Home » Dell Manuals » Storage Devices » Dell DL4300 » Manual Viewer

Dell DL4300 Appliance Users Guide - Page 38

Managing security, Adding an encryption key

Add to My Manuals
Save this manual to your list of manuals

Page 38 highlights

md "" NOTE: Ensure that you remove the \File_x portion of the metadata path, and enclose the metadata path in quotes. 9. From Computer Management → Storage Management → Disk Management, add the mount path to the volume. NOTE: Ensure that you remove the \File_x portion of the metadata path. 10. Remove the drive letter. 11. Add drive letters to all DL_VMRSRV_x volumes. 12. From the AppAssure Core Console → Configuration → Restore screen, click fix path, and then click Save. The repository is back online and display a green status. NOTE: You must repeat Step 9 through Step 12 for each DL_REPO_xxxx volume. Managing security The Core can encrypt protected machine snapshot data within the repository. Instead of encrypting the entire repository, you can specify an encryption key during the protection of a machine in a repository which lets the keys be reused for different protected machines. Encryption does not affect performance, as each active encryption key creates an encryption domain, thus letting a single core support multitenancy by hosting multiple encryption domains. In a multi-tenant environment, data is partitioned and deduplicated within the encryption domains. Because you manage the encryption keys, loss of the volume cannot leak the keys. Key security concepts and considerations include: • Encryption is performed using 256 bit AES in Cipher Block Chaining (CBC) mode that is compliant with SHA-3. • Deduplication operates within an encryption domain to ensure privacy. • Encryption is performed without impact on performance. • You can add, remove, import, export, modify, and delete encryption keys that are configured on the Core. • There is no limit to the number of encryption keys you can create on the Core. Adding an encryption key To add an encryption key: 1. Navigate to the Core Console. 2. Click Configuration → Security. The Encryption Keys page appears. 3. Click Actions, and then click Add Encryption Key. The Create Encryption Key dialog box displays. 4. In the Create Encryption Key dialog box, enter the details for the key described as follows. Text Box Description Name Enter a name for the encryption key. 38

