rdxLOCK Admin Guide
Transcription
rdxLOCK Admin Guide
rdx OC Administration Gu de Version 2.3.0.39 - R e se Page 1 of 32 Tandberg Data S.a.r.l. 2015-05-27 nten 1 Product Information .......................................................................................... 3 1.1 Overview ................................................................................................... 3 1.2 Key Features .............................................................................................. 3 1.2.1 Protection Policies ................................................................................. 3 1.2.2 Enhanced Security Mode (ESM) ............................................................... 4 1.2.3 AES-256 encryption ............................................................................... 5 1.2.4 Verified Retention Clock (VRC) ................................................................ 6 1.3 Restrictions ................................................................................................. 7 2 Installation ...................................................................................................... 8 2.1 Installing rdxLOCK ...................................................................................... 8 2.1.1 Starting the Installation ......................................................................... 8 2.1.2 License Agreement ................................................................................ 9 2.1.3 Select the installation path and additional tasks ...................................... 10 2.1.4 Start the installation ............................................................................ 11 2.1.5 Completing the Installation ................................................................... 12 2.2 Post-Installation ....................................................................................... 13 2.3 Uninstalling rdxLOCK ................................................................................ 14 3 Configuration ................................................................................................. 16 3.1 Obtaining and entering the “TimeSync” Key.................................................. 16 3.2 Setting up a WORM volume........................................................................ 18 3.3 Protection policies and retention periods ...................................................... 21 3.3.1 Directory-level retention period ............................................................. 21 3.3.2 rdxLOCK Directory Level Retention Policy................................................ 22 3.4 Obtaining and entering license keys ............................................................ 24 4 Best Practices ................................................................................................ 28 4.1 Data Protection......................................................................................... 28 4.1.1 Backup / Restore ................................................................................. 28 5 Troubleshooting .............................................................................................. 30 5.1 Reporting a Problem .................................................................................. 30 5.2 rdxLOCK Tab is not available on MS Explorer’s property page ......................... 30 5.3 Application event log message: “Invalid license” ........................................... 31 6 Appendix ........................................................................................................ 32 Page 2 of 32 Tandberg Data S.a.r.l. 2015-05-27 1 Product Information 1.1 Overview rdxLOCK is a software product, which provides infinite or fixed period WORM (Write Once, Read Many) protection for data on RDX QuikStor cartridges. Applications can write data locally, via CIFS, FTP or NFS directly to a rdxLOCK protected file system, but are not allowed to make any modification after the data was locked. The locking mechanism is completely controlled by rdxLOCK on a directory-level or file-level basis and ensures that a file object is changed to WORM based on the selected protection policy. A special API is not necessary for this. rdxLOCK’s protection policies ensure that files can’t be modified, renamed, moved or overwritten in any way, preserving data in a non-rewritable, non-erasable manner for a specified period of time or infinite. Additionally rdxLOCK prevents the alteration of file attributes. In order to meet regulatory compliance requirements, rdxLOCK allows the deletion of data after a pre-defined retention period, but still prevents the user from modifying expired data. As rdxLOCK is able to use the existing server and a RDX QuikStor drive, an audit- compliant archive can be implemented in a cost effective manner. Even existing file systems can be converted to WORM file systems by rdxLOCK. rdxLOCK supports NTFS RDX volumes on 32-bit and 64-bit Windows architectures. 