1. Page 1 of 9
WORK INSTRUCTIONTITLE
WI_Replacingandupdatingthe EMC Mozy
Enterprise EncryptionKey
REVISION DATE
01/29/2014
DEPARTMENT
IO – End User Computing
REVISION NUMBER
1.0
OWNER
Eric Roberson–End User Computing Team
REVIEW DATE
01/30/2014
APPROVER:
TABLE OF CONTENTS
TABLE OF CONTENTS............................................................................................................... 1
PURPOSE/BACKGROUND........................................................................................................ 1
SCOPE............................................................................................................................................2
RESPONSIBILITIES....................................................................................................................2
REFERENCES/DEFINITIONS..................................................................................................2
Related Documents..................................................................................................................... 2
Definitions................................................................................................................................... 2
WORK INSTRUCTION...............................................................................................................3
1.0 Download the Mozy Encryption Utility............................................................................ 3
2.0 Generate a new encryption key....................................................................................... 4
3.0 Replacing the ckey via the Mozy Administration Console ............................................... 6
REVISION SUMMARY................................................................................................................8
Tags................................................................................................................................................8
References.....................................................................................................................................9
PURPOSE/BACKGROUND
Following is an excerpt from Securing and Encrypting Online Backup (EMC Corporation, pg. 3):
“The Enterprise Custom Key option enables enterprises to take advantage of the
strength of the AES algorithm to encrypt their data, while significantly simplifying and
strengthening passphrase management. With the Enterprise Custom Key option, one
individual establishes the passphrase key for the entire organization. This individual
could be anyone you choose, such as an IT or security director, manager or
administrator.
From within the Mozy administration console you set the Enterprise Custom Key
passphrase and where it will be stored, such as a network share, web server, or as part
of a package for installing Mozy on client machines. As Mozy is employed on different
machines, each machine will access that location to use the encryption key for
encrypting and decrypting files. Since the Enterprise Custom Key passphrase will likely
be stored on a network share or web server, to protect against unauthorized access of
2. Page 2 of 9
that key Mozy employs a Shared Secret capability that encrypts the passphrase. As you
install Mozy on your client machines, the encryption of that passphrase will
automatically be programmed into each client. As a result, your workstations running
the Mozy backup client will be able to seamlessly leverage that passphrase to encrypt
or decrypt files as needed.”
SCOPE
This document explains how to generate a new encryption key and how to replace the
encryption key in the Mozy Administration Console.
RESPONSIBILITIES
EUC is responsible for administration of the Mozy ckey. IP&C shares knowledge of the ckey, but
is not responsible of administration of the ckey through the Mozy Administration Console.
REFERENCES/DEFINITIONS
Related Documents
See References section below.
Definitions
Enterprise Custom Key –an encryption option for Mozy which uses the Advanced Encryption
Standard (AES); the same key is shared for the entire enterprise to encrypt and decrypt files,
and the key is sometimes referred to as the ckey.
Mozy Administration Console – a web-based application used for administration of Mozy,
including but not limited to client options, groups, encryption keys; the site is accessed by
administrators via https://secure.mozy.com.
Passphrase – a strong and complex phrase used to create the encryption key; currently owned
and maintained by End User Computing (EUC) and IT Application Security teams.
Shared Secret - a file provided by Mozy support which is used as part of the process to generate
a new encryption key.
3. Page 3 of 9
WORK INSTRUCTION
1.0 Downloadthe MozyEncryptionUtility
1. Launch a webbrowser,thengoto the Mozy AdministrationConsoleat
https://secure.mozy.com. Logintothe site as an administrator.
2. Downloadthe MozyEncryptionUtility. ClickResourcesinthe leftcolumn,thenclick Download
Mozy Enterprise Client. Inthe pane on the right,click WindowsCryptoUtil.
4. Page 4 of 9
3. Save the file tothe local hard diskdrive.
2.0 Generate a new encryption key
1. Rightclick MozyEnterprisecryptoutil.exe,thenclick RunAs Administrator. Enter credentialsfor
an account withelevatedprivileges.
5. Page 5 of 9
2. In the EnterKeyfield,type the passphrase forthe new encryptionkey. Click Ok.
NOTE: The passphrase isownedandmaintainedbythe ITApplicationSecurityandEndUser
ComputingTeams.
WARNING: The Passphrase mustmeetcomplexityrequirementsprovidedbythe ITApplication
Securityteam. For informationregardingcomplexityrequirements,contactITApplication
Security.
6. Page 6 of 9
3. In the Share Secretfield,browse tothe location of the sharedsecretfile ss9-1234.ss. NOTE:
Mozy providesthe sharedsecretfile. ContactMozyif a replacementfile isneeded.
4. ClickExport, thenselectalocationinwhichto save the new encryptionkey.
3.0 Replacingthe ckey via the Mozy Administration Console
1. Launch a webbrowser,thengoto http://secure.mozy.com . Entercredentialsforanaccount
withadministratorrightstothe Mozy AdministrationConsole.
2. In the leftcolumnunderConfiguration, clickClientConfiguration. Inthe pane onthe right,click
the ClientConfigurationtoedit. Forexample,click_Laptop.
7. Page 7 of 9
3. In the fieldAlwaysuse the followingencryptionkey,enterthe pathto the *.ckeyfile.
WARNING: Replacingthe *.ckeymaypreventexistingbackupsfromrunning.
8. Page 8 of 9
4. Scroll all the way to the bottomthenclick Save.
5. Mozy clientswill notbe able tobackupor retrieve filesuntiltheyare reauthorizedwiththen
newencryptionkey.
REVISION SUMMARY
Revision Date Author Comments
.1 29-Jan-2014 Eric Roberson First Draft
.9 30-Jan-2014 Dodson Lawson Review
1.0 30-Jan-2014 Eric Roberson Publish
Tags
Mozy, ckey, enterprise encryption key
9. Page 9 of 9
References
EMC Corporation. Securing and Encrypting Online Backup. 1-4. (2013). Web.
http://mozy.com/system/resources/W1siZiIsIjIwMTMvMTEvMDcvMDFfNTNfNTBfMjU5X0RhdG
FzaGVldF9fX01venlFbnRlcnByaXNlX19fRW5jcnlwdGlvbl9CcmllZi5wZGYiXV0/Datasheet_-
_MozyEnterprise_-_Encryption_Brief.pdf