Encrypting your backups

Generate and protect your keys with our validated hardware security modules 

ENCRYPTION KEYS

To ensure security fo your data, the Virtuaal Vault Client Software encrypts every data block it receives from the local network and it sends to the Virtuaal Vault Server.. The files are stored and remain encrypted on the Virtuaal Vault Server at all times. The decryption process occurs only during recovery and is performed by the Virtuaal Vault Client. This ensures that all backed up data transferred and stored outside you network  is always encrypted. The Virtuaal Vault Client uses up to 256 AES encryption and can be configured with private and account encryption keys. Encryption is FIPS 140-2 certified.

PRIVATE KEY

The private key is the default encryption key. It stays private & is expected to be unique for each Virtuaal Vault client. It is used to encrypt data before it is transmitted to the Virtuaal Vault Server. Backup files that are unique to an Virtuaal Vault Client are encrypted using the Virtuaal Vault Client private key and stored in the Virtuaal Vault Client private library area on the Virtuaal Vault Server.

ACCOUNT KEY

This provides an additional layer of security & is used for encryption at the Virtuaal Vault Server.

If you have multiple locations or multiple Virtuaal Vault clients, global deduplication is performed on the Virtuaal Vault server. The account key is used to encrypt your files that are common to multiple Virtuaal Vault Clients to the same Virtuaal Vault Server. These common backup files are encrypted with the account key and stored in the account library area on the Virtuaal Vault Server. Virtuaal Vault Clients that share a Virtuaal Vault Server must be configured with the same account key.

Manage your keys permission with one center point and define permission to use keys

The Virtuaal Vault Server uses encryption cookies to verify every connection by the Virtuaal Vault Client. Cookies are a piece of code generated using the encryption key. The Virtuaal Vault Client sends its cookie on every connection request. The Virtuaal Vault Server compares it with the cookie originally received during the initial Virtuaal Vault Client configuration. This verification process ensures integrity of both private and account keys. After initial configuration the authentication between the Virtuaal Vault Client and the Virtuaal Vault Server is transparent.

Both private and account encryption keys can be up to 32 alpha/numeric characters and are configured during Virtuaal Vault Client installation. Encryption keys are stored in the Database in encrypted form, so even if you have full access to the Virtuaal Vault Server, they cannot be read.