1.2 Key Features 1.2.1 Protection Policies Protection policies can be configured a volume-level on directory level retention (DLR). Page 3 of 32 Tandberg Data S.a.r.l. 2015-05-27 1.2.2 Enhanced Security Mode (ESM) rdxLOCK protected volumes may be managed on operating system level mostly like any volume. In particular you can move them from one disk system to another one and you can mount them on any computer, even if there is no rdxLOCK software installed. Enhanced Security is an additional security level to encrypt the volume in a way that no content of the real volume is visible, if rdxLOCK is not installed. Instead of the real content of the NTFS volume, you can see a small FAT – volume with warning information. It also inhibits the deletion of files on rdxLOCK protected volumes in the following cases: The rdxLOCK file system filter has been stopped. rdxLOCK has been uninstalled from the system. A rdxLOCK WORM volume has been moved to a server system, which does not have rdxLOCK installed. Since rdxLOCK 2.3.0 ESM V5 is used. This version supports encryption with AES-256. ESM V4 volumes are still supported and can optionally be set to V5. New created volumes will only be created as V5 with a FAST encryption. The internal ESM number is increased to prevent older rdxLOCK version mounting this volume. V5 and V4 volumes can be converted to V5 AES-256. Page 4 of 32 Tandberg Data S.a.r.l. 2015-05-27 1.2.3 AES-256 encryption The AES-256 encryption is using keys with a length of 256 bits. Each WORM volume uses its own key for both encrypting and decrypting the data. In combination with AES-256 encryption it is possible to grant access to WORM volumes for a dedicated group of rdxLOCK computer systems by exporting and importing keys. Initially the volume key is not exported and AES encrypted WORM volumes can be used on any rdxLOCK system. If a WORM volume should only be accessible by a certain group of systems the AES key must be first exported and then imported to all other authorized systems. The system which was used for exporting the key gets implicitly authorized. To export or import keys the user must hold administrative rights. The AES key of a WORM volume can be exported by the following rdxLOCK CLI command: rdxLockcli KeyExport <volume_drive_letter> > <key_file_name> example: rdxLockcli KeyExport e: > aes_key_e.txt With the export command the volume changes its state to “exported” and the ESM component only decrypts the volume if the key has been imported for this volume on the local system. To import the AES key of a WORM volume to a system, the following rdxLOCK CLI command may be used: rdxLockcli KeyImport <volume_drive_letter> <key_file_name> example: rdxLockcli KeyImport e: aes_key_e.txt Note: The export and import cli commands are subject to change for upcoming versions. Page 5 of 32 Tandberg Data S.a.r.l. 2015-05-27 1.2.4 Verified Retention Clock (VRC) A compliant data storage system needs a secure tamper-proof time base to measure retention periods and ensure WORM integrity. rdxLOCK provides a secure and compliant retention time management, called Verified Retention Clock (VRC). This facility has to be synchronized directly after setting up the software by entering a special key (TimeSync Key). (see chapter 3.1) This key contains a trusted timestamp for verifying that the system clock is in a certain range compared to UTC (Coordinated Universal Time). Only if the verification succeeds, WORM volumes can be initialized, configured and controlled. As long as the verification has not been executed, the system cannot be used for managing WORM volumes. All WORM volumes created by a rdxLOCK application with a non-verified system clock are marked as “TEST WORM VOLUMES” and can only be converted to valid, productive WORM volumes on systems with a verified system clock and as long as their temporary license is still valid. After a successful system clock verification, VRC closely monitors the system clock and ensures that system clock manipulations may not be used to delete files before they expire. Such manipulations may end in temporary prolongation of retention periods when the system clock is set in the future or to access restrictions when it is set in the past. Small changes in the system clock are manageable, but when the clock is adjusted over large ranges, or the system is switched off or rebooted for any reasons, this does result in a prolongation of retention periods. In order to mitigate such artificially extended retention time periods, VRC allows a drifting of the retention time offset (RTT-Offset) up