Recovery Manager for Active Directory (RMAD) allows you to protect your backups by encrypting them. You can enable the backup encryption in the Defaults dialog box for the Computer Collections node or a Computer Collection (Computer Collection properties), as well as in the Backup Wizard.
Do one of the following:
Right-click the Computer Collections node, and then click Collection Defaults.
Right-click the Computer Collection, and then click Properties.
Click Advanced on the Completing the Backup Wizard page.
In the Properties dialog box, click the Backup tab.
On the Backup tab, select the Encrypt and protect backups with password check box.
In the Set Password dialog box, type and confirm by retyping a password, and then click OK.
A password can contain any combination of letters, numerals, spaces, and symbols. Passwords are case sensitive, so if you vary the capitalization when you assign the password, you must type the same capitalization when entering the password. You can change the backup protection password later by clicking Set Password on the Backup tab. Write the password down and keep it in a secure place. If you lose the password, you cannot restore data from that backup since RMAD asks you to type the password.
Active Directory backup encryption:
RMAD uses Microsoft's implementation of the AES 256 algorithm from RSA, Inc. (Microsoft RSA Base Provider), with the maximal (normally, 128-bit) cipher strength.
If you specify DC storage, UNC share or secure storage server for encrypted backups (Remote Storage tab): A Backup Agent writes a backup directly to the storage to an encrypted temporary file. This temporary file is local or remote depending on the storage type. Data is encrypted in memory during a backup process. When the backup is done, the temporary file is renamed to the *.bkf file.
If you specify a local storage for encrypted backups (Local Storage tab): A Backup Agent writes a backup via RPC connection to the storage on the Recovery Manager Console machine, data is encrypted in memory.
Bare Metal Recovery (BMR) backup encryption:
The specified password is used to generate a passphrase with which the backup is encrypted. The password cannot be used directly to unlock the backup container *.vhd(x) file.
RMAD uses a virtual hard disk encrypted with BitLocker® as a container for the backup (256-bit AES encryption). Only backup volume is encrypted on the VHD disk.
Data is encrypted in transport by the BitLocker® engine on the DC being backed up.
note |
|
The BitLocker® Drive Encryption feature should be installed on all backed up domain controllers and on the Forest Recovery Console machine to support encrypted BMR backups. But note that the BitLocker® feature does not encrypt DC drives automatically.
With Recovery Manager for Active Directory, you can back up Active Directory® Lightweight Directory Services (AD LDS), previously known as Active Directory® Application Mode (ADAM), by using one of the following methods:
Method 1: Back up AD LDS (ADAM) from the Recovery Manager Console. Use this method to immediately back up one or multiple AD LDS (ADAM) instances.
Method 2: Schedule backup creation for AD LDS (ADAM). Use this method to schedule backup creation for one or multiple AD LDS (ADAM) instances.
Complete these steps:
Right-click the Active Directory node in the Recovery Manager Console tree and select Connect to AD LDS (ADAM).
Use the dialog box that opens to specify parameters for connecting to the AD LDS (ADAM) you want to back up.
When finished, click OK.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center