Loading...

Knowledge Base

Encryption in Cloud Backup

When storing data in the Cloud Storage, we recommend that you encrypt all the backups, especially for companies subject to regulatory compliance.

If you want to know how to create a backup using Cloud Backup, click the link below:

If you want to know how to select a destination to backup using Cloud Backup, click the link below:

 

NOTE: It is important to keep your encryption password safe as there is no way to recover all encrypted backups once the password is lost or forgotten.

 

 

Enabling Encryption in Cloud Backup

To enable encryption, the settings need to be specified when creating a backup plan. If the backup plan has already been created and applied, the encryption settings can no longer be modified. If different encryption settings are needed, a new backup plan must be created as well.

Here’s how to specify the encryption settings:

  1. Access the Cloud Backup Console.
  2. Click Devices on the left menu bar to open the list of all computers/devices connected to the Cloud Backup.
  3. Select the computer/device you want to back up, then click Backup on the right menu bar to open a New backup plan template.
  4. Click on the ENCRYPTION switch to enable option.
  5. Specify and confirm your chosen encryption password. The password is case-sensitive.
  6. Under Encryption algorithm, select one of the following:
     
    • AES 256 – backup encryption will use the 256-bit key Advanced Encryption Standard (AES) algorithm.
    • AES 192 – backup encryption will use the 192-bit key AES algorithm.
    • AES 128 – backup encryption will use the 128-bit key AES algorithm.
  7. Click OK to save your encryption settings.

 

Congratulations! You have just enabled your backup plan’s encryption settings in Cloud Backup.

 

Encryption on Machines

This option is for administrators handling backups of multiple machines. If unique encryption passwords are needed for each machine or if an encryption of backups is enforced regardless of the backup plan’s encryption settings, the encryption settings can be saved individually on each machine.

Encryption settings saved on a machine affects the backup plans in the following ways:

  • For backup plans already applied to the machine.
    If the encryption settings in the backup plan are different, the applied backups will fail.
  • For backup plans to be applied to the machine later.
    The encryption settings in the backup plan will be overridden by the settings saved on the machine.
    All backups will be encrypted, even if the backup plan’s encryption settings is disabled.

Once the settings are saved on the machine; they can no longer be modified, but they can be reset.

This option is only available for Windows or Linux machines, and is not supported for OS X. It can also be used on machines run by Agent for VMware.

NOTE: Caution is advised for one vCenter Server having more than one Agent for VMware connected to it. It is mandatory for the same encryption settings to be used for all the agents due to a kind of load balancing among them.

 

Encryption Settings on Machines

Here’s how to save encryption settings on a machine:

  1. On your machine, log on as an administrator for Windows or the root user for Linux.
  2. Run the following script on the machine:
     
    • In Windows
      <installation_path>\PyShell\bin\acropsh.exe -m manage_creds --set-password <encryption_password>
      The "installation_path" is the backup agent installation path. By default, this is %ProgramFiles%\BackupClient.
       
    • In Linux
      /usr/sbin/acropsh -m manage_creds --set-password <encryption_password>
      The backups will be encrypted using the 256-bit key AES algorithm.

       

Congratulations! You have just saved your machine’s encryption settings.

 

Encryption Settings Reset on Machines

Here’s how to reset encryption settings on a machine:

  1. On your machine, log on as an administrator for Windows or the root user for Linux.
  2. Run the following script on the machine:
     
    • In Windows
      <installation_path>\PyShell\bin\acropsh.exe -m manage_creds --reset
      The "installation_path" is the backup agent installation path. By default, this is %ProgramFiles%\BackupClient.
       
    • In Linux
      /usr/sbin/acropsh -m manage_creds –reset

 

NOTE: Once the encryption settings on a machine have been reset, the machine’s backups will fail. Create a new backup plan to continue backing up the machine.

 

Congratulations! You have just reset your machine’s encryption settings.

 

How Encryption Works

The AES cryptographic algorithm uses a randomly generated key with user-defined sizes of 128, 192 or 256 bits and operates in the Cipher-block chaining (CBC) mode. The greater the key size, the longer it will take for the backup encryption process of the program, and the more secure the data will be.

With AES-256 using an SHA-256 hash of the password as a key, the encryption key is then encrypted. The password itself is not saved anywhere on the disk or backups. For verification purposes, the password hash is used. The backed up data is protected from any unauthorised access with this two-level security, making it impossible to recover a lost password.

Did you find this article helpful?

 
* Your feedback is too short

Loading...