to a week per year in order to make up for downtimes due to system maintenance and other housekeeping events. Any longer periods of downtime will need to be handled via a TimeSync Key, if the RTT-Offset is beyond an acceptable value. VRC is designed to support removable WORM media. Taking a WORM volume offline for an extended time period does not end up in a temporary prolongation of retention periods registered in a volume. Page 6 of 32 Tandberg Data S.a.r.l. 2015-05-27 1.3 Restrictions rdxLOCK Version 2.3.0.33 - Release is designed for NTFS formatted volumes on primary partitions of basic disks with MBR (master boot record) and GPT (GUID Partition Table) partitioning scheme. If rdxLOCK is configured for a volume residing on a dynamic disk, the Enhanced Security Mode will not be supported on that volume. rdxLOCK may not be installed on systems which do have any version of TrueCrypt installed. rdxLOCK supports RDX QuikStor and RDX QuikStation. Other file systems than NTFS are not supported. Appending data to rdxLOCK protected files is not supported. Files having Extended Attributes or reparse points attached can’t be set to WORM. The Recycle Bin functionality cannot be used on WORM volumes, since rdxLOCK denies the move operation to the recycle bin, when an expired WORM file is selected for deletion. Therefore it is recommended to deactivate the Recycle Bin for the individual WORM volumes in order to make the deletion of expired WORMf iles possible. Please note that Microsoft has redesigned the Recycle Bin behavior in Windows VISTA, Windows 2008 Server and Windows 7. The properties of the Recycle Bin are now tied to user profiles rather than the actual disk. Therefore each user must explicitly switch off the Recycle Bin of the corresponding WORM volumes when accessing them locally for deleting expired WORM files. Upgrades are only supported from rdxLOCK version 2.1.0 Build 29 and higher. Previous versions need special support, so please contact your service provider. Read-only volumes are not supported. Volumes mounted inside a WORM volume are not WORM protected. Shrinking an ESM protected volume is not supported. Adding a mirror to an ESM protected volume is not supported. Volumes marked as 'active' cannot be used in ESM mode. Page 7 of 32 Tandberg Data S.a.r.l. 2015-05-27 2 Installation Administrative rights are required to install, configure, set policies and retention times, license or update rdxLOCK. When installing on Windows 7, Windows 2008 Server or higher you need to be logged in as Administrator or you need to run the installation program using the context menu option “Run as administrator”. 2.1 Installing rdxLOCK 2.1.1 Starting the Installation To install rdxLOCK Close all applications running on the system. Run the program rdxLocksetup_<version>.exe to start the installation wizard. In case no other application is opened at this time, you can proceed with the installation process by clicking the Next button. Page 8 of 32 Tandberg Data S.a.r.l. 2015-05-27 2.1.2 License Agreement You have to agree to the license contract in order to continue with the rdxLOCK installation procedure. Page 9 of 32 Tandberg Data S.a.r.l. 2015-05-27 2.1.3 Select the installation path and additional tasks Page 10 of 32 Tandberg Data S.a.r.l. 2015-05-27 2.1.4 Start the installation After clicking the Install button, rdxLOCK will be installed to the selected destination folder. Page 11 of 32 Tandberg Data S.a.r.l. 2015-05-27 2.1.5 Completing the Installation On the completion screen, we should install rdxLOCK’s Enhanced Security Module, which allows configuration of rdxLOCK’s Enhanced Security Mode on a per volume base. Installing the Enhanced Security Module requires a system reboot. Page 12 of 32 Tandberg Data S.a.r.l. 2015-05-27 2.2 Post-Installation After a new installation or an upgrade from versions prior to 2.2.6, the system clock needs to be verified by a TimeSync key. Please refer to the chapter “Obtaining and entering the TimeSync Key” for further information. Note: As long as the system clock is not verified, the following restrictions exist: New volumes couldn't be initialized. WORM Volumes created by rdxLOCK version 2.2.5 or previous are put to READ- ONLY mode and are not switched to the regular WORM mode until the TimeSync verification has been succeeded. Page 13 of 32 Tandberg Data S.a.r.l. 2015-05-27 2.3 Uninstalling rdxLOCK rdxLOCK can be uninstalled by using the Windows Software Manager. Click Start-> Control Panel -> Add or Remave Programs, select the rdxlock product and press the Remave button. Page 14 of 32 Tandberg Data S.a.r.l. 2015-05-27 If the Enhanced Security Mode was installed, a reboot is required to completely remove rdxLOCK from your system. NOTE: If you remove the rdxLOCK product from your system, you