Skip to main content
Druva Documentation

Scheduled backups failing for Cloud Apps

Problem description


Schedule backups are failing for all Cloud Apps. However, manual backups are successful.

Cause

This error occurs because inSync does not have access to the data encryption key (ekey). For successful scheduled backups of all the Cloud Apps, inSync requires access to the data encryption key (ekey). The ekey is used to encrypt the user data when it is being backed up to the inSync Cloud. This is part of the digital envelope encryption process that Druva strictly adheres to. Druva does not store the ekey of the users and has no access to the data.

Resolution

Use any one of the following enable Druva inSync to get the user data encryption key(ekey)

  • Deploy inSync connector

 By default, inSync requires the deployment of the inSync Connector in your organization premises to back up the Cloud Apps data. inSync Connector acts as a Cloud Apps Connector to provide the ekey without requiring the users to have their physical devices connected for the Cloud Apps backup. For detailed steps, see Configure inSync Connector with inSync Cloud by using a proxy server.

For more information about the prerequisites, see Prerequisites to backup Cloud Apps data.

  • Enable the Cloud Key Management feature

The Cloud Key Management feature is a secure method to backup the Cloud Apps data and is an alternative method to the inSync AD Connector based deployment. The Cloud Key Management feature utilizes the AWS Key Management Service (AWS KMS) to generate the Data Key. The Data Key is then used to encrypt the ekey. The encrypted-ekey is then stored in the inSync Cloud. During the scheduled Cloud Apps backup, the encrypted-ekey in combination with the Data Key is utilized to source the ekey.  This ekey is then utilized to complete the backup. 

For detailed steps, see Configure Cloud Key Management for Cloud Apps.

Note

Once Cloud Key Management is enabled for your inSync instance, it cannot be disabled in the future. Kindly discuss these details and the above KB article with your Network Security Team to ensure that your company policies allows use of Cloud Key Management Service by Amazon.

  • Was this article helpful?