Encrypting your backups

Generate & Protect your Keys with our validated Hardware Security Modules 


To ensure the security of your data, the Virtual Vault Client Software encrypts every data block it receives from the local network and sends it to the Virtual Vault Server. The files are stored and remain encrypted on the Virtual Vault Server at all times. The decryption process occurs only during recovery and is performed by the Virtual Vault Client. This ensures that all backed-up data is transferred and stored outside your network and is always encrypted. The Virtual Vault Client uses up to 256 AES encryption and can be configured with private and account encryption keys. Encryption is FIPS 140-2 certified.


The private key is the default encryption key. It stays private & is expected to be unique for each Virtual Vault client. It is used to encrypt data before it is transmitted to the Virtual Vault Server. Backup files that are unique to a Virtual Vault Client are encrypted using the Virtual Vault Client private key and stored in the Virtual Vault Client private library area on the Virtual Vault Server.


This provides an additional layer of security & is used for encryption at the Virtual Vault Server.

If you have multiple locations or multiple Virtual Vault clients, global deduplication is performed on the Virtual Vault server. The account key is used to encrypt your files that are common to multiple Virtual Vault Clients to the same Virtual Vault Server. These common backup files are encrypted with the account key and stored in the account library area on the Virtual Vault Server. Virtual Vault Clients that share a Virtual Vault Server must be configured with the same account key.

Manage your Keys Permission with one Center Point and Define Permission to use Keys

The Virtual Vault Server uses encryption cookies to verify every connection by the Virtual Vault Client. Cookies are a piece of code generated using the encryption key. The Virtuaal Vault Client sends its cookie on every connection request. The Virtual Vault Server compares it with the cookie originally received during the initial Virtual Vault Client configuration. This verification process ensures the integrity of both private and account keys. After initial configuration the authentication between the Virtual Vault Client and the Virtual Vault Server is transparent.

Both private and account encryption keys can be up to 32 alpha/numeric characters and are configured during Virtual Vault Client installation. Encryption keys are stored in the database in encrypted form, so even if you have full access to the Virtual Vault Server, they cannot be read.