will not be able to access WORM-committed files anymore. In addition, if the Enhanced Security Mode was previously applied to a WORM volume, the WORM NTFS file system is hidden and inaccessible after uninstalling the rdxLOCK product. The former NTFS WORM volume is displayed as a FAT file system with the label “Volume Lock” in this case. Page 15 of 32 Tandberg Data S.a.r.l. 2015-05-27 3 Configuration 3.1 Obtaining and entering the “TimeSync” Key A TimeSync key is used to verify that the system clock is in a certain range compared to UTC and therefore ensures that file retention times are managed in a safe and secure fashion. If the TimeSync key verification process succeeds for the first time, the system will be ready for handling WORM volumes. Every additional TimeSync operation resets the RTTOffset. rdxLOCK maintains this internal “corrective retention time offset” parameter (RTTOffset) to manage the time offset between the system clock and the Verified Retention Clock (VRC). These offsets occur due to normal situations like the system being powered down or potentially abnormal situations where the system clock is changed or potentially rolled back. To apply a TimeSync key take the following steps: start the rdxLock GUI application and select the menu item Configuration Apply Time Sync click on the web link in the dialog below: Page 16 of 32 Tandberg Data S.a.r.l. 2015-05-27 Copy the TimeSync key string from the web page directly to the corresponding dialog's input field and press the Apply button. Alternatively, you may save the key to a file first and select that file for applying the TimeSync key. Note: It may take up to 2 minutes until the system clock gets verified. VRC information is displayed in the output panel view called “VRC” of the rdxLockGUI application. Page 17 of 32 Tandberg Data S.a.r.l. 2015-05-27 3.2 Setting up a WORM volume For converting an NTFS volume to a WORM volume, use MS Explorer, Disk Management or rdxLOCK GUI to open the property page of the appropriate volume and select the rdxLOCK tab. This approach can only be used if you are logged in as the local administrator or as a domain administrator with special security options (see section 5.2 for further information). Alternatively, you may run the rdxLOCK GUI program, rightclick the appropriate volume and select “Configure”. If you are logged in as a standard user, who is not a member of the local administrator group, you will get an UAC prompt for entering the administrator's password in order to run the program with full elevated rights and privileges as an Administrator. Page 18 of 32 Tandberg Data S.a.r.l. 2015-05-27 Select the “ENABLE WORM MODE” checkbox. Optionally you may activate the “Enhanced Security Mode” (ESM). On production sites, this should be activated! To save your settings, press the APPLY or OK button. Confirm you settings and press the OK button. After confirming the WORM – Mode, the whole volume is set to WORM status and can never return to non-WORM status. If Enhanced Security Mode is selected, data on the volume will be encrypted after confirmation. This process could be long-lasting depending on the amount of used data blocks on the volume and your hardware. Switch off the recycle bin functionality for the newly configured WORM volume. Page 19 of 32 Tandberg Data S.a.r.l. 2015-05-27 NOTE: The Enhanced Security Mode may be activated on a WORM volume at any time, but cannot be switched off after its activation. (rdxLOCK root directory tab information after converting a volume to WORM state.) Page 20 of 32 Tandberg Data S.a.r.l. 2015-05-27 3.3 Protection policies and retention periods After a volume has been configured for WORM, protection policies should be defined on the root directory. There is no requirement to set such policies, but just setting the WORM mode without policies would not have much effects. Without policies, files would not become WORM protected. DLR (Directory Level Retention) periods are related to directories, not to single files. All files in a certain directory and all sub-directories are treated the same way. Auto-commit: Files written into a certain location are committed to be WORM after a defined period of time (AUTOCOMMIT DELAY) by rdxLOCK Software. (No application activity is needed.) 