Section	Page
Dell DL4300 Appliance User's Guide	3
Introduction to Dell DL4300 Appliance	10
Core technologies	10
Live Recovery	11
Verified Recovery	11
Universal Recovery	11
True Global Deduplication	11
True Scale architecture	11
Deployment architecture	12
Smart Agent	14
DL4300 Core	14
Snapshot process	14
Replication of disaster recovery site or service provider	15
Recovery	15
Product features	15
Repository	16
True Global Deduplication	16
Encryption	17
Replication	18
Recovery-as-a-Service (RaaS)	19
Retention and archiving	19
Virtualization and cloud	20
Alerts and event management	20
License portal	20
Web console	20
Service management APIs	21
Working with the DL4300 Core	22
Accessing the DL4300 Core Console	22
Updating trusted sites in Internet Explorer	22
Configuring browsers to remotely access the Core Console	22
Roadmap for configuring the Core	23
Managing licenses	24
Changing a license key	24
Contacting the license portal server	24
Changing the AppAssure language manually	25
Changing the OS language during installation	25
Managing Core settings	26
Changing the Core display name	26
Adjusting the nightly job time	26
Modifying the transfer queue settings	26
Adjusting the client time-out settings	27
Configuring deduplication cache settings	27
Modifying engine settings	28
Modifying database connection settings	29
About repositories	29
Roadmap for managing a repository	30
Creating a repository	30
Viewing repository details	33
Modifying repository settings	33
Expanding an existing repository	34
Adding a storage location to an existing repository	34
Checking a repository	36
Deleting a repository	36
Remounting volumes	36
Recovering a repository	37
Managing security	38
Adding an encryption key	38
Editing an encryption key	39
Changing an encryption key passphrase	39
Importing an encryption key	39
Exporting an encryption key	40
Removing an encryption key	40
Managing cloud accounts	40
Adding a cloud account	40
Editing a cloud account	42
Configuring cloud account settings	42
Understanding replication	43
About protecting workstations and servers	43
About replication	43
About seeding	44
About failover and failback	45
About replication and encrypted recovery points	45
About retention policies for replication	46
Performance considerations for replicated data transfer	46
Roadmap for performing replication	47
Replicating to a self-managed core	47
Replicating to a core managed by a third party	51
Monitoring replication	53
Managing replication settings	55
Removing replication	55
Removing a protected machine from replication on the source Core	55
Removing a protected machine on the target Core	56
Removing a target Core from replication	56
Removing a source Core from replication	56
Recovering replicated data	56
Roadmap for failover and failback	57
Setting up an environment for failover	57
Performing failover on the target Core	57
Performing failback	58
Managing events	59
Configuring notification groups	59
Configuring an email server and email notification template	61
Configuring repetition reduction	62
Configuring event retention	62
Managing recovery	62
About system information	63
Viewing system information	63
Downloading installers	63
About the agent installer	63
Downloading and installing the agent installer	63
About the local mount utility	64
Downloading and installing the local mount utility	64
Adding a core to the local mount utility	65
Mounting a recovery point by using the local mount utility	66
Dismounting a recovery point by using the local mount utility	66
About the local mount utility tray menu	67
Using Core and agent options	67
Managing retention policies	68
Archiving to a cloud	68
About archiving	68
Creating an archive	68
Setting a scheduled archive	69
Pausing or resuming scheduled archive	70
Editing a scheduled archive	71
Checking an archive	72
Importing an archive	72
Managing SQL attachability	73
Configuring SQL attachability settings	73
Configuring nightly SQL attachability checks and log truncation	74
Managing exchange database mountability checks and log truncation	74
Configuring exchange database mountability and log truncation	74
Forcing a mountability check	75
Forcing checksum checks	75
Forcing log truncation	75
Recovery point status indicators	76
Managing Your Appliance	78
Monitoring the status of the Appliance	78
Provisioning storage	78
Provisioning selected storage	79
Deleting space allocation for a virtual disk	80
Resolving failed tasks	80
Upgrading your Appliance	80
Repairing your Appliance	81
Protecting workstations and servers	82
About protecting workstations and servers	82
Configuring machine settings	82
Viewing and modifying configuration settings	82
Viewing system information for a machine	83
Configuring notification groups for system events	83
Editing notification groups for system events	85
Customizing retention policy settings	87
Viewing license information	89
Modifying protection schedules	89
Modifying transfer settings	90
Restarting a service	92
Viewing machine logs	93
Protecting a machine	93
Deploying the agent software when protecting an agent	95
Creating custom schedules for volumes	96
Modifying exchange server settings	96
Modifying SQL server settings	97
Deploying an agent (push install)	97
Replicating a new agent	98
Managing machines	99
Removing a machine	99
Replicating agent data on a machine	99
Setting replication priority for an agent	100
Canceling operations on a machine	100
Viewing machine status and other details	101
Managing multiple machines	102
Deploying to multiple machines	102
Monitoring the deployment of multiple machines	106
Protecting multiple machines	106
Monitoring the protection of multiple machines	108
Managing snapshots and recovery points	108
Viewing recovery points	109
Viewing a specific recovery point	109
Mounting a recovery point for a Windows machine	110
Dismounting select recovery points	111
Dismounting all recovery points	111
Mounting a recovery point volume on a Linux machine	111
Removing recovery points	112
Deleting an orphaned recovery point chain	112
Forcing a snapshot	113
Pausing and resuming protection	113
Restoring data	114
Backup	114
About exporting protected data from Windows machines to virtual machines	115
Exporting backup information from your Microsoft Windows machine to a virtual machine	117
Exporting Windows data using ESXi export	117
Exporting Windows data using VMware workstation export	119
Exporting Windows data using Hyper-V export	121
Exporting Microsoft Windows data using Oracle VirtualBox export	124
Virtual Machine Management	126
Performing a rollback	130
Performing a rollback for a Linux machine by using the command line	131
About bare metal restore for Windows machines	132
Prerequisites for performing a bare metal restore for a Windows machine	132
Roadmap for performing a bare metal restore for a Windows machine	133
Creating a bootable CD ISO image	133
Loading a boot CD	135
Launching a restore from the Core	136
Mapping volumes	136
Viewing the recovery progress	137
Starting the restored target server	137
Repairing startup problems	137
Performing a bare metal restore for a Linux machine	138
Installing the screen utility	139
Creating bootable partitions on a Linux machine	139
Viewing events and alerts	140
Protecting server clusters	141
About server cluster protection	141
Supported applications and cluster types	141
Protecting a cluster	142
Protecting nodes in a cluster	143
Process of modifying cluster node settings	144
Roadmap for configuring cluster settings	144
Modifying cluster settings	145
Configuring cluster event notifications	145
Modifying the cluster retention policy	146
Modifying cluster protection schedules	147
Modifying cluster transfer settings	147
Converting a protected cluster node to an agent	148
Viewing server cluster information	148
Viewing cluster system information	148
Viewing summary information	149
Working with cluster recovery points	149
Managing snapshots for a cluster	149
Forcing a snapshot for a cluster	150
Pausing and resuming cluster snapshots	150
Dismounting local recovery points	150
Performing a rollback for clusters and cluster nodes	151
Performing a rollback for CCR (Exchange) and DAG clusters	151
Performing a rollback for SCC (Exchange, SQL) clusters	151
Replicating cluster data	151
Removing a cluster from protection	151
Removing cluster nodes from protection	152
Removing all nodes in a cluster from protection	152
Viewing a cluster or node report	153
Reporting	154
About reports	154
About the reports toolbar	154
About compliance reports	154
About errors reports	155
About the Core Summary Report	155
Repositories summary	155
Agents summary	156
Generating a report for a Core or agent	156
About the Central Management Console Core reports	157
Generating a report from the Central Management Console	157
Completing a full recovery of the DL4300 Appliance	158
Creating a RAID 1 partition for the operating system	158
Installing the operating system	159
Running the recovery and update utility	159
Changing the host name manually	161
Stopping the Core service	161
Deleting server certificates	161
Deleting Core server and registry keys	161
Launching the Core with the new host name	162
Changing the display name	162
Updating trusted sites in Internet Explorer	162
Appendix A— scripting	163
About powershell scripting	163
Powershell scripting prerequisites	163
Testing scripts	163
Input parameters	164
VolumeNameCollection (namespace Replay.Common.Contracts.Metadata.Storage)	168
Pretransferscript.ps1	169
Posttransferscript.ps1	169
Preexportscript.ps1	170
Postexportscript.ps1	171
Prenightlyjobscript.ps1	171
Postnightlyjobscript.ps1	173
Sample scripts	175
Getting help	176
Finding documentation and software updates	176

