SUMMARY
How to match encryption keys between a new and old Unitrends appliance.
ISSUE
A new appliance has been installed to replace an existing unit and the encryption Master Key needs to be migrated over.
RESOLUTION
Copy the existing Master Key over to the new appliance.
Backup the Master Key file from the old unit and copy it to /var/lib/misc on the new appliance. Saving the master key file (crypt_image.iso) can be accomplished by burning the file to a CD or saving it to the local appliance samba share.
- Open the Unitrends UI and select "Configure" on the left.
- On the Appliances tab, select "Edit"
- Select the Advanced tab.
- The following dialog box will be displayed:
- Select the "Save Master Key File" link
- The Master Key file is an ISO image from which a file must be extracted by either burning the image to a disc or mounting the image as a virtual drive in Windows or on a Mac. Read all of the steps below before determining which option to choose:
- Burn the Master Key file to a CD using the Unitrends appliance.
- If your appliance has a CD drive, insert a blank disc and click "Continue". The file will be burned to the CD.
- Remove the CD from the appliance and insert it into a computer with network access to the new appliance's samba share.
- Copy the "CRYPTODATA" file from the CD to the samba share of the new appliance.
- Continue with "Install on New Appliance" below.
- Save the Master Key file to the local samba share.
- If your appliance has a CD drive, be sure the disc tray is empty.
- Click "Continue". The "crypt_image.iso" image will be saved to the local samba share.
- From a Windows (version 8 or higher) or Mac computer, browse to the local samba share.
- Mount the ISO file as a virtual drive (Not sure how? See third-party references for Windows and Mac).
- Copy the "CRYPTODATA" file from the ISO image to the samba share of the new appliance.
- Continue with "Install on New Appliance" below.
- Burn the Master Key file to a CD using the Unitrends appliance.
Retrieving the .ISO via SFTP when SMB access is restricted or there is no CD drive
The .ISO file can be found at /_Stateless/backups/samba/ or sftp://applianceIP/_Stateless/backups/samba/crypt_image.iso
Install on New Appliance
Once the "CRYPTODATA" file from the CD / ISO image has been copied to the samba share per instructions above on the new appliance:
- Open the Unitrends UI on the new appliance and select "Configure" on the left.
- On the Appliances tab, select "Edit"
- Select the Advanced tab.
- Ensure encryption is not yet enabled. if it is enabled and backups have been performed, the appliance must be re-imaged before continuing.
- SSH into the new appliance.
- Make a backup copy of the existing Master Key file:
# cd /var/lib/misc # mv cryptoDaemonMasterKeys cryptoDaemonMasterKeys.old
- Rename and copy the "CRYPTODATA" file from the samba share to /var/lib/misc:
# cd /backups/samba/ # mv CRYPTODATA cryptoDaemonMasterKeys # mv cryptoDaemonMasterKeys /var/lib/misc/
- Restart the Unitrends services:
# /etc/init.d/bp_rcscript stop # /etc/init.d/bp_rcscript start
- From the Unitrends UI, enable encryption and enter the identical passphrase that was used on the old unit.
TASKS