Migrate encryption Master Key file to a new appliance

SUMMARY

How to match encryption keys between a new and old Unitrends appliance.

ISSUE

 

A new appliance has been installed to replace an existing unit and the encryption Master Key needs to be migrated over.

RESOLUTION

 

Copy the existing Master Key over to the new appliance.

 

Backup the Master Key file from the old unit and copy it to /var/lib/misc on the new appliance. Saving the master key file (crypt_image.iso) can be accomplished by burning the file to a CD or saving it to the local appliance samba share.
  1. Open the Unitrends UI and select "Configure" on the left.
  2. On the Appliances tab, select "Edit"
  3. Select the Advanced tab.
  4. The following dialog box will be displayed:
    eid_ka83r000000k9xs_feoid_00N40000003CZoj_refid_0EM40000000QzQJ
  5. Select the "Save Master Key File" link
  6. The Master Key file is an ISO image from which a file must be extracted by either burning the image to a disc or mounting the image as a virtual drive in Windows or on a Mac. Read all of the steps below before determining which option to choose:
    • Burn the Master Key file to a CD using the Unitrends appliance.
      1. If your appliance has a CD drive, insert a blank disc and click "Continue". The file will be burned to the CD.
      2. Remove the CD from the appliance and insert it into a computer with network access to the new appliance's samba share.
      3. Copy the "CRYPTODATA" file from the CD to the samba share of the new appliance.
      4. Continue with "Install on New Appliance" below.
    • Save the Master Key file to the local samba share.
      1. If your appliance has a CD drive, be sure the disc tray is empty.
      2. Click "Continue".  The "crypt_image.iso" image will be saved to the local samba share.
      3. From a Windows (version 8 or higher) or Mac computer, browse to the local samba share.
      4. Mount the ISO file as a virtual drive (Not sure how? See third-party references for Windows and Mac).
      5. Copy the "CRYPTODATA" file from the ISO image to the samba share of the new appliance.
      6. Continue with "Install on New Appliance" below.

Retrieving the .ISO via SFTP when SMB access is restricted or there is no CD drive

The .ISO file can be found at /_Stateless/backups/samba/ or sftp://applianceIP/_Stateless/backups/samba/crypt_image.iso 


Install on New Appliance

Once the "CRYPTODATA" file from the CD / ISO image has been copied to the samba share per instructions above on the new appliance:

  1. Open the Unitrends UI on the new appliance and select "Configure" on the left.
  2. On the Appliances tab, select "Edit"
  3. Select the Advanced tab.
  4. Ensure encryption is not yet enabled.  if it is enabled and backups have been performed, the appliance must be re-imaged before continuing.  
  5. SSH into the new appliance.
  6. Make a backup copy of the existing Master Key file:
    # cd /var/lib/misc
    # mv cryptoDaemonMasterKeys cryptoDaemonMasterKeys.old
    
  7. Rename and copy the "CRYPTODATA" file from the samba share to /var/lib/misc:
    # cd /backups/samba/
    # mv CRYPTODATA cryptoDaemonMasterKeys
    # mv cryptoDaemonMasterKeys /var/lib/misc/
  8. Restart the Unitrends services:
    # /etc/init.d/bp_rcscript stop
    # /etc/init.d/bp_rcscript start
  9. From the Unitrends UI, enable encryption and enter the identical passphrase that was used on the old unit.

TASKS

 

 

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section