3.3.1 Directory-level retention period The rdxLOCK DLR policy determines the expiration date of a WORM file by adding the retention period, which is configured on a directory-level and inherited to all its sub-directories, to the WORM-commit timestamp of that file. The DLR policy always uses “auto-commit” mode. Means all files are set to WORM after the “auto-commit delay” period. No file may stay on non-worm status in such folders. Since the expiration date is not explicitly attached to a file during the WORM commit phase, but is calculated whenever the file is selected for deletion, it is easily possible to increase retention periods of WORM file sets, which reside in the same directory hierarchy. Page 21 of 32 Tandberg Data S.a.r.l. 2015-05-27 3.3.2 rdxLOCK Directory Level Retention Policy The rdxLOCK DLR policy allows the configuration of a fixed or infinite retention period level of a WORM volume. Retention periods can be increased at any time, but it’s not allowed to decrease a retention period. Since rdxLOCK associates the retention period defined on a directory with each WORM file inside that directory tree, extending the retention period will also affect already WORM committed files. The rdxLOCK DLR policy automatically commits files to WORM after their creation, whereas the WORM trigger can be delayed by the value, configured for the “AUTOCOMMIT DELAY” parameter. This value can be set between 0 and 100000 seconds (~ 27.7 hours). The value could be modified at any time (increase/decrease) to fit to your needs. The following configuration dialog can be activated by right-clicking the appropriate folder using MS Explorer and selecting “Properties” or “Configure” when using the rdxLock GUI program. Page 22 of 32 Tandberg Data S.a.r.l. 2015-05-27 The following rules apply to WORM files covered by a rdxLOCK DLR policy: WORM files cannot be modified, overwritten, renamed or deleted. WORM files cannot be changed back to non-WORM files. Security settings (ACL) on WORM files cannot be changed any more. Therefore we recommend to always using security groups in order to be able to change security for single users by adding or removing them from the assigned group. The following rules apply to expired WORM files covered by a rdxLOCK DLR policy: Expired files can only be deleted. Renaming or modifying an expired WORM file is not allowed. Increasing the retention period of a DLR policy will also be reflected on expired WORM files, which means that an expired WORM file may be WORM protected again depending on the length of the new retention period. Page 23 of 32 Tandberg Data S.a.r.l. 2015-05-27 3.4 Obtaining and entering license keys rdxLOCK includes a trial license that allows the use of a WORM volume for 60 days. The trial license has neither a capacity limit nor a limit on the amount of WORM volumes. If you want to keep a WORM volume past the trial period expires, you can register the volume to obtain a key for a permanent license. Notes: Access to a WORM volume with an expired trial or temporary license will be denied. A permanent license key can only be requested on a system with a verified system clock. Each WORM volume is registered separately and therefore has its own rdxLOCK generated serial number, which is needed when requesting a permanent license key for a WORM volume. To find the WORM volume serial number and install a permanent license, take the following steps: In the Windows Start menu, select Programs -> rdxLock -> rdxLockGUI In the rdxLOCK user interface, select WORM volumes and right-click on the WORM volume for which you want to request a permanent license. Click “Request License” Page 24 of 32 Tandberg Data S.a.r.l. 2015-05-27 Enter the Capacity-ID, which you have received from your rdxLOCK sales representative. Characters are automatically converted to upper case when entering lower case. After pressing the “OK” button rdxLOCK generates the license request key, which must be sent to the licensing service by using either the on-line WEB-PORTAL or sending the information via email. Please ensure that your server is connected to the internet, when choosing the “WEBPORTAL” for requesting the license key. To access the licensing service you have to log in to the WEB-PORTAL. If you do not yet have log-in access, please register and provide a valid email address, which is used by the licensing service to respond back to you. Page 25 of 32 Tandberg Data S.a.r.l. 2015-05-27 If you decide to send the license key request via email, you may either use the menu item “EMAIL…”, which launches your email client and automatically generates an email with the necessary information or you may copy the license request key to a text file and send it as an email attachment to [email protected]. After receiving the permanent license key for the volume, click “Install License” and select the file containing the license information. Page 26 of 32 Tandberg Data S.a.r.l. 2015-05-27 Check the license status on the right-side pane of the rdxLOCK GUI. It may take up to 4 minutes until the license status is updated. After you have installed a permanent license, you can still add additional WORM capacity to a WORM volume by an add-on license. The new add-on license key is installed via the volume’s context menu item “Install License” as