126
Copyright © Acronis, Inc., 2000-2010
Vault database path
To specify the path where the vault's database will be created
1.
In the
Local folders
of the storage node, select the desired folder or enter the full path to the
folder in the
Path
field.
To create a new folder for the database, click
Create folder
.
2.
Click
OK
.
When choosing a folder for the vault's database, follow these considerations:
The folder must reside on a fixed drive. Please do not try to place the database on external
detachable drives.
The folder size may become large—one estimate is 200 GB per 8 TB of used space, or about 2.5
percent.
The folder permissions must allow the user account under which the storage node's service is
running (by default,
ASN User
) to write to the folder. When assigning permissions, specify the
user account explicitly (not just
Everyone
).
Vault encryption
If you protect a vault with encryption, anything written to the vault will be encrypted and anything
read from it will be decrypted transparently by the storage node, using a vault-specific encryption
key stored on the node. In case the storage medium is stolen or accessed by an unauthorized person,
the malefactor will not be able to decrypt the vault contents without access to the storage node.
This encryption has nothing to do with the archive encryption specified by the backup plan and
performed by an agent. If the archive is already encrypted, the storage node-side encryption is
applied over the encryption performed by the agent.
To protect the vault with encryption
1.
Select the
Encrypt
check box.
2.
In the
Enter the password
field, type a password.
3.
In the
Confirm the password
field, re-type the password.
4.
Select one of the following:
AES 128
– the vault contents will be encrypted using the Advanced Encryption Standard (AES)
algorithm with a 128-bit key
AES 192
– the vault contents will be encrypted using the AES algorithm with a 192-bit key
AES 256
– the vault contents will be encrypted using the AES algorithm with a 256-bit key.
5.
Click
OK
.
The AES cryptographic algorithm operates in the Cipher-block chaining (CBC) mode and uses a
randomly generated key with a user-defined size of 128, 192 or 256 bits. The larger the key size, the
longer it will take for the program to encrypt the archives stored in the vault and the more secure the
archives will be.
The encryption key is then encrypted with AES-256 using a SHA-256 hash of the password as a key.
The password itself is not stored anywhere on the disk; the password hash is used for verification
purposes. With this two-level security, the archives are protected from any unauthorized access, but
recovering a lost password is not possible.