid using prohibited characters and prohibited phrases. | |||
Enter a passphrase used to control access. Best practice is to avoid using prohibited characters.
| |||
Re-enter the passphrase. It is used to confirm the passphrase entry. |
5. |
The dialog box closes and the encryption key you created is visible on the Encryption Keys page.
6. |
You can import an encryption key from another Rapid Recovery Core and use that key to encrypt data for a protected machine in your Core. To import the key, you must be able to access it from the Core machine, either locally or through your network. You must also know the passphrase for the encryption key.
Complete the steps in this procedure to import an encryption key.
1. |
2. |
3. |
The File Upload dialog box appears.
4. |
In theFile Upload dialog box, navigate to the network or local directory containing the encryption key you want to import. |
6. |
The dialog box closes and the encryption key you imported is visible on the Encryption Keys page. If the encryption key was used to protect a volume before it was exported, the state of the key is Locked.
© 2023 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy