Non-phone-home license restrictions
Registering a Rapid Recovery license in non-phone-home mode precludes the Core from sharing your personal information. This includes email address, IP addresses, and license consumption information.
After you register a non-phone-home license, you will not be able to do the following:
- View license server information from the Settings page on the Core Console (since your Core is not permitted to communicate with the Rapid Recovery License Portal).
- Manage the consumption of licenses from the Core Console.
- Submit information to Quest Data Protection Support from the Rapid Recovery Info Gathering Tool.
- Monitor the health of Cores and protected machines, manage multiple Cores, and generate reports on demand for the relevant machines on multiple Cores from the QorePortal.
- Use the auto update feature to update a new version of Rapid Recovery Core (your Core is not notified that new versions are available).
- Use the auto update feature to directly update protected Linux machines using package managers such as yum, zypper, or apt (you can still download an installation package from an internet-accessible Linux machine and move installation files to the secured computer manually).
Obtaining and using non-phone-home licenses
If you obtain the non-phone-home license before you upgrade or install Rapid Recovery Core, transfer the license to the Core server. When you run the installer, on the Privacy Policy page, select the option to decline to share data, and when prompted, register the non-phone-home license.
If your Rapid Recovery Core is already registered with a phone-home key, access the General settings on the Core, change the setting Agree to use of personal data to No, and when prompted, register the non-phone-home key.
For more information or step-by-step instructions for changing General settings for your Core, see the topic Configuring Core general settings.
For more information about managing licenses from the Rapid Recovery Core, see the topic "Understanding Rapid Recovery licenses" in the Rapid Recovery Installation and Upgrade Guide.
Complete the steps in this procedure to contact the Quest licensing team to obtain a non-phone-home license.
- In a web browser, navigate to the Quest Licensing Assistance website at https://support.quest.com/contact-us/licensing.
- From the How can we help you drop-down menu, select Obtain a license for my product.
- From the Select Product drop-down menu, select Rapid Recovery.
- From the Product Version drop-down menu, select the appropriate option.
For example, select 6.5.
- In the Contact Information section of the form, add information as described in the following table.
Field Name Description Required Field Business Email
Enter the email address to which you want the Quest licensing team to respond. If you have access to the email account associated with your Rapid Recovery license, use that address for fastest response.
Yes Contact First Name Enter your first name. Yes Contact Last Name Enter your last name. Yes Company Name
Enter the name of the company associated with your Rapid Recovery license.
US Federal Select if your license is related to a US federal organization. No Country Select your country. Yes Phone Number Enter your phone number, including area code. If outside the US, include country code. Yes License Number (if available) No License Key (if available) License keys were used in AppAssure 5.4.1 and earlier. This is typically a string of 30 characters (6 groups of 5 numbers and upper-case alphabetic letters, separated by hyphens). No Machine ID The name of the registered Core machine. No Service Tag (if available) Enter the service tag if available. No License Request Details
Indicate in this field that, per GDPR, you want a non-phone-home license to replace your phone-home license to protect your PII.
NOTE: By making this request, you agree that you will delete the phone-home license key when you receive and register the non-phone-home key. You also agree that you will not share this key.
Yes License File If you have a phone-home license, you can attach the license file. No - To validate your request and submit the form, select I'm not a robot, and then click Next.
The form is submitted, and you receive an email message with a Service Request (SR) number.
When you receive the non-phone-home license file, upload it to the Core server to register the license. For more information, see "Updating or changing a license" in the Rapid Recovery Installation and Upgrade Guide.
Encryption
This section describes the process of securing data in your environment using encryption keys and machine-level snapshot encryption settings.
Topics include:
Understanding encryption keys
The Rapid Recovery Core can encrypt snapshot data for all volumes within any repository using encryption keys that you define and manage from the Core Console.
Instead of encrypting the entire repository, Rapid Recovery lets you specify an encryption key for one or more machines protected on a single Rapid Recovery Core. Each active encryption key creates an encryption domain. There is no limit to the number of encryption keys you can create on the Core.
In a multi-tenant environment (when a single Core hosts multiple encryption domains), data is partitioned and deduplicated within each encryption domain. As a result, Quest recommends using a single encryption key for multiple protected machines if you want to maximize the benefits of deduplication among a set of protected machines.
You can also share encryption keys between Cores using one of three methods. One method is to export an encryption key as a file from one Rapid Recovery Core and import it to another Core. A second method is to archive data secured with an encryption key, and then import that archived data into another Rapid Recovery Core. The third method is to replicate recovery points from a protected machine using an encryption key. After you replicate protected machines, the encryption keys used in the source Core appear as replicated encryption keys in the target Core.
In all cases, once imported, any encryption key appears in the Core with a state of Locked. To access data from a locked encryption key, you must unlock it. For information about importing, exporting, locking or unlocking encryption keys, see the topic Managing encryption keys.
Key security concepts and considerations include:
- Encryption is performed using 256-bit Advanced Encryption Standard (AES) in Cipher Block Chaining (CBC) mode that is compliant with SHA-3.
- Deduplication operates within an encryption domain to ensure privacy.
- Encryption is performed without impact on performance.
- You can apply a single encryption key to any number of protected machines, but any protected machine can only have one encryption key applied at a time.
- You can add, remove, import, export, modify, and delete encryption keys that are configured on the Rapid Recovery Core.
Caution: Rapid Recovery takes a new snapshot whenever you apply an encryption key to a protected machine. A new snapshot is also triggered after you disassociate an encryption key for a protected machine.
Encryption keys generated from the Rapid Recovery Core are text files that contain four parameters, as described in the following table:
| Component | Description |
|---|---|
| Name | This value is equivalent to the key name given when adding a key in the Rapid Recovery Core Console. |
| Key | This parameter consists of 107 randomly generated English alphabetic, numeric, and mathematical operator characters. |
| ID | The key ID consists of 26 randomly generated upper-case and lower-case English characters. |
| Comment | The comment contains the text of the key description entered when the key was created. |