72
Copyright © Acronis, Inc., 2000-2010
If you choose to specify an existing user account for the agent service or the storage node service,
make sure that this account is a member of the
Backup Operators
group, before proceeding with the
installation.
If you choose to specify an existing user account for the management server service, this account will
be added to the
Acronis Centralized Admins
group automatically.
If the machine is part of an Active Directory domain, make sure that the domain's security policies do
not prevent the accounts described in this section (whether existing or newly created) from having
the above listed user rights.
Important: After the installation, do not specify a different user account for a component's service. Otherwise,
the component may stop working.
The newly created user accounts are also granted access to the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Acronis (called Acronis registry key) with the following rights:
Query Value
,
Set Value
,
Create Subkey
,
Enumerate Subkeys
,
Notify
,
Delete
, and
Read Control
.
In addition, there are two Acronis services which run under a system account:
The
Acronis Scheduler2 Service
provides scheduling for Acronis components' tasks. It runs under
the Local System account and cannot run under a different account.
The
Acronis Remote Agent Service
provides connectivity among Acronis components. It runs
under the Network Service account and cannot run under a different account.
2.12.8
Communication between Acronis Backup & Recovery 10
components
This section describes how Acronis Backup & Recovery 10 components communicate with each other
using secure authentication and encryption.
This section also provides information on configuring communication settings, selecting a network
port for communication, and managing security certificates.
2.12.8.1
Secure communication
Acronis Backup & Recovery 10 provides the capability to secure the data transferred between its
components within a local area network and through a perimeter network (also known as
demilitarized zone, DMZ).
There are two mechanisms which ensure secure communication between Acronis Backup &
Recovery 10 components:
Secure authentication
provides secure transfer of certificates needed to establish a connection,
by using the Secure Sockets Layer (SSL) protocol.
Encrypted communication
provides secure transfer of information between any two
components—for example, between Acronis Backup & Recovery 10 Agent and Acronis Backup &
Recovery 10 Storage Node—by encrypting the data being transferred.
For instructions on how to set up secure authentication and data encryption settings, see Configuring
communication options (p. 73).
For instructions on how to manage SSL certificates used for secure authentication, see SSL
certificates (p. 76).