Match case Limit results 1 per page

md "<metadata path>"

NOTE:

Ensure that you remove the

\File_x

portion of the metadata path, and enclose the

metadata path in quotes.

From

Computer Management

→

Storage Management

→

Disk Management

, add the mount path

to the volume.

NOTE:

Ensure that you remove the

\File_x

portion of the metadata path.

10.

Remove the drive letter.

11.

Add drive letters to all

DL_VMRSRV_x

volumes.

12.

From the AppAssure Core Console

→

Configuration

→

Restore

screen, click

fix path

, and then click

Save

The repository is back online and display a green status.

NOTE:

You must repeat Step 9 through Step 12 for each

DL_REPO_xxxx

volume.

Managing security

The Core can encrypt protected machine snapshot data within the repository. Instead of encrypting the

entire repository, you can specify an encryption key during the protection of a machine in a repository

which lets the keys be reused for different protected machines. Encryption does not affect performance,

as each active encryption key creates an encryption domain, thus letting a single core support

multitenancy by hosting multiple encryption domains. In a multi-tenant environment, data is partitioned

and deduplicated within the encryption domains. Because you manage the encryption keys, loss of the

volume cannot leak the keys. Key security concepts and considerations include:

•

Encryption is performed using 256 bit AES in Cipher Block Chaining (CBC) mode that is compliant

with SHA-3.

•

Deduplication operates within an encryption domain to ensure privacy.

•

Encryption is performed without impact on performance.

•

You can add, remove, import, export, modify, and delete encryption keys that are configured on the

Core.

•

There is no limit to the number of encryption keys you can create on the Core.

Adding an encryption key

To add an encryption key:

Navigate to the Core Console.

Click

Configuration

→

Security

The

Encryption Keys

page appears.

Click

Actions

, and then click

Add Encryption Key

The

Create Encryption Key

dialog box displays.

In the

Create Encryption Key

dialog box, enter the details for the key described as follows.

Text Box

Description

Name

Enter a name for the encryption key.