Manualshelf

User guide

ManualsBrandsVMware ManualsComputer equipmentVCENTER CONFIGURATION MANAGER 5.3 - SOFTWARE CONTENT REPOSITORY TOOL GUIDE
21222324252627282930
22 | Introduction to AppAssure 5
Encryption
AppAssure 5 provides integrated encryption to protect backups and data-at-rest
from unauthorized access and use, ensuring data privacy. AppAssure 5 provides
strong encryption. By doing so, backups of protected computers are inaccessible.
Only the user with the encryption key can access and decrypt the data. There is no
limit to the number of encryption keys that can be created and stored on a system.
DVM uses AES 256-bit encryption in the Cipher Block Chaining (CBC) mode with
256-bit keys. Encryption is performed inline on snapshot data, at line speeds without
impacting performance. This is because DVM implementation is multi-threaded and
uses hardware acceleration specific to the processor on which it is deployed.
Encryption is multi-tenant ready. The deduplication has been specifically limited to
records that have been encrypted with the same key; two identical records that have
been encrypted with different keys will not be deduplicated against each other. This
design decision ensures that deduplication cannot be used to leak data between
different encryption domains. This is a benefit for managed service providers, as
replicated backups for multiple tenants (customers) can be stored on a single core
without any tenant being able to see or access other tenant data. Each active tenant
encryption key creates an encryption domain within the repository where only the
owner of the keys can see, access, or use the data. In a multi-tenant scenario, data
is partitioned and deduplicated within the encryption domains.
In replication scenarios, AppAssure 5 uses SSL 3.0 to secure the connections
between the two cores in a replication topology to prevent eavesdropping and
tampering.