UBQ000251:  Encrypting Backup Data with AES in UltraBac 9.x

UBQ ID Number: UBQ000251
Last Modified: 2009-12-11

Summary:

How to set up UltraBac to use Advanced Encryption Standard (AES) to protect backup data.

Details:

In prior versions of UtraBac, the Blowfish encryption algorithm was used to encrypt backup data at the set level. In UltraBac 8.3.1, encryption using AES was introduced, though the Blowfish algorithm remained available when AES was not enabled. Beginning with UltraBac 9.0 and later versions, Blowfish encryption support has been removed, though restore support for data encrypted using the Blowfish algorithm will always be available.

 

AES is enabled globally and operates at the device level; when AES encryption is enabled, backup data written to any UltraBac Storage Device will be encrypted. It is recommended, though not required, to re-create any sets that are configured to use the Blowfish algorithm to remove the existing Blowfish settings. Existing unencrypted UltraBac storage media will need to be re-prepared prior to use. UltraBac jobs that have the "Clear media" option selected will automatically prepare the media prior to backup.

Configuring AES

To enable AES:

 

  1. From the main UltraBac toolbar, click "Manage"/"General"/"Encryption Options."

 

ub_93_knowledgebase251_encrytion.jpg

Fig. 1 - AES Encryption Configuration Options.

 

  1. Set the AES encryption strength:

 

  1. Select the method for generating the encryption key:

 

  1. Click "OK" to set the encryption options as specified.

Additional AES Options
Using an Encryption Server

Once a system is configured to use AES, it can be used as an Encryption server. For ease of use it is recommended to use only one Encryption Server per network, but multiple servers can be used if such a configuration is necessary.

AES in the UltraBac Log Files

To ensure that AES is being used during backup, check for the following information in the UltraBac log files: This set is encrypted on the media.

 

NOTE: The text in the log file will not be highlighted.

 

ub_93_knowledgebase251_log.jpg

Fig. 2 - AES in the UltraBac log files.

Restoring an AES Encrypted Backup

UltraBac will attempt to use the encryption key stored in the system registry. If the stored AES encryption key is the same as the key used to encrypt the backup, no additional steps will need to be necessary to restore the data. However, if the key does not match, it will be necessary to enter/import the key/phrase when prompted.

 

ub_93_knowledgebase251_decryption.jpg

Fig. 3 - AES Decryption options during restore.

More Information:

See UltraBac User Manual:  UltraBac Preferences

See UltraBac User Manual:  Backup Set Basics

See UltraBac User Manual:  Restore Basics