How to encrypt the N2WS server instance with a custom KMS on a Silent Install
This
KB will show you how to encrypt the N2WS server instance with a custom
KMS using the silent install option. More information on how to use the
silent install can be found in our user guide here : https://n2ws.com/support/documentation
The
following will need to be added to the special "User Data" script that
is used when a silent install of the N2WS server Instance is needed.
Please
add the following to the [SERVER] Section of the CPMCONFIG file used
for the Silent Install. This will enable N2WS to use your own KMS to
encrypt the N2WS instance data.
encryption_key=<ARN for the KMS that you want to use to encrypt N2WS data>
example:
encryption_key=arn:aws:kms:us-east-1:123456578999:key/a22a33f0-4b55-66b6-777a-a8888eb999bf
Please note: If
no "encryption_key=" field is added to the User Data Script, then N2WS
assumes that you will use no encryption on the data volume. However
please note that the management interface through which you manage the backup and recovery operations on N2WS is web-based. The APIs which N2WS uses to communicate with AWS, are web-based. All communication with the N2WS server is done using the HTTPS protocol, which means it is all encrypted. This is important, since sensitive data will be communicated to and from the N2WS server. For example, AWS credentials, N2WScredentials, object IDs of your AWS objects(instances, volumes, databases, images, snapshot IDs etc.) So all of this is already encrypted without using the above additional option to encrypt the data volume.