Convert devices to passphrase-based encryption

If you have lost or forgotten the security code/encryption key for a backup device, or simply no longer wish to individually manage security codes/encryption keys for your list of backup devices, Backup Manager offers the function to convert backup devices to use a passphrase-based encryption method.

Please be aware that once this change is made, you cannot change back to use the original security code/encryption key.

Differences between encryption methods

  • Private key encryption relies on encryption keys/security codes that are defined by users during Backup Manager installation. The encryption key/security code is set once and cannot be changed or retrieved afterwards.
  • Passphrase-based encryption uses a system-generated encryption key that is securely accessible from the management console.

Requirements

  1. Backup Manager version 17.11 or later must be installed and functional on the system you wish to convert.
  2. The system must be running on Windows.
  3. The system must be intact (the conversion process will not work after a system is lost, destroyed or infected).
  4. Access to run the Command Prompt as an administrator is required on each system you wish to convert.
  5. Backups should not be actively running during this process.

Instructions

Step 1. Getpartner UID for conversion

  1. Log in to the Console under a SuperUser account with security officer permissions
  2. In the left navigation bar, click Customer management
  3. Select the customer containing backup devices you want to convert
  4. Enable the Automatic Deployment option (if it is disabled)
  5. Click Save
  6. You will now be given a customer UID

  7. Copy the UID for later use

You can re-use the UID for any number of devices belonging to the customer.

Step 2. Perform conversion on each device

Run the below command on each Windows device you plan to convert to passphrase-based encryption.

  1. Log in to the system on which the backup device is installed.
  2. Start the Command Prompt as an administrator and run the following command.

"C:\Program Files\Backup Manager\ClientTool.exe" takeover -partner-uid 92bcdff7-9a73-46f4-8xYxTa-8exXxXxXxX0b11d -config-path "c:\Program Files\Backup Manager\config.ini"

Here is what the command contains:

  • ClientTool.exe – an executable file included into all Backup Manager installations. It lets you operate the Backup Manager through the command line.
  • C:\Program Files\Backup Manager\ - is the default installation directory of the Backup Manager. Make sure you edit the path if the Backup Manager is installed at a custom location.
  • takeover – a command that moves a backup device to another category (to another customer or to passphrase-based encryption)
  • partner-uid – the UID you copied at step 1.