07-09-2018 07:01 AM
If I REPLACE the current encryption key on all jobs in Backup Exec 2014, will I be able to restore data from jobs previously run under the old encryption key?
Thank you
07-09-2018 08:08 AM
07-09-2018 08:17 AM
Thank you, Gurv.
So to be clear,I can replace the encryption key and just keep the old passphrase for older restores. And the same thing I I create a new encryption key - just don't delete the old one?
07-09-2018 08:28 AM
07-09-2018 08:31 AM
Thank you for the quick responses Gurv.
Have you done this (replace keys, use old passphrases) in a production environment?
07-09-2018 08:41 AM
07-09-2018 11:55 PM
If you either use multiple encryption keys or periodically change encryption keys (or both) then please make sure you keep accurate records of which encryption keys were used with which jobs and/or on what date ranges they were in use. As when it comes to a restore you will need the specific key used on the specific date (or specific instance of the job)
Obviously if you have added new keys and just stopped using the old ones (but not deleted them) then this makes restores easier, but you do have to protect for loss of the BE server (or an admin accidentally deleting old keys) when needing to do restores.
Also note that encryption keys have 3 attributes, 2 of which are important for your records.
- Name of key: not critically important but helps you organize your records
- Passphrase: very important
- Encryption key type (bit level) : very important.