Enterprise Authentication

Enterprise Authentication ensures that communication takes place only among nodes in the same Enterprise. This is useful in environments where multiple master servers are deployed and access to client nodes must be separated and protected. Without Enterprise Authentication, any DPX master server can access any client with the DPX client software installed. For centralized data protection, this is usually not an issue. Security-conscious organizations with requirements to isolate data protection activities between groups can use Enterprise Authentication to help with this effort.

Enterprise Authentication can prevent access to the DPX client in semi-secured or unsecured host environments. Enterprise Authentication would prevent an employee, guest, or other outsider from procuring a copy of the DPX master server software, loading it to a laptop with a temporary key, and backing up sensitive data from servers. Enterprise Authentication would prevent the rogue master server from being able to connect to the clients and running backup jobs.

Enterprise Authentication might also be useful on networks that share machine access between multiple customers. A master server with an associated Enterprise Authentication key can be dedicated to each customer. The key would then only be loaded to clients that the customer should have access to, and it would prevent access to other clients with different keys. The same method could be applied between company departments where data access should be limited. For example, the finance and development groups could be deployed with dedicated master servers, where each master is limited to the client nodes each group should have access to. This would prevent the development group from connecting to finance servers, backing up data, and recovering data in an unauthorized environment.

Enterprise Authentication is accomplished using keys that must be distributed to all nodes. When you switch this option to Enabled, DPX generates a key and sets up authentication for the master server. For authentication to work, you must copy this key to all nodes in the same Enterprise (i.e., all nodes under the same master server). If the master server contacts a node that does not have the same key, communication does not take place. However, if the master server contacts a node that does not have any key, communication still takes place. Therefore, it is important to set up Enterprise Authentication for every Enterprise and node on your network.

Enterprise Authentication does impose some extra complexity on a data protection environment. In some cases, it may be necessary to regenerate and redistribute keys to clients after a master server upgrade or migration to new hardware.

To set up Enterprise Authentication for every Enterprise on your network:

1. Select the Enabled box in the Enterprise Information dialog box and click OK.

2. Go to the main DPX directory (catalogic/DPX/) on the DPX Master Server.

3. Find a file named auth.key.

4. Copy this file to the main DPX directory of all nodes in the Enterprise. One way to do this is to use FTP.

For extra security, you can change the Enterprise Authentication key anytime. This is not necessary unless you have a security problem. To generate another key, click Generate. You then need to redistribute the auth.key file to all nodes in the Enterprise.