Problem description

Schedule backups are failing for all Cloud Apps. However, manual backups are successful.

Resolution

Use any one of the following enable Druva inSync to get the user data encryption key(ekey)

• Deploy inSync connector

 By default, inSync requires the deployment of the inSync Connector in your organization premises to back up the Cloud Apps data. inSync Connector acts as a Cloud Apps Connector to provide the ekey without requiring the users to have their physical devices connected for the Cloud Apps backup. For detailed steps, see Configure inSync Connector with inSync Cloud by using a proxy server.

For more information about the prerequisites, see Prerequisites to backup Cloud Apps data.

• Enable the Cloud Key Management feature

The Cloud Key Management feature is a secure method to backup the Cloud Apps data and is an alternative method to the inSync AD Connector based deployment. The Cloud Key Management feature utilizes the AWS Key Management Service (AWS KMS) to generate the Data Key. The Data Key is then used to encrypt the ekey. The encrypted-ekey is then stored in the inSync Cloud. During the scheduled Cloud Apps backup, the encrypted-ekey in combination with the Data Key is utilized to source the ekey.  This ekey is then utilized to complete the backup. 

For detailed steps, see Configure Cloud Key Management for Cloud Apps.

Note: 

Once Cloud Key Management is enabled for your inSync instance, it cannot be disabled in the future. Kindly discuss these details and the above KB article with your Network Security Team to ensure that your company policies allows use of Cloud Key Management Service by Amazon.