well. rdxLOCK monitors the capacity on each WORM volume and displays a warning message in the application event log when a WORM volume nears its capacity limit. If the capacity limit is exceeded, write operations on the volume will be denied until additional WORM capacity is licensed for the volume. The rdxLOCK user interface provides an overview of the installed license types, status and used/free WORM capacity. Page 27 of 32 Tandberg Data S.a.r.l. 2015-05-27 4 Best Practices 4.1 Data Protection The following data protection strategies are available for rdxLOCK WORM volumes: 4.1.1 Backup / Restore In order to meet regulatory compliance rules and preserve the WORM aspects of the original files we only advise to use Full Image Backup for protecting WORM volumes. Since an Image Backup is an exact duplicate of a volume, data can be quickly restored to the exactstate it was when the backup was performed. This behavior ensures that WORM volumes are always completely restored in case of a disaster recovery. File based restore cannot guarantee that all WORM files are restored. A suitable image backup and restore solution should provide the following features: Total Reliability Online image backup Creating a consistent image backup of a WORM volume while the volume is available to other system applications is mandatory. Differential or incremental online image backup Differential or incremental image backup speeds up the image backup process and saves disk space, since only files which have been changed since the last (full) backup need to be backed up. Network support Image files can be saved directly to internal and network drives. Configurable image file sizes The solution should allow specifying a maximum size for the disk image files. Support of volumes larger 2 TB (GPT disk) Command line support This functionality is needed for automating backup and restore procedures. Compression mode Data Encryption Page 28 of 32 Tandberg Data S.a.r.l. 2015-05-27 The following Image Backup product has been evaluated with rdxLOCK: Image for Windows, TeraByte Inc. http://www.terabyteunlimited.com/image-for-windows.htm NOTES: The option “Backup unused sectors” must be selected when backing up an ESM encrypted WORM volume on a GPT disks. A new permanent license key is required when restoring a WORM volume from a full image backup copy. Page 29 of 32 Tandberg Data S.a.r.l. 2015-05-27 5 Troubleshooting 5.1 Reporting a Problem For technical assistance with a registered version of rdxLOCK, email your inquiries to [email protected]. Please have the following information included in your email when you report a rdxLOCK issue: Issue o o o o description Provide symptoms of the issue. When did the issue occur? Which activities have caused the issue? Which file objects are affected by the issue? rdxLOCK Service Report. The rdxLOCKGUI application automatically generates a Service Report by selecting the menu item <Diagnostics> -> <Generate Service Report>. All service information is stored to the file FL_Diag.zip, which is located in the directory <rdxLOCK installation directory>\Diagnostics. List of third-party-applications installed on your system, including antivirus scanners and backup management applications. 5.2 rdxLOCK Tab is not available on MS Explorer’s property page The rdxLOCK tab on the MS Explorer’s property page is only available for local or domain administrators. If rdxLOCK is running on Windows 2008 Server, Windows 7 or Windows 2012 Server please set up the User Account Control accordingly: If the built-in domain administrator account is used for configuring rdxLOCK, the local security policy "User Account Control: Admin Approval Mode for the Built-in Administrator Account" must be disabled. If another domain admin account than the built-in domain administrator is used, the local security policy "User Account Control: Run all administrators in Admin Approval Mode" must be disabled. Page 30 of 32 Tandberg Data S.a.r.l. 2015-05-27 5.3 Application event log message: “Invalid license” An invalid license may result from the following conditions: Temporary license has been expired. License information can’t be read on the WORM volume. Please check, if the rdxLock service is running. WORM volume has been restored. In this case a new permanent license must be requested. Page 31 of 32 Tandberg Data S.a.r.l. 2015-05-27 6 Appendix Filter-Compatibility: rdxLock was successfully tested in combination with the following 3rd party applications: - Symantec AntiVirus Version 12 - McAfee VirusScan Enterprise 8.7 - TrendMicro ServerProtect 5.58 - 3rd party replication tools were not tested with rdxLock version 2.2. For last minute information regarding limitations and known problems, please read the ReadMe.txt. Page 32 of 32 Tandberg Data S.a.r.l. 2015-05-27